Infrastructure Scenario An image says more than 1000 words 😉 Basically, the log source continuously sends log messages encrypted via TLS to the NetEye server. TLS is handled by stunnel and then content is internally forwarded unencrypted to an Elastic Agent Integration “Custom TCP Logs” inside the NetEye server. Cause: Logs lost due to firewall…
Read More
In my previous blog post, we saw how it’s possible to index some documents that we created by crawling our NetEye User Guide, then applying the ELSER model in Elasticsearch to create a bag of words for searching that takes into account the context of the various documents. Moreover, we also performed a simple query…
Read MoreHaving recently completed an internship at a lab at the University of Trento, I noticed how my work at Wuerth-Phoenix has greatly influenced the development of the research I conducted during my internship. In fact in this post I’d like to share my completed project and how it was influenced by my work in Wuerth-Phoenix’s…
Read MoreWe fixed a bug in the El Proxy for which in case of NetEye node failure (e.g. loss of power), the El Proxy service may lose the content of the file containing the blockchain key. In this case El Proxy would fail to sign new logs upon restart. Updated packages For NetEye 4.32 we updated…
Read MoreWe wanted to test the new RedHat 8.9 beta releases, but RedHat doesn’t currently provide a beta container. How can we do it anyway? Please note that this procedure is not officially supported by RedHat. As a first step, we want to retrieve the package redhat-release from the rhel 8.9 beta ISO, in the directory…
Read More
Once upon a time (in fact it was just a month ago, but it sounds more dramatic this way) I had the opportunity to attend a webinar about Vector Search, Generative AI, and modern NLP by the Elastic Team. One of the topics that was touched on during the webinar was ELSER , Elastic’s new…
Read MoreWelcome to version 4.32 of our NetEye v4 Unified Monitoring Solution. With this new release, NetEye takes us again in the mountains where the beautiful colors of the sunset during the early fall season in the Alps can inspire us giving a sense of melancholy but also the will and the motivation to start a…
Read MoreThe event of the year, the NetEye User Group, is back! The User group is not only a chance to inform our customers about new products and releases, but also an occasion to meet and exchange feedback and ideas. This year the NetEye Usergroup took place in Rocca Sveva, a centuries old villa located in…
Read More…also this year, Würth Phoenix & Gravitate organized the annual Usergroup DACH 2023 in Nuremberg. The Usergroup is not only a chance to inform our customers about new products and releases, but also an occasion to meet and exchange feedback and ideas. This year’s NetEye Usergroup took place in Nuremberg in the Romantik Hotel Rottner,…
Read MoreWe fixed a bug in the NetEye in which El Proxy would use an empty string as previous hash when, upon restart, it could not find the last signed log in Elasticsearch, resulting in a blockchain corruption. Updated packages For NetEye 4.31 we updated the following packages:
Read More
Double extortion ransomware attacks have reached very high numerical values. One of the key elements, when suffering such an attack, concerns the negotiation that can be initiated (not always!) with the ransomware gang. The analysis, carried out by the SEC4U team, of hundreds of negotiations makes it possible to apply a scientific approach to this…
Read MoreIn our previous post about Exposure Assessment, we described how we outline a target’s infrastructure using SATAYO, our Cyber Threat Intelligence (CTI) platform. This means that we collected the identifiers of all the target’s machines, i.e., their host names and IP addresses. Now it’s time to understand which machines could allow an attacker to gain…
Read MoreWe updated GLPI to 10.0.10. This new version introduces a lot of security fixes. The update is strongly recommended. Furthermore we fixed a bug for which the InfluxDB secure install script could have failed to run some queries due to a numeric database name. Updated packages For NetEye 4.31 we updated the following packages:
Read MoreToday I want to report on my first experience with the new Alyvix integration in NetEye. At the same time as NetEye version 4.30, another revised update of the Alyvix module was released for NetEye. And just recently in August I had my first opportunity to install and operate this revised module together with its…
Read MoreDo you ever need to reboot or do maintenance on your Windows Server? Then if the server is monitored by NetEye, you’ll surely want to mark it in downtime so as not to have notifications sent out for problems arising due to maintenance, and/or to be able to have the correct SLA marked for your…
Read More