The Role of IT Asset Management in GDPR Compliance – Part I

Posted by on Nov 28, 2017 in Log Auditing, NetEye | 0 comments

GDPR_NetEye_IT_AssetManagement

In this post, and in the one that will follow in the next weeks, I would like to analyze the role of IT Asset Management in adapting to the new General Data Protection Regulations (GDPR).
In this first article I will briefly introduce what the GDPR is, what measures it introduces, and how the IT Asset Management (ITAM) can support it.
In the next article, I will list the modules provided by NetEye, our IT System Management solution, for the ITAM implementation.

Introduction to GDPR

The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU). It also addresses the export of personal data outside the EU. The GDPR aims primarily to give control back to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. It becomes enforceable from 25 May 2018 after a two-year transition period and, unlike a directive, it does not require national governments to pass any enabling legislation, and is thus directly binding and applicable. Wikipedia

Read More

Sending Cisco Syslogs to Elasticsearch: A simple guide

Posted by on Oct 31, 2017 in Log Auditing, NetEye, Syslog | 0 comments

Elasticsearch
Do you use Cisco’s network infrastructure? Would you like to view its logs through the syslog protocol in an Elasticsearch database? Find out below about the filters and templates needed for the Logstash setup.

As you probably already know, you need a Logstash instance in order to get indexed data into the Elasticsearch database. Cisco is a well-known network device provider, so it is crucial to have a workable solution to index the logs that can be retrieved from these devices.

Read More

How to send logs from servers in the cloud to NetEye?

Posted by on Jun 6, 2017 in Log Auditing, NetEye, Syslog | 0 comments

LogManagement_03

Keeping an offline copy of your logs does not only provide better visibility from the system management point of view, but also turns out to be extremely precious in case of a security incident during which your local copies have been affected.

As many of you might know, the Log Management module of NetEye offers a complete solution to manage logs, in line with the obligations intended by the data protection authority. Moreover, it provides a handy way to centrally manage logs from various sources. (see also on our blog: “What to do with all those logs?” and “NetEye Log Management on the official Elastic blog” ).

NetEyeSyslog

Architecture of the Log Management module:

  • Log auditing and data collection system, based on rsyslog
  • Agent (Safed) for sending logs over the syslog protocol (RFC 3164 – configured by default to send over TCP on port 514 to guarantee the correct receiving of the sent logs)

It is crucial that the communication between the Safed agents and NetEye on the TCP port 514 is always guaranteed.

During one of my latest customer projects, I was asked to implement a possibility for collecting logs from remote systems in the cloud. The main challenge was that accessing the systems was possible just via SSH.

Now I will show you how I resolved this problem by using a reverse SSH tunnel and a Safed agent on a Linux/Unix machine.

Read More

NetEye as essential component of a Security Operations Centers

Posted by on May 22, 2017 in Log Auditing, NetEye | 0 comments

cyber-security-2296269_1280

During my last projects I noticed that the implementation of a „Security Operations Center“ (in short SOC) is becoming increasingly important, especially for our enterprise customers.

Mainly for big companies that are of public interest like banks, energy providers, assurances etc. the topic of cyber threats is getting more actual and requires special attention. This has been reinforced not at least by the fact that some of these companies already have felt victim to cyber-attacks.

Many companies are planning to introduce a Security Operations Center to prevent and combat cyber threats. (Security Operations Center on Wikipedia) Certainly, such a SOC has to be adapted to the requirements of the company, however, at the same time it has to be flexible enough to face challenges like rapid growth and continuously changing requirements.

The implementation of our Unified Monitoring solution NetEye supports the successful realization of a SOC in the following areas:

Read More

Some Words about Logstash Filters and Dates

Posted by on Nov 25, 2016 in Log Auditing, NetEye | 0 comments

date

Some time ago I published an article about how to store the NetEye SMS Protocol log into an ELK environment. Now, after using it some times, I discovered that it was not completely correct as the time/date functions for the Logstash filters are a bit more complicated. In particular, it was that the date was written in the SMS protocol file in this way:

June 29th 2016, 10:30:22 CEST 2016

And we used this Logstash date filter to convert it:

date {
          locale = "en"
          match  = [ "sms_timestamp_text", "EEE MMM dd HH:mm:ss" ]
      }

Now it seemed that it would work, but after some time (some days until the start of the next month) we discovered that the date in the first days of the month would look like:

Read More

Practical Application of the NetEye Log Management Module to visualize SMS Notifications

Posted by on Jul 5, 2016 in Log Auditing, NetEye | 0 comments

Sometimes it is not so visible how many SMS are sent by a NetEye Server and to whom. So it could be a good idea to give the sms-send-protocol file to the Log Management and to include it into the Elasticsearch Index. Then you may create a Dashboard in Kibana to show the usage of your SMS Modems, something like this:

SMS-Protocol-Kibana4

How to realize this?

Read More