The solution's command line should be simpler so that routine commands can be used. The search configuration is a bit different than other OEMs or SIEM solutions like ArcSight or QRadar that are easy to search because they operate similarly. The logic is there and the solution supplies a pretty good explanation. Basically, DNIF spelled out is the opposite of FIND. You have to find commands whenever you want to search something. For example, a highway gets you to your destination but there is an alternate way people don't yet know about. Gartner or Forrester haven't yet studied it. We were a bit nervous when we were trying to get familiar with the solution. We wondered if we could realize ROI because the commands and ways of pulling data were different to us. We raised a case with the support team and their professionals provided the needed support. The command line is user friendly once you understand it. If you need immediate use, then you might want to get assistance from someone who is well-versed in methods for using key patterns to find things.

Lengthier files for threat hunting or analysis are needed. The correlation happens, but exporting a large number of files to abstract them is not possible. For example, I want to present raw data to management so I should be able to customize a date range in my query and download the files.

The EBA could be improved. The graphs and kill chain are not operational most of the time. 

Some dashboards are not showing data that is important to have for management review or meetings. The dashboard could be improved so that it is easy to understand, even for non-technical users. 

File integrity monitoring is missing. This may impact the data. A contingency plan should be shown against each risk to have a proper analysis of all risks in all aspects. 

Compliance should support log data for standards like HIPAA, ISO, PCI/DSS, HITECH, SOX, and GDPR and generate compliance reports. 

The company was very dependent on the DNIF support team. Whenever we faced any backend issue in the software, we'd have to approach the support team. Unlike other SIEM tools where you can troubleshoot through the GUI, with DNIF they were all on LINUX platforms. Finding the log files and checking them had to be done manually and that was frustrating. 

In terms of integration, the company had a very limited list of devices that were supported on the go. They were out-of-the-box integrations that required forwarding logs to their server. Each time a new device was added, we had to request a new parcel for that device. I think things may have improved since I left the company.

We have some issues with machine learning plug-ins and I believe they're working on a solution for that. It pulls logs from the cloud source and then requires cloud stream authentication to make an extractor. Initially, DNIF provided us with default extractors and we used them to build some of our own factors. They're a little slow regarding their extractor building which is not up to scratch. 

I think DNIF HYPERCLOUD can implement the ability to export more than 100,000. At the moment, we can't go beyond that. So many times, if you're checking for the firewall logs and working on something related to authentication or network-related traffic, while that log count is low, the account goes beyond that. You can't restrict the logs or the amount of data you can export. It's very important for my situation. It would be better if they could increase the capacity of exports.

Although there are many more types of searching in DNIF HYPERCLOUD, people still struggle to query out what they want because not everyone is good at SQL or DQL.

The easiest way to query out in DNIF is using the GUI-based interface. But in the GUI interface, you can use operator calls. It gets tricky when you want to search for a specific type of event. You don't know where it will be passed and whether it will be consistent. 

In the initial phase, it's tough for us to use DNIF. You cannot pass every event in a stable DNIF. When we used that particular tool, we used to get those logs, but sometimes many things are not getting passed. So, we used to export the sheet or export the data into Excel and weigh the required details.

In the next release, I would like them to improve the export of the columns and make the application more user-friendly. I would also like a threat-hunting feature in the next release.

The solution should be able to connect to endpoints, such as desktops and laptops. Endpoints are also vulnerable to malware attacks and they generate a lot of logs. If this solution had a smart connector to these logs - Windows, Linux, or any other logs - without affecting the performance of the connector, that would be wonderful.

The vendor is fairly new and it's not as big as some of the international competitors. It's not a mature product. If you ask them to move data, it might take a lot of time.

There needs to be more knowledge sharing with the team in order to develop out the product.

The solution needs to come up with its own intelligent feeds. They had a form of tech management that they are probably not updating anymore. It's something they need to work on.