Hello. How can we help you?
-
DEVICE INTEGRATION
- Palo Alto (Device Integration)
- Dell Cylance Endpoint
- McAfee Web Gateway
- Imperva WAF
- Darktrace
- Forescout CounterACT
- Juniper Cortex Threat
- Zscaler
- Sophos
- Sophos Endpoint
- Trend Micro
- Sophos Cyberoam Firewall
- Radware-WAF
- NetScaler WAF
- Ubuntu
- Juniper SRX
- Forcepoint Websense
- FireEye
- Forcepoint DLP
- F5 BIG-IP ASM
- CyberArk PIM
- CheckPoint
- Bluecoat Proxy
- Accops Hyworks
- Barracuda WAF Syslog
- Forwarding F5 Distributed Cloud Services Logs to DNIF over TLS
- JIRA CLOUD
- Aruba ClearPass
- Show Remaining Articles (13) Collapse Articles
-
CONNECTORS
-
- 1Password Connector
- Abnormal Security
- Akamai Netstorage
- Atlassian
- Auth0 Connector
- AWS CloudTrail
- AWS Kinesis
- AWS S3
- AWS S3 (Optimized)
- AWS S3 Optimized Cross Account Connector
- Azure Blob Storage Connector
- Azure Event Hub
- Azure NSG
- Beats
- Box
- Cisco Duo
- Cloudflare Logpull Connector Setup Guide
- CloudWatch Connector
- Cortex XDR
- CrowdStrike
- Cyble Vision
- Device42
- Dropbox Connector
- GCP
- GCP PUB/SUB
- GitHub
- Google Workspace
- Haltdos
- HTTP Connector
- Hub Spot Connector
- Indusface
- Jira Connector
- Microsoft Graph Security API
- Microsoft Intune
- Mimecast
- Netflow
- Netskope Connector
- Network Traffic Analysis
- NextDLP Reveal
- Office 365
- Okta
- OneLogin
- Orca
- PICO Legacy Connector
- Prisma Alerts
- Prisma Incidents
- Salesforce
- Salesforce Pub/Sub Connector
- Shopify Connector
- Slack
- Snowflake
- Snyk Connector
- Syslog
- TCP
- Tenable Vulnerability Management Connector
- TLS
- Trend Micro Audit Logs
- Workday HCM Connector
- Zendesk
- Zoom
- Jumpcloud Connector
- Sophos connector
- Tenable Security Center Connector
- AWS GuardDuty Connector
- Trend Micro Vision One Connector
- RediffMail Pro Connector
- Microsoft Sentinel
- Microsoft Exchange Online Connector
- Show Remaining Articles (53) Collapse Articles
-
-
DATA INGESTION
-
HUNTING WITH WORKBOOKS
-
- Your first FIND with the HYPERCLOUD
- Create a Search Block
- Create a Signal Block
- Create a Text Block
- Create an Outlier Block
- Create a DQL Block
- Create an SQL Block
- Create a Code Block
- Create a Visualisation Block
- Create a Call Block
- Create a Return Block
- Create a Notification Block
- Schedule a Workbook
- Native Workbook
- Workbook Functions
- How to view Workbooks?
- Add Parameters to Workbook
- Working with Pass through Content
- How to create a Workbook?
- Workbooks
- Show Remaining Articles (5) Collapse Articles
-
-
DNIF Query Language (DQL Language)
-
SECURITY MONITORING
- Streamline Alert Analysis with Signal Tagging
- Workbook Versioning: Track, Collaborate, and Restore with Ease
- What is Security Monitoring?
- Creating Signal Suppression Rules
- Why EBA
- Signal Suppression Rule
-
- What are signals?
- View Signal Context Details
- Suspect & Target
- Source Stream
- Signal Filters
- Signal Data export
- Signal Context Details
- Signal Confidence Levels
- Raise and View Signals
- Investigate Anywhere
- How to add a signal to a case?
