Do you have a SIEM installation based on Elasticsearch (like the NetEye 4 SIEM Module) and are you sending data to it from your hosts? Then you’ll surely want to know whether your host is actually sending data, or if nothing is coming out at all. For this I made available a simple icinga/nagios plugin…
Read MoreDuring WP-CTF 2023 hosted at Würth Phoenix headquarters, a fresh set of CTF challenges were unveiled. These challenges spanned various fields, including OSINT, Digital Forensics, and Blockchain investigations. In this article, I’m going to delve into the solutions for some challenges presented by the Würth-Phoenix security team. THE FIRST CHALLENGE The first challenge, titled “There…
Read MoreWhen deploying new features, releasing your code into a production environment might not be as easy as it seems. To ensure the minimal amount of service disruption, we might want to easily roll back to a previous configuration or to gradually migrate traffic to a new one. That’s where blue-green deployment comes to our aid….
Read MoreSometimes in NetEye 4 it happens that we need to understand why the system behaves in a certain way. Since a lot of the NetEye 4 GUI is still based on PHP, we use the most powerful tool to debug PHP: Xdebug. Xdebug is an extension of PHP which mainly provides a debugger and profiler….
Read MoreThe Exploit Prediction Scoring System (EPSS) is a data-driven effort for estimating the likelihood (probability) that a software vulnerability will be exploited in the wild , as my colleague Beatrice Dall’Omo has already had the opportunity to talk about in this article. EPSS was developed by FIRST (https://www.first.org/epss/) with the aim of assisting those responsible…
Read MoreIn this bug fix we fixed a problem that could have occurred during the upgrade phase to NetEye 4.33. More specifically, we expanded compatibility with older versions of some Elastic Agent integrations when loading them into the preconfigured NetEye policies. Updated packages We updated to version 8.10.2_neteye3.57.3-1 the following packages:
Read MoreImportant: NagVis Security Update Type/Severity Security Advisory: Important Topic An update for the package nagvis is now available for NetEye 4. NetEye Product Security has rated this update as having a security impact of Important. Common Vulnerability Scoring System (CVSS) base scores provide additional guidance about a vulnerability and give a detailed severity rating. Description…
Read MoreWe are continuously expanding our VueJs integration in NetEye, and we believe that having the opportunity to attend a dedicated conference, not far from home, was an opportunity not to be missed. So on the 10th of November, we joined the Vueday conference in Verona. Vueday is the main international conference in Italy that’s dedicated…
Read MoreHow to leverage some Jira features to lighten the workload through automation, replacing manual tasks of low added value that can be frustrating and tedious for those performing them Introduction: What’s the idea behind how to live better Mondays? How many times have you had the feeling that most of the heaviness and stress when…
Read MoreWe have released a fix for a problem in the Tornado UI, that didn’t allow to pass multiple arguments to the script action in a rule. Updated packages We updated to version 2.4.1-1 the following packages:
Read MoreI don’t really know the reason behind it, maybe because the typical scenario for notifications is just “send all events to this mailing list”, or as we say: set it and forget it. But we shouldn’t use this as an excuse: monitoring projects now consist of tens of thousands of objects (hosts plus services), and…
Read MoreDear EriZone customers! Our legacy servicedesk system EriZone currently runs on CentOS7 or Red Hat Enterprise Linux (RHEL) 7. These operating systems will not get any security fixes after June 2024. For anyone planning on keeping EriZone running beyond this date, we highly recommend you contact us for an upgrade to Rocky Linux 9. As…
Read More
There are community projects that, once implemented, become true points of reference. One of these is certainly the DRM – Dashboard Ransomware Monitor project. This project, founded by Dario Fadda in 2020, monitors ransomware groups through scraping activities, to store claims regarding victims within a permanent RSS feed. However not everyone knows that starting from…
Read MoreWe improved the upgrade and update procedure related to the Elastic Agent, fixing an issue for which external Elastic Agents would disconnect from Fleet if they were connecting through a hostname different from NetEyes’s FQDN. Moreover, we solve potential problems during the upgrade that would have occurred in case of already present outdated integrations or…
Read More
On November 25th, in collaboration with the universities of Verona, Padova, Trento, and Bolzano, we hosted the WPCTF event—a thrilling Capture The Flag (CTF) competition that engaged over 50 cybersecurity enthusiasts. In this blog post, we’ll explore into our journey in organizing the event, focusing on the technical aspects that made WPCTF a memorable success….
Read More