Introduction Kerberoasting remains one of the most popular techniques for attackers attempting to escalate privileges inside a Windows domain. By requesting service tickets (TGS – Ticket Granting Service) encrypted with weak algorithms, an attacker can extract hashes and crack them offline to recover service account passwords. It should be mentioned that a Kerberos ticket request…
Read MoreWith the upgrade to NetEye 4.44, we’ve added a lot of new features (https://www.neteye-blog.com/2025/10/neteye-4-44-release-notes/) and, from my point of view, one of the most relevant is the introduction of Elastic Stack 9. This Elasticsearch major release (https://www.elastic.co/guide/en/elastic-stack/9.0/elastic-stack-release-notes.html) includes some new functionalities such as: ESQL Lookup Joins , LogsDB Index Mode Optimizations, etc. During various migrations…
Read MoreAround this time last year, I wrote a blog post about improving cybersecurity with Elastic Defend. Now, one year later, we’ve gained a lot of practical experience with it, which I’d like to share. Elastic Defend is an EDR (Endpoint Detection and Response). Unlike a traditional antivirus solution that relies on signature patterns that need…
Read MoreImportant: Elastic Stack security update Type/Severity NetEye Product Security has rated this update as having a High security impact. Topic An update for the elasticsearch and kibana packages is now available for NetEye 4. Security Fix for NetEye 4.44 CVEs The CVEs include three XSS vulnerabilities and two Broken Access Control vulnerabilities. For a detailed overview of the…
Read MoreIntroduction In modern SOC environments, detection rules are the cornerstone of identifying malicious activity. However, the effectiveness of a rule depends not only on what it looks for but also on how precisely it defines suspicious behavior. Many analysts have experienced the pain of rules that are “noisy” – generating countless false positives (FPs) that…
Read MoreIf you’ve worked with Elastic APM, you’re probably familiar with the APM Server: a component that collects telemetry data from APM Agents deployed across your infrastructure. But what happens when you need to segregate that data by tenant, especially in complex network zones? Let’s walk through a real-world scenario and how we tackled it. The…
Read MoreManaging a large fleet of Elastic Agents efficiently requires careful planning and proactive strategies to ensure stability, scalability, and security. As a technical consultant, I’d like to present some key considerations to help organizations avoid common pitfalls and streamline their operations. 1. Avoid Trust Issues One of the most critical aspects of managing an extensive…
Read MoreIn some environments, Elastic Agent integrations can unexpectedly consume excessive memory. This can be due to various reasons: misbehaving integrations, memory leaks, or simply under-provisioned hosts. When this happens, the Linux Kernel may invoke the OoM (Out of Memory) killer of systemd, terminating the Elastic Agent service and usually, disrupting data ingestion. How to Detect…
Read MoreUpdating Elastic Agents is usually straightforward – unless you’re working in a secure, air-gapped environment where machines can’t access the internet (and thus, the Elastic Artifact Repository). And yet this was exactly the challenge we faced. We needed a way to keep the Elastic Agents across a fleet of systems up to date, without exposing…
Read MoreLately I’ve been receiving more and more inquiries about whether we can integrate OpenTelemetry into our NetEye system, and what the analysis would look like. For this reason, I’d like to use this article to briefly describe the range of features we offer with our NetEye Elastic APM solution. In today’s fast-paced digital landscape, ensuring…
Read MoreAt Würth Phoenix, we’re no strangers to the ever-evolving world of technology. As part of our continuous innovation process and culture, we’ve been enhancing our user guide to support Elasticsearch’s ELSER model for semantic search. The goal is to improve the efficiency and accuracy of our searches, powered by machine learning. However, in typical developer…
Read MoreAs traffic to applications deployed on OpenShift grows, it’s essential to gain visibility into the flow of data entering your cluster. Monitoring this incoming traffic helps administrators maintain optimal performance, reduce security risks, and quickly resolve any emerging issues. Enabling Logging All traffic directed to an OpenShift Route is routed through a designated set of…
Read MoreWhen designing an Elasticsearch architecture, choosing the right storage is crucial. While NFS might seem like a convenient and flexible option, it comes with several pitfalls when used for hosting live Elasticsearch data (hot, warm, cold, and frozen nodes). However, NFS proves to be an excellent choice for storing snapshots and searchable snapshots. Here’s why….
Read MoreElastic Agents are flexible and powerful tools used within the Elastic Stack for collecting and shipping logs, metrics, and other data to Elasticsearch. However, the headers they use can vary depending on whether they are running in “normal” mode or acting as a Fleet Server. Let’s explore these differences. Note that a fleet server is…
Read MoreIn a previous blog post by one of my colleagues, we shared how we developed a powerful semantic search engine for our NetEye User Guide. This solution uses Elasticsearch in combination with machine learning models like ELSER to index and query our documentation. While the proof of concept (POC) worked great, there was a challenge…
Read More