In a previous blog post by one of my colleagues, we shared how we developed a powerful semantic search engine for our NetEye User Guide. This solution uses Elasticsearch in combination with machine learning models like ELSER to index and query our documentation. While the proof of concept (POC) worked great, there was a challenge…
Read MoreIf you’re monitoring an OpenShift or a Kubernetes cluster with Elastic Stack, you might’ve noticed that the Kubernetes integration uses the default Index Lifecycle Policy. It means that those logs and metrics have an unlimited retention. If the volume of logs is high – and for Kubernetes clusters it usually is – it won’t be…
Read MoreWhen monitoring Kubernetes clusters using Elastic Stack, the volume of logs can be overwhelming, often reaching gigabytes per minute. This is particularly true for OpenShift clusters, where significant traffic originates from system namespaces you might not be familiar with. Optimizing log collection becomes crucial for maintaining system efficiency and resource utilization. Success in this endeavor…
Read MoreWhen using Kibana in environments that require a proxy to reach external services, you might encounter issues with unrecognized SSL certificates. Specifically, if the proxy is exposed with its own certificate and acts as an SSL terminator, requests made by Kibana to external URLs can fail with HTTP status code errors. In this blog post,…
Read MoreIn a previous post we went through the configuration of Elastic Universal Profiling in NetEye, seeing how we can profile applications written in programming languages that do not compile to native code (for example Python, PHP, Perl, etc.) But what happens if the application is written for example in C, Go or Rust? Let’s take…
Read MoreElastic 8.16, which comes with NetEye 4.39, made Elastic Universal Profiling generally available for self-hosted installations. This means that NetEye SIEM installations will now be able to take advantage of the continuous profiling solution by Elastic. In this blog post we’ll explain what you can achieve with continuous profiling, and how you can configure it…
Read MoreLogs should be centralized, easily accessible, and independent from the monitored objects. Therefore, it’s advisable not to rely solely on the built-in monitoring system of OpenShift; instead, consider using an additional external monitoring solution. In this article, we’ll explore how to monitor an OpenShift cluster using Elastic Stack. Installing the Integration Since OpenShift is entirely…
Read MoreRecently, I had the opportunity to take the Elastic Observability Engineer certification exam by Elastic. I’d like to share my experience, the challenges I faced, and some tips for anyone considering this path. What to Expect from the Exam The exam primarily focuses on practical skills in using the Elastic Stack for monitoring and observing…
Read More
Note: This description of a security analyst’s daily routine is fictitious. However, the osquery examples have been tested and can therefore be used as a template for your own research. 1. Alarm Detection Today started with a high-severity alarm from our Elastic Security system. The alert indicated suspicious activity on host HOST-1234, suggesting potential malware execution. The…
Read MoreMy colleague Daniel has already described a concrete case in which he used ES|QL. Moved by curiosity I decided to attend an Elastic webinar on ES|QL, and I discovered some interesting things that I’d like to share with those of you who like using Elastic. Elastic provides several possible ways to do searches. Current query…
Read MoreWhen deploying Elastic Agents, the method of installation can affect the configuration of the systemd service file. Specifically, .tgz deployments of Elastic Agents include the line EnvironmentFile=-/etc/sysconfig/elastic-agent in their systemd configuration (elastic-agent.service). However, Elastic Agents installed on NetEye nodes via RPM packages do not include this line in the EnvironmentFile by default. Adding the EnvironmentFile on NetEye Nodes To…
Read MoreHello everyone! As you may remember, a topic I like to discuss a lot on this blog is the Proof of Concept (POC) about how we could enhance search within our online NetEye User Guide. Well, we’re happy to share with you how we’ve further developed the POC, specifically the process outlined in the first…
Read MoreWe all know that NetEye Upgrades are boring activities. Upgrading is important and useful because it brings you bug fixes and new features, but nonetheless it’s extremely expensive in terms of time. The most boring, tiring and lengthy part is when you restart NetEye Services; if you have the SIEM Module installed, the time spent…
Read MoreIn today’s digital landscape, cybersecurity is paramount. As a technical consultant, I’ve seen firsthand how organizations struggle to keep up with evolving threats. One tool that’s consistently stood out in the fight against cyber threats is Elastic Defend. In this blog post, I’ll delve into what Elastic Defend is, its key features, and how it…
Read MoreIn the ever-evolving landscape of IT monitoring and management, the ability to efficiently handle multi-dimensional namespaces is crucial. Within NetEye, Log-SIEM (Elastic), provides a comprehensive solution for managing the single namespace dimension with the namespace of a data_stream. This blog post deals with multi-dimensional namespaces and how NetEye’s Log-SIEM solution simplifies their management. Understanding Multidimensional…
Read More