Log Analytics

logz.io

Top 5 Open-Source HIDS Systems

The threat landscape has become increasingly diverse and the systems used to attack are more sophisticated than ever before. In 2018, enterprises and organizations of all sizes and across all industries faced serious data breaches (information leaks were experienced by Aadhar —1.1B users; myFitnessPal —150M; Quora—100M; Facebook—29M and many more). One of the biggest victims was Marriot. A single unauthorized access led to the theft of 500M personal identifiable pieces of information.

graylog

Reporting Up: Recommendations for Log Analysis

What kind of log information should be reported up the chain? At a certain point during log examination analysts start to ask, “What information is important enough to share with my supervisor?” This post covers useful categories of information to monitor and report that indicate potential security issues. And remember: reporting up doesn’t mean going directly to senior management. Most issues can be reported directly to an immediate supervisor.

splunk

SIEM: The Steps Before "The First Steps"

We do a lot of work creating, describing and publishing security use cases to empower SIEM programmes - like a recent webinar with (ISC)2 on ‘20 SIEM Use Cases in 40 Minutes: Which Ones Have you Mastered?’ or sharing stories like Telia’s journey to tackle cybersecurity challenges. However, I thought it would be beneficial to step back from the ‘SIEM minutiae’ to take a better look at IT security strategy and governance.

splunk

23 AI Strategies for Making Your Life in IT Suck Less - Part 1

Unless you’re truly a tech newbie, you’ve probably heard some kind of hype around artificial intelligence—often referred to as AI—machine learning, predictive analytics or a whole host of other words, terms and phrases, all pointing toward a similar conclusion: Emerging technology can do some pretty amazing things for people, teams and entire organizations.

sematext

Open Distro for Elasticsearch Review

Over the years the adoption of Elasticsearch and its ecosystem of tools positioned them as the leaders in the time series data management and analysis market. With strong search capabilities, great analytical engine, Kibana as the flexible frontend and a number of data shippers enable building of end to end data processing pipeline using components designed to work with each other. Very simple setup and configuration resulted in high adoption rates and the whole stack gaining more and more users.

bugfender

New and Improved Support: Ionic & Unity

At Bugfender, we strive to keep improving. The number of smartphone users is rising all the time, as is the number of smartphone models. So the challenge of fixing bugs is getting increasingly difficult. So it’s with great pride that we announce new and improved support for both Ionic and Unity. We’ve already introduced support for React Native, and this is just the latest stage in our mission to accommodate every single developer, no matter what platform or framework they’re working on.

logz.io

How to debug your Logstash configuration file

Logstash plays an extremely important role in any ELK-based data pipeline but is still considered as one of the main pain points in the stack. Like any piece of software, Logstash has a lot of nooks and crannies that need to be mastered to be able to log with confidence. One super-important nook and cranny is the Logstash configuration file (not the software’s configuration file (/etc/logstash/logstash.yml), but the .conf file responsible for your data pipeline).

elastic

Elasticsearch as a time series database for telemetry data at NS1

NS1 is a leading Domain Name System (DNS) host and web traffic management company that equips customers with resilient, redundant, and multi-purpose DNS solutions for various application delivery stacks. Providing industry-leading web redundancy and speed means NS1’s time series database (TSDB) needs to collect and analyze incredible amounts of telemetry data — nominal throughput spikes can reach 700k data points per second — in as close to real time as possible.