-
DEVICE INTEGRATION
- Palo Alto (Device Integration)
- Dell Cylance Endpoint
- McAfee Web Gateway
- Imperva WAF
- Darktrace
- Forescout CounterACT
- Juniper Cortex Threat
- Zscaler
- Sophos
- Sophos Endpoint
- Trend Micro
- Sophos Cyberoam Firewall
- Radware-WAF
- NetScaler WAF
- Ubuntu
- Juniper SRX
- Forcepoint Websense
- FireEye
- Forcepoint DLP
- F5 BIG-IP ASM
- CyberArk PIM
- CheckPoint
- Bluecoat Proxy
- Accops Hyworks
- Barracuda WAF Syslog
- Forwarding F5 Distributed Cloud Services Logs to DNIF over TLS
- JIRA CLOUD
- Aruba ClearPass
- Show Remaining Articles (13) Collapse Articles
-
CONNECTORS
-
- 1Password Connector
- Abnormal Security
- Akamai Netstorage
- Atlassian
- Auth0 Connector
- AWS CloudTrail
- AWS Kinesis
- AWS S3
- AWS S3 (Optimized)
- AWS S3 Optimized Cross Account Connector
- Azure Blob Storage Connector
- Azure Event Hub
- Azure NSG
- Beats
- Box
- Cisco Duo
- Cloudflare Logpull Connector Setup Guide
- CloudWatch Connector
- Cortex XDR
- CrowdStrike
- Cyble Vision
- Device42
- Dropbox Connector
- GCP
- GCP PUB/SUB
- GitHub
- Google Workspace
- Haltdos
- HTTP Connector
- Hub Spot Connector
- Indusface
- Jira Connector
- Microsoft Graph Security API
- Microsoft Intune
- Mimecast
- Netflow
- Netskope Connector
- Network Traffic Analysis
- NextDLP Reveal
- Office 365
- Okta
- OneLogin
- Orca
- PICO Legacy Connector
- Prisma Alerts
- Prisma Incidents
- Salesforce
- Salesforce Pub/Sub Connector
- Shopify Connector
- Slack
- Snowflake
- Snyk Connector
- Syslog
- TCP
- Tenable Vulnerability Management Connector
- TLS
- Trend Micro Audit Logs
- Workday HCM Connector
- Zendesk
- Zoom
- Jumpcloud Connector
- Sophos connector
- Tenable Security Center Connector
- AWS GuardDuty Connector
- Trend Micro Vision One Connector
- RediffMail Pro Connector
- Microsoft Sentinel
- Microsoft Exchange Online Connector
- Show Remaining Articles (53) Collapse Articles
-
-
DATA INGESTION
-
HUNTING WITH WORKBOOKS
-
- Your first FIND with the HYPERCLOUD
- Create a Search Block
- Create a Signal Block
- Create a Text Block
- Create an Outlier Block
- Create a DQL Block
- Create an SQL Block
- Create a Code Block
- Create a Visual Block
- Create a Call Block
- Create a Return Block
- Create a Notification Block
- Schedule a Workbook
- Native Workbook
- Workbook Functions
- How to view Workbooks?
- Add Parameters to Workbook
- Working with Pass through Content
- How to create a Workbook?
- Workbooks
- Show Remaining Articles (5) Collapse Articles
-
-
DNIF Query Language (DQL Language)
-
SECURITY MONITORING
- Streamline Alert Analysis with Signal Tagging
- Workbook Versioning: Track, Collaborate, and Restore with Ease
- What is Security Monitoring?
- Creating Signal Suppression Rules
- Why EBA
- Signal Suppression Rule
-
- What are signals?
- View Signal Context Details
- Suspect & Target
- Source Stream
- Signal Filters
- Signal Data export
- Signal Context Details
- Signal Confidence Levels
- Raise and View Signals
- Investigate Anywhere
- How to add a signal to a case?
