Hello. How can we help you?
-
DEVICE INTEGRATION
- Palo Alto (Device Integration)
- Dell Cylance Endpoint
- McAfee Web Gateway
- Imperva WAF
- Darktrace
- Forescout CounterACT
- Juniper Cortex Threat
- Zscaler
- Sophos
- Sophos Endpoint
- Trend Micro
- Sophos Cyberoam Firewall
- Radware-WAF
- NetScaler WAF
- Ubuntu
- Juniper SRX
- Forcepoint Websense
- FireEye
- Forcepoint DLP
- F5 BIG-IP ASM
- CyberArk PIM
- CheckPoint
- Bluecoat Proxy
- Accops Hyworks
- Barracuda WAF Syslog
- Forwarding F5 Distributed Cloud Services Logs to DNIF over TLS
- JIRA CLOUD
- Aruba ClearPass
- Show Remaining Articles (13) Collapse Articles
-
CONNECTORS
-
- 1Password Connector
- Abnormal Security
- Akamai Netstorage
- Atlassian
- Auth0 Connector
- AWS CloudTrail
- AWS Kinesis
- AWS S3
- AWS S3 (Optimized)
- AWS S3 Optimized Cross Account Connector
- Azure Blob Storage Connector
- Azure Event Hub
- Azure NSG
- Beats
- Box
- Cisco Duo
- Cloudflare Logpull Connector Setup Guide
- CloudWatch Connector
- Cortex XDR
- CrowdStrike
- Cyble Vision
- Device42
- Dropbox Connector
- GCP
- GCP PUB/SUB
- GitHub
- Google Workspace
- Haltdos
- HTTP Connector
- Hub Spot Connector
- Indusface
- Jira Connector
- Microsoft Graph Security API
- Microsoft Intune
- Mimecast
- Netflow
- Netskope Connector
- Network Traffic Analysis
- NextDLP Reveal
- Office 365
- Okta
- OneLogin
- Orca
- PICO Legacy Connector
- Prisma Alerts
- Prisma Incidents
- Salesforce
- Salesforce Pub/Sub Connector
- Shopify Connector
- Slack
- Snowflake
- Snyk Connector
- Syslog
- TCP
- Tenable Vulnerability Management Connector
- TLS
- Trend Micro Audit Logs
- Workday HCM Connector
- Zendesk
- Zoom
- Jumpcloud Connector
- Sophos connector
- Tenable Security Center Connector
- AWS GuardDuty Connector
- Trend Micro Vision One Connector
- RediffMail Pro Connector
- Microsoft Sentinel
- Microsoft Exchange Online Connector
- Show Remaining Articles (53) Collapse Articles
-
-
DATA INGESTION
-
HUNTING WITH WORKBOOKS
-
- Your first FIND with the HYPERCLOUD
- Create a Search Block
- Create a Signal Block
- Create a Text Block
- Create an Outlier Block
- Create a DQL Block
- Create an SQL Block
- Create a Code Block
- Create a Visualisation Block
- Create a Call Block
- Create a Return Block
- Create a Notification Block
- Schedule a Workbook
- Native Workbook
- Workbook Functions
- How to view Workbooks?
- Add Parameters to Workbook
- Working with Pass through Content
- How to create a Workbook?
- Workbooks
- Show Remaining Articles (5) Collapse Articles
-
-
DNIF Query Language (DQL Language)
-
SECURITY MONITORING
- Streamline Alert Analysis with Signal Tagging
- Workbook Versioning: Track, Collaborate, and Restore with Ease
- What is Security Monitoring?
- Creating Signal Suppression Rules
- Why EBA
- Signal Suppression Rule
-
- What are signals?
- View Signal Context Details
- Suspect & Target
- Source Stream
- Signal Filters
- Signal Data export
- Signal Context Details
- Signal Confidence Levels
- Raise and View Signals
- Investigate Anywhere
- How to add a signal to a case?
