Blog Entries

24. 11. 2025 Attilio Broglio Log-SIEM, NetEye

How to Fix Transformation Problems After Upgrading to Elasticsearch 9.0

With the upgrade to NetEye 4.44, we’ve added a lot of new features (https://www.neteye-blog.com/2025/10/neteye-4-44-release-notes/) and, from my point of view, one of the most relevant is the introduction of Elastic Stack 9. This Elasticsearch major release (https://www.elastic.co/guide/en/elastic-stack/9.0/elastic-stack-release-notes.html) includes some new functionalities such as: ESQL Lookup Joins , LogsDB Index Mode Optimizations, etc. During various migrations…

Read More
28. 10. 2025 Federico Corona Log-SIEM, SEC4U

From Checklist to Mindset: Why Compliance ≠ Security

When organizations think about cybersecurity, the conversation often starts with compliance. ISO 27001, PCI-DSS, HIPAA, GDPR, NIS2… frameworks and regulations designed to protect sensitive data and establish minimum standards for risk management. Achieving compliance is often seen as the ultimate milestone: once the certificate is obtained or the audit is passed, the company is considered…

Read More
13. 10. 2025 Tobias Goller Log-SIEM, Unified Monitoring

Elastic Defend: Experiences

Around this time last year, I wrote a blog post about improving cybersecurity with Elastic Defend. Now, one year later, we’ve gained a lot of practical experience with it, which I’d like to share. Elastic Defend is an EDR (Endpoint Detection and Response). Unlike a traditional antivirus solution that relies on signature patterns that need…

Read More
03. 10. 2025 Daniel Degasperi Blue Team, Log-SIEM, SEC4U

From Noisy Detections to Precision: Moving from KQL to ESQL in Elastic Security

Introduction In modern SOC environments, detection rules are the cornerstone of identifying malicious activity. However, the effectiveness of a rule depends not only on what it looks for but also on how precisely it defines suspicious behavior. Many analysts have experienced the pain of rules that are “noisy” – generating countless false positives (FPs) that…

Read More
15. 09. 2025 Reinhold Trocker Log Management, Log-SIEM

Want to Manage a Large Elastic Agent Fleet?

Managing a large fleet of Elastic Agents efficiently requires careful planning and proactive strategies to ensure stability, scalability, and security. As a technical consultant, I’d like to present some key considerations to help organizations avoid common pitfalls and streamline their operations. 1. Avoid Trust Issues One of the most critical aspects of managing an extensive…

Read More
02. 07. 2025 Daniel Degasperi Blue Team, Log-SIEM, SEC4U

Discovery and Credential Access via Kerberos & NTLM: A Detection-Focused Approach

Introduction Windows environments rely heavily on authentication protocols like NTLM and Kerberos. While these protocols serve critical security purposes, they are also commonly abused during malicious activities. This article explains how to detect suspicious behaviors related to Domain Account Discovery and Credential Access, specifically focusing on Enumeration, Brute Force, and Password Spraying attempts via NTLM…

Read More
12. 05. 2025 Matteo Cipolletta Log Management, Log-SIEM

Keeping Elastic Agents Updated in the Dark: A Fully Offline Upgrade Workflow

Updating Elastic Agents is usually straightforward – unless you’re working in a secure, air-gapped environment where machines can’t access the internet (and thus, the Elastic Artifact Repository). And yet this was exactly the challenge we faced. We needed a way to keep the Elastic Agents across a fleet of systems up to date, without exposing…

Read More
30. 03. 2025 Alessandro Taufer DevOps, Log-SIEM

Logging OpenShift Incoming Traffic on Elasticsearch

As traffic to applications deployed on OpenShift grows, it’s essential to gain visibility into the flow of data entering your cluster. Monitoring this incoming traffic helps administrators maintain optimal performance, reduce security risks, and quickly resolve any emerging issues. Enabling Logging All traffic directed to an OpenShift Route is routed through a designated set of…

Read More
14. 03. 2025 Daniel Degasperi Blue Team, Log-SIEM, SEC4U

A Practical Approach to Detect Suspicious Activity in MS SQL Server

This article gives an overview and offers a practical tips to detecting some suspicious activities in Microsoft SQL Server, from configuring audit policies to leveraging Elastic for effective monitoring and threat detection. Introduction Microsoft SQL Server is one of the most widely used relational databases in the enterprise landscape, managing critical data and supporting essential…

Read More
31. 01. 2025 Matteo Cipolletta Log Management, Log-SIEM, NetEye

NFS and Elasticsearch: A Storage Disaster for Data but a Lifesaver for Snapshots

When designing an Elasticsearch architecture, choosing the right storage is crucial. While NFS might seem like a convenient and flexible option, it comes with several pitfalls when used for hosting live Elasticsearch data (hot, warm, cold, and frozen nodes). However, NFS proves to be an excellent choice for storing snapshots and searchable snapshots. Here’s why….

Read More
29. 01. 2025 Reinhold Trocker Log Management, Log-SIEM

Understanding Headers in Elastic Agents: Normal Mode vs. Fleet Server Mode

Elastic Agents are flexible and powerful tools used within the Elastic Stack for collecting and shipping logs, metrics, and other data to Elasticsearch. However, the headers they use can vary depending on whether they are running in “normal” mode or acting as a Fleet Server. Let’s explore these differences. Note that a fleet server is…

Read More
17. 01. 2025 Emil Fazzi Automation, Development, Documentation, Log-SIEM

Elasticsearch Magic: Achieving Zero Downtime during User Guide Updates

In a previous blog post by one of my colleagues, we shared how we developed a powerful semantic search engine for our NetEye User Guide. This solution uses Elasticsearch in combination with machine learning models like ELSER to index and query our documentation. While the proof of concept (POC) worked great, there was a challenge…

Read More
30. 12. 2024 Alessandro Taufer DevOps, Log-SIEM

Configure Kubernetes Index Lifecycle Policies in Elastic Stack

If you’re monitoring an OpenShift or a Kubernetes cluster with Elastic Stack, you might’ve noticed that the Kubernetes integration uses the default Index Lifecycle Policy. It means that those logs and metrics have an unlimited retention. If the volume of logs is high – and for Kubernetes clusters it usually is – it won’t be…

Read More
30. 12. 2024 Alessandro Taufer DevOps, Log-SIEM

Optimizing Log Collection in Kubernetes/OpenShift with Elastic Stack

When monitoring Kubernetes clusters using Elastic Stack, the volume of logs can be overwhelming, often reaching gigabytes per minute. This is particularly true for OpenShift clusters, where significant traffic originates from system namespaces you might not be familiar with. Optimizing log collection becomes crucial for maintaining system efficiency and resource utilization. Success in this endeavor…

Read More
29. 12. 2024 Andrea Mariani Log-SIEM, NetEye

How to Configure Kibana to Use a Proxy Server with a Certificate via the NODE_EXTRA_CA_CERTS Variable

When using Kibana in environments that require a proxy to reach external services, you might encounter issues with unrecognized SSL certificates. Specifically, if the proxy is exposed with its own certificate and acts as an SSL terminator, requests made by Kibana to external URLs can fail with HTTP status code errors. In this blog post,…

Read More

Search by technology

Contact

Contact us
Serviceportal

Archive