Data that has volume (ever increasing data), velocity (more data every minute) and variety (unstructured data or data with varying structures). As DNIF receives data every second from multiple devices and in various formats, it transforms, enriches and stores this information in its stores.
A SIEM needs a strong interaction backplane that can be used to query, process, investigate and respond to threats. DNIF Query Language (DQL) was created to span across functions and interaction points for the user.
DQL has been refined over the years to bring in more capability and to keep all operations of the SIEM under a single conttiguous process. DNIF uses DQL to -
- Search and process data using workbooks
- Power up widgets in a dashboard
- Create a customized report
- Raise a signal (alert) and track
- Hunt for threats without structure
DQL Queries can be manually executed using workbooks or they can also be scheduled to be run in periodic intervals or trigger when there is a match using streaming.
Explore the data pipeline
DQL provides a functional interface to process information in your SIEM.