Blog Entries

07. 10. 2024 Davide Sbetti Bug Fixes, NetEye

Bug Fixes for NetEye 4.38

We have resolved an issue that could have led to the failure of the installation process during initial setups. This problem arose from a temporary absence of an entry in the /etc/hosts file, which in turn hindered the startup of nginx. We updated the following packages:

Read More
04. 10. 2024 Emil Fazzi APM, ITOA

How to Restrict Viewing Access in Grafana Dashboards Based on Alyvix Tags

With the introduction of Alyvix Tags in NetEye 4.38, we’ve given users the ability to filter test cases and reports based on their tags, making it easier to focus on the specific test cases that matter to each department or subdivision within a tenant. One of the requests that emerged from this new feature was…

Read More
03. 10. 2024 Luigi Miazzo Bug Fixes, NetEye

Bug Fixes for NetEye 4.38

We have implemented a verification step in the neteye install, update, and upgrade processes to verify Kibana’s connectivity to the fleet integration endpoint when the NetEye instance operates behind a proxy without direct Internet access. Additionally, we have revised our User Guide to provide detailed instructions on configuring this aspect. Moreover, the rolling restart process…

Read More
03. 10. 2024 Damiano Chini Bug Fixes, NetEye

Bug Fixes for NetEye 4.38

We updated the Elastic Stack to version 8.15.2, which fixes some known issues present with versions 8.15.1 (the version previously used in NetEye for Elasticsearch, Kibana, Logstash and APM) and 8.15.0 (the version previously used in NetEye by Elastic Agents and Beats). For more details please refer to the official Elastic release notes. We updated…

Read More
03. 10. 2024 Damiano Chini Bug Fixes, NetEye

Bug Fixes for NetEye 4.37

We fixed a bug in nginx that was causing NetEye upgrades from version 4.36 to version 4.37 to fail with an error. We updated the following packages:

Read More
02. 10. 2024 Davide Sbetti Log Management, Log-SIEM, Machine Learning, NetEye

Perform KNN Classification Using Elasticsearch

Hey everyone! We played around a bit last time with our radar data to build a model that we could train outside Elasticsearch, loading it through Eland and then applying it using an ingest pipeline. But since our data is in the form of vectors, could we actually exploit Elasticsearch vector database functionality and perform…

Read More
01. 10. 2024 Emil Fazzi Bug Fixes, NetEye

Bug Fixes for NetEye 4.37

Core Neteye install, update, upgrade procedures individual service logs weren’t saved in the correct format We resolved a small issue where logs from parallel install or configurator playbooks were wrongly manipulated resulting in a different format from what they were supposed to be saved. SIEM – Log Management Elastic Stack missing systemd configuration files We…

Read More
27. 09. 2024 Mattia Codato Downloads / Release Notes, NetEye, Unified Monitoring

NetEye 4.38 Release Notes

Release date: 1st October 2024 Welcome to version 4.38 of our NetEye v4 Unified Monitoring Platform. The Church of St. John in Ranui, set against the breathtaking Dolomites in the Funes Valley, welcomes you to this release. This historic gem, nestled in the heart of South Tyrol, is a testament to the region’s rich cultural…

Read More
19. 09. 2024 Davide Gallo Development, DevOps

Ansible Development, Part 1.5: Building an Execution Environment in a Pipeline (CI/CD)

Hello everyone, I’m back to discuss Ansible and Ansible Execution Environments. In my previous blog, we talked about why and how execution environments are critical for a successful Ansible implementation. I hope my guide was easy to follow, but as you may have noticed, the process requires a significant amount of manual effort to keep…

Read More
12. 09. 2024 Mattia Codato Development, DevOps

Publish NPM Package to GitHub Packages Registry with GitHub Actions

With the rise of continuous integration and delivery (CI/CD) in modern software development, automating tasks like publishing npm packages has become crucial for efficiency. GitHub packages Registry (npm.pkg.github.com) allows developers to host and manage npm packages directly within GitHub, offering a seamless experience for both private and public repositories. By leveraging GitHub Actions, developers can…

Read More
11. 09. 2024 Davide Gallo Contribution, Development, DevOps

Ansible Development, Part 1: Building an Execution Environment

Right now, at Würth Phoenix, we are investing in automating most of our operations using Ansible. You’re probably already familiar with what Ansible does, but to summarize, Ansible is an open-source, command-line IT automation application written in Python. I’ve talked about it here: One challenge we faced while developing our automation scripts was that we…

Read More
10. 09. 2024 Massimo Giaimo Blue Team, SEC4U, SOCnews

SOC News | September 10 – New RaaS Group BloodForge

The team behind the popular underground forum BlackForums has announced, on its Telegram channel, that it has formed a new pact with the BloodForge group. From this pact was born The Brotherhood, an organization that aims to provide a RaaS (Ransomware as a Service). The new BloodForge channel then presented the features and capabilities of…

Read More
09. 09. 2024 Rocco Pezzani Log-SIEM, NetEye

Prevent Elasticsearch Crashes Using Disk Watermarks

Hi all, it’s been a while. I’m deeply sorry not to have sent out some blog posts lately, so now I’ll try to get back your trust by providing some useful information. Not only that, I’ll even go out of my comfort zone: instead of NetEye Core and monitoring strategies, I’ll talk about NetEye SIEM…

Read More
30. 08. 2024 Daniel Degasperi Blue Team, SEC4U

A Concrete Example of ES|QL and SOC Detection Rules

The purpose of this article is to show a real-life case study of the integration of the new Elastic ES|QL language within the detection rules used by the SOC to detect cyber threats. Overview ES|QL (Elasticsearch Query Language) is an SQL-like query language developed by Elastic specifically for querying time series and event data stored…

Read More
30. 08. 2024 Juergen Vigna Log-SIEM, NetEye, Unified Monitoring

Monitor your Elasticsearch Shards Count

Elasticsearch limits the number of open shards per node with the max_shards_per_node cluster setting, which defaults to 1000. The limit on the total number of shards is then calculated from this setting with this formula: total_max_number_of_shards = cluster.max_shards_per_node * number of non-frozen data nodes If the total number of shards is reached either by a…

Read More

Archive