The Common Vulnerabilities and Exposures (CVE) system provides a reference method for publicly known information security vulnerabilities and exposures. The National Cybersecurity FFRDC, operated by the MITRE Corporation, maintains the system with funding from the National Cyber Security Division of the United States Department of Homeland Security. The system was officially launched for the public…
Read MoreAs the number of cybercrime events, incidents of identity theft, theft of intellectual property, and cyberattacks continue to rise, there is an increasing need to provide adequate network security to defend against these types of threats to organizations. Defending against these types of threats is very difficult for an organization, and the attacker will always…
Read MoreAfter the government recently passed a law asking everyone to limit travel and gatherings, I decided to only shop online. I’m not alone in this – many other people decided to do this too, bringing the sites that provide these services down to their knees, since a large number of users were all trying to…
Read MoreThe use case of this blog is about monitoring COVID-19 in Italy. The data used is public, and the source is the Protezione Civile (Italian Civil Protection Office), which updates the data every day after 18:00 on GitHub at the following link: https://github.com/pcm-dpc/COVID-19/tree/master/ I found the data in various formats and I chose to analyze…
Read MoreI have several clients who’ve asked me how they can prevent a brute force attack inside their Windows Infrastructure. This is the use case for this blog post, a solution for which I’ve been studying using NetEye together with its SIEM module. I’ve used a Windows client here, but it’s the same for any server…
Read MoreIn the past I’ve written in this blog post about Elastic Stack and its features. Here I’d like to show you more in depth the functionality of Graph analytics. The Graph analytics features enable you to discover how items in an Elasticsearch index are related. It’s possible to explore the connections between indexed terms and…
Read MoreIn a previous blog I explored beats such as Icingabeat and presented an overview of the new features present in NetEye since version 4.6. I’d like to explore the following use case: collect some logs from Elasticsearch, Logstash, the operating system that hosts NetEye, and MySQL using beats (Filebeat), all in order to show the…
Read MoreOn June 13, we announced a new OEM Partnership with Elastic, and Elastic updated its relationship with OEM, MSP and CSP partners, with the result that in NetEye 4 we now have some new features. Starting with NetEye 4.6, you can now activate the X-Pack feature. After I activate X-Pack and open NetEye, I see:…
Read MoreNetEye 4 is composed of various modules, such as the NetEye 4 Log Manager that houses Elastic Stack with Search Guard. Our vision for the future of the NetEye 4 Log Manager is shown in the following diagram: Here you can see the various modules and technologies. For instance, you can see that we have…
Read MoreThe regulations of the GDPR in many cases require that some user data is not always present, and / and or that they are anonymized. So I would like to show you now how NetEye 4 responds to this new requirement. NetEye 4 is composed of various modules. In the NetEye 4 Log Manager, we have Elastic…
Read MoreNetEye 4 is based on Icinga 2. How can we monitor it? There are several options available; here I choose Icingabeat and test it. Icingabeat is an Elastic Beat that fetches data from the Icinga 2 API and sends it directly to either Elasticsearch or Logstash. In my case, I wanted to send the information…
Read MoreOCS Inventory is part of our Asset Management module integrated into NetEye. Open Computer and Software Inventory Next Generation (OCS Inventory NG) is free software that enables users to inventory IT assets. OCS-NG collects information about the hardware and software of networked machines from the machines themselves running the OCS client program (“OCS Inventory Agent”)….
Read More