I have several clients who’ve asked me how they can prevent a brute force attack inside their Windows Infrastructure. This is the use case for this blog post, a solution for which I’ve been studying using NetEye together with its SIEM module. I’ve used a Windows client here, but it’s the same for any server…
Read MoreBefore I tell you about one of my latest customer requirements, I would like to briefly explain what our NetEye Tornado module is. In our user guide you will see it written that Tornado is the successor to NetEye’s Event Handler. It is a plugin-based, stateless, scalable rule matching engine written in Rust, based on…
Read MoreThis year’s NetEye User Group in its German edition will take place on May 7th at the Deutsche Bahn Museum in Nuremburg, Germany. Our clients are already reserving their places, and together we will shape the future of NetEye. The main topics will be our current SIEM approach to enhanced data security in the face of…
Read MoreUntil NetEye 4.8, customers who needed to expand the capacity of their Elasticsearch cluster running alongside their Red Hat cluster could add new standard nodes to NetEye clusters. This meant, however, that the new nodes would dedicate their resources not just to improving the capacity of the Elasticsearch cluster, but also to maintaining all services…
Read MoreIn a previous blog post, I described how Elastic Stack fits within the High-Available cluster architecture of NetEye 4 and, in particular, how the correct configuration of the Quorum is mandatory to prevent losing your data or even developing inconsistencies. With the upgrade to NetEye 4.8, we updated Elastic Stack to the new major version…
Read MoreIn the past I’ve written in this blog post about Elastic Stack and its features. Here I’d like to show you more in depth the functionality of Graph analytics. The Graph analytics features enable you to discover how items in an Elasticsearch index are related. It’s possible to explore the connections between indexed terms and…
Read MoreAs a Christmas gift, my dear friend and colleague Gabriele presented the EriZone ISMS tool, a specifically customized and configured EriZone to support the documentation of a company’s Information Security Management System based on ISO/IEC 27001. Follow this link to read his post first: https://www.neteye-blog.com/2019/12/use-erizone-to-maintain-and-improve-an-isms-based-on-iso-27001/. In this post I will give more technical details about…
Read MoreSometimes you just need to temporarily grant access to a user to copy some files to your server. But no user should have access to the shell. For sftp this is quite simple (see below), but for scp it’s not that trivial. Also, you probably want to set the user up in a directory with…
Read MoreSome time ago I was able to use the machine learning functionality in Elastic for the first time. I was astonished at how easy it is to use, and how fast it calculates historical data. In my particular case, I loaded Netflow data into the Elastic database. I wanted to use this data to evaluate…
Read MoreIn a previous Blog, I described some basic steps to debug problems with the Elastic Stack. In this blog post, I want to highlight another behavior that might occur when your Elastic Stack cluster is in a green state, but it is not able to write new logs. This situation usually happens when there is…
Read MoreIn a previous blog I explored beats such as Icingabeat and presented an overview of the new features present in NetEye since version 4.6. I’d like to explore the following use case: collect some logs from Elasticsearch, Logstash, the operating system that hosts NetEye, and MySQL using beats (Filebeat), all in order to show the…
Read MoreElastic 7.3 is coming to NetEye 4.8. In order to prepare for this significant change, you must first update Log Manager on NetEye 4.7 to receive the Elastic 6.8.2 update that will set up the necessary migrations for updating Elasticsearch, Logstash and Kibana. In addition to the ELK stack, SearchGuard will also be updated to…
Read MoreSecurity information and event management (SIEM) technology supports threat detection and security incident response through the real-time collection. Visit us at the Security Summit edition in Verona to hear from our team how to best identifying, gathering, monitoring and reporting security-related events in your software environment with NetEye.
Read MoreOur continued development of the Tornado event processing module has led to a new set of functionalities and capabilities. Among these is the possibility of altering host and service statuses as the result of a certain event. Let’s look at a typical use case for this feature. Suppose you want to trigger a webhook that…
Read MoreIn our ethical hacking activities there are three different phases in which we clash with the themes of SIEM: PLANNING – The phase prior to the activity where we define the scope of engagement, be it for a Vulnerability Assessment, a Penetration Test or simulating a real attack CHALLENGE – The activity, corresponding to Vulnerability…
Read More