Blog Entries

02. 10. 2020 Mirko Bez Log-SIEM, NetEye

NetEye SIEM Self-Security

NetEye SIEM is a very powerful tool that allows you to ingest logs from many different sources. However, by default it does not ingest the ssh-login attempts on the NetEye Servers themselves, nor does it check the integrity of important configuration files. In this blog post I will describe a procedure to configure an Auditbeat…

Read More
06. 08. 2020 Mirko Bez Log Management

Firewall Log Collection: An Elastic Stack Performance Tuning Fairy Tale

In this blog post I will describe my experience with ingesting logs from a Fortinet firewall at a customer site. During this process I exploited the brand new Filebeat 7.8.0 Fortinet module. In particular, I will describe how I went from 3K events per second (eps) to 32K eps, more than a 10x improvement.

Read More
31. 03. 2020 Mirko Bez Log-SIEM, Unified Monitoring

Real-Time Event Monitoring With Tornado

In this blog post I will describe a potential use of Tornado to monitor events in near real-time, while keeping historical information about the received events. Use Case Often as a user I want to collect data from different sources, e.g. Windows events, and then according to some simple rules set the status of some…

Read More