Hello. How can we help you?
-
DEVICE INTEGRATION
- Palo Alto (Device Integration)
- Dell Cylance Endpoint
- McAfee Web Gateway
- Imperva WAF
- Darktrace
- Forescout CounterACT
- Juniper Cortex Threat
- Zscaler
- Sophos
- Sophos Endpoint
- Trend Micro
- Sophos Cyberoam Firewall
- Radware-WAF
- NetScaler WAF
- Ubuntu
- Juniper SRX
- Forcepoint Websense
- FireEye
- Forcepoint DLP
- F5 BIG-IP ASM
- CyberArk PIM
- CheckPoint
- Bluecoat Proxy
- Accops Hyworks
- Barracuda WAF Syslog
- Forwarding F5 Distributed Cloud Services Logs to DNIF over TLS
- JIRA CLOUD
- Aruba ClearPass
- Show Remaining Articles (13) Collapse Articles
-
CONNECTORS
-
- 1Password Connector
- Abnormal Security
- Akamai Netstorage
- Atlassian
- Auth0 Connector
- AWS CloudTrail
- AWS Kinesis
- AWS S3
- AWS S3 (Optimized)
- AWS S3 Optimized Cross Account Connector
- Azure Blob Storage Connector
- Azure Event Hub
- Azure NSG
- Beats
- Box
- Cisco Duo
- Cloudflare Logpull Connector Setup Guide
- CloudWatch Connector
- Cortex XDR
- CrowdStrike
- Cyble Vision
- Device42
- Dropbox Connector
- GCP
- GCP PUB/SUB
- GitHub
- Google Workspace
- Haltdos
- HTTP Connector
- Hub Spot Connector
- Indusface
- Jira Connector
- Microsoft Graph Security API
- Microsoft Intune
- Mimecast
- Netflow
- Netskope Connector
- Network Traffic Analysis
- NextDLP Reveal
- Office 365
- Okta
- OneLogin
- Orca
- PICO Legacy Connector
- Prisma Alerts
- Prisma Incidents
- Salesforce
- Salesforce Pub/Sub Connector
- Shopify Connector
- Slack
- Snowflake
- Snyk Connector
- Syslog
- TCP
- Tenable Vulnerability Management Connector
- TLS
- Trend Micro Audit Logs
- Workday HCM Connector
- Zendesk
- Zoom
- Jumpcloud Connector
- Sophos connector
- Tenable Security Center Connector
- AWS GuardDuty Connector
- Trend Micro Vision One Connector
- RediffMail Pro Connector
- Microsoft Sentinel
- Microsoft Exchange Online Connector
- Show Remaining Articles (53) Collapse Articles
-
-
DATA INGESTION
-
HUNTING WITH WORKBOOKS
-
- Your first FIND with the HYPERCLOUD
- Create a Search Block
- Create a Signal Block
- Create a Text Block
- Create an Outlier Block
- Create a DQL Block
- Create an SQL Block
- Create a Code Block
- Create a Visualisation Block
- Create a Call Block
- Create a Return Block
- Create a Notification Block
- Schedule a Workbook
- Native Workbook
- Workbook Functions
- How to view Workbooks?
- Add Parameters to Workbook
- Working with Pass through Content
- How to create a Workbook?
- Workbooks
- Show Remaining Articles (5) Collapse Articles
-
-
DNIF Query Language (DQL Language)
-
SECURITY MONITORING
- Streamline Alert Analysis with Signal Tagging
- Workbook Versioning: Track, Collaborate, and Restore with Ease
- What is Security Monitoring?
- Creating Signal Suppression Rules
- Why EBA
- Signal Suppression Rule
-
- What are signals?
- View Signal Context Details
- Suspect & Target
- Source Stream
- Signal Filters
- Signal Data export
- Signal Context Details
- Signal Confidence Levels
- Raise and View Signals
- Investigate Anywhere
- How to add a signal to a case?
