Blog entries by technology: elastic

17. 01. 2022 Massimo Giaimo Blue Team, SEC4U

evaluation of Elastic EDR with APT Simulator

We decided to carry out an evaluation of Elastic’s EDR using the APT Simulator (https://github.com/NextronSystems/APTSimulator) tool. The tool within the cyber security community is widely used and has an important reputation, having been developed by Florian Roth, also creator of the Sigma Rule project APT Simulator is a Windows Batch script that uses a set…

Read More
13. 01. 2022 Alessandro Valentini Bug Fixes, Log-SIEM, NetEye

Bugfixes for NetEye 4.21, 4.20, 4.19: Elasticsearch License Renewal

The current Elasticsearch license bundled with NetEye will expire this January 31st. To continue enjoy all the SIEM functionalities you must update to the new license. An automatic update has been released for the most recent NetEye version. Older NetEye releases however, can be updated manually. In the case the health-check light/01004_elastic_license_check.sh is preventing you…

Read More
31. 12. 2021 Damiano Chini Development, Log Management, Log-SIEM, NetEye

Real Time Log Signing on Fleet-managed Elastic Agents – A Preliminary Investigation

The R&D Team is currently working on the integration of the new Elastic Fleet management tool in NetEye 4. Once Elastic Fleet is fully integrated in NetEye 4, all of the Log Management features currently supported will also need to work with the Elastic Fleet. In particular, the integration of Elastic Fleet with the Log…

Read More
14. 12. 2021 Luca Franzoi Bug Fixes, NetEye

NetEye 3 Logstash and Elasticsearch – Security Advisory

Synopsis Important: Elasticsearch and Logstash security mitigation Type/Severity Security Advisory: Important Topic A mitigation for Logstash and Elasticsearch is now available for NetEye 3. NetEye Product Security has rated this mitigation as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for…

Read More
02. 11. 2021 Giovanni Davide Saccá NetEye, Unified Monitoring

nBox to NetEye Elastic Module

A customer asked me to analyze their network flows, with a solution oriented towards using an nBox that collects NetFlow data from a router located away from the branch office, takes it in for analysis, and then sends it to a NetEye Elastic module, which act as an analysis console for that NetFlow data. The…

Read More
25. 02. 2021 Alessandro Valentini NetEye

How I Became an Elastic Certified Professional, Part II

This post follows the one written some time ago by my colleague Mirko Bez. We became Elasticsearch Certified Professionals after passing both the Engineer exam and Analyst exam. In this post I’d like to tell you about my experience with the Analyst certification. This exam focuses mainly on Kibana, and 99% of the task can be done…

Read More
08. 02. 2021 Juergen Vigna ITOA, NetEye

GlusterFS as a Shared Elasticsearch Backup Volume

To be able to make Elasticsearch Snapshots you need shared storage mounted on all Elasticsearch Data Nodes. There are various possible file systems you can use for this: GFS, NFS, CIFS and GlusterFS. What is GlusterFS GlusterFS is a scalable network file system suitable for data-intensive tasks such as cloud storage and media streaming. GlusterFS…

Read More
23. 12. 2020 Mirko Bez Log-SIEM

How I Became an Elastic Certified Professional

Today I want to share with you my journey to becoming an Elastic Certified Professional by obtaining an Elastic Certified Engineer certificate. My daily experience as a NetEye SIEM consultant was a great help, because I could apply and internalize the concepts I learned directly in the field. But let’s start at the beginning. Wait……

Read More
06. 08. 2020 Mirko Bez Log Management

Firewall Log Collection: An Elastic Stack Performance Tuning Fairy Tale

In this blog post I will describe my experience with ingesting logs from a Fortinet firewall at a customer site. During this process I exploited the brand new Filebeat 7.8.0 Fortinet module. In particular, I will describe how I went from 3K events per second (eps) to 32K eps, more than a 10x improvement.

Read More
09. 03. 2020 Enrico Alberti Log-SIEM, NetEye

Store Years of NetFlow Historical Data with Elastic Rollup on NetEye 4.9

Keeping historical data around for analysis is extremely useful but often avoided due to the financial cost of archiving massive amounts of data. Retention periods are thus driven by financial realities rather than by the usefulness of extensive historical data. The Elastic Stack data rollup features provide a means to summarize and store historical data…

Read More
21. 02. 2020 TobiasGoller Log Management, NetEye

Tornado Use Case with Elastic

Before I tell you about one of my latest customer requirements, I would like to briefly explain what our NetEye Tornado module is. In our user guide you will see it written that Tornado is the successor to NetEye’s Event Handler. It is a plugin-based, stateless, scalable rule matching engine written in Rust, based on…

Read More
09. 01. 2020 Damiano Chini Log-SIEM, NetEye

Support for Elasticsearch-only Nodes

Until NetEye 4.8, customers who needed to expand the capacity of their Elasticsearch cluster running alongside their Red Hat cluster could add new standard nodes to NetEye clusters. This meant, however, that the new nodes would dedicate their resources not just to improving the capacity of the Elasticsearch cluster, but also to maintaining all services…

Read More
02. 01. 2020 Michele Santuari Log-SIEM, NetEye

Elastic Stack Cluster with NetEye >= 4.8

In a previous blog post, I described how Elastic Stack fits within the High-Available cluster architecture of NetEye 4 and, in particular, how the correct configuration of the Quorum is mandatory to prevent losing your data or even developing inconsistencies. With the upgrade to NetEye 4.8, we updated Elastic Stack to the new major version…

Read More
30. 12. 2019 Franco Federico Log-SIEM, NetEye

Graph in NetEye with Elastic Stack

In the past I’ve written in this blog post about Elastic Stack and its features. Here I’d like to show you more in depth the functionality of Graph analytics. The Graph analytics features enable you to discover how items in an Elasticsearch index are related. It’s possible to explore the connections between indexed terms and…

Read More
17. 10. 2019 TobiasGoller ITOA, Log-SIEM, Machine Learning, NetEye

Experiences with Netflow and Machine Learning in Elastic

Some time ago I was able to use the machine learning functionality in Elastic for the first time. I was astonished at how easy it is to use, and how fast it calculates historical data. In my particular case, I loaded Netflow data into the Elastic database. I wanted to use this data to evaluate…

Read More

Archive