Blog entries by technology: elastic

02. 10. 2024 Davide Sbetti Log Management, Log-SIEM, Machine Learning, NetEye

Perform KNN Classification Using Elasticsearch

Hey everyone! We played around a bit last time with our radar data to build a model that we could train outside Elasticsearch, loading it through Eland and then applying it using an ingest pipeline. But since our data is in the form of vectors, could we actually exploit Elasticsearch vector database functionality and perform…

Read More
09. 09. 2024 Rocco Pezzani Log-SIEM, NetEye

Prevent Elasticsearch Crashes Using Disk Watermarks

Hi all, it’s been a while. I’m deeply sorry not to have sent out some blog posts lately, so now I’ll try to get back your trust by providing some useful information. Not only that, I’ll even go out of my comfort zone: instead of NetEye Core and monitoring strategies, I’ll talk about NetEye SIEM…

Read More
30. 08. 2024 Juergen Vigna Log-SIEM, NetEye, Unified Monitoring

Monitor your Elasticsearch Shards Count

Elasticsearch limits the number of open shards per node with the max_shards_per_node cluster setting, which defaults to 1000. The limit on the total number of shards is then calculated from this setting with this formula: total_max_number_of_shards = cluster.max_shards_per_node * number of non-frozen data nodes If the total number of shards is reached either by a…

Read More
20. 08. 2024 Franco Federico APM, Log-SIEM, Unified Monitoring

A Journey through Elastic Integrations

At the beginning of the month we released NetEye version 4.37 that contains Elastic Stack 8.14.3. Every version update of Elastic has both improvements and additions. To see all available integrations in NetEye, click on the screenshot here: As you can see the changes range from cloud integration, to ticketing, to not forgetting security, networking,…

Read More
12. 08. 2024 Davide Sbetti AI, Artificial Intelligence, Log-SIEM, Machine Learning, NetEye

Bring Your Own Model – Using Custom Models in Elasticsearch

Hey everyone! As you may remember, we took a look in the past at how it’s possible to use a model (trained directly in Elasticsearch) to perform some real time classification by using an ingest pipeline. But… what if we wanted to use our own externally trained model? Well the good news is that, under…

Read More
14. 06. 2024 Matteo Cipolletta APM, NetEye, Real User Experience, Visual Synthetic Monitoring

The Right Monitoring Tool: Elastic Synthetic Browser Monitor vs. Alyvix

In today’s digital landscape, ensuring optimal performance and availability of applications is critical. Monitoring tools like Elastic Synthetics Journey Monitor and Alyvix offer unique capabilities tailored to diverse needs. Understanding where each tool excels can help you choose the best solution for your requirements. Elastic Synthetic Browser Monitor: Strengths and Use Cases Elastic Synthetic Browser…

Read More
24. 05. 2024 Daniel Degasperi Blue Team, SEC4U

How To Detect a Chromium Browser Stealer With Elastic

In this blog, I’ll propose and describe a solution for detecting potential infostealers targeting Chromium-based browsers, taking a cue from the research exposed by Google’s Chrome Security Team (Detecting browser data theft using Windows Event Logs). Obviously a solution using Elastic 🙂 ! What is an Infostealer (in a nutshell) ? In the realm of…

Read More
15. 03. 2024 Matteo Cipolletta APM, Log-SIEM, NetEye

Unleashing Elastic APM: Containerized Scalability Explored

Introduction: Unveiling Elastic APM in Containerized Environments In today’s dynamic digital landscape, where every interaction matters, understanding the intricacies of application performance has become paramount. Elastic APM is a powerful toolset within the Elastic Stack included in the NetEye SIEM Module, and designed to provide unparalleled insights into the performance of your applications. As organizations…

Read More
23. 02. 2024 Juergen Vigna Log-SIEM, NetEye, Unified Monitoring

Monitoring Logs in Elasticsearch: A Practical Example

Say you want to monitor logs coming into your Elasticsearch instance, and have it send data to your Monitoring Dashboard. I’ll show you how to do this with a practical example, in particular for an event coming from the Active Directory where a user is locked out, and the associated Domain Controller sends the event…

Read More
16. 02. 2024 Reinhold Trocker Log-SIEM, NetEye

Enabling Elastic Agents Upgrades in Restricted or Closed Networks

In this article, we’ll explore how to configure the “Agent Binary Download” setting and set up your own artifact registry for binary downloads within a NetEye cluster. Prerequisites Before we begin, ensure you have the following prerequisites in place: Configuring the “Agent Binary Download” Setting Hosting Your Own Artifact Registry If routing traffic through a proxy server…

Read More
13. 02. 2024 Tobias Goller NetEye, Unified Monitoring

SNMP Trap Archiving in Elastic via Tornado

First of all, I’ll briefly explain what the “Tornado” in NetEye actually is. Tornado is a Complex Event Processor that receives reports of events from data sources such as monitoring, email, and SNMP Traps, matches them against rules you’ve configured, and executes the actions associated with those rules, which can include sending notifications, logging to…

Read More
09. 01. 2024 Matteo Cipolletta Unified Monitoring

Reassign Elasticsearch ILM Policy with Python

Index Lifecycle Management (ILM) policies constitute a fundamental component in Elasticsearch index management. They enable users to define the life stages of an index, determining when and how specific actions, such as transitioning from a “hot” to a “cold” state or deleting obsolete indices, should occur. ILM policies empower users to ensure the optimal distribution…

Read More
28. 12. 2023 Enrico Alberti Log Management, Log-SIEM, NetEye

Monitor Fleet Elastic Agents with NetEye Extension Packs (NEP)

With the latest version of NetEye 4.33, the Fleet Server and ElasticAgent officially join the NetEye Elastic Stack (see NetEye 4.33 Release Notes ) Related to this new big feature, within the NetEye Extension Packs project we have provided new monitoring checks that can help customers and consultants who use NetEye to keep these new…

Read More
28. 12. 2023 Davide Sbetti Log-SIEM, Machine Learning

Semantic Search in Elasticsearch – Testing Our NetEye Guide: Adding the LLM ingredient

You weren’t expecting a part three of this series, right? Well honestly, me neither. But after working together with you on the POC where we firstly crawled the NetEye Guide and applied ELSER to the resulting documents, and then we exploited its semantic search capabilities in the NetEye Guide search, we asked ourselves, what if…

Read More
22. 12. 2023 Juergen Vigna Log-SIEM, NetEye, Unified Monitoring

SIEM: Monitor Hosts Sending Data to Elasticsearch

Do you have a SIEM installation based on Elasticsearch (like the NetEye 4 SIEM Module) and are you sending data to it from your hosts? Then you’ll surely want to know whether your host is actually sending data, or if nothing is coming out at all. For this I made available a simple icinga/nagios plugin…

Read More

Archive