November 29, 2018 / by Mervin Marks / In threat-intelligence /

vFeed Professional and DNIF Integration

Greetings once again readers, I would like to shine a spotlight on one of our latest development; DNIF has finally joined hands with vFeed as a technology partner.

A little background on vFeed; vFeed technology and engines transforms big data into correlated vulnerability and threat intelligence database and multi-format feeds. vFeed worldwide client base comprises of a wide and diverse range of individuals and businesses from hackers, consultancy firms, CERTs and freelancers to governmental organizations, software companies and intelligence providers. vFeeds are focused 100% into perfecting the optimum product to empower customers technology and threat intelligence solutions. Protecting vulnerable and sensitive systems, enabling clients to rapidly detect and react against cyber-attacks.

DNIF is a Real-Time Big Data Analytics engine and caters to some of the largest banks and telecom service providers in India. DNIF is known for its ability to ingest large amounts of streaming data and analyze that data in real-time. One of the major use-cases of DNIF is that of an SIEM. So, I’m sure I do not have to highlight;

  • What are the benefits?
  • Why is it a must have for organizations?
  • What are the use-cases?

This being said, it’s also a must have for Managed Security Service Providers (MSSP), matter of fact MSSP swear by threat intelligence.

Let’s start by talking about how one uses the vFeed Professional CVE database with the DNIF console.

Using the vFeed Professional CVE Database with DNIF

The vFeed Professional CVE Database can be found on the vFeed website at https://vfeed.io/

Getting started with vFeed Professional CVE Database with DNIF
  1. Login to your Data Store, Correlator, and A10 containers: Here is the help guide which you can refer: access DNIF Container via SSH.

  2. Move to the /dnif/<Deployment-key>/lookup_plugins folder path: You can use the change directory command to traverse to the required directory:
      $cd /dnif/CnxxxxxxxxxxxxV8/lookup_plugins/
    
  3. Clone using the following command: You can execute the following command to clone the required repository within the existing directory:
      git clone https://github.com/dnif/lookup-vfeed-pro.git vfeed-pro
    
  4. Move to the /dnif/<Deployment-key>/lookup_plugins/vfeed-pro/ folder path and open dnifconfig.yml configuration file: Replace the tags: <Add_your_access_key_here> with your vFeed Professional access key, <Add_your_plan_name_here> with your vFeed Professional plan name, and <Add_your_secret_key_here> with your vFeed Professional secret key.
lookup_plugin:
  VF_ACCESS_KEY: <Add_your_access_key_here>
  VF_LAST_DB_UPDATE:
  VF_PLAN: <Add_your_plan_name_here>
  VF_SECRET_KEY: <Add_your_secret_key_here>

Once this is done there are a host of look-up queries that can be run through the DNIF platform which be showcased separately. The aforementioned documentation will cover the look-up calls users could run via the DNIF console with detailed information about the outputs and its structure.

In conclusion there is a lot that can be done with vFeed Professional and DNIF. We, the DNIF team are glad to be associated with vFeed as technology partners. We can assure you the follow-up to this particular blog will be one that talks more about the types of calls you could run via the DNIF console as well as use-cases.

what is soar and why you need it