In a previous article, we explored the Machine Learning capabilities of Elasticsearch, which allowed us to apply anomaly detection techniques to our data, and helped us discover some really interesting facts as a result of our analysis. But can we take that idea even further? For instance, could we use data we’ve already collected to…
Read MoreWith NetEye 4.22 we released a feature awaited for years: the ability to reach the Elasticsearch API externally, thanks to our NGINX proxy under NetEye. This new feature brings with it a lot of use cases, but what was turning over and over in my head was the automatic process for verification of the blockchains…
Read MoreThe R&D Team is currently working on the integration of the new Elastic Fleet management tool in NetEye 4. Once Elastic Fleet is fully integrated in NetEye 4, all of the Log Management features currently supported will also need to work with the Elastic Fleet. In particular, the integration of Elastic Fleet with the Log…
Read MoreWe have several customers using IBM AS400 whom we’ve helped in the past collect logs of system administrators under NetEye 3. Now with NetEye 4 we’ve improved log collection, making it compliant with the ECS standard and configuring a special internal port (5514) for NetEye to process these logs and syslog logs in general. Let’s…
Read MoreSeveral customers have asked us how they can collect DNS logs. In our solution, we proposed a Packetbeat Agent that allows you to collect data and send them to our centralized NetEye SIEM directly, or via a NetEye satellite. The Domain Name System (DNS) provides a hierarchy of names for computers and services on the…
Read MoreWe recently integrated two dashboards into NetEye SIEM to check what is happening within Active Directory, a component that is present in the vast majority of our customer environments. These two dashboards start from the collection of security events that are gathered across the various Windows servers that make up the infrastructure, and are then…
Read MoreThis post follows the one written some time ago by my colleague Mirko Bez. We became Elasticsearch Certified Professionals after passing both the Engineer exam and Analyst exam. In this post I’d like to tell you about my experience with the Analyst certification. This exam focuses mainly on Kibana, and 99% of the task can be done…
Read MoreToday I want to share with you my journey to becoming an Elastic Certified Professional by obtaining an Elastic Certified Engineer certificate. My daily experience as a NetEye SIEM consultant was a great help, because I could apply and internalize the concepts I learned directly in the field. But let’s start at the beginning. Wait……
Read MoreIs it possible to add Geo IP information automatically to my events even if it’s not present in the original log? How can I automatically decode a URL to dissect all its components? How can I convert a human readable byte value (e.g., 1KB) to its value in bytes (e.g., 1024) so I can use…
Read MoreNetEye SIEM is a very powerful tool that allows you to ingest logs from many different sources. However, by default it does not ingest the ssh-login attempts on the NetEye Servers themselves, nor does it check the integrity of important configuration files. In this blog post I will describe a procedure to configure an Auditbeat…
Read More