- Graph View for Signals
- Global Signals
- False Positives
- Add Multiple Signals to a Case
- Add comment to the signal
- Show Remaining Articles (1) Collapse Articles
-
OPERATIONS
-
MANAGE DASHBOARDS
-
MANAGE REPORTS
-
USER MANAGEMENT & ACCESS CONTROL
-
BILLING
-
MANAGING YOUR COMPONENTS
-
GETTING STARTED
-
INSTALLATION
-
SOLUTION DESIGN
-
AUTOMATION
-
- Active Directory
- AlienVault
- Asset Store
- ClickSend
- Domain Tools
- Fortigate
- GreenSnow
- JiraServiceDesk
- Microsoft Teams Channel
- New Relic
- Opsgenie
- PagerDuty
- Palo Alto
- ServiceNow
- Slack Configuration
- TAXII
- Trend Micro
- URLhaus
- User Store
- Virustotal
- Webhook
- Show Remaining Articles (6) Collapse Articles
-
-
TROUBLESHOOTING AND DEBUGGING
-
- TLS ( Troubleshooting Procedure)
- TCP (Troubleshooting Procedure)
- Syslog (Troubleshooting Procedure)
- Salesforce ( Troubleshooting Procedure)
- PICO
- Office 365 (Troubleshooting Procedure)
- GSuite
- GCP (Troubleshooting Procedure)
- Beats (Troubleshooting Procedure)
- Azure NSG ( Troubleshooting Procedure)
- Azure Eventhub
- AWS S3 (Troubleshooting Procedure)
-
-
LICENSE MANAGEMENT
-
RELEASE NOTES
- March 31, 2026 - Content Update
- March 16, 2026 - Application Update
- February 26, 2026 - Content Update
- January 19,2026 - Content Update
- December 23, 2025 - Application Update
- December 4,2025 - Content Update
- November 27, 2025 - Application Update
- October 28, 2025 - Content Update
- August 20, 2025 - Content Update
- August 5, 2025 - Application Update
- July 15, 2025 - Content Update
- June 13, 2025 - Content Update
- May 21, 2025 - Content Update
- April 17, 2025- Content Update
- March 25, 2025- Content Update
- March 18, 2025 - Application Update
- March 5, 2025 - Application Update
- January 27, 2025 - Application Update
- January 29, 2025 - Content update
- December 30, 2024 - Content Update
- December 12, 2024 - Content Update
- December 3, 2024 - Application Update
- November 15, 2024 - Content Update
- October 26, 2024- Application Update
- October 23, 2024 - Content Update
- October 16, 2024 - Application Update
- September 04, 2024 - Application Update
- September 04, 2024 - Content Update
- August 27, 2024 - Application Update
- July 30, 2024 - Application Update
- June 04, 2024- Application Update
- April 24, 2024- Application Update
- March 26, 2024 - Application Update
- February 19, 2024 - Application Update
- January 09, 2024 - Content Update
- January 09, 2024 - Application Update
- November 27, 2023 - Content Update
- November 27, 2023 - Application Update
- October 05, 2023 - Application Update (Release Notes v9.3.3)
- May 30, 2023 - Application Update (Release Notes v9.3.2)
- November 29, 2022 - Application Update (Release Notes v9.3.0)
- Show Remaining Articles (26) Collapse Articles
-
API
-
POLICIES
-
SECURITY BULLETINS
-
BEST PRACTICES
-
DNIF AI
-
DNIF LEGAL AND SECURITY COMPLIANCE
Working with Services
This section helps you to manage and monitor the services of PICO.
How to view PICO Services?
- Hover on the Administration icon on the left sidebar of the Home screen, from the option displayed select Manage Components, the following screen will be displayed.
- Click the Component name to view the Health page of that particular Component.
- Services can be managed using the Manage icon displayed on the top right corner of the PICO Health screen.
You can edit the name of the component on the top left corner of the screen using the Edit icon and then click Save, to save the component name.
| Icon | Description |
 | Click this icon to list the services of the PICO component. Each service listed can be enabled/disabled. |
 | Indicates that the services is up and running |
 | Indicates that the particular service is stopped |
 | Click this to restart the service |
PICO services can be individually restarted from the following screen
The PICO component displays the following services:
| Field Name | Description |
| Filter Engine | Log Level: Used to know the status of the logs updated before forwarding to the next queue.The logging level can be set with below integer values: DEBUG INFO WARNING ERROR CRITICAL Device Source IP Policy: The valid values are: Allow: When configured to allow, it will allow all the host-addresses except the ones mentioned in Device Source IP List. Deny: When configured to deny, it will deny all the host-addresses except the ones mentioned in Device Source IP List. Note: Multiple IP Addresses can be added as comma separated values. Device Source IP List: Enter the list of host IP addresses of the devices from which log forwarding should be allowed or denied. Event Policy: The valid values are: Allow: When configured to allow, it will allow all the event string matches except the ones mentioned in the event list Deny: When configured to deny, it will deny all the event string matches except the ones mentioned in the event list. Note: Multiple events can be added as comma separated values. Event List: A list of event string filters to be allowed or denied based on the configuration value in DefaultPolicy. System Processes: Number of services or instances running in the Filter Engine of Pico. The more the number of Filter Engine Processes, the better is the performance of filtering. The minimum value is 1. Event Filter Mode: The valid values are: Term: Used for searching exact term match across log events (default mode) Wildcard: Used for bash-style wildcard filtering |
| Native Forwarder | Log Level: Used to know the status of the logs updated before forwarding to the next queue.The logging level can be set with below integer values: DEBUG INFO WARNING ERROR CRITICAL Scope: Lists all the scopes available in the tenant (previously known as cluster), select to assign PICO to a particular scope Primary Adapter(s): Select the IP address of the primary Adapter to which the filtered logs will be forwarded. Failover Adapter(s): Select the IP address of the failover Adapter to which the filtered logs will be forwarded. System Processes: The number of services or instances running in multiple Native Forwarders. The more the number of processes, the better is the performance of filtering. The minimum value is 1. |
| Raw Forwarder | Log Level: Used to know the status of the logs updated before forwarding to the next queue. The logging level can be set with below integer values: DEBUG INFO WARNING ERROR CRITICAL Destination IP: Enter an IP address to forward logs through Raw Forwarder. Spoof Mode: Select True or False. This is used to spoof the IP address from the source. System Processes: The number of services or instances running in multiple Raw Forwarders. The more the number of processes, the better is the performance of filtering. The minimum value is 1. |