Blog Entries

12. 09. 2024 Mattia Codato Development, DevOps

Publish NPM Package to GitHub Packages Registry with GitHub Actions

With the rise of continuous integration and delivery (CI/CD) in modern software development, automating tasks like publishing npm packages has become crucial for efficiency. GitHub packages Registry (npm.pkg.github.com) allows developers to host and manage npm packages directly within GitHub, offering a seamless experience for both private and public repositories. By leveraging GitHub Actions, developers can…

Read More
11. 09. 2024 Davide Gallo Contribution, Development, DevOps

Ansible Development, Part 1: Building an Execution Environment

Right now, at Würth Phoenix, we are investing in automating most of our operations using Ansible. You’re probably already familiar with what Ansible does, but to summarize, Ansible is an open-source, command-line IT automation application written in Python. I’ve talked about it here: One challenge we faced while developing our automation scripts was that we…

Read More
10. 09. 2024 Massimo Giaimo Blue Team, SEC4U, SOCnews

SOC News | September 10 – New RaaS Group BloodForge

The team behind the popular underground forum BlackForums has announced, on its Telegram channel, that it has formed a new pact with the BloodForge group. From this pact was born The Brotherhood, an organization that aims to provide a RaaS (Ransomware as a Service). The new BloodForge channel then presented the features and capabilities of…

Read More
09. 09. 2024 Rocco Pezzani Log-SIEM, NetEye

Prevent Elasticsearch Crashes Using Disk Watermarks

Hi all, it’s been a while. I’m deeply sorry not to have sent out some blog posts lately, so now I’ll try to get back your trust by providing some useful information. Not only that, I’ll even go out of my comfort zone: instead of NetEye Core and monitoring strategies, I’ll talk about NetEye SIEM…

Read More
30. 08. 2024 Daniel Degasperi Blue Team, SEC4U

A Concrete Example of ES|QL and SOC Detection Rules

The purpose of this article is to show a real-life case study of the integration of the new Elastic ES|QL language within the detection rules used by the SOC to detect cyber threats. Overview ES|QL (Elasticsearch Query Language) is an SQL-like query language developed by Elastic specifically for querying time series and event data stored…

Read More
30. 08. 2024 Juergen Vigna Log-SIEM, NetEye, Unified Monitoring

Monitor your Elasticsearch Shards Count

Elasticsearch limits the number of open shards per node with the max_shards_per_node cluster setting, which defaults to 1000. The limit on the total number of shards is then calculated from this setting with this formula: total_max_number_of_shards = cluster.max_shards_per_node * number of non-frozen data nodes If the total number of shards is reached either by a…

Read More
28. 08. 2024 Fabrizio Dovesi Atlassian, Service Management

Automate the Clustering of Similar Cases for Effective Handling of a Significant Volume of Incoming Alerts

This guide will show you how to enable your team to handle multiple cases simultaneously, letting you manage them as if they were just one. In which scenarios would this solution offer users a valuable benefit? Have you ever had to discard a significant number of cases, requests, or emails because there were simply too…

Read More
28. 08. 2024 Tobias Goller Unified Monitoring

ntopng Updates

On 14.08.2024 ntopng released its latest version 6.2. I’d like to use this post to emphasize some of the key innovations it brings. There were many changes and bug fixes in this release. Some major improvements and enhancements are as follows: Furthermore, ntopng is now cloud-aware. Over the ntop cloud you’ll be able to control…

Read More
27. 08. 2024 Charles Callaway Documentation

Using AI to Create Tutorial Videos

Confession time. I can easily spend between 1 and 2 weeks creating a 5 minute long video. 3 weeks if I’m being a perfectionist. Of course, those videos are awesome, and are highly tailored to a specific audience. They say what I want to say. In this blog I’m always looking into efficiency and productivity…

Read More
23. 08. 2024 Mattia Codato Bug Fixes, NetEye

Bug Fixes for NetEye 4.37

We fixed a procmail misconfiguration that was occurring after the upgrade. We updated the following packages:

Read More
21. 08. 2024 Damiano Chini Bug Fixes, NetEye

Bug Fixes for NetEye 4.37

We resolved an issue in the neteye update and neteye upgrade commands where the process would halt if the Elasticsearch cluster took longer than 30 seconds to respond to API requests. We updated the following packages:

Read More
20. 08. 2024 Franco Federico APM, Log-SIEM, Unified Monitoring

A Journey through Elastic Integrations

At the beginning of the month we released NetEye version 4.37 that contains Elastic Stack 8.14.3. Every version update of Elastic has both improvements and additions. To see all available integrations in NetEye, click on the screenshot here: As you can see the changes range from cloud integration, to ticketing, to not forgetting security, networking,…

Read More
20. 08. 2024 Davide Sbetti Bug Fixes, NetEye

Bug Fixes for NetEye 4.37

We resolved a bug in the nginx configuration for our clickhouse integration. This fix guarantees that queries will no longer be directed to the voting-only node in cluster environments, preventing potential errors. We updated the following packages:

Read More
15. 08. 2024 Davide Sbetti Bug Fixes, NetEye

Bug Fixes for NetEye 4.36

We fixed a bug in the neteye update procedure. In particular, this now handles properly the update of pacemaker and corosync, as done already by the neteye upgrade, to ensure a correct handling of the resources during this phase. We updated the following packages:

Read More
15. 08. 2024 Davide Sbetti Bug Fixes, NetEye

Bug Fixes for NetEye 4.37

We fixed a bug in the neteye update procedure. In particular, this now handles properly the update of pacemaker and corosync, as done already by the neteye upgrade. This enhancement guarantees proper pcs resource management throughout this phase. We updated the following packages:

Read More

Archive