Blog Entries

31. 03. 2020 Mirko Bez Log-SIEM, Unified Monitoring

Real-Time Event Monitoring With Tornado

In this blog post I will describe a possible use of Tornado to monitor events in near real-time, while keeping historical information about the received events. Use Case As a user I want to collect data from different sources, e.g. windows-events, and according to some simple rules, set the status of some Icinga2 “passive” services…

Read More
27. 03. 2020 Robert Leuze Log Management, Log-SIEM, NetEye

Data Security in the Würth Group

With SIEM we ensure maximum security in the management of sensitive data Even the safest bulwarks require permeable zones. The same applies to the security systems we use to protect our data from unauthorized access. But every system, no matter how meticulously monitored, contains security gaps. When these become known, it is the task of…

Read More
13. 03. 2020 Luca Franzoi Log Management, Log-SIEM, NetEye, Unified Monitoring

Bug discovered on NetEye module logmanagement and SIEM

A bug has been discovered on NetEye modules logmanagement and SIEM. If affected, rsyslog directories on system might be created with wrong permissions causing Logstash to be unable to load log lines of some hosts inside Elasticsearch. Users might also receive an error message trying to check signatures for some hosts inside Logmanager Log Check….

Read More
10. 03. 2020 Franco Federico Log-SIEM, NetEye

Monitoring COVID-19 with NetEye – An Italian Use Case

The use case of this blog is about monitoring COVID-19 in Italy. The data used is public, and the source is the Protezione Civile (Italian Civil Protection Office), which updates the data every day after 18:00 on GitHub at the following link: https://github.com/pcm-dpc/COVID-19/tree/master/ I found the data in various formats and I chose to analyze…

Read More
09. 03. 2020 Enrico Alberti Log-SIEM, NetEye

Store Years of NetFlow Historical Data with Elastic Rollup on NetEye 4.9

Keeping historical data around for analysis is extremely useful but often avoided due to the financial cost of archiving massive amounts of data. Retention periods are thus driven by financial realities rather than by the usefulness of extensive historical data. The Elastic Stack data rollup features provide a means to summarize and store historical data…

Read More
02. 03. 2020 Franco Federico Log-SIEM, NetEye

Preventing a Brute Force Attack with NetEye SIEM

I have several clients who’ve asked me how they can prevent a brute force attack inside their Windows Infrastructure. This is the use case for this blog post, a solution for which I’ve been studying using NetEye together with its SIEM module. I’ve used a Windows client here, but it’s the same for any server…

Read More
21. 02. 2020 TobiasGoller Log Management, NetEye

Tornado Use Case with Elastic

Before I tell you about one of my latest customer requirements, I would like to briefly explain what our NetEye Tornado module is. In our user guide you will see it written that Tornado is the successor to NetEye’s Event Handler. It is a plugin-based, stateless, scalable rule matching engine written in Rust, based on…

Read More
07. 02. 2020 NetEye Blog Admin ITOA, Log-SIEM, NetEye

Next Stop: The NetEye User Group 2020

This year’s NetEye User Group in its German edition will take place on May 7th at the Deutsche Bahn Museum in Nuremburg, Germany. Our clients are already reserving their places, and together we will shape the future of NetEye. The main topics will be our current SIEM approach to enhanced data security in the face of…

Read More
09. 01. 2020 Damiano Chini Log-SIEM, NetEye

Support for Elasticsearch-only Nodes

Until NetEye 4.8, customers who needed to expand the capacity of their Elasticsearch cluster running alongside their Red Hat cluster could add new standard nodes to NetEye clusters. This meant, however, that the new nodes would dedicate their resources not just to improving the capacity of the Elasticsearch cluster, but also to maintaining all services…

Read More
02. 01. 2020 Michele Santuari Log-SIEM, NetEye

Elastic Stack Cluster with NetEye >= 4.8

In a previous blog post, I described how Elastic Stack fits within the High-Available cluster architecture of NetEye 4 and, in particular, how the correct configuration of the Quorum is mandatory to prevent losing your data or even developing inconsistencies. With the upgrade to NetEye 4.8, we updated Elastic Stack to the new major version…

Read More
30. 12. 2019 Franco Federico Log-SIEM, NetEye

Graph in NetEye with Elastic Stack

In the past I’ve written in this blog post about Elastic Stack and its features. Here I’d like to show you more in depth the functionality of Graph analytics. The Graph analytics features enable you to discover how items in an Elasticsearch index are related. It’s possible to explore the connections between indexed terms and…

Read More
28. 12. 2019 Mirko Morandini Log-SIEM, Service Management

EriZone ISMS: The Tool for ISO 27001 Documentation

As a Christmas gift, my dear friend and colleague Gabriele presented the EriZone ISMS tool, a specifically customized and configured EriZone to support the documentation of a company’s Information Security Management System based on ISO/IEC 27001. Follow this link to read his post first: https://www.neteye-blog.com/2019/12/use-erizone-to-maintain-and-improve-an-isms-based-on-iso-27001/. In this post I will give more technical details about…

Read More
13. 12. 2019 Juergen Vigna Log-SIEM, NetEye, Unified Monitoring

Securing scp/sftp Access to Your Centos7/Redhat7 Server

Sometimes you just need to temporarily grant access to a user to copy some files to your server. But no user should have access to the shell. For sftp this is quite simple (see below), but for scp it’s not that trivial. Also, you probably want to set the user up in a directory with…

Read More
17. 10. 2019 TobiasGoller ITOA, Log-SIEM, Machine Learning, NetEye

Experiences with Netflow and Machine Learning in Elastic

Some time ago I was able to use the machine learning functionality in Elastic for the first time. I was astonished at how easy it is to use, and how fast it calculates historical data. In my particular case, I loaded Netflow data into the Elastic database. I wanted to use this data to evaluate…

Read More
02. 10. 2019 Michele Santuari Log-SIEM, NetEye

How to Solve a Full Elasticsearch Disk

In a previous Blog, I described some basic steps to debug problems with the Elastic Stack. In this blog post, I want to highlight another behavior that might occur when your Elastic Stack cluster is in a green state, but it is not able to write new logs. This situation usually happens when there is…

Read More

Archive