When designing an Elasticsearch architecture, choosing the right storage is crucial. While NFS might seem like a convenient and flexible option, it comes with several pitfalls when used for hosting live Elasticsearch data (hot, warm, cold, and frozen nodes). However, NFS proves to be an excellent choice for storing snapshots and searchable snapshots. Here’s why….
Read MoreElastic Agents are flexible and powerful tools used within the Elastic Stack for collecting and shipping logs, metrics, and other data to Elasticsearch. However, the headers they use can vary depending on whether they are running in “normal” mode or acting as a Fleet Server. Let’s explore these differences. Note that a fleet server is…
Read MoreNetApp® ONTAP® 9.6 and later versions include support for an expansive RESTful web services API. In comparison to an ONTAPI® application, the REST API offers a vastly simplified and workflow-driven user experience, allowing you to perform multiple operations on the storage objects with a single API. REST is the industry standard for API development, and…
Read MoreIntroduction In this post I’ll describe how to update the certificate used by the Dynamics 365 Finance & Operations on-premises system (which I’ll call D365). This activity is called “certificate rotation” and it was necessary to do on our internal system in December 2024, following the imminent expiration of the company’s wildcard certificate (*.mycompanydomain.com). It’s…
Read MoreManaging an SSH server is easy when you only have one or two servers, but what happens when you have thousands of servers? “Authorized keys” and “known hosts” files are hard to manage across large teams with permissions and roles. Known Hosts and HTTPS Can you tell me the difference between these two images? Nothing….
Read MoreSome time ago, one of my colleagues wrote about git commits and why we should sign them (you should read this). But how can we actually do that? The Web of Trust of GPG comes to our aid. Let’s see how. OpenPGP is the open-source variant of PGP (Pretty Good Privacy), a protocol and software…
Read MoreAfter updating to NetEye version 4.38 and activating authentication via Keycloak, the Icinga Director Self Service API no longer works. For instance if you install the Icinga agents using a Powershell script that automatically creates the host objects in the Icinga Director when it’s called, then this process will no longer work. That means you…
Read MoreIn a previous blog post by one of my colleagues, we shared how we developed a powerful semantic search engine for our NetEye User Guide. This solution uses Elasticsearch in combination with machine learning models like ELSER to index and query our documentation. While the proof of concept (POC) worked great, there was a challenge…
Read MoreIn the realm of red teaming, rapid and efficient information gathering is very important. To streamline this process, we’ve developed Vermilion, a lightweight post-exploitation tool for the rapid collection and optional exfiltration of sensitive data from Linux systems. A significant percentage of computational workflows worldwide run on GNU/Linux. Primarily used in servers and increasingly in…
Read MoreAt the 36th Chaos Communication Congresses back before COVID forced a three year break, I attended a talk from the German tech-blogger Fefe. There he talked about the “nützlich-unbedenklich Spektrum” or in English, the useful – harmless spectrum. He argued that all software lies on that spectrum to some degree. Of course one could argue…
Read MoreWe have resolved an issue that prevented Elastic Agents from successfully connecting to the Fleet Server when their requests were excessively large. Additionally, we addressed a bug in the neteye update and neteye upgrade processes, which was incorrectly initiating a rolling restart of Elasticsearch also in cases where this was not necessary. We updated the…
Read MoreAs the digital arena evolves at lightning speed, so do the tactics of those seeking to breach it. Traditional security measures are no longer enough for today’s increasingly sophisticated cyber threats. The perimeter of technological infrastructure is no longer carved in stone – it shifts continuously, reflecting systems that are more distributed and challenging to…
Read More
WARNING: This post is constantly updated based on new evidence related to the data breach. The famous company Gravy Analytics seems to have suffered an attack. In fact, inside the XSS forum, a post was published, on Sunday night by the user nightly, reporting some evidence of what appears to be a really important exfiltration….
Read MoreWe fixed a bug which was causing Elastic Agents to disconnect themselves at regular intervals from Fleet. We updated the following packages:
Read More