- Graph View for Signals
- Global Signals
- False Positives
- Add Multiple Signals to a Case
- Add comment to the signal
- Show Remaining Articles (1) Collapse Articles
-
OPERATIONS
-
MANAGE DASHBOARDS
-
MANAGE REPORTS
-
USER MANAGEMENT & ACCESS CONTROL
-
BILLING
-
MANAGING YOUR COMPONENTS
-
GETTING STARTED
-
INSTALLATION
-
SOLUTION DESIGN
-
AUTOMATION
-
- Active Directory
- AlienVault
- Asset Store
- ClickSend
- Domain Tools
- Fortigate
- GreenSnow
- JiraServiceDesk
- Microsoft Teams Channel
- New Relic
- Opsgenie
- PagerDuty
- Palo Alto
- ServiceNow
- Slack Configuration
- TAXII
- Trend Micro
- URLhaus
- User Store
- Virustotal
- Webhook
- Show Remaining Articles (6) Collapse Articles
-
-
TROUBLESHOOTING AND DEBUGGING
-
- TLS ( Troubleshooting Procedure)
- TCP (Troubleshooting Procedure)
- Syslog (Troubleshooting Procedure)
- Salesforce ( Troubleshooting Procedure)
- PICO
- Office 365 (Troubleshooting Procedure)
- GSuite
- GCP (Troubleshooting Procedure)
- Beats (Troubleshooting Procedure)
- Azure NSG ( Troubleshooting Procedure)
- Azure Eventhub
- AWS S3 (Troubleshooting Procedure)
-
-
LICENSE MANAGEMENT
-
RELEASE NOTES
- March 16, 2026 - Application Update
- February 26, 2026 - Content Update
- January 19,2026 - Content Update
- December 23, 2025 - Application Update
- December 4,2025 - Content Update
- November 27, 2025 - Application Update
- October 28, 2025 - Content Update
- August 20, 2025 - Content Update
- August 5, 2025 - Application Update
- July 15, 2025 - Content Update
- June 13, 2025 - Content Update
- May 21, 2025 - Content Update
- April 17, 2025- Content Update
- March 25, 2025- Content Update
- March 18, 2025 - Application Update
- March 5, 2025 - Application Update
- January 27, 2025 - Application Update
- January 29, 2025 - Content update
- December 30, 2024 - Content Update
- December 12, 2024 - Content Update
- December 3, 2024 - Application Update
- November 15, 2024 - Content Update
- October 26, 2024- Application Update
- October 23, 2024 - Content Update
- October 16, 2024 - Application Update
- September 04, 2024 - Application Update
- September 04, 2024 - Content Update
- August 27, 2024 - Application Update
- July 30, 2024 - Application Update
- June 04, 2024- Application Update
- April 24, 2024- Application Update
- March 26, 2024 - Application Update
- February 19, 2024 - Application Update
- January 09, 2024 - Content Update
- January 09, 2024 - Application Update
- November 27, 2023 - Content Update
- November 27, 2023 - Application Update
- October 05, 2023 - Application Update (Release Notes v9.3.3)
- May 30, 2023 - Application Update (Release Notes v9.3.2)
- November 29, 2022 - Application Update (Release Notes v9.3.0)
- Show Remaining Articles (25) Collapse Articles
-
API
-
POLICIES
-
SECURITY BULLETINS
-
BEST PRACTICES
-
DNIF AI
-
DNIF LEGAL AND SECURITY COMPLIANCE
December 4,2025 – Content Update
We are committed to continuously strengthening security operations for our customers through our innovative DARC Vault monthly releases. Much like Microsoft’s Patch Tuesday, the DARC Vault acts as a consistent and reliable source of enhanced security content, empowering users to stay ahead of evolving threats with fresh detections every month.
Each month, we deliver the latest Out-Of-The-Box (OOTB) content that not only introduces brand-new capabilities but also enhances existing detections. This fortnight, we are excited to announce a significant update focused on VMware ESXi, Windows and Linux.
