Blog Entries

26. 02. 2021 Franco Federico Log-SIEM, NetEye

What’s Happening Right Now in My Active Directory?

We recently integrated two dashboards into NetEye SIEM to check what is happening within Active Directory, a component that is present in the vast majority of our customer environments. These two dashboards start from the collection of security events that are gathered across the various Windows servers that make up the infrastructure, and are then…

Read More
25. 02. 2021 Alessandro Valentini NetEye

How I Became an Elastic Certified Professional, Part II

This post follows the one written some time ago by my colleague Mirko Bez. We became Elasticsearch Certified Professionals after passing both the Engineer exam and Analyst exam. In this post I’d like to tell you about my experience with the Analyst certification. This exam focuses mainly on Kibana, and 99% of the task can be done…

Read More
23. 12. 2020 Mirko Bez Log-SIEM

How I Became an Elastic Certified Professional

Today I want to share with you my journey to becoming an Elastic Certified Professional by obtaining an Elastic Certified Engineer certificate. My daily experience as a NetEye SIEM consultant was a great help, because I could apply and internalize the concepts I learned directly in the field. But let’s start at the beginning. Wait……

Read More
02. 10. 2020 Enrico Alberti Log-SIEM, NetEye

NetEye Ingest Pipelines – How to Modify and Enrich SIEM Data

Is it possible to add Geo IP information automatically to my events even if it’s not present in the original log? How can I automatically decode a URL to dissect all its components? How can I convert a human readable byte value (e.g., 1KB) to its value in bytes (e.g., 1024) so I can use…

Read More
02. 10. 2020 Mirko Bez Log-SIEM, NetEye

NetEye SIEM Self-Security

NetEye SIEM is a very powerful tool that allows you to ingest logs from many different sources. However, by default it does not ingest the ssh-login attempts on the NetEye Servers themselves, nor does it check the integrity of important configuration files. In this blog post I will describe a procedure to configure an Auditbeat…

Read More

Archive