Newsletter 7.0.5: New version and enhanced reporting
Welcome. New version has arrived! Energy Logserver is currently at version 7.0.5. We've planned this update to be smaller one, with mainly optimization and stabilization changes. But it turned out that we’ve added significant features on which we were working for some time. Below are some of highlights. Major changes SUNBURST IOC We’ve added […]
SUNBURST detection
SUNBURST is a threat that uses SolarWinds software. The threat accesses the infrastructure via a fake software update. The malware was constructed so well that it went undetected for a long time. He disguises his communications very cleverly, pretending to be real connections. It even uses country-specific IP addresses to avoid being recognized as anomaly. […]
Few words about optimization
While working with elasticsearch it’s impossible to avoid the topic of shard optimization. Sooner or later every user of a more complex system will have to take up this topic. An unoptimized elasticsearch environment can result in slow data indexing, returning responses, and even unstable performance of the entire environment. The sooner we understand where […]
Text vs Keyword
There are two types of data in elasticsearch that are often troublesome for people inexperienced in working with the system - Keyword and Text. Both types are a kind of string, but elasticsearch interprets them differently, so you can perform different operations on them. How file type is made? In general, the type of […]
Newsletter 7.0.4 Feb update: Wiki
Welcome. Second month went really fast here at Energy Logserver. We are full of motivation, as it seems that each day bring new challenges to tackle. We are currently working on few game changing modules for Energy Logserver. Right now, we’ve finished polishing and updating existing functionalities and are happy to share more information with […]
Vulnerability Scanner integration
Vulnerabilities are common problem in IT community. Some are serious, other – not so much. Most important is to know if any vulnerabilities are present in our systems, how critical they are and how they can be fixed. There are tools that can help you do get that information, called vulnerability scanners. Vulnerability scanners check […]
Newsletter 7.0.4 and Webinar: archive mdoule
Welcome. Happy New Year from Energy Logserver Team We are glad to announce that Energy Logserver is currently at version 7.0.4. This version brings some amazing changes along with new module – archive, which lets you manage automatic archiving data. More about it below. First thing. If you are interested in seeing new features in […]
Detecting and alerting user login events after office hour
This is one of most common alerts and is easily done with use of Energy Logserver. Even more – such alert is already predefined and placed in installation package by default. For Windows users we detect night logons. This has been applied in our previous deployments for Linux users or users from dedicated services which […]
Detecting and alerting Abnormal Network Traffic Pattern
For monitoring anomalies in traffic we are using multiple approaches. Of course we can support Energy Logserver with dedicated network probe, which is equipped with Netflow Analazing module and is detecting anomalies by default. Such probes is receiving netflow from selected span port and can be also used as virtual appliance. Other than that we […]
Detecting and alerting DDoS attacks in Energy Logserver
DDoS attack can be detected with Energy Logserver by few approaches, which we did in previous deployments with multiple customers. In all scenarios we are interested in getting notification or taking specific action based on detection, that is why we are using alerting. We can either integrate with firewall software, which is capable of detecting […]