Blog Entries

19. 09. 2022 Davide Sbetti Log-SIEM, Machine Learning

Elasticsearch ML Models and Inference: Real-Time Classification

In a previous article, we explored the Machine Learning capabilities of Elasticsearch, which allowed us to apply anomaly detection techniques to our data, and helped us discover some really interesting facts as a result of our analysis. But can we take that idea even further? For instance, could we use data we’ve already collected to…

Read More
21. 06. 2022 Davide Sbetti Log Management, Log-SIEM

Elastic Transformations: How to Aggregate and Enrich Your Data

In a previous article I analyzed how you can create effective visualizations in Kibana, and how to apply machine learning jobs with the goal of extracting as much information as possible from our data. However, you can also think of data as a raw material, which sometimes needs to be transformed and manipulated before allowing…

Read More
29. 03. 2022 Davide Sbetti Machine Learning, NetEye

Data Exploration in Kibana: from a Simple Visualization to Anomaly Detection

These days we live in a data-driven world, where the collection and analysis of data empowers not only companies but also individuals to plan future actions based on the information that is extracted. NetEye enables both the collection and analysis of an enormous amount of data using various platforms, such as Kibana, for data written…

Read More
22. 03. 2022 TobiasGoller Icinga Web 2, Machine Learning, NetEye

Performance Metrics Collection from NetEye to Elastic

Today my objective is to collect the performance metrics from various NetEye Icinga checks and write them out to Elasticsearch so I can apply Machine Learning (ML) algorithms to identify potential anomalies. This is a task that’s not possible with the open-source version of InfluxDB installed in NetEye. Moreover, this data in Elastic is used…

Read More
15. 03. 2022 Alessandro Valentini Bug Fixes, Log-SIEM, NetEye

Bug Fixes for NetEye 4.22

We fixed a wrong behaviour which causes neteye satellite config create to do not work when executed with –tenant parameter. For NetEye 4.22 we updated the following packages: elasticsearch, elasticsearch-autosetup, elasticsearch-neteye-config, filebeat, filebeat-autosetup, filebeat-neteye-config, apm-server, apm-server-autosetup, apm-server-neteye-config, kibana, kibana-autosetup, kibana-neteye-config, logstash, logstash-autosetup, logstash-neteye-config to version 7.15.0_neteye3.37.2-1

Read More
11. 03. 2022 Enrico Alberti Log-SIEM, NetEye

NetEye for Data Protection Officers

With NetEye 4.22 we released a feature awaited for years: the ability to reach the Elasticsearch API externally, thanks to our NGINX proxy under NetEye. This new feature brings with it a lot of use cases, but what was turning over and over in my head was the automatic process for verification of the blockchains…

Read More
02. 03. 2022 Damiano Chini APM, Log-SIEM, NetEye

Observing Events in Tornado with Elastic APM

Sometimes you’d just really like to have an overview of what happens to the Events that flow through Tornado. Where do they come from? Did they get stuck somewhere in the Collectors or in Tornado? Which Tornado Actions did they trigger? Gathering all this information from hundreds of log lines across different services (i.e., Tornado…

Read More
19. 01. 2022 Camilla Biamino Events, Log-SIEM, NetEye, Service Management, Training

New Year – New NetEye Training

Calendar 2022 NetEye Fundamental WPN4-FUNGet an introduction to the fundamentals of our monitoring platform. Learn to handle its main features, distinguish between basic and core concepts, and to choose the proper monitoring configuration design. NetEye Advanced WPN4-ADVLearn advanced NetEye concepts and how to deal with the tool. Master different NetEye functionalities to face particular situations…

Read More
13. 01. 2022 Alessandro Valentini Bug Fixes, Log-SIEM, NetEye

Bugfixes for NetEye 4.21, 4.20, 4.19: Elasticsearch License Renewal

The current Elasticsearch license bundled with NetEye will expire this January 31st. To continue enjoy all the SIEM functionalities you must update to the new license. An automatic update has been released for the most recent NetEye version. Older NetEye releases however, can be updated manually. In the case the health-check light/ is preventing you…

Read More
31. 12. 2021 Damiano Chini Development, Log Management, Log-SIEM, NetEye

Real Time Log Signing on Fleet-managed Elastic Agents – A Preliminary Investigation

The R&D Team is currently working on the integration of the new Elastic Fleet management tool in NetEye 4. Once Elastic Fleet is fully integrated in NetEye 4, all of the Log Management features currently supported will also need to work with the Elastic Fleet. In particular, the integration of Elastic Fleet with the Log…

Read More
24. 12. 2021 Enrico Alberti Log Management, NetEye

Log Management through NetEye Satellites

In the enormous world of Log Collection, quite often customers need to collect logs from various systems in remote locations, like from an office in another country. For Icinga we know that the latest NetEye 4.20 release fully supports distributed monitoring, but what about the Log Manager and SIEM modules? Is it possible to use…

Read More
28. 10. 2021 Alessandro Valentini Bug Fixes, Log-SIEM, NetEye

Bug Fixes for NetEye 4.20

We fixed a bug which prevents the activation of log signature via Icinga Director for hosts with hostname different than FQDN. Another bug we fixed was causing neteye_secure_install to fail in the cluster environment when influxdb was restarted. In addition, we fixed the background of the quick navigation that was transparent in some conditions. For…

Read More
07. 09. 2021 Alessandro Valentini Bug Fixes, Log-SIEM, NetEye

Bug Fixes for NetEye 4.19

We fixed two bugs in Logstash: an issue related to corrupted jvm.options configuration files, which prevents Logstash from starting properly a pipeline bug will cause Logstash to index every time in the same index which will grow up infinitely if a proper rollover template is not defined For NetEye 4.19 we updated the following packages:…

Read More
18. 08. 2021 Alessandro Valentini Bug Fixes, Log-SIEM, NetEye

Bug Fixes for NetEye 4.19

We fixed a bug in Logstash pipelines which causes, in some cases, logs to be written on the day before invalidating the logmanager blockchain. For NetEye 4.19 we updated the following packages: elasticsearch elasticsearch-autosetup elasticsearch-neteye-config elasticsearch-xpack-license elastic-stack-userguide filebeat filebeat-autosetup filebeat-neteye-config kibana kibana-autosetup kibana-neteye-config logstash logstash-autosetup logstash-neteye-config logstash-neteye-config-autosetup to version 7.12.1_neteye3.30.1-1

Read More
12. 08. 2021 Franco Federico Log Management, NetEye

GDPR and AS400: Collecting Administrator Logs

We have several customers using IBM AS400 whom we’ve helped in the past collect logs of system administrators under NetEye 3. Now with NetEye 4 we’ve improved log collection, making it compliant with the ECS standard and configuring a special internal port (5514) for NetEye to process these logs and syslog logs in general. Let’s…

Read More