Blog Entries

10. 03. 2020 Franco Federico Log-SIEM, NetEye

Monitoring COVID-19 with NetEye – An Italian Use Case

The use case of this blog is about monitoring COVID-19 in Italy. The data used is public, and the source is the Protezione Civile (Italian Civil Protection Office), which updates the data every day after 18:00 on GitHub at the following link: https://github.com/pcm-dpc/COVID-19/tree/master/ I found the data in various formats and I chose to analyze…

Read More
02. 03. 2020 Franco Federico Log-SIEM, NetEye

Preventing a Brute Force Attack with NetEye SIEM

I have several clients who’ve asked me how they can prevent a brute force attack inside their Windows Infrastructure. This is the use case for this blog post, a solution for which I’ve been studying using NetEye together with its SIEM module. I’ve used a Windows client here, but it’s the same for any server…

Read More
02. 01. 2020 Michele Santuari Log-SIEM, NetEye

Elastic Stack Cluster with NetEye >= 4.8

In a previous blog post, I described how Elastic Stack fits within the High-Available cluster architecture of NetEye 4 and, in particular, how the correct configuration of the Quorum is mandatory to prevent losing your data or even developing inconsistencies. With the upgrade to NetEye 4.8, we updated Elastic Stack to the new major version…

Read More
30. 12. 2019 Franco Federico Log-SIEM, NetEye

Graph in NetEye with Elastic Stack

In the past I’ve written in this blog post about Elastic Stack and its features. Here I’d like to show you more in depth the functionality of Graph analytics. The Graph analytics features enable you to discover how items in an Elasticsearch index are related. It’s possible to explore the connections between indexed terms and…

Read More
17. 10. 2019 Tobias Goller ITOA, Log-SIEM, Machine Learning, NetEye

Experiences with Netflow and Machine Learning in Elastic

Some time ago I was able to use the machine learning functionality in Elastic for the first time. I was astonished at how easy it is to use, and how fast it calculates historical data. In my particular case, I loaded Netflow data into the Elastic database. I wanted to use this data to evaluate…

Read More
30. 09. 2019 Michele Santuari Downloads / Release Notes, Log-SIEM, NetEye

NetEye 4.7 Log Manager: Elastic 6.8.2 Update

Elastic 7.3 is coming to NetEye 4.8. In order to prepare for this significant change, you must first update Log Manager on NetEye 4.7 to receive the Elastic 6.8.2 update that will set up the necessary migrations for updating Elasticsearch, Logstash and Kibana. In addition to the ELK stack, SearchGuard will also be updated to…

Read More
17. 09. 2019 Angelo Rosace Log-SIEM, NetEye

How To: Using the Elastic Watcher Feature to React to Failed Login Attempts (Part 2)

Our continued development of the Tornado event processing module has led to a new set of functionalities and capabilities. Among these is the possibility of altering host and service statuses as the result of a certain event. Let’s look at a typical use case for this feature. Suppose you want to trigger a webhook that…

Read More
30. 07. 2019 Angelo Rosace Log-SIEM, NetEye, Unified Monitoring

How To: Using the Elastic Watcher Feature to React to Failed Logon Attempts (Part 1)

The introduction of the new Elastic Features (formerly, X-Pack packages) for the Elastic Stack added many new functionalities to the previous implementation in Net-Eye. One of them is the Watcher feature. Let’s discuss a use case based on this feature. Imagine you as a user want to somehow trigger a webhook alert every time something…

Read More
24. 07. 2019 Franco Federico Anomaly Detection, Log-SIEM, NetEye

Welcoming Elastic Stack X-Pack to NetEye 4

On June 13, we announced a new OEM Partnership with Elastic, and Elastic updated its relationship with OEM, MSP and CSP partners, with the result that in NetEye 4 we now have some new features. Starting with NetEye 4.6, you can now activate the X-Pack feature. After I activate X-Pack and open NetEye, I see:…

Read More
26. 06. 2019 Angelo Rosace Development, NetEye

Expanding Elastic Stack’s Set of Features

Last month, NetEye’s Elastic Stack received a much-awaited upgrade. The upgrade consisted of granting NetEye users the possibility of having access to the full set of features that the Elastic Stack provides upon setting up an additional NetEye SIEM subscription. Originally, the stack implemented on NetEye packaged the standard set of well-known ELK features: Elasticsearch,…

Read More
30. 05. 2019 Franco Federico Log-SIEM

Beats and NetEye 4

NetEye 4 is composed of various modules, such as the NetEye 4 Log Manager that houses Elastic Stack with Search Guard. Our vision for the future of the NetEye 4 Log Manager is shown in the following diagram: Here you can see the various modules and technologies. For instance, you can see that we have…

Read More
21. 03. 2019 Franco Federico Log-SIEM, NetEye

Field Anonymization with NetEye 4 for GDPR

The regulations of the GDPR in many cases require that some user data is not always present, and / and or that they are anonymized.  So I would like to show you now how NetEye 4 responds to this new requirement. NetEye 4 is composed of various modules. In the NetEye 4 Log Manager, we have Elastic…

Read More
21. 12. 2018 Franco Federico Icinga News, NetEye

How to Monitor Icinga 2 Itself with Icingabeat

NetEye 4 is based on Icinga 2. How can we monitor it? There are several options available; here I choose Icingabeat and test it. Icingabeat is an Elastic Beat that fetches data from the Icinga 2 API and sends it directly to either Elasticsearch or Logstash. In my case, I wanted to send the information…

Read More
25. 09. 2018 Gianluca Piccolo Log Management, Log-SIEM, NetEye

NetEye 4 Log Management: Rsyslog and the Elastic Stack

When you need to manage and collect large amounts of data, there can be a lot of hard tasks to do.  So we decided to take some of the best Open Source tools to help us do it in the best possible way.  Let me introduce you to Rsyslog and the Elastic Stack implementation for…

Read More

Archive