Automation

Overview

DNIF is a strong automation platform that provides an automation experience with security analytics and security automation. Multiple third party endpoints can be integrated with existing applications, simplify integration and interoperability with a range of third party applications. These automations are third party applications that will allow you to create connections and ingest activity and enrichment data from antivirus tools, DLP, IAM tools, web proxy, SIEM, third-party intelligence, email security, operating systems, enterprise applications, and more to support the out-of-the-box and custom use cases in your environment.

DNIF offers the following out-of-the-box automations:

Automations Summary
image 1-Dec-20-2023-05-45-00-9538-AM

 

Active Directory

Active directory integration is the process of incorporating directory services — a suite of tools for managing users, groups, and resources into a network of computers.  It works by storing all your user data in one place, essentially becoming a single switchboard for user data and access privileges. System administrators can use active directory to add or remove users, groups, and resources quickly and efficiently through one dashboard.

image 2-Dec-20-2023-05-45-13-4190-AM

 

AlienVault

AlienVault Open Threat Exchange (OTX) is the world's most authoritative open threat information sharing and analysis network. This integration allows anyone in the security community to actively discuss, research, validate, and share the latest threat data, trends, and techniques allowing users to both contribute and receive real-time information about malicious hosts. In addition, it offers you a chance to increase security visibility and control in your network.

image 3-Dec-20-2023-05-45-42-7598-AM

 

Domain Tools

DomainTools integration helps security analysts turn threat data into threat intelligence. It takes indicators from your network, including domains and IP addresses, and connects them with nearly every active domain on the internet. These connections perform risk assessments, help profile attackers, guide online fraud investigations, and map cyber activity to the attacker’s infrastructure.

image 4-Dec-20-2023-05-45-59-1015-AM

 

URLhaus

URLhaus integration allows you to get information about malicious URLs and domains, and to download malware samples. This is a pre-configured integration in DNIF which can be used fetch threat intel data and also lookup for malicious URLs, Hosts and Files.

image 5-Dec-20-2023-05-46-21-0592-AM

 

Virustotal

The Virus Total integration enables you to request the analysis of suspicious IP addresses, hashes, and URL addresses to aid in your investigation to determine if they are malicious. It lets you upload and scan files, submit and scan URLs, access finished scan reports and make automatic comments on URLs and samples without the need of using the HTML website interface.

image 6-Dec-20-2023-05-47-49-6258-AM

 

Palo Alto

Securing your enterprise starts with your firewall. This integration safeguards internet networks from known and unknown security threats with the Palo Alto security appliance.

image 7-Dec-20-2023-05-48-13-0724-AM

 

GreenSnow

GreenSnow is a team consisting of the best specialists in computer security, who harvest a large number of IPs from different computers located around the world. GreenSnow is comparable with SpamHaus.org for attacks of any kind except for spam.

image 8-Dec-20-2023-05-49-14-5795-AM

 

Fortigate

FortiGate is a core part of security fabric and validated security to protect the enterprise network from known and unknown attacks. This integration is used to manage firewall settings and groups.

image 9-Dec-20-2023-05-49-30-8159-AM

 

Slack

Slack is a new generation communication application. It unites your team and your apps for better information sharing and collaboration.

image 10-Dec-20-2023-05-51-50-3586-AM

 

Microsoft Teams Channel

Microsoft Teams is a collaborative workspace within Microsoft 365/Office 365 that is used for workplace conversations.

image 11-Dec-20-2023-05-53-32-1215-AM

 

ClickSend

ClickSend is a multi channel business communications platform that offers SMS, MMS, Voice, Fax, Email, Post Letter and Postcard. This integration helps to send automated messages from apps when something happens.

image 12-Dec-20-2023-05-53-44-5845-AM

 

PagerDuty

PagerDuty webhook connections allow you to send alert results as a PagerDuty notification. You can learn more about PagerDuty webhooks.

image 13-Dec-20-2023-05-55-21-0029-AM

 

JiraServiceDesk

JiraServiceDesk integration helps you to create Jira issues in Jira Service Desk from alerts.

image 14-4

 

ServiceNow

ServiceNow is a software as a service (SaaS) product for technical management support.

image 15-4

 

New Relic

New Relic webhook connections allows you to send alert results to New Relic as a custom event. You can learn more about New Relic.

image 16-4

 

Opsgenie

DNIF can send webhook alerts to Opsgenie that acts as a dispatcher and determines the right people to notify.

image 17-3

 

TrendMicro

Trend Micro is a cloud-client content security infrastructure that delivers global threat intelligence to protect from online threats, such as data stealing malware, phishing attacks, and other web, email, and mobile threats. It helps to deliver continuously updated protection to stop phishing, ransomware, Business Email Compromise (BEC) scams, spam and other advanced email threats before they reach your network. It provides advanced protection for Microsoft™ Exchange Server, Microsoft Office 365, Google™ Gmail, and other cloud or on-premises email solutions.

image 18-3

 

Webhook

Webhook provides you with a simple interface to integrate DNIF with various third party application’s webhook/api.

SSH SSH

SSH, or Secure Shell, integration is used to establish a secure connection to a remote host and execute commands. It allows you to gain access and remotely manage other computers and transfer files.

User Store User Store

User Store integration is used to lookup on custom event stores uploaded to DNIF for various Users in an organization.

Asset Store Asset Store

Asset Store integration is used to lookup on custom event stores uploaded to DNIF for various Hosts in an organization.