Blog Entries

22. 04. 2021 Alessandro Valentini Bug Fixes, Log-SIEM, NetEye

Bug Fixes for NetEye 4.17

SIEM Module We fixed a bug in SIEM Module which prevents Kibana to generate reports. For NetEye 4.17 we updated the following packages: elasticsearch elasticsearch-autosetup elasticsearch-neteye-config elasticsearch-xpack-license filebeat filebeat-autosetup filebeat-neteye-config kibana kibana-autosetup kibana-neteye-config logstash logstash-autosetup logstash-neteye-config logstash-neteye-config-autosetup to version 7.10.1_neteye3.22.1-1. Tornado Module We fixed a bug in Tornado which prevented, in cluster installations, the configuration…

Read More
21. 04. 2021 Mirko Bez Log Management, NetEye, Unified Monitoring

Automatically Detecting Tornado Anomalies through its Logs

Tornado is an event-driven engine that substitutes the previous engine called Eventhandler. Its use in NetEye is becoming ubiquitous, and this is just the start! One of its main uses in the NetEye ecosystem is to trigger status changes within Icinga (this in turn will usually send emails to stakeholders). However, understanding exactly what is…

Read More
01. 04. 2021 Damiano Chini Development, Log Management, Log-SIEM, NetEye

Log Management – Real Time Log Signing

Meeting the highest security standards is an absolute priority in NetEye. For this reason, in the continuous process of improving security in NetEye 4, we brought an important architectural improvement in the Log Manager module in the NetEye 4.17 release. The new architecture takes the name of Real Time Log Signing and its main focus…

Read More
12. 03. 2021 Massimo Giaimo Blue Team, Log-SIEM, SEC4U

Microsoft Exchange 0-Day: Let’s Look at the Facts!

I’m writing this article with the goal of summarizing the events of recent days concerning the zero-day vulnerability that has struck Microsoft Exchange installations, and to provide some useful information to help you understand how the attack began, how it developed, and what we should expect in the immediate future. First of all, a quick…

Read More
26. 02. 2021 Franco Federico Log-SIEM, NetEye

What’s Happening Right Now in My Active Directory?

We recently integrated two dashboards into NetEye SIEM to check what is happening within Active Directory, a component that is present in the vast majority of our customer environments. These two dashboards start from the collection of security events that are gathered across the various Windows servers that make up the infrastructure, and are then…

Read More
11. 01. 2021 Enrico Alberti Log-SIEM, NetEye

Alerting on NetEye SIEM: Tornado Webhooks and Smart Monitoring (part 2)

In my previous post I showed you how to make your own alerts on NetEye SIEM by using the Elastic Watcher and Alerts and Actions features. But if we work in production environments, what we really need is an alert that can go directly to NetEye’s Monitoring Overview. How can we manage SIEM alerts and…

Read More
11. 01. 2021 Enrico Alberti Log-SIEM, NetEye

Alerting on NetEye SIEM: Watcher & ‘Alerts and Actions’ (Part 1)

The main goal of a monitoring system like NetEye is to alert and notify you when something noteworthy happens in your environment. All the logs coming in to NetEye SIEM can be analyzed, and could raise one or more alerts in the Elastic Stack, such as detection, machine learning anomalies, etc. How can you make…

Read More
23. 12. 2020 Mirko Bez Log-SIEM

How I Became an Elastic Certified Professional

Today I want to share with you my journey to becoming an Elastic Certified Professional by obtaining an Elastic Certified Engineer certificate. My daily experience as a NetEye SIEM consultant was a great help, because I could apply and internalize the concepts I learned directly in the field. But let’s start at the beginning. Wait……

Read More
18. 12. 2020 Juergen Vigna Log Management, Log-SIEM, NetEye

Monitor Microsoft Exchange Logs Using NetEye 4 Log Management

So you have a Microsoft Exchange mail server infrastructure and want full control over it using the NetEye 4 Log Management module? Yes, you can do that. An Exchange server writes out various log files: MessageTracking Imap4/Pop3 Smtp IIS logs To be able to send these logs to NetEye you have to install the Filebeat…

Read More
09. 11. 2020 Franco Federico Log-SIEM, NetEye

CVE – Common Vulnerabilities and Exposures in NetEye

The Common Vulnerabilities and Exposures (CVE) system provides a reference method for publicly known information security vulnerabilities and exposures. The National Cybersecurity FFRDC, operated by the MITRE Corporation, maintains the system with funding from the National Cyber Security Division of the United States Department of Homeland Security. The system was officially launched for the public…

Read More
02. 10. 2020 Enrico Alberti Log-SIEM, NetEye

NetEye Ingest Pipelines – How to Modify and Enrich SIEM Data

Is it possible to add Geo IP information automatically to my events even if it’s not present in the original log? How can I automatically decode a URL to dissect all its components? How can I convert a human readable byte value (e.g., 1KB) to its value in bytes (e.g., 1024) so I can use…

Read More
02. 10. 2020 Mirko Bez Log-SIEM, NetEye

NetEye SIEM Self-Security

NetEye SIEM is a very powerful tool that allows you to ingest logs from many different sources. However, by default it does not ingest the ssh-login attempts on the NetEye Servers themselves, nor does it check the integrity of important configuration files. In this blog post I will describe a procedure to configure an Auditbeat…

Read More
08. 09. 2020 Alessandro Valentini Log-SIEM, NetEye

Sigma Rules in NetEye SIEM

In order to protect your business against cyber attacks you need to both harden your systems and promptly detect suspicious activities in your infrastructure. Sigma is an open source project which defines specifications for a standard signature format that allows you to describe relevant log events for security purposes. The Sigma rules language is intended…

Read More
18. 08. 2020 Franco Federico Log-SIEM

Why NetEye SIEM?

As the number of cybercrime events, incidents of identity theft, theft of intellectual property, and cyberattacks continue to rise, there is an increasing need to provide adequate network security to defend against these types of threats to organizations. Defending against these types of threats is very difficult for an organization, and the attacker will always…

Read More
06. 08. 2020 Mirko Bez Log Management

Firewall Log Collection: An Elastic Stack Performance Tuning Fairy Tale

In this blog post I will describe my experience with ingesting logs from a Fortinet firewall at a customer site. During this process I exploited the brand new Filebeat 7.8.0 Fortinet module. In particular, I will describe how I went from 3K events per second (eps) to 32K eps, more than a 10x improvement.

Read More

Search by technology

Contact

Contact us
Serviceportal

Archive