Skip to main content



Use the Devo integration to query data in Devo.

This integration was integrated and tested with API v2 version of Devo.

Configure Devo on Cortex XSOAR

To use the Devo integration, a user with the administrator role is required.

You can access the API key and API secret in the Devo UI under Administration > Credentials .

  1. Navigate to Settings > Integrations > Servers & Services .
  2. Search for Devo.
  3. Click Add instance to create and configure a new integration instance.
    • Name : a textual name for the integration instance.
    • Server URL (e.g )
    • API key
    • API secret
    • Trust any certificate (not secure)
    • Use system proxy settings
  4. Click Test to validate the URLs, token, and connection.


You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

  1. Perform a query in Devo: devo-query

1. Perform a query in Devo

Perform a query. For more information about querying in Devo, see the Devo documentation .

Base Command
Argument Name Description Required
query A LINQ query to launch. The body must have a query or queryId parameter. Optional
queryId A query Id to launch. The body must have a query or queryId parameter. For information about obtaining the queryID, see the Additional Information section. Optional
from The start date as a UTC timestamp in the format: 2012-03-01T10:00:00Z. Required
to The end date as a UTC timestamp in the format: 2012-03-01T10:00:00Z. Default is the cur Optional
skip Skip the first "X" number of elements of the query. Optional
limit Limit the results of the query. The query will stop after returning the first X elements of the query or reaching its end. Optional
writeToContext Whether to write results to context or not Optional
Context Output
Path Description
Devo.Results The query results
Command Example
!devo-query from=2018-10-07T08:00:00Z to=2018-10-07T08:30:00Z limit=5 query="from select eventdate, referralUri, userAgent where method=\"GET\""
Context Example
    "Devo": {
        "Results": [
                "eventcount": 1,
                "eventdate": "2018-10-07T08:00:00Z",
                "referralUri": "\u0026port=161\u0026JSESSIONID=SD5SL4FF3ADFF5",
                "userAgent": "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1"
                "eventcount": 1,
                "eventdate": "2018-10-07T08:00:01Z",
                "referralUri": "\u0026itemId=LOG-66\u0026product_id=L98-72BOK-SKD00\u0026JSESSIONID=SD1SL6FF8ADFF4",
                "userAgent": "Opera/9.20 (Windows NT 6.0; U; en)"
                "eventcount": 1,
                "eventdate": "2018-10-07T08:00:01Z",
                "referralUri": "\u0026itemId=LOG-29\u0026product_id=99J-SALKS-ASKD0\u0026JSESSIONID=SD5SL7FF7ADFF1",
                "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_3) AppleWebKit/601.4.4 (KHTML, like Gecko)"
                "eventcount": 1,
                "eventdate": "2018-10-07T08:00:01Z",
                "referralUri": "\u0026JSESSIONID=SD1SL4FF10ADFF7",
                "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_3) AppleWebKit/601.4.4 (KHTML, like Gecko)"
                "eventcount": 1,
                "eventdate": "2018-10-07T08:00:02Z",
                "referralUri": "\u0026itemId=LOG-66\u0026product_id=235-40ER0-J3308\u0026JSESSIONID=SD9SL1FF5ADFF8",
                "userAgent": "Debian APT-HTTP/1.3 (1.0.1ubuntu2)"
Human Readable Output


Additional Information

Follow these steps to get the query ID

  1. Access your Devo environment.
  2. Navigate to the gear icon > Query Info > Get Id .



If you receive HTTP Error 401 (Unauthorized ), the API key or API secret might be incorrect.