Fix: monitoring links from the Event Overview When opening a link from the Event Overview page, the monitoring URL was supposed to be translated into the corresponding IcingaDB link. The translation was only handled on a simple click, though, so opening the link in a new tab or window (middle-click, Ctrl/Cmd+click, context menu) left the…
Read MoreImprove visibility of Feature command state icons Feature command state icons and captions were difficult to see against the white background in the UI. To improve readability and accessibility, we updated the icon and caption colors to provide stronger contrast and better visibility. List of updated packages To solve the issue mentioned above, the following…
Read MoreRarely has a title been more fitting: Transform metrics into alerts. It’s not just a description of what the system does – it’s also the exact name of the Elastic tool that makes it possible. Transforms, in their technical meaning, are the component we use to do precisely this: take a continuous stream of raw…
Read MoreIn cybersecurity, the gap between what we think we can detect and what we actually detect is often wider than we expect. Tools are configured, rules are written, playbooks are drafted, and yet, when a real attack unfolds, the telemetry is incomplete, the alerts are noisy, and the response is slower than it should be….
Read MoreImportant: Keycloak security update Type/Severity NetEye Product Security has rated this update as having a high security impact. Topic An update for the keycloak packages is now available for NetEye 4. Security Fix for NetEye 4.48 Summary This vulnerability allows an attacker with a valid signed SAML assertion to inject a malicious encrypted assertion into an unsigned SAML…
Read MoreAs a Cyber Threat Intelligence (CTI) Analyst, my daily work often involves analyzing suspicious domains that look like our clients’ brands. One of our goals is to prevent phishing campaigns and brand abuse. We usually hunt for external threats like typosquatting. However, sometimes the most dangerous threat comes directly from the legitimate infrastructure within the…
Read MoreFix HEAD HTTP method not supported We resolved a compatibility issue affecting HEAD requests to NetEye endpoints. These requests could previously time out because the method was not fully supported by the underlying architecture. As a result, some procedures could fail, including the creation of connectors from the Kibana UI. List of updated packages To…
Read MoreUse Case Anyone who manages GLPI knows the situation: assets get assigned to users, but there is never a formal acknowledgement that the user is aware of what was handed to them and that the data is accurate. No signature, no date, no document. The problem is even more acute in companies with remote offices,…
Read MoreWelcome to version 4.48 of our NetEye v4 Unified Monitoring Platform. As you log in, you’ll be greeted by the Earth Pyramids of Lengmoos, viewed from above as they rise from the forests of South Tyrol. These ancient terracotta-hued rock formations, shaped over thousands of years by erosion, spread across the landscape in a striking…
Read MoreFix IcingaDB password file sync on all cluster nodes. We have resolved an issue that caused an IcingaDB password file to be present only on one node in a cluster installation. This could lead to failures during NetEye updates and upgrades. List of updated packages To solve the issue mentioned above, the following packages have…
Read MoreAs you should already know, with NetEye 4.45 we officially began the transition from Icinga IDO to IcingaDB (see NetEye 4.45 Release Notes | www.neteye-blog.com). This means that IDO has been deprecated on NetEye. We’re now reaching the end of this transition: with NetEye 4.48 IDO will be officially removed from your NetEye without further…
Read MoreDuring our consulting activities we frequently find ourselves having to collect data from SNMP devices that do not support SNMPv3 for data encryption. This type of traffic is readable on the network and can create security problems and noncompliance with company certifications, for example ISO27K. For this reason, you might have devices segregated on a…
Read MoreHow we adapted our monitoring approach when the default choice didn’t fitand what we learned along the way. You’ve probably been there. You walk into a new observability project, playbook in hand, only to realize that no two projects are ever really the same. Every team has its own tools, its own platform quirks, and…
Read MoreSOAR for Controlled Response SOAR is often described in broad terms: orchestration, automation, response, integration. That’s true, but it can also feel vague. A simpler way to explain it is this: SOAR helps a SOC turn a decision into action without repeating the same manual steps every time. This matters most when the action is…
Read MoreElastiFlow collects NetFlow data from networks, such as NetFlow, sFlow, or IPFIX. This data can be sent by routers, switches, probes and other devices. The ElastiFlow Engine then processes this data and optimizes its normalization before writing it to a database such as Elasticsearch. What makes ElastiFlow particularly interesting is that it is well suited…
Read More