10. 03. 2020 Franco Federico Log-SIEM, NetEye

Monitoring COVID-19 with NetEye – An Italian Use Case

The use case of this blog is about monitoring COVID-19 in Italy. The data used is public, and the source is the Protezione Civile (Italian Civil Protection Office), which updates the data every day after 18:00 on GitHub at the following link:

https://github.com/pcm-dpc/COVID-19/tree/master/

I found the data in various formats and I chose to analyze the CSV files.  I then installed the NetEye SIEM module in order to use the power of analytics.

I used Logstash to load the data into Elasticsearch, and the plug-in input File and CSV filter. After that I designed and created visualization maps and dashboard objects using Kibana.

Below are the resulting two dashboards I created:

By clicking on “Esplora”, you can then view the relative maps update to 10th March 2020:

Here you can see that the most complicated situation is in the north of Italy, but COVID-19 is spreading very quickly to many other cities throughout Italy.

Scrolling down the dashboard, you can see another view of Italy with the same date, but with a different visualization.

Here it’s possible to analyze and change focus, passing from total cases to total deaths, total numbers of people in the hospital, etc.

I hope that this blog will help make it understood that COVID-19 spreads quite quickly, and we can all stop it together, if we all follow the suggestions of the central government.

It’s possible to configure NetEye’s Tornado component to create alerts in NetEye, however since the data is not in real or near-real time, in my opinion it is not necessary.

I’ve tried to use Elastic Stack’s machine learning feature, but there is not yet enough data. Next, I will try to visualize public data of COVID-19 from all over the world, which I found here:

https://github.com/CSSEGISandData/COVID-19

Franco Federico

Franco Federico

Hi, I’m Franco and I was born in Monza. Over the last 20 years I worked for IBM in various roles. I started as a customer service representative (help desk operator), then I was promoted to Windows expert. In 2004 I changed again and was promoted to consultant, business analyst, then Java developer, and finally technical support and system integrator for Enterprise Content Management (FileNet). Several years ago I became fascinated by the Open Source world, the GNU\Linux operating system, and security in general. And so in the last 4 years during my free time I studied security systems and computer networks in order to extend my knowledge. I came across several open source technologies including the Elastic stack (formerly ELK), and started to explore them and other similar ones like Grafana, Greylog, Snort, Grok, etc. I like to script in Python, too. In addition to studying in my free time I dedicate myself to my family (especially my little daughter) and I like walking, reading, dancing and making pizza for friends and relatives.

Author

Franco Federico

Hi, I’m Franco and I was born in Monza. Over the last 20 years I worked for IBM in various roles. I started as a customer service representative (help desk operator), then I was promoted to Windows expert. In 2004 I changed again and was promoted to consultant, business analyst, then Java developer, and finally technical support and system integrator for Enterprise Content Management (FileNet). Several years ago I became fascinated by the Open Source world, the GNU\Linux operating system, and security in general. And so in the last 4 years during my free time I studied security systems and computer networks in order to extend my knowledge. I came across several open source technologies including the Elastic stack (formerly ELK), and started to explore them and other similar ones like Grafana, Greylog, Snort, Grok, etc. I like to script in Python, too. In addition to studying in my free time I dedicate myself to my family (especially my little daughter) and I like walking, reading, dancing and making pizza for friends and relatives.

Leave a Reply

Your email address will not be published.

Archive