- Graph View for Signals
- Global Signals
- False Positives
- Add Multiple Signals to a Case
- Add comment to the signal
- Show Remaining Articles (1) Collapse Articles
-
OPERATIONS
-
MANAGE DASHBOARDS
-
MANAGE REPORTS
-
USER MANAGEMENT & ACCESS CONTROL
-
BILLING
-
MANAGING YOUR COMPONENTS
-
GETTING STARTED
-
INSTALLATION
-
SOLUTION DESIGN
-
AUTOMATION
-
- Active Directory
- AlienVault
- Asset Store
- ClickSend
- Domain Tools
- Fortigate
- GreenSnow
- JiraServiceDesk
- Microsoft Teams Channel
- New Relic
- Opsgenie
- PagerDuty
- Palo Alto
- ServiceNow
- Slack Configuration
- TAXII
- Trend Micro
- URLhaus
- User Store
- Virustotal
- Webhook
- Show Remaining Articles (6) Collapse Articles
-
-
TROUBLESHOOTING AND DEBUGGING
-
- TLS ( Troubleshooting Procedure)
- TCP (Troubleshooting Procedure)
- Syslog (Troubleshooting Procedure)
- Salesforce ( Troubleshooting Procedure)
- PICO
- Office 365 (Troubleshooting Procedure)
- GSuite
- GCP (Troubleshooting Procedure)
- Beats (Troubleshooting Procedure)
- Azure NSG ( Troubleshooting Procedure)
- Azure Eventhub
- AWS S3 (Troubleshooting Procedure)
-
-
LICENSE MANAGEMENT
-
RELEASE NOTES
- May 27, 2026 - Content Update
- May 6, 2026 - Content Update
- March 31, 2026 - Content Update
- March 16, 2026 - Application Update
- February 26, 2026 - Content Update
- January 19,2026 - Content Update
- December 23, 2025 - Application Update
- December 4,2025 - Content Update
- November 27, 2025 - Application Update
- October 28, 2025 - Content Update
- August 20, 2025 - Content Update
- August 5, 2025 - Application Update
- July 15, 2025 - Content Update
- June 13, 2025 - Content Update
- May 21, 2025 - Content Update
- April 17, 2025- Content Update
- March 25, 2025- Content Update
- March 18, 2025 - Application Update
- March 5, 2025 - Application Update
- January 27, 2025 - Application Update
- January 29, 2025 - Content update
- December 30, 2024 - Content Update
- December 12, 2024 - Content Update
- December 3, 2024 - Application Update
- November 15, 2024 - Content Update
- October 26, 2024- Application Update
- October 23, 2024 - Content Update
- October 16, 2024 - Application Update
- September 04, 2024 - Application Update
- September 04, 2024 - Content Update
- August 27, 2024 - Application Update
- July 30, 2024 - Application Update
- June 04, 2024- Application Update
- April 24, 2024- Application Update
- March 26, 2024 - Application Update
- February 19, 2024 - Application Update
- January 09, 2024 - Content Update
- January 09, 2024 - Application Update
- November 27, 2023 - Content Update
- November 27, 2023 - Application Update
- October 05, 2023 - Application Update (Release Notes v9.3.3)
- May 30, 2023 - Application Update (Release Notes v9.3.2)
- November 29, 2022 - Application Update (Release Notes v9.3.0)
- Show Remaining Articles (28) Collapse Articles
-
API
-
POLICIES
-
SECURITY BULLETINS
-
BEST PRACTICES
-
DNIF AI
-
DNIF LEGAL AND SECURITY COMPLIANCE
Hardware Benchmarks
Benchmarks help us in testing and quantification of our hardware infrastructure. Consistently performant hardware infrastructure forms the base of a high performance data structure. A cloud deployment or an on-prem high density virtualisation platform shares its compute and storage across multiple hosts. This typically causes hot and cold patches in performance.
This document discusses standard hardware testing and benchmarking tools that can be used to benchmark hardware before a deployment.
Testing Process
When to test, how to ensure consistent performance.
- Test and benchmark your hardware before you install, to ensure the underlying hardware fulfils expecations. Initial results must satisfy or exceed the performance benchmarks indicated in scaling datanodes or your custom solution design document.
- Repeat tests if you find performance related issues while in operations and compare the results with the initial benchmarking.
Benchmarking
This section will cover in detail the tools and the commands used to benchmark hardware.
Testing tool
Choosing the right tool that will remain consistent across tests is extremely important, for DNIF we have selected sysbench which has been available and trusted for years. Sysbench is also a part of the standard linux stack so it can be installed using the following command.
sudo apt install sysbench
CPU Benchmarking
CPU Benchmarking using a single thread
sysbench --test=cpu --num-threads=1 --cpu-max-prime=20000 run
CPU Benchmarking using multiple (we will use 8) threads
sysbench --test=cpu --num-threads=8 --cpu-max-prime=20000 run
The test metric to be measured are
- Total run time in seconds
- Total number of events executed
- CPU events executed
Memory Benchmarking
Benchmarking memory using a single thread
sysbench --test=memory --num-threads=1 run
Benchmarking memory using multiple (we will use 8) threads
sysbench --test=memory --num-threads=8 run
The test metric to be measured are
- Operations per second
- Throughput
File IO Benchmarking
Benchmarking file IO is done in three parts – create a test file for a specific size, conduct your test on the file and finally delete the file to return the used disk space back to operations.
