Blog Entries

11. 01. 2021 Enrico Alberti Log-SIEM, NetEye

Alerting on NetEye SIEM: Tornado Webhooks and Smart Monitoring (part 2)

In my previous post I showed you how to make your own alerts on NetEye SIEM by using the Elastic Watcher and Alerts and Actions features. But if we work in production environments, what we really need is an alert that can go directly to NetEye’s Monitoring Overview. How can we manage SIEM alerts and…

Read More
11. 01. 2021 Enrico Alberti Log-SIEM, NetEye

Alerting on NetEye SIEM: Watcher & ‘Alerts and Actions’ (Part 1)

The main goal of a monitoring system like NetEye is to alert and notify you when something noteworthy happens in your environment. All the logs coming in to NetEye SIEM can be analyzed, and could raise one or more alerts in the Elastic Stack, such as detection, machine learning anomalies, etc. How can you make…

Read More
02. 10. 2020 Enrico Alberti Log-SIEM, NetEye

NetEye Ingest Pipelines – How to Modify and Enrich SIEM Data

Is it possible to add Geo IP information automatically to my events even if it’s not present in the original log? How can I automatically decode a URL to dissect all its components? How can I convert a human readable byte value (e.g., 1KB) to its value in bytes (e.g., 1024) so I can use…

Read More
02. 10. 2020 Mirko Bez Log-SIEM, NetEye

NetEye SIEM Self-Security

NetEye SIEM is a very powerful tool that allows you to ingest logs from many different sources. However, by default it does not ingest the ssh-login attempts on the NetEye Servers themselves, nor does it check the integrity of important configuration files. In this blog post I will describe a procedure to configure an Auditbeat…

Read More
08. 09. 2020 Alessandro Valentini Log-SIEM, NetEye

Sigma Rules in NetEye SIEM

In order to protect your business against cyber attacks you need to both harden your systems and promptly detect suspicious activities in your infrastructure. Sigma is an open source project which defines specifications for a standard signature format that allows you to describe relevant log events for security purposes. The Sigma rules language is intended…

Read More
18. 08. 2020 Franco Federico Log-SIEM

Why NetEye SIEM?

As the number of cybercrime events, incidents of identity theft, theft of intellectual property, and cyberattacks continue to rise, there is an increasing need to provide adequate network security to defend against these types of threats to organizations. Defending against these types of threats is very difficult for an organization, and the attacker will always…

Read More
04. 06. 2020 Gerhard Schenk Log-SIEM, NetEye

How To Operate SIEM Under GDPR

Security information and event management (SIEM) systems plays an important role in helping your organization comply with GDPR requirements. Find out in this upcoming webinar how your team can fully understand the implications of SIEM, and should manage it according to these regulations. Learn our 5 “musts” also recommended by data protection experts. Thursday, 18th of June, 3.00 PM…

Read More
29. 05. 2020 Enrico Alberti Log-SIEM, NetEye

Icinga DSL: How to Enrich SIEM Logs with Icinga Custom Vars

Over the past few months, I’ve received multiple client requests to export custom fields (custom variables or data lists) present in Icinga Director in order to enrich logs on Logstash or to make specific changes to the indexing process. The solution that I am going to explain in this article uses the Icinga DSL check…

Read More
05. 05. 2020 Gerhard Schenk Events

LIVE MEETING NETEYE and SIEM

Security issues are currently at the forefront of a comprehensive monitoring attention: the performance of business-critical IT applications must be guaranteed even against the background of increasing cyber attacks. This was the main topic of our first Live Meeting session, with Security Auditor Günter Aigle presenting how availability, integrity and confidentiality create more security in…

Read More
13. 03. 2020 Luca Franzoi Bug Fixes, Log Management, Log-SIEM, NetEye, Unified Monitoring

Bug discovered on NetEye module logmanagement and SIEM

A bug has been discovered on NetEye modules logmanagement and SIEM. If affected, rsyslog directories on system might be created with wrong permissions causing Logstash to be unable to load log lines of some hosts inside Elasticsearch. Users might also receive an error message trying to check signatures for some hosts inside Logmanager Log Check….

Read More

Archive