Hi everyone! Today I’d like to share with you an investigation we undertook related to ingesting Open Telemetry data in Elasticsearch, while maintaining tenant segregation from start to end. The Scenario Let’s imagine we have multiple customers, where in this case “multiple” may be well in the order of hundreds, who would like to send…
Read MoreA Rule Is More Than a Query In modern detection engineering, a rule is often misunderstood as just a query that triggers alerts. In reality, within Elastic Security, a detection rule is a structured, versioned, and lifecycle-managed object that goes far beyond simple query logic. Understanding this structure is essential for anyone operating in a…
Read MoreIn this article I’d like to share my experience with Elastic certifications. Recently, I had the opportunity to take the Elastic Certified Engineer and Elastic Certified Observability Engineer exams and I’d like to describe my preparation, experience and finally share some useful tips for anyone else who wants to follow the same path. Overview of…
Read MoreA scalable approach to detecting malicious domains using Threat Intelligence and Indicator Match Rules One of the most common techniques used in phishing and initial access campaigns is the creation of domains that closely resemble legitimate ones. Attackers exploit typosquatting, homograph attacks, and brand impersonation to deceive users and steal credentials. For a Security Operations…
Read MoreIntroduction Managing Elasticsearch effectively – especially as environments grow in size and complexity – can quickly become a challenging task. Performance tuning, identifying the true root cause behind slowdowns, and optimizing resource allocation often demand specialized expertise and a significant investment in time. In enterprise ecosystems, where observability underpins critical services and reliability expectations are…
Read MoreIn many Elastic deployments, the natural approach every time you encounter a server with different needs is to create a new Fleet policy. Each group seems to require its own small set of tweaks or additional integrations. But the more policies you create, the harder it becomes to maintain and scale your configuration. In reality…
Read MoreImportant: Elastic Stack security update Type/Severity NetEye Product Security has rated this update as having a Medium security impact. Topic An update for the Kibana package is now available for NetEye 4. Security Fix for NetEye 4.46 CVEs All of the 4 CVEs are Denial of Service vulnerabilities that affect Kibana, within the Elastic Stack. Affected Products All…
Read MoreFrom a Technical Consultant’s Perspective “How can I tell if a new Elastic Integration feature or PR is already included in my NetEye version?” Elastic adds new features quite often. However, these features do not always appear in NetEye right away. That’s because each integration requires a specific Kibana version. If NetEye doesn’t yet ship…
Read MoreImportant: Elastic Stack security update Type/Severity NetEye Product Security has rated this update as having a High security impact. Topic An update for the elastic-stack packages (elasticsearch, kibana, filebeat, logstash and elastic-agent) is now available for NetEye 4. Security Fix for NetEye 4.45 CVEs The CVEs include an Information Disclosure vulnerability, a Server-Side Request Forgery and 5 Denial…
Read MoreImportant: Elastic Stack security update Type/Severity NetEye Product Security has rated this update as having a High security impact. Topic An update for the elastic-stack packages (elasticsearch, kibana, filebeat, logstash and elastic-agent) is now available for NetEye 4. Security Fix for NetEye 4.45 CVEs The CVEs affect different components of the Elastic Stack, as outlined below. Packetbeat CVEs:…
Read MoreIntroduction For on-premise Elasticsearch installations, performing a rolling restart across a cluster can be a time-consuming task, especially when dealing with large clusters. Rolling restarts are typically required when changing node configurations or upgrading the cluster to a new version. Elastic provides an official procedure to ensure service continuity during this process. However, after analyzing…
Read MoreWhen performance degradation occurs within a complex system, understanding the root cause can be extremely challenging. If the issue happens sporadically, this difficulty increases even more. This is because modern systems involve numerous components that interact in complex ways. For example, if your application’s Web UI becomes slow, the underlying cause could be anywhere in…
Read MoreIntroduction Kerberoasting remains one of the most popular techniques for attackers attempting to escalate privileges inside a Windows domain. By requesting service tickets (TGS – Ticket Granting Service) encrypted with weak algorithms, an attacker can extract hashes and crack them offline to recover service account passwords. It should be mentioned that a Kerberos ticket request…
Read MoreWith the upgrade to NetEye 4.44, we’ve added a lot of new features (https://www.neteye-blog.com/2025/10/neteye-4-44-release-notes/) and, from my point of view, one of the most relevant is the introduction of Elastic Stack 9. This Elasticsearch major release (https://www.elastic.co/guide/en/elastic-stack/9.0/elastic-stack-release-notes.html) includes some new functionalities such as: ESQL Lookup Joins , LogsDB Index Mode Optimizations, etc. During various migrations…
Read MoreAround this time last year, I wrote a blog post about improving cybersecurity with Elastic Defend. Now, one year later, we’ve gained a lot of practical experience with it, which I’d like to share. Elastic Defend is an EDR (Endpoint Detection and Response). Unlike a traditional antivirus solution that relies on signature patterns that need…
Read More