- Graph View for Signals
- Global Signals
- False Positives
- Add Multiple Signals to a Case
- Add comment to the signal
- Show Remaining Articles (1) Collapse Articles
-
OPERATIONS
-
MANAGE DASHBOARDS
-
MANAGE REPORTS
-
USER MANAGEMENT & ACCESS CONTROL
-
BILLING
-
MANAGING YOUR COMPONENTS
-
GETTING STARTED
-
INSTALLATION
-
SOLUTION DESIGN
-
AUTOMATION
-
- Active Directory
- AlienVault
- Asset Store
- ClickSend
- Domain Tools
- Fortigate
- GreenSnow
- JiraServiceDesk
- Microsoft Teams Channel
- New Relic
- Opsgenie
- PagerDuty
- Palo Alto
- ServiceNow
- Slack Configuration
- TAXII
- Trend Micro
- URLhaus
- User Store
- Virustotal
- Webhook
- Show Remaining Articles (6) Collapse Articles
-
-
TROUBLESHOOTING AND DEBUGGING
-
- TLS ( Troubleshooting Procedure)
- TCP (Troubleshooting Procedure)
- Syslog (Troubleshooting Procedure)
- Salesforce ( Troubleshooting Procedure)
- PICO
- Office 365 (Troubleshooting Procedure)
- GSuite
- GCP (Troubleshooting Procedure)
- Beats (Troubleshooting Procedure)
- Azure NSG ( Troubleshooting Procedure)
- Azure Eventhub
- AWS S3 (Troubleshooting Procedure)
-
-
LICENSE MANAGEMENT
-
RELEASE NOTES
- January 19,2026 - Content Update
- December 23, 2025 - Application Update
- December 4,2025 - Content Update
- November 27, 2025 - Application Update
- October 28, 2025 - Content Update
- August 20, 2025 - Content Update
- August 5, 2025 - Application Update
- July 15, 2025 - Content Update
- June 13, 2025 - Content Update
- May 21, 2025 - Content Update
- April 17, 2025- Content Update
- March 25, 2025- Content Update
- March 18, 2025 - Application Update
- March 5, 2025 - Application Update
- January 27, 2025 - Application Update
- January 29, 2025 - Content update
- December 30, 2024 - Content Update
- December 12, 2024 - Content Update
- December 3, 2024 - Application Update
- November 15, 2024 - Content Update
- October 26, 2024- Application Update
- October 23, 2024 - Content Update
- October 16, 2024 - Application Update
- September 04, 2024 - Application Update
- September 04, 2024 - Content Update
- August 27, 2024 - Application Update
- July 30, 2024 - Application Update
- June 04, 2024- Application Update
- April 24, 2024- Application Update
- March 26, 2024 - Application Update
- February 19, 2024 - Application Update
- January 09, 2024 - Content Update
- January 09, 2024 - Application Update
- November 27, 2023 - Content Update
- November 27, 2023 - Application Update
- October 05, 2023 - Application Update (Release Notes v9.3.3)
- May 30, 2023 - Application Update (Release Notes v9.3.2)
- November 29, 2022 - Application Update (Release Notes v9.3.0)
- Show Remaining Articles (23) Collapse Articles
-
API
-
POLICIES
-
SECURITY BULLETINS
-
BEST PRACTICES
-
DNIF AI
-
DNIF LEGAL AND SECURITY COMPLIANCE
Managing Streams
Overview
Stream Management is management of a specific collection of data that is used as a log. The data is written to and read from the log stream in a specific format so that all the instances of a particular stream are diverted into a single segment.
Data in a log stream can be compressed, replicated, and retained for a specific time period. DNIF allows you to configure customized settings for each stream in the organizational network. It will help you to compress the data without affecting the query speed, and also store data for compliance purposes without occupying much disk space.
Retention
Retention settings can be used to specify how long log events are stored in DNIF. By default, the log data retention period is for 90 days. The log data retention is configurable as per organizational requirements and all the data older than the current retention configurations will be deleted automatically.
Data Compression
The growth of big data has created a demand for ever-increasing processing power and efficient storage. Compressing big data can help address these demands by reducing the amount of storage and bandwidth required for data sets.
DNIF uses compression algorithms to manage large amounts of data. Compression can also remove irrelevant or redundant data, making analysis and processing easier and faster. It typically reduces the size of a file, which reduces both cost and transfer time.
Replication
DNIF Data Replication is the asynchronous process of storing the same data in multiple locations to improve data availability and accessibility, and to improve system resilience and reliability. One common use of data replication is for disaster recovery, to ensure that an accurate backup exists at all times in case of a catastrophe, hardware failure, or a system breach where data is compromised. By default, the data will be replicated once.
How to configure Streams?
- Click Streams icon on the left navigation bar of the Home Screen, to view list of all the streams configured
The Stream Management screen displays the following details
- The top section of the screen displays the total consumption of the tenant (previously known as cluster ) such as total volume of raw logs, enriched logs, disk space, percentage of compression.
- The total consumption by an individual stream is displayed in the grid format as follows:
| Field Name | Description |
|---|---|
| Stream Name | Displays the name of the stream. |
| Active / Total Workbook | Shows the number of active and total workbooks associated with the stream. |
| Raw / Enriched Vol. | Displays the total volume of raw logs and enriched logs for that particular stream in the format Raw Volume / Enriched Volume. |
| Size on Disk | Displays the disk space occupied by each stream. |
| Compression | Displays the rate at which the logs are compressed for that particular stream in percentage. |
You can also apply the following filters to the above grid view
| Filters | Description |
| Online | Use this to view all the streams that are currently online |
| Historic | Use this to view all the streams ever since DNIF deployment |
| Current Month | Use this to view all the streams for the current month. By default, the details are displayed for the current month. |
- Click Edit icon displayed against each stream to configure details.
- The Edit screen displays the following configurations:
| Field Name | Description |
|---|---|
| Compression | Enter the compression type. By default, the compression type used is Normal. You can also change the compression type to High as per your requirement. |
| Retention (days) | Enter the retention period. By default, the retention period is 90 days. |
| Replication | Enter the replication factor. By default, the replication factor is 1. Note: 1 indicates only the original data. If set to 2, it indicates the original and one copy, and so on. |
- Modify the required configuration details and Click Save, to save the configuration.
- You can click Collection Status to view more details about the source streams from where logs are collected. Refer Device Collection Status.