This document describes the steps required to build, configure, and operate a Podman container based on php:8.2-cli, with the SNMP extension enabled, intended for executing monitoring plugins within a NetEye/Icinga environment. Create a Containerfile with the following contents: FROM docker.io/php:8.2-cliRUN apt-get update && \ apt-get install -y libsnmp-dev snmp && \ rm -rf /var/lib/apt/lists/* &&…
Read MoreOrganizations often struggle to understand how they truly appear from the outside. Security teams work hard to protect internal systems, yet the real exposure visible to potential attackers often remains unclear. That’s why we created the External Attack Surface Management (EASM) report. By delivering this report we want to provide a clear overview of the…
Read MoreOn October 1, 2025, Würth Group employees were targeted by a WhatsApp-based cyberattack. A few users fell for it and some devices got infected. The attack was promptly detected by our Cyber Defense Center, and was stopped before it could spread further. Investigating the threat more deeply, we discovered it was part of a wider…
Read MoreA while ago I was studying the webp image format by Google out of curiosity. I had written a .png parser in the past and was interested in seeing how the lossless VP8L encoding in particular was working in that library. While I was using a external Rust library to decode the actual image data…
Read MoreWith the upgrade to NetEye 4.44, we’ve added a lot of new features (https://www.neteye-blog.com/2025/10/neteye-4-44-release-notes/) and, from my point of view, one of the most relevant is the introduction of Elastic Stack 9. This Elasticsearch major release (https://www.elastic.co/guide/en/elastic-stack/9.0/elastic-stack-release-notes.html) includes some new functionalities such as: ESQL Lookup Joins , LogsDB Index Mode Optimizations, etc. During various migrations…
Read MoreMy SANS Course in London – April 2025 Back in April, I had the opportunity to attend a SANS course in London. More precisely, SANS 504: Hacker Tools, Techniques, and Incident Handling. The course ran from April 7th to April 12th, and those six days were intense, exciting, and surprisingly fun in ways I didn’t…
Read More
The NetEye Conference 2025 in Verona offered a full day of deep-dive sessions, live use cases, and peer-to-peer learning – all centered around one guiding theme: Intelligent Operations in Action. Our community explored how observability, cybersecurity, and service management converge to create smarter, more resilient IT ecosystems. Keynotes by Sebastiano Barisoni and Matteo Meucci set…
Read More
Producing actionable intelligence must be the mindset that every Threat Intelligence analyst must set as their primary objective. The problem of properly integrating Threat Intelligence into Security Operations processes is a recurring one. In this article, I aim to describe the integration process we, at Würth IT, have implemented, which allows us to produce actionable…
Read MoreRecently Icinga DB Web had a new security release, fixing a vulnerability where protected or hidden custom variables could be inferred by any user with object visibility by abusing comparative filters on those hidden variables.
Read MoreIf you’ve followed this thread for awhile, then I hope by now you’re making great videos. Let’s assume your content is instructive, interesting and well-written, all of your equipment is working the way you want, and you have a good on-camera presence. It’s still possible though that you’re making boring videos. The main reason is…
Read MoreAmong the several plugins that Grafana provides is Node Graph, a useful plugin for visualizing elements and relationships between them. This plugin, as described in the article: https://grafana.com/docs/grafana/latest/panels-visualizations/visualizations/node-graph/ , can be used to represent: To verify its usefulness within NetEye, we adapt it to the data present in Icinga. In this POC, we import our…
Read MoreWhen organizations think about cybersecurity, the conversation often starts with compliance. ISO 27001, PCI-DSS, HIPAA, GDPR, NIS2… frameworks and regulations designed to protect sensitive data and establish minimum standards for risk management. Achieving compliance is often seen as the ultimate milestone: once the certificate is obtained or the audit is passed, the company is considered…
Read MoreImportant: Icinga2 security update Type/Severity NetEye Product Security has rated this update as having a High security impact. Topic An update for the icinga2 packages is now available for NetEye 4. Security Fix for NetEye 4.44 CVEs The CVEs include three different vulnerabilities: an Information Disclosure, a Denial of Service and a Limited Privilege Escalation. For a detailed…
Read MoreSuppose you’re using lots of maps to make the navigation of your IT infrastructure more user friendly for your (management) user who’s not at all technically minded. That person wants to see the IT status of their systems in graphical form, but there’s a problem in that the IT assets change over time, and it…
Read MoreAround this time last year, I wrote a blog post about improving cybersecurity with Elastic Defend. Now, one year later, we’ve gained a lot of practical experience with it, which I’d like to share. Elastic Defend is an EDR (Endpoint Detection and Response). Unlike a traditional antivirus solution that relies on signature patterns that need…
Read More