Blog Entries

11. 01. 2021 Enrico Alberti Log-SIEM, NetEye

Alerting on NetEye SIEM: Tornado Webhooks and Smart Monitoring (part 2)

In my previous post I showed you how to make your own alerts on NetEye SIEM by using the Elastic Watcher and Alerts and Actions features. But if we work in production environments, what we really need is an alert that can go directly to NetEye’s Monitoring Overview. How can we manage SIEM alerts and…

Read More
11. 01. 2021 Enrico Alberti Log-SIEM, NetEye

Alerting on NetEye SIEM: Watcher & ‘Alerts and Actions’ (Part 1)

The main goal of a monitoring system like NetEye is to alert and notify you when something noteworthy happens in your environment. All the logs coming in to NetEye SIEM can be analyzed, and could raise one or more alerts in the Elastic Stack, such as detection, machine learning anomalies, etc. How can you make…

Read More
23. 12. 2020 Mirko Bez Log-SIEM

How I Became an Elastic Certified Professional

Today I want to share with you my journey to becoming an Elastic Certified Professional by obtaining an Elastic Certified Engineer certificate. My daily experience as a NetEye SIEM consultant was a great help, because I could apply and internalize the concepts I learned directly in the field. But let’s start at the beginning. Wait……

Read More
18. 12. 2020 Juergen Vigna Log Management, Log-SIEM, NetEye

Monitor Microsoft Exchange Logs Using NetEye 4 Log Management

So you have a Microsoft Exchange mail server infrastructure and want full control over it using the NetEye 4 Log Management module? Yes, you can do that. An Exchange server writes out various log files: MessageTracking Imap4/Pop3 Smtp IIS logs To be able to send these logs to NetEye you have to install the Filebeat…

Read More
09. 11. 2020 Franco Federico Log-SIEM, NetEye

CVE – Common Vulnerabilities and Exposures in NetEye

The Common Vulnerabilities and Exposures (CVE) system provides a reference method for publicly known information security vulnerabilities and exposures. The National Cybersecurity FFRDC, operated by the MITRE Corporation, maintains the system with funding from the National Cyber Security Division of the United States Department of Homeland Security. The system was officially launched for the public…

Read More
02. 10. 2020 Enrico Alberti Log-SIEM, NetEye

NetEye Ingest Pipelines – How to Modify and Enrich SIEM Data

Is it possible to add Geo IP information automatically to my events even if it’s not present in the original log? How can I automatically decode a URL to dissect all its components? How can I convert a human readable byte value (e.g., 1KB) to its value in bytes (e.g., 1024) so I can use…

Read More
02. 10. 2020 Mirko Bez Log-SIEM, NetEye

NetEye SIEM Self-Security

NetEye SIEM is a very powerful tool that allows you to ingest logs from many different sources. However, by default it does not ingest the ssh-login attempts on the NetEye Servers themselves, nor does it check the integrity of important configuration files. In this blog post I will describe a procedure to configure an Auditbeat…

Read More
08. 09. 2020 Alessandro Valentini Log-SIEM, NetEye

Sigma Rules in NetEye SIEM

In order to protect your business against cyber attacks you need to both harden your systems and promptly detect suspicious activities in your infrastructure. Sigma is an open source project which defines specifications for a standard signature format that allows you to describe relevant log events for security purposes. The Sigma rules language is intended…

Read More
18. 08. 2020 Franco Federico Log-SIEM

Why NetEye SIEM?

As the number of cybercrime events, incidents of identity theft, theft of intellectual property, and cyberattacks continue to rise, there is an increasing need to provide adequate network security to defend against these types of threats to organizations. Defending against these types of threats is very difficult for an organization, and the attacker will always…

Read More
06. 08. 2020 Mirko Bez Log Management

Firewall Log Collection: An Elastic Stack Performance Tuning Fairy Tale

In this blog post I will describe my experience with ingesting logs from a Fortinet firewall at a customer site. During this process I exploited the brand new Filebeat 7.8.0 Fortinet module. In particular, I will describe how I went from 3K events per second (eps) to 32K eps, more than a 10x improvement.

Read More
28. 07. 2020 Michele Santuari Log Management, Log-SIEM

Customizing the Default Permissions in NetEye SIEM

Starting from NetEye 4.12, NetEye SIEM is secured with X-Pack Security. NetEye comes pre-configured with some users and roles (see NetEye User Guide > Log Manager > Elasticsearch Access Control) to grant the Elastic Stack the ability to ingest, manage, and view the logs that you want to collect. For example, NetEye provides: A Kibana…

Read More
01. 07. 2020 Gianluca Piccolo Log Management, Log-SIEM, NetEye

Log Manager Beats: Log Files Signature and Compression

Beats is the new method for log acquisition introduced in the latest releases of NetEye 4. It’s a system fully integrated with the Elastic Stack. The Beats agents send logs directly to Logstash, which then forwards them to Elastic. Logstash also writes each log received into files on the file system (at the same location…

Read More
04. 06. 2020 Gerhard Schenk Log-SIEM, NetEye

How To Operate SIEM Under GDPR

Security information and event management (SIEM) systems plays an important role in helping your organization comply with GDPR requirements. Find out in this upcoming webinar how your team can fully understand the implications of SIEM, and should manage it according to these regulations. Learn our 5 “musts” also recommended by data protection experts. Thursday, 18th of June, 3.00 PM…

Read More
29. 05. 2020 Enrico Alberti Log-SIEM, NetEye

Icinga DSL: How to Enrich SIEM Logs with Icinga Custom Vars

Over the past few months, I’ve received multiple client requests to export custom fields (custom variables or data lists) present in Icinga Director in order to enrich logs on Logstash or to make specific changes to the indexing process. The solution that I am going to explain in this article uses the Icinga DSL check…

Read More
19. 05. 2020 Nicola Degara Anomaly Detection, Log Management, Machine Learning, NetEye, Unified Monitoring, Webinar

Neteye SIEM: processes and tools for IT Services Security 🇮🇹

Talking about IT security is now clearly synonymous with resilience! We are continuously and inevitably under attack… every organization must implement defensive principles and practices that avoid the worst damage and the least impact on its survival and development. From the data selection, to its collection and normalization, for its representation and analysis with techniques…

Read More

Archive