Blog entries by technology: elastic

19. 09. 2022 Davide Sbetti Log-SIEM, Machine Learning

Elasticsearch ML Models and Inference: Real-Time Classification

In a previous article, we explored the Machine Learning capabilities of Elasticsearch, which allowed us to apply anomaly detection techniques to our data, and helped us discover some really interesting facts as a result of our analysis. But can we take that idea even further? For instance, could we use data we’ve already collected to…

Read More
31. 08. 2022 Camilla Biamino Events, SEC4U, Webinar

Elastic and the Cyber Security of Würth Phoenix

🛡️ A remarkable synergy was created between our SATAYO platform and the Elastic solution, which generated the first solution capable of covering even the most important phase of the attack à la reconnaissance. Curious? Sign up for the seminar 👇🏼

Read More
21. 06. 2022 Davide Sbetti Log Management, Log-SIEM

Elastic Transformations: How to Aggregate and Enrich Your Data

In a previous article I analyzed how you can create effective visualizations in Kibana, and how to apply machine learning jobs with the goal of extracting as much information as possible from our data. However, you can also think of data as a raw material, which sometimes needs to be transformed and manipulated before allowing…

Read More
22. 03. 2022 TobiasGoller Icinga Web 2, Machine Learning, NetEye

Performance Metrics Collection from NetEye to Elastic

Today my objective is to collect the performance metrics from various NetEye Icinga checks and write them out to Elasticsearch so I can apply Machine Learning (ML) algorithms to identify potential anomalies. This is a task that’s not possible with the open-source version of InfluxDB installed in NetEye. Moreover, this data in Elastic is used…

Read More
02. 03. 2022 Damiano Chini APM, Log-SIEM, NetEye

Observing Events in Tornado with Elastic APM

Sometimes you’d just really like to have an overview of what happens to the Events that flow through Tornado. Where do they come from? Did they get stuck somewhere in the Collectors or in Tornado? Which Tornado Actions did they trigger? Gathering all this information from hundreds of log lines across different services (i.e., Tornado…

Read More
17. 01. 2022 Massimo Giaimo Blue Team, SEC4U

An Evaluation of Elastic EDR with APT Simulator

We decided to carry out an evaluation of Elastic’s EDR using the APT Simulator (https://github.com/NextronSystems/APTSimulator) tool. This tool is widely used within the cyber security community and is highly reputed, as it was developed by Florian Roth, who also created the Sigma Rule project. APT Simulator is a Windows Batch script that uses a set…

Read More
13. 01. 2022 Alessandro Valentini Bug Fixes, Log-SIEM, NetEye

Bugfixes for NetEye 4.21, 4.20, 4.19: Elasticsearch License Renewal

The current Elasticsearch license bundled with NetEye will expire this January 31st. To continue enjoy all the SIEM functionalities you must update to the new license. An automatic update has been released for the most recent NetEye version. Older NetEye releases however, can be updated manually. In the case the health-check light/01004_elastic_license_check.sh is preventing you…

Read More
31. 12. 2021 Damiano Chini Development, Log Management, Log-SIEM, NetEye

Real Time Log Signing on Fleet-managed Elastic Agents – A Preliminary Investigation

The R&D Team is currently working on the integration of the new Elastic Fleet management tool in NetEye 4. Once Elastic Fleet is fully integrated in NetEye 4, all of the Log Management features currently supported will also need to work with the Elastic Fleet. In particular, the integration of Elastic Fleet with the Log…

Read More
14. 12. 2021 Luca Franzoi Bug Fixes, NetEye

NetEye 3 Logstash and Elasticsearch – Security Advisory

Synopsis Important: Elasticsearch and Logstash security mitigation Type/Severity Security Advisory: Important Topic A mitigation for Logstash and Elasticsearch is now available for NetEye 3. NetEye Product Security has rated this mitigation as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for…

Read More
02. 11. 2021 Giovanni Davide Saccá NetEye, Unified Monitoring

nBox to NetEye Elastic Module

A customer asked me to analyze their network flows, with a solution oriented towards using an nBox that collects NetFlow data from a router located away from the branch office, takes it in for analysis, and then sends it to a NetEye Elastic module, which act as an analysis console for that NetFlow data. The…

Read More
25. 02. 2021 Alessandro Valentini NetEye

How I Became an Elastic Certified Professional, Part II

This post follows the one written some time ago by my colleague Mirko Bez. We became Elasticsearch Certified Professionals after passing both the Engineer exam and Analyst exam. In this post I’d like to tell you about my experience with the Analyst certification. This exam focuses mainly on Kibana, and 99% of the task can be done…

Read More
08. 02. 2021 Juergen Vigna ITOA, NetEye

GlusterFS as a Shared Elasticsearch Backup Volume

To be able to make Elasticsearch Snapshots you need shared storage mounted on all Elasticsearch Data Nodes. There are various possible file systems you can use for this: GFS, NFS, CIFS and GlusterFS. What is GlusterFS GlusterFS is a scalable network file system suitable for data-intensive tasks such as cloud storage and media streaming. GlusterFS…

Read More
23. 12. 2020 Mirko Bez Log-SIEM

How I Became an Elastic Certified Professional

Today I want to share with you my journey to becoming an Elastic Certified Professional by obtaining an Elastic Certified Engineer certificate. My daily experience as a NetEye SIEM consultant was a great help, because I could apply and internalize the concepts I learned directly in the field. But let’s start at the beginning. Wait……

Read More
06. 08. 2020 Mirko Bez Log Management

Firewall Log Collection: An Elastic Stack Performance Tuning Fairy Tale

In this blog post I will describe my experience with ingesting logs from a Fortinet firewall at a customer site. During this process I exploited the brand new Filebeat 7.8.0 Fortinet module. In particular, I will describe how I went from 3K events per second (eps) to 32K eps, more than a 10x improvement.

Read More
09. 03. 2020 Enrico Alberti Log-SIEM, NetEye

Store Years of NetFlow Historical Data with Elastic Rollup on NetEye 4.9

Keeping historical data around for analysis is extremely useful but often avoided due to the financial cost of archiving massive amounts of data. Retention periods are thus driven by financial realities rather than by the usefulness of extensive historical data. The Elastic Stack data rollup features provide a means to summarize and store historical data…

Read More

Archive