Blog Entries

19. 07. 2022 Enrico Alberti Contribution, NetEye, Unified Monitoring

Integration of Centreon Plugins into NetEye Extension Packs

With the end of 2021 we’ve release the first version of the NetEye Extension Packs project that helps customers and consultants on their monitoring implementations and more (see Introducing NetEye Extension Packs | www.neteye-blog.com for details). Now our focus is to extend the ouf of box infrastructure coverage of our monitoring plugins. With this target…

Read More
11. 03. 2022 Enrico Alberti Log-SIEM, NetEye

NetEye for Data Protection Officers

With NetEye 4.22 we released a feature awaited for years: the ability to reach the Elasticsearch API externally, thanks to our NGINX proxy under NetEye. This new feature brings with it a lot of use cases, but what was turning over and over in my head was the automatic process for verification of the blockchains…

Read More
24. 12. 2021 Enrico Alberti Log Management, NetEye

Log Management through NetEye Satellites

In the enormous world of Log Collection, quite often customers need to collect logs from various systems in remote locations, like from an office in another country. For Icinga we know that the latest NetEye 4.20 release fully supports distributed monitoring, but what about the Log Manager and SIEM modules? Is it possible to use…

Read More
02. 07. 2021 Enrico Alberti Icinga Web 2, NetEye

Monitor Services Automatically with Icinga Director Automation

In recent months many enterprise customers have asked me for a solution to create services on their monitored Icinga hosts automatically. They want a single point of insertion (like a list) for all services on the host as well as for the NetEye system to do all the work managing their creation and deletion. How…

Read More
30. 06. 2021 Enrico Alberti Icinga Web 2, NetEye

Monitoring Windows Systems through Icinga Powershell Plugins

During migrations from NetEye 3 to NetEye 4, I often run into really outdated monitoring checks in the Windows world, where the last update was more than 10 years ago… and whose logic is therefore now completely obsolete! The time for change is now!!! In the last year Icinga released a really interesting project that…

Read More
11. 01. 2021 Enrico Alberti Log-SIEM, NetEye

Alerting on NetEye SIEM: Tornado Webhooks and Smart Monitoring (part 2)

In my previous post I showed you how to make your own alerts on NetEye SIEM by using the Elastic Watcher and Alerts and Actions features. But if we work in production environments, what we really need is an alert that can go directly to NetEye’s Monitoring Overview. How can we manage SIEM alerts and…

Read More
11. 01. 2021 Enrico Alberti Log-SIEM, NetEye

Alerting on NetEye SIEM: Watcher & ‘Alerts and Actions’ (Part 1)

The main goal of a monitoring system like NetEye is to alert and notify you when something noteworthy happens in your environment. All the logs coming in to NetEye SIEM can be analyzed, and could raise one or more alerts in the Elastic Stack, such as detection, machine learning anomalies, etc. How can you make…

Read More
02. 10. 2020 Enrico Alberti Log-SIEM, NetEye

NetEye Ingest Pipelines – How to Modify and Enrich SIEM Data

Is it possible to add Geo IP information automatically to my events even if it’s not present in the original log? How can I automatically decode a URL to dissect all its components? How can I convert a human readable byte value (e.g., 1KB) to its value in bytes (e.g., 1024) so I can use…

Read More
29. 05. 2020 Enrico Alberti Log-SIEM, NetEye

Icinga DSL: How to Enrich SIEM Logs with Icinga Custom Vars

Over the past few months, I’ve received multiple client requests to export custom fields (custom variables or data lists) present in Icinga Director in order to enrich logs on Logstash or to make specific changes to the indexing process. The solution that I am going to explain in this article uses the Icinga DSL check…

Read More
09. 03. 2020 Enrico Alberti Log-SIEM, NetEye

Store Years of NetFlow Historical Data with Elastic Rollup on NetEye 4.9

Keeping historical data around for analysis is extremely useful but often avoided due to the financial cost of archiving massive amounts of data. Retention periods are thus driven by financial realities rather than by the usefulness of extensive historical data. The Elastic Stack data rollup features provide a means to summarize and store historical data…

Read More

Archive