Hello. How can we help you?
-
DEVICE INTEGRATION
- Palo Alto (Device Integration)
- Dell Cylance Endpoint
- McAfee Web Gateway
- Imperva WAF
- Darktrace
- Forescout CounterACT
- Juniper Cortex Threat
- Zscaler
- Sophos
- Sophos Endpoint
- Trend Micro
- Sophos Cyberoam Firewall
- Radware-WAF
- NetScaler WAF
- Ubuntu
- Juniper SRX
- Forcepoint Websense
- FireEye
- Forcepoint DLP
- F5 BIG-IP ASM
- CyberArk PIM
- CheckPoint
- Bluecoat Proxy
- Accops Hyworks
- Barracuda WAF Syslog
- Forwarding F5 Distributed Cloud Services Logs to DNIF over TLS
- JIRA CLOUD
- Aruba ClearPass
- Show Remaining Articles (13) Collapse Articles
-
CONNECTORS
-
- 1Password Connector
- Abnormal Security
- Akamai Netstorage
- Atlassian
- Auth0 Connector
- AWS CloudTrail
- AWS Kinesis
- AWS S3
- AWS S3 (Optimized)
- AWS S3 Optimized Cross Account Connector
- Azure Blob Storage Connector
- Azure Event Hub
- Azure NSG
- Beats
- Box
- Cisco Duo
- Cloudflare Logpull Connector Setup Guide
- CloudWatch Connector
- Cortex XDR
- CrowdStrike
- Cyble Vision
- Device42
- Dropbox Connector
- GCP
- GCP PUB/SUB
- GitHub
- Google Workspace
- Haltdos
- HTTP Connector
- Hub Spot Connector
- Indusface
- Jira Connector
- Microsoft Graph Security API
- Microsoft Intune
- Mimecast
- Netflow
- Netskope Connector
- Network Traffic Analysis
- NextDLP Reveal
- Office 365
- Okta
- OneLogin
- Orca
- PICO Legacy Connector
- Prisma Alerts
- Prisma Incidents
- Salesforce
- Salesforce Pub/Sub Connector
- Shopify Connector
- Slack
- Snowflake
- Snyk Connector
- Syslog
- TCP
- Tenable Vulnerability Management Connector
- TLS
- Trend Micro Audit Logs
- Workday HCM Connector
- Zendesk
- Zoom
- Jumpcloud Connector
- Sophos connector
- Tenable Security Center Connector
- AWS GuardDuty Connector
- Trend Micro Vision One Connector
- RediffMail Pro Connector
- Microsoft Sentinel
- Microsoft Exchange Online Connector
- Show Remaining Articles (53) Collapse Articles
-
-
DATA INGESTION
-
HUNTING WITH WORKBOOKS
-
- Your first FIND with the HYPERCLOUD
- Create a Search Block
- Create a Signal Block
- Create a Text Block
- Create an Outlier Block
- Create a DQL Block
- Create an SQL Block
- Create a Code Block
- Create a Visual Block
- Create a Call Block
- Create a Return Block
- Create a Notification Block
- Schedule a Workbook
- Native Workbook
- Workbook Functions
- How to view Workbooks?
- Add Parameters to Workbook
- Working with Pass through Content
- How to create a Workbook?
- Workbooks
- Show Remaining Articles (5) Collapse Articles
-
-
DNIF Query Language (DQL Language)
-
SECURITY MONITORING
- Streamline Alert Analysis with Signal Tagging
- Workbook Versioning: Track, Collaborate, and Restore with Ease
- What is Security Monitoring?
- Creating Signal Suppression Rules
- Why EBA
- Signal Suppression Rule
-
- What are signals?
- View Signal Context Details
- Suspect & Target
- Source Stream
- Signal Filters
- Signal Data export
- Signal Context Details
- Signal Confidence Levels
- Raise and View Signals
- Investigate Anywhere
- How to add a signal to a case?