Below is a summary of the new additions and improvements:
Summary of Fortnightly Improvements
| Content Type | Actions | Count |
| Detections | New | 27 |
| Enhanced | – | |
| Dashboards | New | – |
| Reports | New | – |
New Detections
| # | Name | Description |
| 1 | Binary File Modification Detected in System Paths | Investigating suspicious binary file changes involving critical commands. |
| 2 | User account exposed to Kerberoasting | User account exposed to Kerberoasting under investigation. |
| 3 | Potential NTLM Relay Attack against a Computer Account | Potential NTLM Relay Attack against a Computer Account under investigation. |
| 4 | Suspicious Named Pipe Coercion Attempt | |
| 5 | Potential Credential Access via DCSync | Potential Credential Access via DCSync attack under investigation. |
| 6 | MsiExec Service Child Process With Network Connection_ep-dns | MsiExec Service Child Process With Network Connection under investigation. |
| 7 | MsiExec Service Child Process With Network Connection | MsiExec Service Child Process With Network Connection under investigation. |
| 8 | Suspicious Microsoft Antimalware Service Execution | Suspicious Microsoft Antimalware Service Execution detected on Windows platforms. |
| 9 | Potential Shellcode Injection into Verclsid Target Process | Potential Shellcode Injection into Verclsid Target Process under investigation. |
| 10 | Suspicious Communication App Child Process | Detects suspicious child processes spawned by communication apps. |
| 11 | Rare Connection to WebDAV Target | Investigating rare connection to WebDAV target using rundll32.exe and davsetcookie. |
| 12 | Kerberos Network Logon Using a Computer Account | Kerberos Network Logon Using a Computer Account under investigation. |
| 13 | Potential Computer Account Relay Activity | Investigating potential computer account relay activity on Windows systems. |
| 14 | Exfiltration via AWS EventBridge | Exfiltration via AWS EventBridge under investigation. |
| 15 | ESXi System Users Enumerated via ESXCLI | ESXi System Users Enumerated via ESXCLI under investigation. Attack involves listing system accounts. |
| 16 | ESXi VM IDs Enumerated via ESXCLI or VIM-CMD | ESXi VM IDs enumerated via ESXCLI or VIM-CMD under investigation. |
| 17 | ESXi VM Powered Off via VIM-CMD | ESXi VM powered off via VIM-CMD command execution detected. Investigating potential system shutdown/reboot. |
| 18 | ESXi Syslog Configuration Changed via ESXCLI | ESXi Syslog Configuration Changed via ESXCLI attack modifies syslog settings. |
| 19 | ESXi Firewall Disabled via ESXCLI | ESXi Firewall Disabled via ESXCLI attack under investigation. |
| 20 | ESXi VM Autostart Disabled via VIM-CMD | ESXi VM Autostart Disabled via VIM-CMD detected. Investigating command execution disabling autostart. |
| 21 | ESXi VIB Acceptance Level Set to Community Supported via ESXCLI | ESXi VIB Acceptance Level Set to Community Supported via ESXCLI command detected. |
| 22 | ESXi VM Snapshots Deleted via VIM-CMD | ESXi VM Snapshots Deleted via VIM-CMD under investigation. |
| 23 | ESXi Coredump Generation Disabled via ESXCLI | ESXi Coredump Generation Disabled via ESXCLI attack under investigation. |
| 24 | ESXi Firewall Default Action Set to Pass | ESXi Firewall Default Action Set to Pass under investigation. |
| 25 | ESXi System Storage Enumerated via ESXCL | ESXi System Storage Enumerated via ESXCLne under investigation. |
| 26 | ESXi System Information Discovery via VIM-CMD | ESXi System Information Discovery via VIM-CMD under investigation. |
| 27 | ESXi Welcome Message Changed via ESXCLI | ESXi Welcome Message Changed via ESXCLI under investigation. Platforms: Linux, Windows, macOS. |