In a previous blog post by one of my colleagues, we shared how we developed a powerful semantic search engine for our NetEye User Guide. This solution uses Elasticsearch in combination with machine learning models like ELSER to index and query our documentation. While the proof of concept (POC) worked great, there was a challenge…
Read MoreIn the realm of red teaming, rapid and efficient information gathering is very important. To streamline this process, we’ve developed Vermilion, a lightweight post-exploitation tool for the rapid collection and optional exfiltration of sensitive data from Linux systems. A significant percentage of computational workflows worldwide run on GNU/Linux. Primarily used in servers and increasingly in…
Read MoreAt the 36th Chaos Communication Congresses back before COVID forced a three year break, I attended a talk from the German tech-blogger Fefe. There he talked about the “nützlich-unbedenklich Spektrum” or in English, the useful – harmless spectrum. He argued that all software lies on that spectrum to some degree. Of course one could argue…
Read MoreWe have resolved an issue that prevented Elastic Agents from successfully connecting to the Fleet Server when their requests were excessively large. Additionally, we addressed a bug in the neteye update and neteye upgrade processes, which was incorrectly initiating a rolling restart of Elasticsearch also in cases where this was not necessary. We updated the…
Read MoreAs the digital arena evolves at lightning speed, so do the tactics of those seeking to breach it. Traditional security measures are no longer enough for today’s increasingly sophisticated cyber threats. The perimeter of technological infrastructure is no longer carved in stone – it shifts continuously, reflecting systems that are more distributed and challenging to…
Read More
WARNING: This post is constantly updated based on new evidence related to the data breach. The famous company Gravy Analytics seems to have suffered an attack. In fact, inside the XSS forum, a post was published, on Sunday night by the user nightly, reporting some evidence of what appears to be a really important exfiltration….
Read MoreWe fixed a bug which was causing Elastic Agents to disconnect themselves at regular intervals from Fleet. We updated the following packages:
Read MoreWriting high-performance code is key when tackling complex problems. While it might be tempting to focus on optimizing the programming language itself, the best strategy is often to implement the right algorithm. Let’s take a look at three lesser-known Python libraries that can boost your code’s efficiency without diving into complicated implementations. 1. Deque: The…
Read MoreYes, you read that title right. Today I’m going to tell you about the time I went on a hunt to bring a velociraptor and a chainsaw into the Würth Phoenix Security Operations Center. I know that it might sound strange to many and few will believe it, but I’m sure that once you get…
Read MoreWhen adopting an open-source software project that you don’t own, you may find it necessary to modify it partially to meet your specific requirements. However, as you implement those changes, it’s important to recognize that the upstream project will eventually update itself, leading to potential conflicts in the files that both you and the upstream…
Read MoreWhen approaching a GitOps workflow you’ll soon have to choose between push- and pull-based approaches. In this blog post I’ll explain the high-level differences of each approach with pros and cons. What is GitOps? GitOps stands for Git Operation: in this workflow all the infrastructure configurations are stored in a Git repository, which represents the…
Read MoreThis is that Time of the Year when you begin preparing all your SLA Reports to help you understand how your important services behaved during the year itself. It’s like the end of a horse race, when the bets are settled and you realize whether the bets you placed were right or not. And since…
Read MoreHave you always found Portal Groups in Jira Service Management (JSM) to be useful for organizing and triaging requests, but noticed they couldn’t be used to filter issues? Atlassian has addressed this limitation with a new categorization feature called “Request Type Groups,” which now enables grouping and filtering requests by these groups. This feature may…
Read MoreIf you’re monitoring an OpenShift or a Kubernetes cluster with Elastic Stack, you might’ve noticed that the Kubernetes integration uses the default Index Lifecycle Policy. It means that those logs and metrics have an unlimited retention. If the volume of logs is high – and for Kubernetes clusters it usually is – it won’t be…
Read MoreSince its introduction the HTTP/2 protocol has been adopted more and more in servers and clients applications thanks to its improved performance compared to its ancestor HTTP/1.1. This poses an issue to services exposed via nginx, since some specific configurations are needed on nginx in order to allow clients and servers to fully use the…
Read More