Flow Use Case: Limit Intruder Dwell Time
In this use case, a hypothetical attacker used an exploit against our machine in the local network, which triggered an alert from an external security service.
Our external service does not provide additional details about the threat. We will use this Flow to combine the external service data and the data extracted by Devo to check if there's any data flow from the victim to the attacker.
Table of Contents:
00:08 - Introduction
00:35 - The use case
01:09 - The Devo Source unit
01:39 - The Map unit
01:49 - Customize the chart
02:15 - The Devo Full Query unit
03:19 - The Email Sink unit
In the following link, you will find everything you need to know about this use case and how to create it in Flow: https://docs.devo.com/confluence/ndt/v7.7.0/flow/flow-use-cases/limit-intruder-dwell-time-with-rapid-context-gathering
For more videos on Devo Flow: https://www.youtube.com/playlist
Visit us online to keep up to date with the latest content: https://linktr.ee/TheDevoPlatform