Blog Entries

02. 10. 2020 Enrico Alberti Log-SIEM, NetEye

NetEye Ingest Pipelines – How to Modify and Enrich SIEM Data

Is it possible to add Geo IP information automatically to my events even if it’s not present in the original log? How can I automatically decode a URL to dissect all its components? How can I convert a human readable byte value (e.g., 1KB) to its value in bytes (e.g., 1024) so I can use…

Read More
02. 10. 2020 Mirko Bez Log-SIEM, NetEye

NetEye SIEM Self-Security

NetEye SIEM is a very powerful tool that allows you to ingest logs from many different sources. However, by default it does not ingest the ssh-login attempts on the NetEye Servers themselves, nor does it check the integrity of important configuration files. In this blog post I will describe a procedure to configure an Auditbeat…

Read More
08. 09. 2020 Alessandro Valentini Log-SIEM, NetEye

Sigma Rules in NetEye SIEM

In order to protect your business against cyber attacks you need to both harden your systems and promptly detect suspicious activities in your infrastructure. Sigma is an open source project which defines specifications for a standard signature format that allows you to describe relevant log events for security purposes. The Sigma rules language is intended…

Read More
18. 08. 2020 Franco Federico Log-SIEM

Why NetEye SIEM?

As the number of cybercrime events, incidents of identity theft, theft of intellectual property, and cyberattacks continue to rise, there is an increasing need to provide adequate network security to defend against these types of threats to organizations. Defending against these types of threats is very difficult for an organization, and the attacker will always…

Read More
06. 08. 2020 Mirko Bez Log Management

Firewall Log Collection: An Elastic Stack Performance Tuning Fairy Tale

In this blog post I will describe my experience with ingesting logs from a Fortinet firewall at a customer site. During this process I exploited the brand new Filebeat 7.8.0 Fortinet module. In particular, I will describe how I went from 3K events per second (eps) to 32K eps, more than a 10x improvement.

Read More
28. 07. 2020 Michele Santuari Log Management, Log-SIEM

Customizing the Default Permissions in NetEye SIEM

Starting from NetEye 4.12, NetEye SIEM is secured with X-Pack Security. NetEye comes pre-configured with some users and roles (see NetEye User Guide > Log Manager > Elasticsearch Access Control) to grant the Elastic Stack the ability to ingest, manage, and view the logs that you want to collect. For example, NetEye provides: A Kibana…

Read More
01. 07. 2020 Gianluca Piccolo Log Management, Log-SIEM, NetEye

Log Manager Beats: Log Files Signature and Compression

Beats is the new method for log acquisition introduced in the latest releases of NetEye 4. It’s a system fully integrated with the Elastic Stack. The Beats agents send logs directly to Logstash, which then forwards them to Elastic. Logstash also writes each log received into files on the file system (at the same location…

Read More
04. 06. 2020 Gerhard Schenk Log-SIEM, NetEye

How To Operate SIEM Under GDPR

Security information and event management (SIEM) systems plays an important role in helping your organization comply with GDPR requirements. Find out in this upcoming webinar how your team can fully understand the implications of SIEM, and should manage it according to these regulations. Learn our 5 “musts” also recommended by data protection experts. Thursday, 18th of June, 3.00 PM…

Read More
29. 05. 2020 Enrico Alberti Log-SIEM, NetEye

Icinga DSL: How to Enrich SIEM Logs with Icinga Custom Vars

Over the past few months, I’ve received multiple client requests to export custom fields (custom variables or data lists) present in Icinga Director in order to enrich logs on Logstash or to make specific changes to the indexing process. The solution that I am going to explain in this article uses the Icinga DSL check…

Read More
19. 05. 2020 Nicola Degara Anomaly Detection, Log Management, Machine Learning, NetEye, Unified Monitoring, Webinar

Neteye SIEM: processes and tools for IT Services Security 🇮🇹

Talking about IT security is now clearly synonymous with resilience! We are continuously and inevitably under attack… every organization must implement defensive principles and practices that avoid the worst damage and the least impact on its survival and development. From the data selection, to its collection and normalization, for its representation and analysis with techniques…

Read More
31. 03. 2020 Mirko Bez Log-SIEM, Unified Monitoring

Real-Time Event Monitoring With Tornado

In this blog post I will describe a potential use of Tornado to monitor events in near real-time, while keeping historical information about the received events. Use Case Often as a user I want to collect data from different sources, e.g. Windows events, and then according to some simple rules set the status of some…

Read More
27. 03. 2020 Robert Leuze Log Management, Log-SIEM, NetEye

Data Security in the Würth Group

With SIEM we ensure maximum security in the management of sensitive data Even the safest bulwarks require permeable zones. The same applies to the security systems we use to protect our data from unauthorized access. But every system, no matter how meticulously monitored, contains security gaps. When these become known, it is the task of…

Read More
13. 03. 2020 Luca Franzoi Log Management, Log-SIEM, NetEye, Unified Monitoring

Bug discovered on NetEye module logmanagement and SIEM

A bug has been discovered on NetEye modules logmanagement and SIEM. If affected, rsyslog directories on system might be created with wrong permissions causing Logstash to be unable to load log lines of some hosts inside Elasticsearch. Users might also receive an error message trying to check signatures for some hosts inside Logmanager Log Check….

Read More
10. 03. 2020 Franco Federico Log-SIEM, NetEye

Monitoring COVID-19 with NetEye – An Italian Use Case

The use case of this blog is about monitoring COVID-19 in Italy. The data used is public, and the source is the Protezione Civile (Italian Civil Protection Office), which updates the data every day after 18:00 on GitHub at the following link: https://github.com/pcm-dpc/COVID-19/tree/master/ I found the data in various formats and I chose to analyze…

Read More
09. 03. 2020 Enrico Alberti Log-SIEM, NetEye

Store Years of NetFlow Historical Data with Elastic Rollup on NetEye 4.9

Keeping historical data around for analysis is extremely useful but often avoided due to the financial cost of archiving massive amounts of data. Retention periods are thus driven by financial realities rather than by the usefulness of extensive historical data. The Elastic Stack data rollup features provide a means to summarize and store historical data…

Read More

Archive