Blog Entries

30. 08. 2024 Daniel Degasperi Blue Team, SEC4U

A concrete example of ES|QL and SOC detection rules

The purpose of this article is to show a real-life case study of the integration of the new Elastic ES|QL language within the detetion rules used by the SOC to detect cyber threats. Overview ES|QL (Elasticsearch Query Language) is a SQL-like query language developed by Elastic specifically for querying time series and event data stored…

Read More
30. 08. 2024 Juergen Vigna Log-SIEM, NetEye, Unified Monitoring

Monitor your Elasticsearch Shards Count

Elasticsearch limits the number of open shards per node with the max_shards_per_node cluster setting, which defaults to 1000. The limit on the total number of shards is then calculated from this setting with this formula: total_max_number_of_shards = cluster.max_shards_per_node * number of non-frozen data nodes If the total number of shards is reached either by a…

Read More
28. 08. 2024 Fabrizio Dovesi Atlassian, Service Management

Automate the Clustering of Similar Cases for Effective Handling of a Significant Volume of Incoming Alerts

This guide will show you how to enable your team to handle multiple cases simultaneously, letting you manage them as if they were just one. In which scenarios would this solution offer users a valuable benefit? Have you ever had to discard a significant number of cases, requests, or emails because there were simply too…

Read More
28. 08. 2024 Tobias Goller Unified Monitoring

ntopng Updates

On 14.08.2024 ntopng released its latest version 6.2. I’d like to use this post to emphasize some of the key innovations it brings. There were many changes and bug fixes in this release. Some major improvements and enhancements are as follows: Furthermore, ntopng is now cloud-aware. Over the ntop cloud you’ll be able to control…

Read More
27. 08. 2024 Charles Callaway Documentation

Using AI to Create Tutorial Videos

Confession time. I can easily spend between 1 and 2 weeks creating a 5 minute long video. 3 weeks if I’m being a perfectionist. Of course, those videos are awesome, and are highly tailored to a specific audience. They say what I want to say. In this blog I’m always looking into efficiency and productivity…

Read More
23. 08. 2024 Mattia Codato Bug Fixes, NetEye

Bug Fixes for NetEye 4.37

We fixed a procmail misconfiguration that was occurring after the upgrade. We updated the following packages:

Read More
21. 08. 2024 Damiano Chini Bug Fixes, NetEye

Bug Fixes for NetEye 4.37

We resolved an issue in the neteye update and neteye upgrade commands where the process would halt if the Elasticsearch cluster took longer than 30 seconds to respond to API requests. We updated the following packages:

Read More
20. 08. 2024 Franco Federico APM, Log-SIEM, Unified Monitoring

A Journey through Elastic Integrations

At the beginning of the month we released NetEye version 4.37 that contains Elastic Stack 8.14.3. Every version update of Elastic has both improvements and additions. To see all available integrations in NetEye, click on the screenshot here: As you can see the changes range from cloud integration, to ticketing, to not forgetting security, networking,…

Read More
20. 08. 2024 Davide Sbetti Bug Fixes, NetEye

Bug Fixes for NetEye 4.37

We resolved a bug in the nginx configuration for our clickhouse integration. This fix guarantees that queries will no longer be directed to the voting-only node in cluster environments, preventing potential errors. We updated the following packages:

Read More
15. 08. 2024 Davide Sbetti Bug Fixes, NetEye

Bug Fixes for NetEye 4.36

We fixed a bug in the neteye update procedure. In particular, this now handles properly the update of pacemaker and corosync, as done already by the neteye upgrade, to ensure a correct handling of the resources during this phase. We updated the following packages:

Read More
15. 08. 2024 Davide Sbetti Bug Fixes, NetEye

Bug Fixes for NetEye 4.37

We fixed a bug in the neteye update procedure. In particular, this now handles properly the update of pacemaker and corosync, as done already by the neteye upgrade. This enhancement guarantees proper pcs resource management throughout this phase. We updated the following packages:

Read More
12. 08. 2024 Csaba Remenar ITOA, NetEye

How to Integrate Metrics Collected in OpenShift into NetEye/Grafana

OpenShift already has a built-in monitoring suite with Prometheus, Grafana, and Alertmanager. This is all well and good, but what if organizations want to monitor their entire infrastructure, integrating all monitoring results under one umbrella? In this case, it’s necessary to send the metrics somehow from OpenShift to NetEye. In this tutorial, I’ll show you…

Read More
12. 08. 2024 Davide Sbetti AI, Artificial Intelligence, Log-SIEM, Machine Learning, NetEye

Bring Your Own Model – Using Custom Models in Elasticsearch

Hey everyone! As you may remember, we took a look in the past at how it’s possible to use a model (trained directly in Elasticsearch) to perform some real time classification by using an ingest pipeline. But… what if we wanted to use our own externally trained model? Well the good news is that, under…

Read More
08. 08. 2024 Davide Sbetti Bug Fixes, NetEye

Bug Fixes for NetEye 4.37

A bug in the NetEye Alyvix integration has been resolved. This bug was associated with certain secure attributes that were absent from the cookie responsible for storing the Alyvix JWT token. We updated the following packages:

Read More
07. 08. 2024 Damiano Chini Development

How Feature Toggles Can Improve Agile Development

As the NetEye R&D team, we sometimes need to develop features in NetEye that require a lot of work to finish implementing. To handle the development of these features, we’re always trying to divide the work into smaller, more manageable pieces so that we can see any progress and avoid the typical pitfalls of the…

Read More

Archive