Producing actionable intelligence must be the mindset that every Threat Intelligence analyst must set as their primary objective. The problem of properly integrating Threat Intelligence into Security Operations processes is a recurring one. In this article, I aim to describe the integration process we, at Würth IT, have implemented, which allows us to produce actionable…
Read MoreRecently Icinga DB Web had a new security release, fixing a vulnerability where protected or hidden custom variables could be inferred by any user with object visibility by abusing comparative filters on those hidden variables.
Read MoreIf you’ve followed this thread for awhile, then I hope by now you’re making great videos. Let’s assume your content is instructive, interesting and well-written, all of your equipment is working the way you want, and you have a good on-camera presence. It’s still possible though that you’re making boring videos. The main reason is…
Read MoreAmong the several plugins that Grafana provides is Node Graph, a useful plugin for visualizing elements and relationships between them. This plugin, as described in the article: https://grafana.com/docs/grafana/latest/panels-visualizations/visualizations/node-graph/ , can be used to represent: To verify its usefulness within NetEye, we adapt it to the data present in Icinga. In this POC, we import our…
Read MoreWhen organizations think about cybersecurity, the conversation often starts with compliance. ISO 27001, PCI-DSS, HIPAA, GDPR, NIS2… frameworks and regulations designed to protect sensitive data and establish minimum standards for risk management. Achieving compliance is often seen as the ultimate milestone: once the certificate is obtained or the audit is passed, the company is considered…
Read MoreImportant: Icinga2 security update Type/Severity NetEye Product Security has rated this update as having a High security impact. Topic An update for the icinga2 packages is now available for NetEye 4. Security Fix for NetEye 4.44 CVEs The CVEs include three different vulnerabilities: an Information Disclosure, a Denial of Service and a Limited Privilege Escalation. For a detailed…
Read MoreSuppose you’re using lots of maps to make the navigation of your IT infrastructure more user friendly for your (management) user who’s not at all technically minded. That person wants to see the IT status of their systems in graphical form, but there’s a problem in that the IT assets change over time, and it…
Read MoreAround this time last year, I wrote a blog post about improving cybersecurity with Elastic Defend. Now, one year later, we’ve gained a lot of practical experience with it, which I’d like to share. Elastic Defend is an EDR (Endpoint Detection and Response). Unlike a traditional antivirus solution that relies on signature patterns that need…
Read More
During the NetEye Conference 2025, I discussed several analysis use cases where integrating threat intelligence information can help build a useful framework for further alert analysis. Below, I’ll share a possible analysis approach for each use case. Case 1 – Alert about scan attempts from an AWS IP SOC Analyst’s decision: “Ouch, this IP is…
Read MoreDuring one of my last sessions with a customer I had to deal with a very particular use case, where I couldn’t use the solution presented in my previous blog post (https://www.neteye-blog.com/2025/08/massive-update-of-the-icinga-custom_var-host-services/). In this new scenario, the customer wanted to clean up a custom_var linked to a service, whose value, inherited from the host, had…
Read MoreImportant: Elastic Stack security update Type/Severity NetEye Product Security has rated this update as having a High security impact. Topic An update for the elasticsearch and kibana packages is now available for NetEye 4. Security Fix for NetEye 4.44 CVEs The CVEs include three XSS vulnerabilities and two Broken Access Control vulnerabilities. For a detailed overview of the…
Read MoreEffective Vulnerability Management doesn’t end with detection, it ends with action. And to take the right action, you need clear, accurate, and timely reports. In today’s fast-moving threat landscape, reporting is not just a formality, it’s a critical bridge between scan data and strategic security decisions. This article explores the role of reporting within the…
Read MoreIntroduction In modern SOC environments, detection rules are the cornerstone of identifying malicious activity. However, the effectiveness of a rule depends not only on what it looks for but also on how precisely it defines suspicious behavior. Many analysts have experienced the pain of rules that are “noisy” – generating countless false positives (FPs) that…
Read MoreInsights into how project managers perceive AI reshaping the project management. At the Threshold of a New Project Management Era Over a decade ago, when I first read about how AI could reshape jobs, my main question was how it would affect the role I held then: Project Manager. Years later, after experimenting with the…
Read MoreWelcome to version 4.44 of our NetEye v4 Unified Monitoring Platform. As you log in, you’ll be greeted by a crisp view of Lago di Braies, where summer’s warmth yields to autumn. The larches are turning brilliant shades of yellow and burnt orange, forming a vivid contrast with the deep green of the pines and…
Read More