02. 04. 2024
Downloads / Release Notes, NetEye, Unified Monitoring
01. 04. 2021
Thomas Forrer
Downloads / Release Notes, NetEye, Unified Monitoring
NetEye 4.17 Release Notes
Welcome to version 4.17 of our NetEye v4 Unified Monitoring Solution.
General
Improvements
With the new NetEye release, the Contrib RPM repository is made generally available in NetEye 4.
The Contrib repository contains supplemental packages, like NeDi and the Icingaweb2 module X509, intended to work with NetEye and provided by NetEye contributors.
This goes in the direction of supporting a broader contribution mechanism, allowing NetEye to be extended in a well-defined way by contributors.
Visualization Improvements (ITOA)
As a continuation of the user experience improvements, ITOA based on Grafana is now shipped with a completely new light theme based on Carbon Design System.
The ITOA module with the NetEye release 4.17 supports both light and dark theme and each user can now set the preferred one in User > Preferences > Theme
User Guide
With the NetEye 4.17 release, we focus on improving the product User Guide. We believe that all users should have the opportunity to reference User Guide content, and access it at any time, from anywhere, for the current and all future NetEye versions.
The new User Guide is publicly available and has been redesigned from scratch with a strong focus on simplicity and usability. The new user interface fully supports mobile devices and gives the user the opportunity to
switch between light and dark themes.
Please note that after the upgrade to this NetEye version (NetEye 4.17) the legacy User Guide module, inside the product, will be removed and replaced by the new online NetEye User Guide.
A direct link to the new User Guide will be available in the top right corner of the NetEye interface.
NetEye RPM Signature
We strive to guarantee the highest levels of security to customers and users of NetEye. Great IT security does not stop at writing safe software but requires also safe distribution channels. This reaches from the checked-in code, down to the software packages delivered to NetEye Appliances.
With this release, the NetEye Continuous Integration/Delivery pipeline has been extended with sigul signing server, which has been protected and isolated following current best practices. It will guarantee that all signed Packages originate from us, and are protected from malicious tampering attempts both on our infrastructure and also between Appliance and Repository.
Extending on this, the current and all future releases of NetEye will exclusively consist of cryptographically signed packages, both built by us or any included third party repository. The required public key for signature verification will be safely distributed as part of NetEye.
Monitoring – Detection
Smart Director
In scenarios involving large Director configurations, even the smallest operations like adding or modifying a few hosts or services can require several minutes to be fully deployed.
The new Smart Director allows applying configuration changes to hosts or services live without having to deploy the entire configuration and restart Icinga.
The Smart Director module extends the Director by adding the instant deploy functionality, that allows the user to immediately apply changes made to hosts and services, such that no deployment is necessary. In general this allows for a smoother operation of the monitoring engine Icinga 2 and simultaneously decrease the frequency with which full deployments are necessary, especially with large configurations.
The Smart Director feature must be activated with an automatic procedure that must be started manually. This can be done at any point in time after the upgrade.
Icingaweb2 Module Director upgrade to version 1.8.0
We upgraded the icingaweb2 module director from version 1.7.2 to 1.8.0. This update contains new features, various bug fixes and interface improvements. ( Full Changelog Here )
SIEM – Log Management
Real Time Log Signing
Security has the highest priority in NetEye 4. With the aim of continuously improving the security in NetEye 4 and comply with standards, the NetEye 4.17 release brings a architectural improvement in the Log Manager module, which permits to add even more guarantees on the confidentiality and integrity of the logs managed by the module.
The new architecture, named “Real Time Log Signing”, stores the logs into a blockchain in real time, as soon as the logs are sent to NetEye 4. The blockchain is indexed directly in Elasticsearch for an easy management.
Signing the logs in real time, combined with the intrinsic guarantees of the blockchains and the use of TLS for all communications, grants the integrity and the confidentiality of the logs.
Another key point to preserve data integrity is to avoid data loss during the signing of the logs. For this reason a Logstash persistent pipeline has been preconfigured in the Log Manager, which ensures that no log is lost from the moment that the Log Manager takes charge of it. Each single log is then signed and stored in Elasticsearch, in such a way that all the Elasticsearch features for managing the documents can still be used without affecting the validity of the blockchain.
A CLI tool allows the user to verify the validity of the entire blockchain or only parts of it.
The new “Real Time Log Signing” architecture is not active by default, but logs can be forwarded to it with minimal configuration changes within the existing Log Manager module.
For further details, see https://neteye.guide/4.17/siem/concepts.html#elastic-blockchain-proxy
Deprecation
The “Real Time Log Signing” mechanism introduced in this release will eventually replace the current Log Signing procedure. The Logmanager Retention Policy configured in NetEye 4 will have no effect on logs managed via the new Real Time Log Signing architecture. The retention policy of these logs can be configured instead directly in Elasticsearch, with the Index Lifecycle Management feature.
The Logmanager Retention Policy will still be applied on the logs managed via rsyslog, so the configuration of the Logmanager Retention Policy should be kept until all the logs are deleted accordingly to the retention policy.
To ease the migration of log management to the new Real Time Log Signing architecture, NetEye 4 supports the management of logs with both architectures at the same time.
Thomas Forrer
Team Leader Research & Development at Würth Phoenix
Hi folks!
I began loving computer since 1994, it was still the time of windows 3.1. Immediately I learned starting DOS games from the command promt, and while typing some white text on black background I felt like some hackish dude in a hollywoodian movie.
Later during the studies at the university, I discovered the magic world of opensource, and it was love at first sight. Finally I got rid of BSOD's =)
I love everything that is connected to some network, especially in a security perspective.
My motto is:
"With motivation, nothing is impossibile. It only requires more time."
Author
Latest posts by Thomas Forrer
20. 09. 2021
ctf-writeups, SEC4U
RomHack CTF 2021: Table of Contents Writeup