SIEM – Log Management JVM Configurations We fixed some bugs related to the Elastic JVM configurations, that was duplicating log files in the default directory. The JVM configurations are now up to date and the organization of configuration files has been improved. El Proxy We fixed a bug in El Proxy related to the retry…
Read MoreEl Proxy We fixed a bug in El Proxy related to the retry strategy for sending signed logs to Elasticsearch. Previously, after a document has been rejected from the Elasticsearch ingest pipeline, all non-signed logs were deleted during the retry phase including the mandatory “timestamp” field. Our solution now ensures that all mandatory fields remain…
Read MoreIn this article, we’re going to explore an example of the process used to perform the initial steps of creating ad hoc detection rules based on specific events that mark the world of cyber security. Specifically, starting from a real case, we’ll see the study and analysis carried out to create a rule to monitor…
Read MoreWelcome to version 4.36 of our NetEye v4 Unified Monitoring Solution. Merano/Meran is welcoming you with its promenades and palms, gardens and parklands, castles and palaces, noble villas, and unique urbanscape. Always fascinating, Merano is a historical spa town where hospitality and tourism reside in its soul. Merano is about taking a morning walk through…
Read MoreWhenever I upgrade a NetEye Cluster with all its Satellites, it’s important that no host is forgotten, and that all packages are installed (which can happen because an upgrade error occurred, for example if one forgot to call neteye_finalize_installation). So I thought it would be handy to have a script/plugin that shows the current version…
Read MoreIn this blog, I’ll propose and describe a solution for detecting potential infostealers targeting Chromium-based browsers, taking a cue from the research exposed by Google’s Chrome Security Team (Detecting browser data theft using Windows Event Logs). Obviously a solution using Elastic 🙂 ! What is an Infostealer (in a nutshell) ? In the realm of…
Read MoreEvery so often it may happen (in particular after a cluster update or hardware issues) that you see your storage in a warning state on OpenShift. The first thing to do is to check what’s wrong with your cluster: sometimes you may have a real issue, in other cases it may just be a temporary…
Read MoreOn May 21, Veeam published details about four different vulnerabilities detected in their product Veeam Backup Enterprise Manager (VBEM). One of them is critical and allows an unauthenticated attacker to log in to the Veeam Backup Enterprise Manager web interface as any user. CVE Number CVSS Score EPSS Score CVE-2024-29849 9.8 (Critical) 0.04% (Low) CVE-2024-29850…
Read MoreGLPI logging sensitive data We fixed some bugs related to the GLPI where sensitive data were incorrectly logged during log-in and log-out procedures. Updated packages We updated the following packages:
Read MoreRPM Mirror We fixed some bugs related to the NetEye rpmmirror: Updated packages We updated the following packages: Post installation steps After installing the neteye-pulp3-mirror package you should re-run the setup of the rpmmirror ( neteye rpmmirror setup ) to make the bugfixes effective.
Read MoreRPM Mirror We fixed some bugs related to the NetEye rpmmirror: Module Audit Log We also fixed another bug in the audit log module that did not allow correct display in environments with many logs. Updated packages We updated the following packages: Post installation steps After installing the neteye-pulp3-mirror package you should re-run the setup…
Read MoreIn a previous blog post, we looked at how we sped up certain stages of the NetEye pipeline through parallelization. This boost not only lifted team spirits but, more importantly, ramped up the pace of delivering new features and bug fixes, giving everyone the motivation to keep enhancing the pipeline across different stages. In another…
Read MoreSYNLAB, European leader in medical diagnostic services, was the victim of a cyber attack last April. The compromised infrastructure is the one that runs Italians clinics only, other countries were not affected. In early May, ransomware group BlackBasta claimed responsibility for the attack, saying it had stolen 1.5TB of sensitive medical data from Italian citizens….
Read MoreWe fixed a few bugs in Tornado: Updated packages We updated the following packages:
Read MoreData loss happens. Whether it’s accidental deletion, integration issues, or unexpected errors, a robust backup strategy can save the day. This guide walks you through restoring your Jira Cloud instance using a downloaded backup, helping you get back on track quickly. Before We Begin: Understanding Your Backup This is a key point because you will…
Read More