Blog Entries

15. 03. 2024 Luca Zeni Blue Team, SEC4U

SATAYO and SOC: in the new midlands

This article explains how the Cyber Threat Intelligence platform, SATAYO, serves as a powerful resource to optimize processes and strengthen threat coverage within the Würth Phoenix Attacker Centric SOC. We will analyze the utilization of SATAYO’s internal resources for creating Detection Rules and managing SOC Alerts. Additionally, we will examine how the logs in the…

Read More
15. 03. 2024 Matteo Cipolletta APM, Log-SIEM, NetEye

Unleashing Elastic APM: Containerized Scalability Explored

Introduction: Unveiling Elastic APM in Containerized Environments In today’s dynamic digital landscape, where every interaction matters, understanding the intricacies of application performance has become paramount. Elastic APM is a powerful toolset within the Elastic Stack included in the NetEye SIEM Module, and designed to provide unparalleled insights into the performance of your applications. As organizations…

Read More
15. 03. 2024 Gianluca Piccolo Bug Fixes, NetEye

Bug Fixes for NetEye 4.34

We resolved a bug in the NetEye PDF exporting module that causes the reporting scheduler to stop working. Updated packages We updated the following packages:

Read More
14. 03. 2024 Attilio Broglio NetEye, Unified Monitoring

How to Control Remote Devices from NagVis Maps via Tornado

This article stems from a project on the remote control of devices using NagVis maps. The main purpose is to find an easy way to actuate a remote device through a click on an interface. To do this, we implemented a method that uses Nagvis’ context menu by adding links. Clicking on them sends a…

Read More
12. 03. 2024 Emil Fazzi Bug Fixes, NetEye

Bug Fixes for NetEye 4.34

We resolved a bug in the NetEye Satellite installation and update procedures that previously resulted in an error when the Elastic Agent package was manually installed on the Satellite. Updated packages We updated the following packages:

Read More
11. 03. 2024 Mirko Ioris SOCnews

SOC News | Mar 11 – JetBrains TeamCity Authentication Bypass Vulnerabilities

On March 4, 2024, JetBrains released the TeamCity version 2023.11.4, which patches two authentication bypass vulnerabilities in the web component of TeamCity. These vulnerabilities were discovered in February by Rapid7’s vulnerability research team and allow a remote unauthenticated attacker to perform a complete compromise of a vulnerable TeamCity, including unauthenticated RCE. CVE Number CVSS Score…

Read More
05. 03. 2024 Tobias Goller Unified Monitoring

nBox Mini

Every now and then I like to keep you up to date about news in the ntop environment. This time it’s not news about analysis methods or software, but about a new hardware solution. If you’re someone looking for a hardware-based, scalable, optimized, and purpose-built solution, without the hassle of software installation, chances are you’re…

Read More
01. 03. 2024 Charles Callaway Documentation

Turning Videos into Animated GIFs

So how’s your website doing? Did you set it up, and then leave it alone? It’s not that I’m trying to shame you, but we should all be thinking regularly about how to stay at the top of our game. You know, be agile. I was updating one of our websites last month, and we…

Read More
27. 02. 2024 Davide Sbetti Bug Fixes, NetEye

Bug Fixes for NetEye 4.34

We fixed a bug in the Elasticsearch installation and update procedures for which customizations of the Elasticsearch node name, if performed, were not taken into account by the built-in procedures and would lead to a failure. Updated packages We updated the following packages:

Read More
23. 02. 2024 Juergen Vigna Log-SIEM, NetEye, Unified Monitoring

Monitoring Logs in Elasticsearch: A Practical Example

Say you want to monitor logs coming into your Elasticsearch instance, and have it send data to your Monitoring Dashboard. I’ll show you how to do this with a practical example, in particular for an event coming from the Active Directory where a user is locked out, and the associated Domain Controller sends the event…

Read More
23. 02. 2024 Gianluca Piccolo Bug Fixes, NetEye

Bug Fixes for NetEye 4.34

We fixed a bug in the Tornado module about a missing validation that caused 500 errors during the deploy of a configuration draft. Updated packages We updated the following packages: Furthermore the tornado-regex-validation package has been replaced with tornado-input-validation package.

Read More
20. 02. 2024 Massimo Giaimo SOCnews

SOC News | Feb 20 – Lockbit Infrastructure Seizure

On 19 February, through an operation coordinated by the National Crime Agency (NCA), a large part of the infrastructure of the Lockbit ransomware gang was seized. The ransomware gang, active since 2019, is undoubtedly best known within the field of double extortion ransomware attacks, having published claims relating to 2,591 attacked organizations over the years….

Read More
16. 02. 2024 Reinhold Trocker Log-SIEM, NetEye

Enabling Elastic Agents Upgrades in Restricted or Closed Networks

In this article, we’ll explore how to configure the “Agent Binary Download” setting and set up your own artifact registry for binary downloads within a NetEye cluster. Prerequisites Before we begin, ensure you have the following prerequisites in place: Configuring the “Agent Binary Download” Setting Hosting Your Own Artifact Registry If routing traffic through a proxy server…

Read More
15. 02. 2024 Damiano Chini Bug Fixes, NetEye

Bug Fixes for NetEye 4.34

We fixed a bug in the SLM module that was causing an error when trying to create a Resource Contract in case any SLM Customer had an associated role with no permissions on the analytics module. Updated packages We updated the following packages:

Read More
14. 02. 2024 Marco Berlanda Bug Fixes, NetEye

Bug Fixes for NetEye 4.34

Updated packages We fixed a bug in the Elasticsearch action of Tornado UI that prevented the rule to be saved when either data or auth fields were edited. We updated the following packages:

Read More

Archive