Bug Fixes for NetEye 4.37
We fixed a bug in nginx that was causing NetEye upgrades from version 4.36 to version 4.37 to fail with an error. We updated the following packages:
Read More
Blog Entries
Perform KNN Classification Using Elasticsearch
Hey everyone! We played around a bit last time with our radar data to build a model that we could train outside Elasticsearch, loading it through Eland and then applying it using an ingest pipeline. But since our data is in the form of vectors, could we actually exploit Elasticsearch vector database functionality and perform…
Read MoreBug Fixes for NetEye 4.37
Core Neteye install, update, upgrade procedures individual service logs weren’t saved in the correct format We resolved a small issue where logs from parallel install or configurator playbooks were wrongly manipulated resulting in a different format from what they were supposed to be saved. SIEM – Log Management Elastic Stack missing systemd configuration files We…
Read MoreNetEye 4.38 Release Notes
Release date: 1st October 2024 Welcome to version 4.38 of our NetEye v4 Unified Monitoring Platform. The Church of St. John in Ranui, set against the breathtaking Dolomites in the Funes Valley, welcomes you to this release. This historic gem, nestled in the heart of South Tyrol, is a testament to the region’s rich cultural…
Read MoreAnsible Development, Part 1.5: Building an Execution Environment in a Pipeline (CI/CD)
Hello everyone, I’m back to discuss Ansible and Ansible Execution Environments. In my previous blog, we talked about why and how execution environments are critical for a successful Ansible implementation. I hope my guide was easy to follow, but as you may have noticed, the process requires a significant amount of manual effort to keep…
Read MorePublish NPM Package to GitHub Packages Registry with GitHub Actions
With the rise of continuous integration and delivery (CI/CD) in modern software development, automating tasks like publishing npm packages has become crucial for efficiency. GitHub packages Registry (npm.pkg.github.com) allows developers to host and manage npm packages directly within GitHub, offering a seamless experience for both private and public repositories. By leveraging GitHub Actions, developers can…
Read MoreAnsible Development, Part 1: Building an Execution Environment
Right now, at Würth Phoenix, we are investing in automating most of our operations using Ansible. You’re probably already familiar with what Ansible does, but to summarize, Ansible is an open-source, command-line IT automation application written in Python. I’ve talked about it here: One challenge we faced while developing our automation scripts was that we…
Read MoreSOC News | September 10 – New RaaS Group BloodForge
The team behind the popular underground forum BlackForums has announced, on its Telegram channel, that it has formed a new pact with the BloodForge group. From this pact was born The Brotherhood, an organization that aims to provide a RaaS (Ransomware as a Service). The new BloodForge channel then presented the features and capabilities of…
Read MorePrevent Elasticsearch Crashes Using Disk Watermarks
Hi all, it’s been a while. I’m deeply sorry not to have sent out some blog posts lately, so now I’ll try to get back your trust by providing some useful information. Not only that, I’ll even go out of my comfort zone: instead of NetEye Core and monitoring strategies, I’ll talk about NetEye SIEM…
Read MoreImporting Your Data into Jira: A Quick Guide
Ready to transfer your projects from another tool to Jira? Here’s how to do it quickly and easily: 1. Prepare your file: Organize your data in a format that Jira recognizes, such as a CSV file. Make sure the fields match those in Jira (title, description, etc.). Here’s an example of what the file should…
Read More“Products and entitlements”: the new Jira Service Management feature
Hi there, you’ve added the ability to include your customers’ details and their companies in Jira Service Management, but you still need the option for them to choose one or more products for which you provide services? Don’t worry! With this new feature, you can add a field so your customers can select the service…
Read MoreA Concrete Example of ES|QL and SOC Detection Rules
The purpose of this article is to show a real-life case study of the integration of the new Elastic ES|QL language within the detection rules used by the SOC to detect cyber threats. Overview ES|QL (Elasticsearch Query Language) is an SQL-like query language developed by Elastic specifically for querying time series and event data stored…
Read MoreMonitor your Elasticsearch Shards Count
Elasticsearch limits the number of open shards per node with the max_shards_per_node cluster setting, which defaults to 1000. The limit on the total number of shards is then calculated from this setting with this formula: total_max_number_of_shards = cluster.max_shards_per_node * number of non-frozen data nodes If the total number of shards is reached either by a…
Read MoreAutomate the Clustering of Similar Cases for Effective Handling of a Significant Volume of Incoming Alerts
This guide will show you how to enable your team to handle multiple cases simultaneously, letting you manage them as if they were just one. In which scenarios would this solution offer users a valuable benefit? Have you ever had to discard a significant number of cases, requests, or emails because there were simply too…
Read Morentopng Updates
On 14.08.2024 ntopng released its latest version 6.2. I’d like to use this post to emphasize some of the key innovations it brings. There were many changes and bug fixes in this release. Some major improvements and enhancements are as follows: Furthermore, ntopng is now cloud-aware. Over the ntop cloud you’ll be able to control…
Read More