Blog Entries

11. 01. 2021 Enrico Alberti Log-SIEM, NetEye

Alerting on NetEye SIEM: Watcher & ‘Alerts and Actions’ (Part 1)

The main goal of a monitoring system like NetEye is to alert and notify you when something noteworthy happens in your environment. All the logs coming in to NetEye SIEM can be analyzed, and could raise one or more alerts in the Elastic Stack, such as detection, machine learning anomalies, etc. How can you make…

Read More
31. 03. 2020 Mirko Bez Log-SIEM, Unified Monitoring

Real-Time Event Monitoring With Tornado

In this blog post I will describe a potential use of Tornado to monitor events in near real-time, while keeping historical information about the received events. Use Case Often as a user I want to collect data from different sources, e.g. Windows events, and then according to some simple rules set the status of some…

Read More
13. 03. 2020 Luca Franzoi Bug Fixes, Log Management, Log-SIEM, NetEye, Unified Monitoring

Bug discovered on NetEye module logmanagement and SIEM

A bug has been discovered on NetEye modules logmanagement and SIEM. If affected, rsyslog directories on system might be created with wrong permissions causing Logstash to be unable to load log lines of some hosts inside Elasticsearch. Users might also receive an error message trying to check signatures for some hosts inside Logmanager Log Check….

Read More
10. 03. 2020 Franco Federico Log-SIEM, NetEye

Monitoring COVID-19 with NetEye – An Italian Use Case

The use case of this blog is about monitoring COVID-19 in Italy. The data used is public, and the source is the Protezione Civile (Italian Civil Protection Office), which updates the data every day after 18:00 on GitHub at the following link: I found the data in various formats and I chose to analyze…

Read More
02. 03. 2020 Franco Federico Log-SIEM, NetEye

Preventing a Brute Force Attack with NetEye SIEM

I have several clients who’ve asked me how they can prevent a brute force attack inside their Windows Infrastructure. This is the use case for this blog post, a solution for which I’ve been studying using NetEye together with its SIEM module. I’ve used a Windows client here, but it’s the same for any server…

Read More
02. 01. 2020 Michele Santuari Log-SIEM, NetEye

Elastic Stack Cluster with NetEye >= 4.8

In a previous blog post, I described how Elastic Stack fits within the High-Available cluster architecture of NetEye 4 and, in particular, how the correct configuration of the Quorum is mandatory to prevent losing your data or even developing inconsistencies. With the upgrade to NetEye 4.8, we updated Elastic Stack to the new major version…

Read More
30. 12. 2019 Franco Federico Log-SIEM, NetEye

Graph in NetEye with Elastic Stack

In the past I’ve written in this blog post about Elastic Stack and its features. Here I’d like to show you more in depth the functionality of Graph analytics. The Graph analytics features enable you to discover how items in an Elasticsearch index are related. It’s possible to explore the connections between indexed terms and…

Read More
17. 10. 2019 TobiasGoller ITOA, Log-SIEM, Machine Learning, NetEye

Experiences with Netflow and Machine Learning in Elastic

Some time ago I was able to use the machine learning functionality in Elastic for the first time. I was astonished at how easy it is to use, and how fast it calculates historical data. In my particular case, I loaded Netflow data into the Elastic database. I wanted to use this data to evaluate…

Read More
30. 09. 2019 Michele Santuari Downloads / Release Notes, Log-SIEM, NetEye

NetEye 4.7 Log Manager: Elastic 6.8.2 Update

Elastic 7.3 is coming to NetEye 4.8. In order to prepare for this significant change, you must first update Log Manager on NetEye 4.7 to receive the Elastic 6.8.2 update that will set up the necessary migrations for updating Elasticsearch, Logstash and Kibana. In addition to the ELK stack, SearchGuard will also be updated to…

Read More
17. 09. 2019 Angelo Rosace Log-SIEM, NetEye

How To: Using the Elastic Watcher Feature to React to Failed Login Attempts (Part 2)

Our continued development of the Tornado event processing module has led to a new set of functionalities and capabilities. Among these is the possibility of altering host and service statuses as the result of a certain event. Let’s look at a typical use case for this feature. Suppose you want to trigger a webhook that…

Read More
30. 07. 2019 Angelo Rosace Log-SIEM, NetEye, Unified Monitoring

How To: Using the Elastic Watcher Feature to React to Failed Logon Attempts (Part 1)

The introduction of the new Elastic Features (formerly, X-Pack packages) for the Elastic Stack added many new functionalities to the previous implementation in Net-Eye. One of them is the Watcher feature. Let’s discuss a use case based on this feature. Imagine you as a user want to somehow trigger a webhook alert every time something…

Read More
24. 07. 2019 Franco Federico Anomaly Detection, Log-SIEM, NetEye

Welcoming Elastic Stack X-Pack to NetEye 4

On June 13, we announced a new OEM Partnership with Elastic, and Elastic updated its relationship with OEM, MSP and CSP partners, with the result that in NetEye 4 we now have some new features. Starting with NetEye 4.6, you can now activate the X-Pack feature. After I activate X-Pack and open NetEye, I see:…

Read More
26. 06. 2019 Angelo Rosace Development

Expanding Elastic Stack’s Set of Features

Last month, NetEye’s Elastic Stack received a much-awaited upgrade. The upgrade consisted of granting NetEye users the possibility of having access to the full set of features that the Elastic Stack provides upon setting up an additional NetEye SIEM subscription. Originally, the stack implemented on NetEye packaged the standard set of well-known ELK features: Elasticsearch,…

Read More
30. 05. 2019 Franco Federico Log-SIEM

Beats and NetEye 4

NetEye 4 is composed of various modules, such as the NetEye 4 Log Manager that houses Elastic Stack with Search Guard. Our vision for the future of the NetEye 4 Log Manager is shown in the following diagram: Here you can see the various modules and technologies. For instance, you can see that we have…

Read More
21. 03. 2019 Franco Federico Log-SIEM, NetEye

Field Anonymization with NetEye 4 for GDPR

The regulations of the GDPR in many cases require that some user data is not always present, and / and or that they are anonymized.  So I would like to show you now how NetEye 4 responds to this new requirement. NetEye 4 is composed of various modules. In the NetEye 4 Log Manager, we have Elastic…

Read More