A HyperScale SIEM that is easy to work with
Flexible deployment architectures tailored to suit your requirements
N-Tier Distributed Architecture
A cloud delivered SIEM with unlimited horizontal / vertical scalability to accommodate petabytes of event streams and redundancy across sites. Sustain high peaks in events without any delays.
Easy Integration Process
Easy integration process with no human intervention. Multi-tenant connector for customers connecting to multiple clouds. Get SDK, API for two-way integration with IT tools for issue management and other IT automation tools.
Seamless and unlimited scale up or down depending on your requirements i.e. in a single box, distributed or in a scaled-out deployment.
Flexible Deployment Options
Seamless deployment on physical, virtual or cloud infrastructure (on-prem / off-prem and extensive hybrid deployments for cloud / managed service providers). Granular control over retention of data/archival across organizations.
Cloud monitoring comes out-of-the-box
Making the cloud look like a seamless extension of the enterprise security infrastructure
Utilize your hardware better, expand and accommodate growth according to demands with almost no overhead and virtually no downtime. Boost your performance by load balancing on the way. Eliminate the complexity and time spent on architecting a security solution.
Out-of-the-box Detection Capability
Get pre-built use cases which are mapped directly to the MITRE ATT&CK framework. Benefit of the open DNIF Data Model to map application outcomes to existing threat models.
Automated Cloud Deployment
Azure, AWS, GCP, popular SaaS solutions such as GSuite, O365..Sounds familiar? Get automated configuration management scripts for bare metal, virtual or cloud deployments. Get cloud grade security on your premise along with extensive hybrid deployment support for cloud / managed services providers.
Auto integrate and ingest events from various cloud applications using API framework and native connectors. Bidirectional integration between the cloud and the SIEM with Native response, remediation integrations for Azure, AWS and GCP.
Keep the platform going with zero effort
An easy to use platform and a prompt support to make your operations seamless
One Screen for All Your Actions
Manage everything on a single screen - analytics content, rules, machine learning models, resolving issues, customizations and visualizations. Define and manage automated responses via playbooks / workflow integrations. Out of the box validation / response / remediation playbooks for known threat types.
24x7 Product Support for Customers
Support available are various levels of personalization. From 24x7 support to community support. A growing knowledge base covering operations, troubleshooting is maintained across versions along with continuous upgrades for content, patches, fixes.
Extended Monitoring and Admin Console
Ability to centrally configure, manage and monitor each component remotely along with error reporting through the web console for distributed cloud deployments. Integrated system telemetry to monitor every parameter for components across the cluster.
Nonstop SIEM Without A Sweat
Extremely low management/admin overhead for long term operations. No need for substantial administrator resources for management because of Auto healing technologies in the platform.
Nitro boost your compute, save costly dollars
High scalability and performance provides better return on investment and space for more
Acquire Events from Multiple Sources
Data from various sources written to and read from the log stream in a specific format. STREAMS enable you to build custom policies, retain valuable data and query the relevant data.
Enrichment with Threat Intelligence
Out-of-the-box integration with popular IoT/OT platforms. Inbuilt integration with GeoDB providers, threat intelligence providers, Microsoft Active Directory, HRMS and CMDB applications.
Increased Data Compression
Offer granular compression to minimize storage at the stream level. Provide several compression options : General mode for upto 95% compression, Maximal mode for upto 98.4% compression.
Search, Storage and Security
Ability to store raw, parsed (meta), enriched and annotated events while making them available for threat detection. Comprehensive text / regular expression based search capabilities across data types and raw log events.
NextGen capability to prevent nextgen threats
Use a combination of simple and complex models to detect outliers across data types
High Accuracy Detection
Ability to measure accuracy of threat detection models based on feedback from analyst by using threat risk score and confidence. Get more accuracy based on good correlation events and rules which will enable Investigation of more complex and sophisticated attacks.
Comprehensive Analytics Framework
Open analytics bench where customers can understand the logic behind the models. Open analytics downloadable off the shelf models, allows customization, fine tuning or refactoring for different use cases. Offer closed analytics to focus on certain threat types. Ability to customize existing models to create new ones.
Auto Detect Multiple Threats with ML
Ability to detect threats parallely in scheduled jobs and in streaming (real-time). Get benefit of advanced process prioritization and management capability.
Uncover APTs using Connected Signals
Able to understand patterns and auto discover linked cases/artifacts across collected escalated signals. Provide context around a case for accelerated resolution and improved security posture. Significantly reduces the effort required by analysts to check and investigate all alerts.
Integrated tools for handling threats
The right workflow for handling incidents spanning across time and geographies
Resolve Faster using Auto Triage
Auto triage using machine learning to assign the right cases to analysts with the right skillset (endpoint cases to endpoint experts)
Crossfunctional User Experience
Quickly open cases directly from operating / monitoring UI or during threat hunting.
Two Way Response Integrations
Integrations with enterprise help desk systems (ITSM) interacting with business units outside security. Ability to drill down on alerts / integrate with forensic and threat hunting capabilities. Rapid contextual reactions like opening a case and launching an investigation.
Different RBAC levels for cases requiring different clearance levels. Cases should have the ability to change status (preconfigured and custom) support notes, annotations and assign to other handlers. All steps performed to be logged, must be admissible in court. Attributes such as nonrepudiation, integrity of each event and integrity of sequence of events.
Continuously updating threat detection content
You don't need security engineers to write or customize detection content any more
Get extensive and well organized content in packages containing collectors, parsers for datasources, complete use cases, compliance packages, rules and models for analytics. Predefined content packs available for first time users.
Easy Content Management
Get framework for accessing, updating and managing your content. Minimized operational cost of access, modification and deployment.
Your Own App Store
Central app store kind of marketplace for content, integrations, playbooks, and more
Hunt cyber threats with your bare hands
Let DNIF do the thinking for you. Connect dots and build the picture - automagically
Prioritize Your Threat Landscape
Threat hunting console to investigate signals and cases. Ability to use machine learning to connect multiple signals together. Available mapping with the kill chain / MITRE ATT&CK framework
User intuitive visualizations to uncover patterns using Pivot from results by using click based (UI) workflow. Ability to open a case at any point of the hunt and use for forensic or threat hunting.
Investigation and Response
Highly capable search features, with predefined taxonomy and free flowing search queries to investigate an incident. Ability to search through multiple datastores. Quick response to search requests across large datasets.