In this use case, a hypothetical attacker used an exploit against our machine in the local network, which triggered an alert from an external security service.

Our external service does not provide additional details about the threat. We will use this Flow to combine the external service data and the data extracted by Devo to check if there's any data flow from the victim to the attacker.

Table of Contents:

00:08 - Introduction

00:35 - The use case

01:09 - The Devo Source unit

01:39 - The Map unit

01:49 - Customize the chart

02:15 - The Devo Full Query unit

03:19 - The Email Sink unit

In the following link, you will find everything you need to know about this use case and how to create it in Flow: https://docs.devo.com/confluence/ndt/v7.7.0/flow/flow-use-cases/limit-intruder-dwell-time-with-rapid-context-gathering

For more videos on Devo Flow: https://www.youtube.com/playlist

Visit us online to keep up to date with the latest content: https://linktr.ee/TheDevoPlatform