The main goal of a monitoring system like NetEye is to alert and notify you when something noteworthy happens in your environment. All the logs coming in to NetEye SIEM can be analyzed, and could raise one or more alerts in the Elastic Stack, such as detection, machine learning anomalies, etc. How can you make…
Read MoreToday I want to share with you my journey to becoming an Elastic Certified Professional by obtaining an Elastic Certified Engineer certificate. My daily experience as a NetEye SIEM consultant was a great help, because I could apply and internalize the concepts I learned directly in the field. But let’s start at the beginning. Wait……
Read MoreSo you have a Microsoft Exchange mail server infrastructure and want full control over it using the NetEye 4 Log Management module? Yes, you can do that. An Exchange server writes out various log files: MessageTracking Imap4/Pop3 Smtp IIS logs To be able to send these logs to NetEye you have to install the Filebeat…
Read MoreThe Common Vulnerabilities and Exposures (CVE) system provides a reference method for publicly known information security vulnerabilities and exposures. The National Cybersecurity FFRDC, operated by the MITRE Corporation, maintains the system with funding from the National Cyber Security Division of the United States Department of Homeland Security. The system was officially launched for the public…
Read MoreIs it possible to add Geo IP information automatically to my events even if it’s not present in the original log? How can I automatically decode a URL to dissect all its components? How can I convert a human readable byte value (e.g., 1KB) to its value in bytes (e.g., 1024) so I can use…
Read MoreNetEye SIEM is a very powerful tool that allows you to ingest logs from many different sources. However, by default it does not ingest the ssh-login attempts on the NetEye Servers themselves, nor does it check the integrity of important configuration files. In this blog post I will describe a procedure to configure an Auditbeat…
Read MoreIn order to protect your business against cyber attacks you need to both harden your systems and promptly detect suspicious activities in your infrastructure. Sigma is an open source project which defines specifications for a standard signature format that allows you to describe relevant log events for security purposes. The Sigma rules language is intended…
Read MoreAs the number of cybercrime events, incidents of identity theft, theft of intellectual property, and cyberattacks continue to rise, there is an increasing need to provide adequate network security to defend against these types of threats to organizations. Defending against these types of threats is very difficult for an organization, and the attacker will always…
Read MoreIn this blog post I will describe my experience with ingesting logs from a Fortinet firewall at a customer site. During this process I exploited the brand new Filebeat 7.8.0 Fortinet module. In particular, I will describe how I went from 3K events per second (eps) to 32K eps, more than a 10x improvement.
Read MoreStarting from NetEye 4.12, NetEye SIEM is secured with X-Pack Security. NetEye comes pre-configured with some users and roles (see NetEye User Guide > Log Manager > Elasticsearch Access Control) to grant the Elastic Stack the ability to ingest, manage, and view the logs that you want to collect. For example, NetEye provides: A Kibana…
Read MoreBeats is the new method for log acquisition introduced in the latest releases of NetEye 4. It’s a system fully integrated with the Elastic Stack. The Beats agents send logs directly to Logstash, which then forwards them to Elastic. Logstash also writes each log received into files on the file system (at the same location…
Read MoreSecurity information and event management (SIEM) systems plays an important role in helping your organization comply with GDPR requirements. Find out in this upcoming webinar how your team can fully understand the implications of SIEM, and should manage it according to these regulations. Learn our 5 “musts” also recommended by data protection experts. Thursday, 18th of June, 3.00 PM…
Read MoreOver the past few months, I’ve received multiple client requests to export custom fields (custom variables or data lists) present in Icinga Director in order to enrich logs on Logstash or to make specific changes to the indexing process. The solution that I am going to explain in this article uses the Icinga DSL check…
Read MoreTalking about IT security is now clearly synonymous with resilience! We are continuously and inevitably under attack… every organization must implement defensive principles and practices that avoid the worst damage and the least impact on its survival and development. From the data selection, to its collection and normalization, for its representation and analysis with techniques…
Read MoreIn this blog post I will describe a potential use of Tornado to monitor events in near real-time, while keeping historical information about the received events. Use Case Often as a user I want to collect data from different sources, e.g. Windows events, and then according to some simple rules set the status of some…
Read More