A safer way to run privileged Windows checks with SystemRunner If you’ve been monitoring Windows for a while, you’ve probably seen this pattern: some checks must run as LocalSystem (S-1-5-18), and the “quick fix” is to run the Icinga Agent itself as SYSTEM. It works. It’s also a really bad idea. Why? SystemRunner takes a…
Read MoreA customer recently asked me to monitor their access points. Currently, they had no monitoring system for their 100+ access points other than a firewall view showing the status of individual access points. The firewall in question was a Fortigate 660e. I checked, and we already have an NEP that performs monitoring for Fortinet, which…
Read MoreWelcome to version 4.45 of our NetEye v4 Unified Monitoring Platform. As you log in, you’ll be welcomed by the serene winter landscape of St. Magdalena/Santa Maddalena in Villnösser Tal/Val di Funes. The small village rests quietly beneath the dramatic Geisler peaks, blanketed in fresh snow that softens every contour. Morning light brushes the slopes,…
Read MoreThis document describes the steps required to build, configure, and operate a Podman container based on php:8.2-cli, with the SNMP extension enabled, intended for executing monitoring plugins within a NetEye/Icinga environment. Create a Containerfile with the following contents: FROM docker.io/php:8.2-cliRUN apt-get update && \ apt-get install -y libsnmp-dev snmp && \ rm -rf /var/lib/apt/lists/* &&…
Read MoreOrganizations often struggle to understand how they truly appear from the outside. Security teams work hard to protect internal systems, yet the real exposure visible to potential attackers often remains unclear. That’s why we created the External Attack Surface Management (EASM) report. By delivering this report we want to provide a clear overview of the…
Read MoreOn October 1, 2025, Würth Group employees were targeted by a WhatsApp-based cyberattack. A few users fell for it and some devices got infected. The attack was promptly detected by our Cyber Defense Center, and was stopped before it could spread further. Investigating the threat more deeply, we discovered it was part of a wider…
Read MoreA while ago I was studying the webp image format by Google out of curiosity. I had written a .png parser in the past and was interested in seeing how the lossless VP8L encoding in particular was working in that library. While I was using a external Rust library to decode the actual image data…
Read MoreWith the upgrade to NetEye 4.44, we’ve added a lot of new features (https://www.neteye-blog.com/2025/10/neteye-4-44-release-notes/) and, from my point of view, one of the most relevant is the introduction of Elastic Stack 9. This Elasticsearch major release (https://www.elastic.co/guide/en/elastic-stack/9.0/elastic-stack-release-notes.html) includes some new functionalities such as: ESQL Lookup Joins , LogsDB Index Mode Optimizations, etc. During various migrations…
Read MoreMy SANS Course in London – April 2025 Back in April, I had the opportunity to attend a SANS course in London. More precisely, SANS 504: Hacker Tools, Techniques, and Incident Handling. The course ran from April 7th to April 12th, and those six days were intense, exciting, and surprisingly fun in ways I didn’t…
Read More
The NetEye Conference 2025 in Verona offered a full day of deep-dive sessions, live use cases, and peer-to-peer learning – all centered around one guiding theme: Intelligent Operations in Action. Our community explored how observability, cybersecurity, and service management converge to create smarter, more resilient IT ecosystems. Keynotes by Sebastiano Barisoni and Matteo Meucci set…
Read More
Producing actionable intelligence must be the mindset that every Threat Intelligence analyst must set as their primary objective. The problem of properly integrating Threat Intelligence into Security Operations processes is a recurring one. In this article, I aim to describe the integration process we, at Würth IT, have implemented, which allows us to produce actionable…
Read MoreRecently Icinga DB Web had a new security release, fixing a vulnerability where protected or hidden custom variables could be inferred by any user with object visibility by abusing comparative filters on those hidden variables.
Read MoreIf you’ve followed this thread for awhile, then I hope by now you’re making great videos. Let’s assume your content is instructive, interesting and well-written, all of your equipment is working the way you want, and you have a good on-camera presence. It’s still possible though that you’re making boring videos. The main reason is…
Read MoreAmong the several plugins that Grafana provides is Node Graph, a useful plugin for visualizing elements and relationships between them. This plugin, as described in the article: https://grafana.com/docs/grafana/latest/panels-visualizations/visualizations/node-graph/ , can be used to represent: To verify its usefulness within NetEye, we adapt it to the data present in Icinga. In this POC, we import our…
Read MoreWhen organizations think about cybersecurity, the conversation often starts with compliance. ISO 27001, PCI-DSS, HIPAA, GDPR, NIS2… frameworks and regulations designed to protect sensitive data and establish minimum standards for risk management. Achieving compliance is often seen as the ultimate milestone: once the certificate is obtained or the audit is passed, the company is considered…
Read More