Preparing for benchmarking
sysbench --test=fileio --file-total-size=150G prepare
Conducting the test
sysbench --test=fileio --file-total-size=150G --file-test-mode=rndrw --max-requests=0 run
Cleaning up after the test
sysbench --test=fileio --file-total-size=150G cleanup
The test metric to be measured are
- Write speed during test prepare
- Read and write operations per second
- Read and write throughput
Benchmark samples
We have collected some samples to indicate what the results of these tests look like on available cloud infrastructures.
The samples have been generated from the following test setups
- DigitalOcean (DO) REF 16vCPU
- DigitalOcean (DO) REF 32vCPU
| Test | Metric | DO REF 16vCPU | DO REF 32vCPU | AWS Netmon | Azure Netmon(SSD) | Azure Netmon (Standard SSD) | DO 4 shared vCPU | DO 8 shared vCPU | Azure Cloud Internal16(B-series) | Azure Cloud Internal 32(F-seriesv2) |
|---|---|---|---|---|---|---|---|---|---|---|
| CPU Single Thread | Total time (s) | 10.0014 ✅ | 10.0016 ✅ | 10.0002 | 10.0004 | 10.0009s | 10.0024 | 10.0011 | 10.0012s | 10.0011s |
| Total events | 4658 ✅ | 4607 ✅ | 4612 | 3236 | 3316 | 2580 | 2500 | 3062 | 4347 | |
| CPU Events / sec | 465.65 ✅ | 460.56 ✅ | 461.13 | 323.53 | 331.49 | 257.87 | 249.91 | 306.08 | 434.59 | |
| CPU Multi Thread | Total time (s) | 10.0012 ✅ | 10.0019 ✅ | 10.0029 | 10.0032 | 10.0022 | 10.0061 | 10.004 | 10.0029s | 10.0021s |
| Total events | 35158 ✅ | 36426 ✅ | 25634 | 24593 | 25209 | 10498 | 18848 | 24518 | 34156 | |
| CPU Events / sec | 3514.82 ✅ | 3641.14 ✅ | 2562.18 | 2457.93 | 2519.77 | 1048.93 | 1883.61 | 2450.51 | 3414.22 | |
| Memory Single Thread | Throughput (MB/s) | 4969.27 ✅ | 5298.52 ✅ | 5772.9 | 9608.49 | 4082.95 | 2816.15 | 2889.8 | 4013.92 | 5196.55 |
| Operations / sec | 5088537.19 ✅ | 5425685.2 ✅ | 59122793 | 9839093.85 | 4180224.62 | 28845219 | 2959155.46 | 4110249.09 | 5321272.09 | |
| Memory Multi Thread | Throughput (MB/s) | 7217.27 ✅ | 7791.13 ✅ | 7435.38 | 8192.92 | 8338.35 | 5893.93 | 8673.99 | 8422.64 | 7045.25 |
| Operations / sec | 7390489.56 ✅ | 7978120.44 ✅ | 76149504 | 8389545.66 | 8538467.96 | 6035383.23 | 8882162.08 | 8624780.2 | 7214336.11 | |
| File IO Operations (Random Read Write) | Read / sec | 2745.78 ✅ | 5252.33 ✅ | 1468.03 | 4065.71 | 324.99 | 449.06 | 760.13 | 365.45 | 310.50 |
| Write / sec | 1830.52 ✅ | 3501.56 ✅ | 978.69 | 2710.47 | 216.59 | 299.37 | 506.76 | 243.63 | 207.00 | |
| fsyncs / sec | 5868.46 ✅ | 11205.08 ✅ | 3138.09 | 8684.41 | 702.03 | 970.57 | 1627.41 | 788.41 | 664.59 | |
| File IO Throughput (Random Read Write) | Read MB / sec | 42.90 ✅ | 82.07✅ | 22.94 | 63.53 | 5.08 ❌ | 7.02❌ | 11.88 ❌ | 5.71❌ | 4.85 ❌ |
| Write MiB / sec | 28.60✅ | 54.71✅ | 15.29 | 42.35 | 3.38 ❌ | 4.68 ❌ | 7.92 ❌ | 3.81 ❌ | 3.23 ❌ | |
| Disk Write Speed | Write MB/sec | 836.41 ✅ | 847.68 ✅ | 46.67 | 233.23 |