Case Management / Threat Hunting

Uncover campaigns, connect the dots auto-magically, better tech

Case management and hunting capabilities along with efficient reporting, orchestration and alert investigation.

DNIF logo icon
Investigate

Connected Signals

Connected signals enable you to give context to the events, connect various threat signals and uncover the larger picture.

Connect alerts across various correlation rules using graph based machine learning techniques

Use connected signals to visualize hitherto normal events and track the chain of events leading to a potential breach

Map signals on the MITRE framework to visualize attack progression across the stages and gain a timeline view of the events

Use visual analytics to connect threat signals and uncover the larger picture

Incident Analysis
Analyze

Incident Analysis

Use case management capabilities along with SOAR to achieve thorough and detailed alert investigation.

Integrated mechanisms to collect relevant data points across various sources

Create reporting templates to efficiently represent investigation findings for compliance purposes

Native orchestration capabilities to automate gathering of contextual data points across multiple sources

Represent attack progression timeline and MITRE framework to identify TTPs exploited across the kill chain

Hunt

Hunt for Threats

Identify anomalous behavior using DNIF Query Language and outlier detection models and hunt for threats using connected signals.

DQL based search to efficiently gather historical data across various sources to identify potential breaches

Use-on-demand outlier detection models to identify anomalous behavior across user activity, entity information, device telemetry to begin investigations

High speed searching capability to ensure faster query response

Efficient hypothesis testing across wider variety of datasets for better validation of anomalous events

Correlate

Correlate signals across solutions

Visualize signals across solutions to identify connections and trace the progression of potential threats.

Leverage signals generated across various solutions - SIEM rules, UEBA models, NBAD to get central visibility across all detection systems

Navigate across solutions for enhanced visibility across system, network, application levels in a unified workbench