Elastic 8.16, which comes with NetEye 4.39, made Elastic Universal Profiling generally available for self-hosted installations. This means that NetEye SIEM installations will now be able to take advantage of the continuous profiling solution by Elastic. In this blogpost we’ll explain what you can achieve with continuous profiling how you can configure it in NetEye….
Read MoreLogs should be centralized, easily accessible, and independent from the monitored objects. Therefore, it’s advisable not to rely solely on the built-in monitoring system of OpenShift; instead, consider using an additional external monitoring solution. In this article, we’ll explore how to monitor an OpenShift cluster using Elastic Stack. Installing the Integration Since OpenShift is entirely…
Read MoreRecently, I had the opportunity to take the Elastic Observability Engineer certification exam by Elastic. I’d like to share my experience, the challenges I faced, and some tips for anyone considering this path. What to Expect from the Exam The exam primarily focuses on practical skills in using the Elastic Stack for monitoring and observing…
Read More
Note: This description of a security analyst’s daily routine is fictitious. However, the osquery examples have been tested and can therefore be used as a template for your own research. 1. Alarm Detection Today started with a high-severity alarm from our Elastic Security system. The alert indicated suspicious activity on host HOST-1234, suggesting potential malware execution. The…
Read MoreMy colleague Daniel has already described a concrete case in which he used ES|QL. Moved by curiosity I decided to attend an Elastic webinar on ES|QL, and I discovered some interesting things that I’d like to share with those of you who like using Elastic. Elastic provides several possible ways to do searches. Current query…
Read MoreWhen deploying Elastic Agents, the method of installation can affect the configuration of the systemd service file. Specifically, .tgz deployments of Elastic Agents include the line EnvironmentFile=-/etc/sysconfig/elastic-agent in their systemd configuration (elastic-agent.service). However, Elastic Agents installed on NetEye nodes via RPM packages do not include this line in the EnvironmentFile by default. Adding the EnvironmentFile on NetEye Nodes To…
Read MoreHello everyone! As you may remember, a topic I like to discuss a lot on this blog is the Proof of Concept (POC) about how we could enhance search within our online NetEye User Guide. Well, we’re happy to share with you how we’ve further developed the POC, specifically the process outlined in the first…
Read MoreWe all know that NetEye Upgrades are boring activities. Upgrading is important and useful because it brings you bug fixes and new features, but nonetheless it’s extremely expensive in terms of time. The most boring, tiring and lengthy part is when you restart NetEye Services; if you have the SIEM Module installed, the time spent…
Read MoreIn today’s digital landscape, cybersecurity is paramount. As a technical consultant, I’ve seen firsthand how organizations struggle to keep up with evolving threats. One tool that’s consistently stood out in the fight against cyber threats is Elastic Defend. In this blog post, I’ll delve into what Elastic Defend is, its key features, and how it…
Read MoreIn the ever-evolving landscape of IT monitoring and management, the ability to efficiently handle multi-dimensional namespaces is crucial. Within NetEye, Log-SIEM (Elastic), provides a comprehensive solution for managing the single namespace dimension with the namespace of a data_stream. This blog post deals with multi-dimensional namespaces and how NetEye’s Log-SIEM solution simplifies their management. Understanding Multidimensional…
Read MoreIn high-demand environments, efficiency isn’t just an advantage – it’s essential. One of the biggest hurdles we encountered was the overwhelming strain placed on NetEye’s (Elastic) master nodes during the data enrichment process. As data volumes skyrocket, so do the complexity and the need for a smarter approach. Enter our game-changing solution: offloading data enrichment…
Read MoreHey everyone! We played around a bit last time with our radar data to build a model that we could train outside Elasticsearch, loading it through Eland and then applying it using an ingest pipeline. But since our data is in the form of vectors, could we actually exploit Elasticsearch vector database functionality and perform…
Read MoreHi all, it’s been a while. I’m deeply sorry not to have sent out some blog posts lately, so now I’ll try to get back your trust by providing some useful information. Not only that, I’ll even go out of my comfort zone: instead of NetEye Core and monitoring strategies, I’ll talk about NetEye SIEM…
Read MoreElasticsearch limits the number of open shards per node with the max_shards_per_node cluster setting, which defaults to 1000. The limit on the total number of shards is then calculated from this setting with this formula: total_max_number_of_shards = cluster.max_shards_per_node * number of non-frozen data nodes If the total number of shards is reached either by a…
Read MoreAt the beginning of the month we released NetEye version 4.37 that contains Elastic Stack 8.14.3. Every version update of Elastic has both improvements and additions. To see all available integrations in NetEye, click on the screenshot here: As you can see the changes range from cloud integration, to ticketing, to not forgetting security, networking,…
Read More