Blog Entries

02. 10. 2020 Enrico Alberti Log-SIEM, NetEye

NetEye Ingest Pipelines – How to Modify and Enrich SIEM Data

Is it possible to add Geo IP information automatically to my events even if it’s not present in the original log? How can I automatically decode a URL to dissect all its components? How can I convert a human readable byte value (e.g., 1KB) to its value in bytes (e.g., 1024) so I can use…

Read More
29. 05. 2020 Enrico Alberti Log-SIEM, NetEye

Icinga DSL: How to Enrich SIEM Logs with Icinga Custom Vars

Over the past few months, I’ve received multiple client requests to export custom fields (custom variables or data lists) present in Icinga Director in order to enrich logs on Logstash or to make specific changes to the indexing process. The solution that I am going to explain in this article uses the Icinga DSL check…

Read More

Archive