Recently (in September 2023) NetEye integrated version 8.8 of the Elastic Stack, which is just one of many Elastic updates brought into NetEye 4. Since this Elastic update there was a major upgrade (from version 7.17) coming with many breaking changes, so we, as the NetEye R&D team, wanted to make this important upgrade as…
Read MoreThe Fleet Management feature was automatically enabled with NetEye release 4.30, and with the current 4.31 version all the Elastic Stack packages will be upgraded to major version 8. These two milestones will permit us to centrally manage log ingestion using the new Elastic Agents (the evolutions of Beats Agents) and forget all the custom…
Read MoreAnyone who has joined the beautiful world of logging has collided, sooner or later, with the collection via syslog protocol. More than 40 years have passed since syslog was invented, and in that time there have been several attempts by the IETF to create a standard around this world (RFC 3164 and RFC 5424). Even…
Read MoreThe R&D Team is currently working on the integration of the new Elastic Fleet management tool in NetEye 4. Once Elastic Fleet is fully integrated in NetEye 4, all of the Log Management features currently supported will also need to work with the Elastic Fleet. In particular, the integration of Elastic Fleet with the Log…
Read MoreThe main goal of a monitoring system like NetEye is to alert and notify you when something noteworthy happens in your environment. All the logs coming in to NetEye SIEM can be analyzed, and could raise one or more alerts in the Elastic Stack, such as detection, machine learning anomalies, etc. How can you make…
Read MoreIn this blog post I will describe a potential use of Tornado to monitor events in near real-time, while keeping historical information about the received events. Use Case Often as a user I want to collect data from different sources, e.g. Windows events, and then according to some simple rules set the status of some…
Read MoreA bug has been discovered on NetEye modules logmanagement and SIEM. If affected, rsyslog directories on system might be created with wrong permissions causing Logstash to be unable to load log lines of some hosts inside Elasticsearch. Users might also receive an error message trying to check signatures for some hosts inside Logmanager Log Check….
Read MoreThe use case of this blog is about monitoring COVID-19 in Italy. The data used is public, and the source is the Protezione Civile (Italian Civil Protection Office), which updates the data every day after 18:00 on GitHub at the following link: https://github.com/pcm-dpc/COVID-19/tree/master/ I found the data in various formats and I chose to analyze…
Read MoreI have several clients who’ve asked me how they can prevent a brute force attack inside their Windows Infrastructure. This is the use case for this blog post, a solution for which I’ve been studying using NetEye together with its SIEM module. I’ve used a Windows client here, but it’s the same for any server…
Read MoreIn a previous blog post, I described how Elastic Stack fits within the High-Available cluster architecture of NetEye 4 and, in particular, how the correct configuration of the Quorum is mandatory to prevent losing your data or even developing inconsistencies. With the upgrade to NetEye 4.8, we updated Elastic Stack to the new major version…
Read MoreIn the past I’ve written in this blog post about Elastic Stack and its features. Here I’d like to show you more in depth the functionality of Graph analytics. The Graph analytics features enable you to discover how items in an Elasticsearch index are related. It’s possible to explore the connections between indexed terms and…
Read MoreSome time ago I was able to use the machine learning functionality in Elastic for the first time. I was astonished at how easy it is to use, and how fast it calculates historical data. In my particular case, I loaded Netflow data into the Elastic database. I wanted to use this data to evaluate…
Read MoreElastic 7.3 is coming to NetEye 4.8. In order to prepare for this significant change, you must first update Log Manager on NetEye 4.7 to receive the Elastic 6.8.2 update that will set up the necessary migrations for updating Elasticsearch, Logstash and Kibana. In addition to the ELK stack, SearchGuard will also be updated to…
Read MoreOur continued development of the Tornado event processing module has led to a new set of functionalities and capabilities. Among these is the possibility of altering host and service statuses as the result of a certain event. Let’s look at a typical use case for this feature. Suppose you want to trigger a webhook that…
Read MoreThe introduction of the new Elastic Features (formerly, X-Pack packages) for the Elastic Stack added many new functionalities to the previous implementation in Net-Eye. One of them is the Watcher feature. Let’s discuss a use case based on this feature. Imagine you as a user want to somehow trigger a webhook alert every time something…
Read More