KNOWLEDGE BASE
Visit dnif.it
Go to Customer Portal
SECURITY MONITORING
START YOUR TRIAL
DEVICE INTEGRATION
CISCO
FORTINET
MICROSOFT
SYMANTEC
CONNECTORS
Supported connectors
DATA INGESTION
EXTRACTORS
ENRICHMENT
ENRICHMENT EXAMPLES
HUNTING WITH WORKBOOKS
GETTING STARTED
VISUALIZATION
DNIF Query Language (DQL Language)
OVERVIEW
DQL RIGHT FROM START
BASIC SYNTAX
DQL CHEATSHEET
PIPES
FUNCTIONS
DQL (LEGACY)
SCHEMA ON READ
Query by source name
Query multiple streams
SECURITY MONITORING
INVESTIGATE SIGNALS
MANAGING CASES
OPERATIONS
MANAGE DASHBOARDS
MANAGE REPORTS
USER MANAGEMENT & ACCESS CONTROL
Manage Organization and Users
Manage Tenants and Access
BILLING
MANAGING YOUR COMPONENTS
PICO
GETTING STARTED
INSTALLATION
SOLUTION DESIGN
AUTOMATION
SUPPORTED AUTOMATION
SUPPORTED AUTOMATION - SSH
TROUBLESHOOTING AND DEBUGGING
TROUBLESHOOTING CONNECTORS
LICENSE MANAGEMENT
RELEASE NOTES
API
POLICIES
SECURITY BULLETINS
BEST PRACTICES
DNIF AI
Getting Started with DNIF AI
Extractor Generator
DNIF LEGAL AND SECURITY COMPLIANCE
DNIF End-user License Agreement
Data Privacy Policy
Back to home
KNOWLEDGE BASE
SECURITY MONITORING
START YOUR TRIAL
DEVICE INTEGRATION
CISCO
FORTINET
MICROSOFT
SYMANTEC
CONNECTORS
Supported connectors
DATA INGESTION
EXTRACTORS
ENRICHMENT
ENRICHMENT EXAMPLES
HUNTING WITH WORKBOOKS
GETTING STARTED
VISUALIZATION
DNIF Query Language (DQL Language)
OVERVIEW
DQL RIGHT FROM START
BASIC SYNTAX
DQL CHEATSHEET
PIPES
FUNCTIONS
DQL (LEGACY)
SCHEMA ON READ
Query by source name
Query multiple streams
SECURITY MONITORING
INVESTIGATE SIGNALS
MANAGING CASES
OPERATIONS
MANAGE DASHBOARDS
MANAGE REPORTS
USER MANAGEMENT & ACCESS CONTROL
Manage Organization and Users
Manage Tenants and Access
BILLING
MANAGING YOUR COMPONENTS
PICO
GETTING STARTED
INSTALLATION
SOLUTION DESIGN
AUTOMATION
SUPPORTED AUTOMATION
SUPPORTED AUTOMATION - SSH
TROUBLESHOOTING AND DEBUGGING
TROUBLESHOOTING CONNECTORS
LICENSE MANAGEMENT
RELEASE NOTES
API
POLICIES
SECURITY BULLETINS
BEST PRACTICES
DNIF AI
Getting Started with DNIF AI
Extractor Generator
DNIF LEGAL AND SECURITY COMPLIANCE
DNIF End-user License Agreement
Data Privacy Policy
SECURITY MONITORING
Best practices to use the platform for active threat monitoring.
Streamline Alert Analysis with Signal Tagging
Workbook Versioning: Track, Collaborate, and Restore with Ease
What is security monitoring?
MITRE ATT&CK® and DNIF
Streams and MITRE ATT&CK®
Why EBA
Signal Suppression Rule
Creating Signal Suppression Rules
Understanding Detection Workbook Coverage on the MITRE ATTACK Framework
INVESTIGATE SIGNALS
How to add a signal to a case?
False Positives
Add Multiple Signals to a Case
What are signals?
Suspect & Target
View Signal Context Details
Signal Context Details
Raise and View Signals
Global Signals
Source Stream
Signal Confidence Levels
Signal Filters
Investigate Anywhere
Graph View for Signals
Signal Data export
See more
MANAGING CASES
What is Case Management?
View Cases
Filter Cases
How to create a new case?
Kill Chain Model
See more