Blog Entries

21. 02. 2020 TobiasGoller Log Management, NetEye

Tornado Use Case with Elastic

Before I tell you about one of my latest customer requirements, I would like to briefly explain what our NetEye Tornado module is. In our user guide you will see it written that Tornado is the successor to NetEye’s Event Handler. It is a plugin-based, stateless, scalable rule matching engine written in Rust, based on…

Read More
07. 02. 2020 NetEye Blog Admin ITOA, Log-SIEM, NetEye

Next Stop: The NetEye User Group 2020

This year’s NetEye User Group in its German edition will take place on May 7th at the Deutsche Bahn Museum in Nuremburg, Germany. Our clients are already reserving their places, and together we will shape the future of NetEye. The main topics will be our current SIEM approach to enhanced data security in the face of…

Read More
09. 01. 2020 Damiano Chini Log-SIEM, NetEye

Support for Elasticsearch-only Nodes

Until NetEye 4.8, customers who needed to expand the capacity of their Elasticsearch cluster running alongside their Red Hat cluster could add new standard nodes to NetEye clusters. This meant, however, that the new nodes would dedicate their resources not just to improving the capacity of the Elasticsearch cluster, but also to maintaining all services…

Read More
02. 01. 2020 Michele Santuari Log-SIEM, NetEye

Elastic Stack Cluster with NetEye >= 4.8

In a previous blog post, I described how Elastic Stack fits within the High-Available cluster architecture of NetEye 4 and, in particular, how the correct configuration of the Quorum is mandatory to prevent losing your data or even developing inconsistencies. With the upgrade to NetEye 4.8, we updated Elastic Stack to the new major version…

Read More
30. 12. 2019 Franco Federico Log-SIEM, NetEye

Graph in NetEye with Elastic Stack

In the past I’ve written in this blog post about Elastic Stack and its features. Here I’d like to show you more in depth the functionality of Graph analytics. The Graph analytics features enable you to discover how items in an Elasticsearch index are related. It’s possible to explore the connections between indexed terms and…

Read More
28. 12. 2019 Mirko Morandini Log-SIEM, Service Management

EriZone ISMS: The Tool for ISO 27001 Documentation

As a Christmas gift, my dear friend and colleague Gabriele presented the EriZone ISMS tool, a specifically customized and configured EriZone to support the documentation of a company’s Information Security Management System based on ISO/IEC 27001. Follow this link to read his post first: https://www.neteye-blog.com/2019/12/use-erizone-to-maintain-and-improve-an-isms-based-on-iso-27001/. In this post I will give more technical details about…

Read More
13. 12. 2019 Juergen Vigna Log-SIEM, NetEye, Unified Monitoring

Securing scp/sftp Access to Your Centos7/Redhat7 Server

Sometimes you just need to temporarily grant access to a user to copy some files to your server. But no user should have access to the shell. For sftp this is quite simple (see below), but for scp it’s not that trivial. Also, you probably want to set the user up in a directory with…

Read More
17. 10. 2019 TobiasGoller ITOA, Log-SIEM, Machine Learning, NetEye

Experiences with Netflow and Machine Learning in Elastic

Some time ago I was able to use the machine learning functionality in Elastic for the first time. I was astonished at how easy it is to use, and how fast it calculates historical data. In my particular case, I loaded Netflow data into the Elastic database. I wanted to use this data to evaluate…

Read More
02. 10. 2019 Michele Santuari Log-SIEM, NetEye

How to Solve a Full Elasticsearch Disk

In a previous Blog, I described some basic steps to debug problems with the Elastic Stack. In this blog post, I want to highlight another behavior that might occur when your Elastic Stack cluster is in a green state, but it is not able to write new logs. This situation usually happens when there is…

Read More
30. 09. 2019 Franco Federico Log-SIEM

Filebeat and Log UI in NetEye

In a previous blog I explored beats such as Icingabeat and presented an overview of the new features present in NetEye since version 4.6. I’d like to explore the following use case: collect some logs from Elasticsearch, Logstash, the operating system that hosts NetEye, and MySQL using beats (Filebeat), all in order to show the…

Read More
30. 09. 2019 Michele Santuari Downloads / Release Notes, Log-SIEM, NetEye

NetEye 4.7 Log Manager: Elastic 6.8.2 Update

Elastic 7.3 is coming to NetEye 4.8. In order to prepare for this significant change, you must first update Log Manager on NetEye 4.7 to receive the Elastic 6.8.2 update that will set up the necessary migrations for updating Elasticsearch, Logstash and Kibana. In addition to the ELK stack, SearchGuard will also be updated to…

Read More
17. 09. 2019 Angelo Rosace Log-SIEM, NetEye

How To: Using the Elastic Watcher Feature to React to Failed Login Attempts (Part 2)

Our continued development of the Tornado event processing module has led to a new set of functionalities and capabilities. Among these is the possibility of altering host and service statuses as the result of a certain event. Let’s look at a typical use case for this feature. Suppose you want to trigger a webhook that…

Read More
03. 09. 2019 Massimo Giaimo Events, Log-SIEM, NetEye, Service Management

NetEye SIEM: The Attacker’s Point of View

In our ethical hacking activities there are three different phases in which we clash with the themes of SIEM: PLANNING – The phase prior to the activity where we define the scope of engagement, be it for a Vulnerability Assessment, a Penetration Test or simulating a real attack CHALLENGE – The activity, corresponding to Vulnerability…

Read More
09. 08. 2019 Andrea Avancini Log-SIEM, NetEye

Automatic Load Test of Rsyslog, Logstash, and Elasticsearch

At Würth Phoenix we take testing very seriously. NetEye 4 is a sophisticated product that operates in complex and business-critical environments, so it requires lots of tests before being released. One challenging part of the testing phase is load testing, where the functionalities of a system are subject to predetermined levels of load. NetEye customers…

Read More
30. 07. 2019 Angelo Rosace Log-SIEM, NetEye, Unified Monitoring

How To: Using the Elastic Watcher Feature to React to Failed Logon Attempts (Part 1)

The introduction of the new Elastic Features (formerly, X-Pack packages) for the Elastic Stack added many new functionalities to the previous implementation in Net-Eye. One of them is the Watcher feature. Let’s discuss a use case based on this feature. Imagine you as a user want to somehow trigger a webhook alert every time something…

Read More

Archive