December 11, 2019 / by Sairaj Mudaliar / In release-notes /

Release Note — v8.7.0

While we continue to build new features, squash bugs, and plan new releases in order to improve your DNIF experience, here’s a summary of what has changed since our last release…

What’s New

Collect, Compress and Encrypt

With DNIF you can now reduce your network bandwidth utilisation for data transmission between DNIF components and logs forwarded from DNIF to other destinations. The Syslog native listener on Adapter is now capable of compression and encryption of the ingested logs before transmission. PICO and v2 connectors are compatible as well.

Carbon Black logs…We are listening!!

You can now forward logs from your Carbon Black setup to DNIF on a dedicated listener.

View all your Integrated SOAR plugins in one place

DNIF users can now view all the SOAR plugins installed on their DNIF setup here.

source ip address count
Using playbook made simpler

Introducing a new entity type named “playbook”. You can now build and manage all your playbooks as a separate entity. You can view/add entities in your Package from the REPOSITORY.

Two new directives to play with

We have two new directives to the DNIF Query Language (DQL) specification, namely:

  • _call
    • Overview : A playbook having status as EXECUTABLE can be executed using the search query on the Search tab with the help of the _call directive as shown below.With the help of the _call directive, the execution of the playbook returns the original stack of data as the result in the Search tab. It does not return the result of the query execution mentioned inside the playbook.

    • Sample Query : _call package_slug playbook_slug

    source ip address count
  • _return
    • Overview : A playbook having status as RETURNABLE can be executed using the searchquery on the Search tab with the help of the _return directive as shown below.With the help of the _return directive, the execution of the playbook returnsthe result of the query execution mentioned inside the playbook along with the original stack of data as the result in the Search tab.

    • Sample Query : _return package_slug playbook_slug

    source ip address count
Password reset made easy

DNIF users can now reset there passowrd using the forgot password option in the DNIF console login page.

source ip address count

On clicking this option users will receive an email with an OTP on their registered email which need to be entered in the DNIF console for the option to reset password

source ip address count
source ip address count

Enhancements

Source IP filtering for RAW log forwarder

Your DNIF Adapter can now forward raw logs from specific source IP’s to any other device for further analysis.

Reset Password Admin Users(AU)

Admin users can now reset passwords for themselfves as well as general users.

_checkif else enhancement

Users can now use the _checkif funtion in a manner in which the excluded data can be futher analysed by automatically sending it to a playbook

_checkif float compare

Users can now accurately compare decimal values by using _checkif float_compare function.

Fixes

  • Stack proccesing improved in _checkif sjoin.

  • If validation and response plugin having a same name then can be used now in a single query.