/
Devo Integration Steps

Devo Integration Steps

Introduction

The purpose of this document is to provide instructions on implementing an integration between Devo and GYTPOL.

Overview

Devo Technology is a cloud-native SIEM platform that helps organizations collect, analyze, and investigate security data at scale.
It offers fast data ingestion, real-time threat detection, automated responses (SOAR), and easy integration with security tools like EDRs, firewalls, and cloud services.
Devo is built for high-speed, high-volume environments and is designed to make security operations teams more efficient and responsive.

Devo Integration Prerequisites

Before proceeding with the integration, please contact Devo Support and request the creation of the scm.gytpol.sensor.* or scm.gytpol.** tables in your environment. GYTPOL sends data using a predefined schema to the scm.gytpol.** namespace. This follows Devo’s approach of supporting approved technology integrations through dedicated data structures. Devo has developed a custom parser on their side to format and organize GYTPOL data properly within these tables.

This setup is required to ensure the data is ingested and displayed correctly. Without it, the integration will not function as intended.

Once this setup is complete, please continue with the guide and proceed to the next steps to complete the integration.

Devo Side

  1. Logon to your Devo domain

  2. Go to Administration → Credentials  Authentication tokens

  3. Click Create token.

For details on the Devo Authentication Token and advanced configuration settings, please refer to the vendor documentation here: Authentication tokens

image-20250618-102858.png

  1. Fill in the below details:

Field

Values

Notes

Name

GYTPOL Integration

Any descriptive name you choose.

Authorized User

someone@domain.com

The person that will use the token. This can be either yourself or a user in your domain.

Target table/s

scm.gytpol.** or scm.gytpol.sensor.*

 

Type

HTTP ingestion

 

Expiration date (Optional)

mm/dd/yyyy

Expiration date for the new token.

  1. Token will appear when created:

Domain

You can find this under your username.

GYTPOL Side

  1. Log in to the GYTPOL console with administrator access privileges.

  2. Go to Settings > Integration > Devo and fill the required fields:

Field

Values

Host URL

<endpoint> per region:

  • US: http-us.devo.io

  • US3: http-us3.devo.io

  • Europe: http-eu.devo.io

  • Canada: http-ca.devo.io

  • Asia-Pacific (APAC):

    • collector-ap.devo.io:8443 to ingest in Singapore datanodes

    • collector-ap2.devo.io:8443 to ingest in Sydney datanodes

Host Port

443

Token

The token previously generated in Devo to authorize the connection.

Domain

The name of the Devo domain receiving the event data.

image-20250618-104758.png

  1. Click the "Test" button to confirm the accuracy of your settings and ensure the successful establishment of the integration. Click “Connect” to save the connection configuration.

If you see any error message, please review your settings, and make any necessary adjustments until the test passes successfully.

Verifying Data in Devo

  1. In the Devo portal, go to Data Search from the navigation panel.

  2. Under Explore your data, open the Finders tab.

  3. In the Finders section, search for the table: scm.gytpol.sensor.miscdesc.

  4. Confirm that data is appearing, indicating successful transmission from your GYTPOL tenant.

image-20250618-105105.png

You have completed the process. The Devo Connector is now configured.