Devo
Most recent version: v1.2.0
Overview
Onum supports integration with Devo.
Devo is an integrated platform that includes data-powered SIEM, SOAR, and UEBA. It is a cloud-native logging and security analytics platform used to monitor and protect your organization.
Select Devo from the list of Data sink types and click Configuration to start.
Data sink configuration
Now you need to specify how and where to send the data, and how to establish a connection with Devo.
Metadata
Enter the basic information for the new Data sink.
Name*
Enter a name for the new Data sink.
Description
Optionally, enter a description for the Data sink.
Tags
Add tags to easily identify your Data sink. Hit the Enter key after you define each tag.
Metrics display
Decide whether or not to include this Data sink info in the metrics and graphs of the Home area.
Configuration
Now, add the configuration to establish the connection.
Devo Cloud*
Specify the cloud environment you wish to send your data to (US, EU, or CA). For details on the URLs, see here.
Net buffer size
Define the number of bytes allocated for buffering network data during transmission to Devo. The minimum value is -1.
Write timeout
Enter the number of milliseconds to wait before considering the request a timeout. The minimum value is 1.
Idle timeout
Enter the milliseconds the connection remains open and idle before it is automatically terminated or closed. The minimum value is 1.
Dial timeout
The maximum time (in ms) allowed for establishing a connection before the attempt is aborted. The minimum value is 1.
Connection Time to Live
The maximum duration (in ms) the connection remains active before it is forcibly closed, regardless of whether it is idle or in use. The minimum value is 1.
TLS configuration
Set your TLS configuration here:
Click Finish when complete. Your new Data sink will appear in the Data sinks area list.
Pipeline configuration
When it comes to using this Data sink in a Pipeline, you must configure the following output parameters. To do it, simply click the Data sink on the canvas and select Configuration.
Output configuration
If your message already has the required format, toggle Passthrough to send on the message exactly as the sink receives it. Uncheck Passthrough to manually format the message:
Type
Output type
The Syslog format to send in:
The original BSD format (Syslog RFC 3164)
The “new” format (Syslog RFC 5424)
If you are unsure about the veracity of the fields you have chosen, you can click Validate to check if they are valid. For the Syslog RCF 3164 type, you have the option to Auto-fix the values to correctly populate them.
You must select the incoming fields that correspond to each value to build the end message in Devo. The fields to configure will differ depending on the Syslog type chosen.
Header
Enter the header parameters:
Priority*/ Severity & Facility* - The field corresponding to the Priority OR the fields corresponding to the Severity and Facility that will be used to make the Priority field.
Timestamp - The field containing the timestamp value.
Hostname - The field containing the hostname.
Message
Enter the fields used to build the body of the message:
Tag - The field containing the tag.
ProcId - The incoming field with the process ID.
Content - The field used as the content field.
Test mode
Decide if you want to send events while they are still processing. This is useful to test the Pipeline without the need for a valid destination.
Click Save to save your configuration.
Last updated
Was this helpful?