Blog Entries

10. 07. 2026 Daniele Saccon APM, Log Management, Log-SIEM

Creating Powerful and Effective Dashboards: Tips and Best Practices

Why Dashboards Are Important In the modern IT world, simply collecting data isn’t enough: Real value comes when data can be quickly interpreted and transformed into useful information. Dashboards represent the final step of a process that starts with: Through charts, tables and interactive visualizations, dashboards allow users to: One of the main advantages of…

Read More
27. 06. 2026 Csaba Remenar Log Management, NetEye

When Postfix Can No Longer Remain Invisible: More Transparent Debugging with Elastic

Postfix is ​​not typically the first component that comes to mind when talking about critical services. And yet it’s through Postfix that all notifications, ticketing system-related correspondence, and monthly SLA reports are sent out from NetEye. As long as everything is working properly, Postfix is ​​almost invisible. And that’s exactly what it does: silently and…

Read More
25. 06. 2026 Daniel Degasperi Blue Team, Log-SIEM, SEC4U, Threat Intelligence

LOLDrivers Is More Than a Simple List: A New Approach to BYOVD Detection

1. Introduction The abuse of vulnerable drivers has become an increasingly common technique adopted by attackers to bypass modern security controls. This attack pattern, commonly referred to as Bring Your Own Vulnerable Driver (BYOVD), consists of loading legitimately signed but vulnerable drivers into the operating system in order to gain kernel-level privileges, disable security products,…

Read More
31. 03. 2026 Rocco Pezzani Log-SIEM, NetEye, Unified Monitoring

Massive Near-Real-Time Monitoring with NetEye

Hello to you all. It’s been a while. Don’t worry though, this won’t be a long and technical post. It’s just to let you know I’m doing (almost) well and to tell you about our latest news. The Metrics Challenge In the last year we’ve had a lot on our plate, but this hasn’t affected…

Read More
30. 03. 2026 Davide Sbetti APM, Log Management, Log-SIEM, NetEye

Sending OTel Data to Elasticsearch: Tenant Segregation through OAuth

Hi everyone! Today I’d like to share with you an investigation we undertook related to ingesting Open Telemetry data in Elasticsearch, while maintaining tenant segregation from start to end. The Scenario Let’s imagine we have multiple customers, where in this case “multiple” may be well in the order of hundreds, who would like to send…

Read More
23. 03. 2026 Alessandro Valentini Cloud, Log-SIEM

How to Collect Cloudwatch AWS Logs in NetEye

Recently we had to monitor an EKS cluster and several other resources using NetEye. AWS already provides solid dashboards out of the box, but log analysis isn’t as flexible as in Elasticsearch, and costs can easily grow out of control. Our goals were to: AWS CloudWatch is a monitoring and observability service that collects logs,…

Read More
16. 03. 2026 Daniele Saccon APM, Knowledge Management, Log-SIEM, Training

Inside Elastic Certifications: My Experience Between Preparation and Exams

In this article I’d like to share my experience with Elastic certifications. Recently, I had the opportunity to take the Elastic Certified Engineer and Elastic Certified Observability Engineer exams and I’d like to describe my preparation, experience and finally share some useful tips for anyone else who wants to follow the same path. Overview of…

Read More
11. 03. 2026 Daniel Degasperi Blue Team, Log-SIEM, SEC4U, Threat Intelligence

From Static Lists to Threat Intelligence: Better Domain Detection in Elastic

A scalable approach to detecting malicious domains using Threat Intelligence and Indicator Match Rules One of the most common techniques used in phishing and initial access campaigns is the creation of domains that closely resemble legitimate ones. Attackers exploit typosquatting, homograph attacks, and brand impersonation to deceive users and steal credentials. For a Security Operations…

Read More
06. 03. 2026 Damiano Chini Log-SIEM, NetEye

One Elastic Fleet Policy, Multiple Behaviors: Selective Agent Configuration with Agent Providers

In many Elastic deployments, the natural approach every time you encounter a server with different needs is to create a new Fleet policy. Each group seems to require its own small set of tweaks or additional integrations. But the more policies you create, the harder it becomes to maintain and scale your configuration. In reality…

Read More
27. 02. 2026 Reinhold Trocker Log Management, Log-SIEM

Elastic Integration: Which New Features Can Be Activated?

From a Technical Consultant’s Perspective “How can I tell if a new Elastic Integration feature or PR is already included in my NetEye version?” Elastic adds new features quite often. However, these features do not always appear in NetEye right away. That’s because each integration requires a specific Kibana version. If NetEye doesn’t yet ship…

Read More
30. 12. 2025 Damiano Chini Automation, Development, Log Management, Log-SIEM, NetEye

Optimizing Rolling Restarts in Elasticsearch Clusters

Introduction For on-premise Elasticsearch installations, performing a rolling restart across a cluster can be a time-consuming task, especially when dealing with large clusters. Rolling restarts are typically required when changing node configurations or upgrading the cluster to a new version. Elastic provides an official procedure to ensure service continuity during this process. However, after analyzing…

Read More
24. 12. 2025 Damiano Chini APM, Log-SIEM, Machine Learning, NetEye, Real User Experience

Root Cause Analysis with Elastic ML and Alyvix

When performance degradation occurs within a complex system, understanding the root cause can be extremely challenging. If the issue happens sporadically, this difficulty increases even more. This is because modern systems involve numerous components that interact in complex ways. For example, if your application’s Web UI becomes slow, the underlying cause could be anywhere in…

Read More
15. 12. 2025 Daniel Degasperi Blue Team, Log-SIEM, SEC4U

Hunting Silent Kerberoasting: Detecting RC4 TGS Floods with Elastic

Introduction Kerberoasting remains one of the most popular techniques for attackers attempting to escalate privileges inside a Windows domain. By requesting service tickets (TGS – Ticket Granting Service) encrypted with weak algorithms, an attacker can extract hashes and crack them offline to recover service account passwords. It should be mentioned that a Kerberos ticket request…

Read More
15. 12. 2025 Reinhold Trocker Log Management, Log-SIEM

Strange Query Results in Kibana: Understanding the Behavior of event.original and Similar Fields

While working with Kibana, we recently encountered a puzzling situation: queries involving the field event.original returned unexpected results. Let’s break down what happened, why it occurs, and how to identify other fields with similar behavior. The observed “strange behavior“ In fact, everything seems normal here: Now let’s assume you just want to see the documents…

Read More
24. 11. 2025 Attilio Broglio Log-SIEM, NetEye

How to Fix Transformation Problems After Upgrading to Elasticsearch 9.0

With the upgrade to NetEye 4.44, we’ve added a lot of new features (https://www.neteye-blog.com/2025/10/neteye-4-44-release-notes/) and, from my point of view, one of the most relevant is the introduction of Elastic Stack 9. This Elasticsearch major release (https://www.elastic.co/guide/en/elastic-stack/9.0/elastic-stack-release-notes.html) includes some new functionalities such as: ESQL Lookup Joins , LogsDB Index Mode Optimizations, etc. During various migrations…

Read More

Archive