- Graph View for Signals
- Global Signals
- False Positives
- Add Multiple Signals to a Case
- Add comment to the signal
- Show Remaining Articles (1) Collapse Articles
-
OPERATIONS
-
MANAGE DASHBOARDS
-
MANAGE REPORTS
-
USER MANAGEMENT & ACCESS CONTROL
-
BILLING
-
MANAGING YOUR COMPONENTS
-
GETTING STARTED
-
INSTALLATION
-
SOLUTION DESIGN
-
AUTOMATION
-
- Active Directory
- AlienVault
- Asset Store
- ClickSend
- Domain Tools
- Fortigate
- GreenSnow
- JiraServiceDesk
- Microsoft Teams Channel
- New Relic
- Opsgenie
- PagerDuty
- Palo Alto
- ServiceNow
- Slack Configuration
- TAXII
- Trend Micro
- URLhaus
- User Store
- Virustotal
- Webhook
- Show Remaining Articles (6) Collapse Articles
-
-
TROUBLESHOOTING AND DEBUGGING
-
- TLS ( Troubleshooting Procedure)
- TCP (Troubleshooting Procedure)
- Syslog (Troubleshooting Procedure)
- Salesforce ( Troubleshooting Procedure)
- PICO
- Office 365 (Troubleshooting Procedure)
- GSuite
- GCP (Troubleshooting Procedure)
- Beats (Troubleshooting Procedure)
- Azure NSG ( Troubleshooting Procedure)
- Azure Eventhub
- AWS S3 (Troubleshooting Procedure)
-
-
LICENSE MANAGEMENT
-
RELEASE NOTES
- December 4,2025 - Content Update
- November 27, 2025 - Application Update
- October 28, 2025 - Content Update
- August 20, 2025 - Content Update
- August 5, 2025 - Application Update
- July 15, 2025 - Content Update
- June 13, 2025 - Content Update
- May 21, 2025 - Content Update
- April 17, 2025- Content Update
- March 25, 2025- Content Update
- March 18, 2025 - Application Update
- March 5, 2025 - Application Update
- January 27, 2025 - Application Update
- January 29, 2025 - Content update
- December 30, 2024 - Content Update
- December 12, 2024 - Content Update
- December 3, 2024 - Application Update
- November 15, 2024 - Content Update
- October 26, 2024- Application Update
- October 23, 2024 - Content Update
- October 16, 2024 - Application Update
- September 04, 2024 - Application Update
- September 04, 2024 - Content Update
- August 27, 2024 - Application Update
- July 30, 2024 - Application Update
- June 04, 2024- Application Update
- April 24, 2024- Application Update
- March 26, 2024 - Application Update
- February 19, 2024 - Application Update
- January 09, 2024 - Content Update
- January 09, 2024 - Application Update
- November 27, 2023 - Content Update
- November 27, 2023 - Application Update
- October 05, 2023 - Application Update (Release Notes v9.3.3)
- May 30, 2023 - Application Update (Release Notes v9.3.2)
- November 29, 2022 - Application Update (Release Notes v9.3.0)
- Show Remaining Articles (21) Collapse Articles
-
API
-
POLICIES
-
SECURITY BULLETINS
-
BEST PRACTICES
-
DNIF AI
-
DNIF LEGAL AND SECURITY COMPLIANCE
Schedule a Workbook
A Workbook with a collection of queries can be saved and scheduled to run at set intervals. Users don’t have to manually write a query every time, the scheduler will run the query at the designated time and signal the users in case of any threat detection. It provides control and visibility into the enterprise.
Streamed Workbooks
The objective of Streamed Workbooks is to enable continuous threat detection without having to manually figure out schedules for executing content.
- If the main query in the streamed workbook searches a duration of up to 30 minutes or has no duration specified, it will be triggered every minute as long as logs are received in the corresponding stream.
- If the main query in the streamed workbook searches a duration longer than 30 minutes, it will be auto-scheduled to execute thrice in the specified duration and not every minute. For example, if the duration in the query is 90 minutes, the workbook will trigger every 30 minutes searching a duration of 90 minutes. Such queries will be executed on the report server and not correlation server.
- In the interest of platform stability and availability, we strongly discourage specifying a duration in streamed workbooks. It will default to scanning the last five minute duration and trigger every minute data is ingested in the stream.
How to schedule a workbook?
- Hover on the Workbooks icon on the left navigation bar, it will display the folder wise view of existing workbooks in the tenant (previously known as cluster).
- Click the plus icon on the Workbook page and then add a DQL /Search / Code / AI Block.
- Enter the required query and click Run, to view the query result.
- Once you have added all the required blocks in the Workbook. Click Save, to save your Workbook.
- The Schedule icon is displayed, once you save the Workbook.
- Click Schedule icon on the top right corner of the screen to schedule a Workbook
Workbooks can be either be:
- Scheduled
- Streamed
- Select Off to disable any scheduled / streamed jobs.
- The Schedule icon is displayed only on the saved Workbook.
The following parameters are available for Scheduled jobs:
| Time Range | Description |
| Run Daily | Schedule on a daily basis at a particular time |
| Run Weekly | Schedule on a weekly basis at a particular time. You can schedule it for multiple days in a week. |
| Run Monthly | Schedule on a monthly basis at a particular date and time |
| Run Cron (Custom) | Enter the required Cron Value to be scheduled. The cron value should be entered in format. For example, 21 4 1 2 1 21 represents minutes 4 represents hours 1 represents date of the month 2 represents month 1 represents day of the week Here in the above example, the scheduler will run at 4:21 on 1st February, 2021 (Monday) |
| Timezone | Select the timezone as per your local time zone. |
- Click OK, to schedule a Workbook and then click Save to update the details.
For more examples refer the following table:
| Minute | Hour | Date of the Month | Month | Day of the Week | Result |
|---|---|---|---|---|---|
| 21 | 4 | * | 2 | * | The scheduler will run at 4:21 on 1st February, 2021 (Monday) |
| 21 | 4 | * | 2 | 3 | The scheduler will at 4:21 on 3rd February, 2021 (Wednesday |
- If the value is left as . * * * * * then the cron will be scheduled to run after every minute.
- If the fields for date, year, and day are mentioned as * then it will be scheduled for that set time everyday.
- If the fields for month and day of the week are mentioned as *, then the cron will be scheduled for the particular date and time every month.
- If only the day of the week is mentioned as *, the cron will be scheduled for the particular date of the month.
- Example: 00 01 * 10 * . If the time is set to 1:00 on October and the fields of date and day of the week are marked as *. In this case it will be scheduled to run at 1:00 am. on 1st of October 2020.
- All the workbooks scheduled will be executed based on Local timezone
- For more details on Workbooks refer Create a Workbook.