The rare command in Splunk helps you find the least common values in a specific field of your data. This is useful for spotting unusual or infrequent events. By default, the rare command in Splunk returns the 10 least common values for a specified field. Find Rare User Agents To identify the least common user agents in your web […]
The post rare Сommand in Splunk appeared first on SOC Prime.
The Splunk coalesce function returns the first non-null value among its arguments. It’s useful for normalizing data from different sources with varying field names. For example, to unify multiple source IP fields into a single src_ip field:
The post coalesce Function in Splunk appeared first on SOC Prime.
Security experts have uncovered a novel Strela Stealer campaign, which leverages a new iteration of email credential-stealing malware. In this campaign, the updated malware version is enriched with enhanced functionality and is now capable of gathering system configuration data via the “system info” utility. Moreover, Strela Stealer expanded its targets beyond Spain, Italy, and Germany […]
The post Strela Stealer Attack Detection: New Malware Variant Now Targets Ukraine Alongside Spain, Italy, and Germany appeared first on SOC Prime.
Apache Kafka is a powerful distributed messaging system, but like any system, it can face performance bottlenecks. One of the most common challenges is Kafka lag—the delay between producing and consuming messages. Addressing Kafka lag is crucial for maintaining real-time data pipelines and ensuring optimal performance. In this article, we explore practical strategies to reduce […]
The post Reducing Kafka Lag: Optimizing Kafka Performance appeared first on SOC Prime.
Apache Kafka has been a cornerstone of modern event streaming architectures, enabling reliable and scalable data pipelines for businesses worldwide. Traditionally, Kafka has relied on ZooKeeper for managing metadata, configurations, and cluster coordination. However, the introduction of KRaft (Kafka Raft) marks a significant shift in Kafka’s architecture, eliminating the need for ZooKeeper and simplifying cluster management. What […]
The post KRaft: Apache Kafka Without ZooKeeper appeared first on SOC Prime.
In this article, we explore how Kafka Streams can be utilized for filtering and correlating events in real time, effectively transforming Kafka into a high-speed correlation engine. By leveraging the capabilities of ksqlDB, you can deploy content rules and filter alerts directly within Kafka. This approach enables real-time filtration and aggregation of log event flows using […]
The post Using Kafka as a Fast Correlation Engine appeared first on SOC Prime.
This guide explains configuring Fluentd to extract structured data from unstructured log messages using the parser plugin with a regular expression (regexp). If you need to extract specific fields, such as log_source and index, from a log message, you can do this as follows. Input Log: Configuration: Explanation: key_name message: Specifies that the message field should be […]
The post Fluentd: How to Use a Parser With Regular Expression (regexp) appeared first on SOC Prime.
AWS Web Application Firewall (WAF) is a powerful tool for protecting your web applications from various types of attacks. A Regex Pattern Set in AWS WAF enables you to match complex string patterns, helping to filter malicious requests or enforce specific rules. Here’s a step-by-step guide on creating a Regex Pattern Set in AWS WAF. Understand […]
The post Creating a Regex Pattern Set in AWS WAF appeared first on SOC Prime.
What Is OpenSearch Flush? In OpenSearch, flushing is the process of permanently storing data onto disk for all operations that have been temporarily stored in memory. This process is also known as a Lucene commit. How Are OpenSearch Documents Indexed? To understand the importance of flushing, it is essential to know how OpenSearch indexes documents. […]
The post OpenSearch Flush, Translog, and Refresh appeared first on SOC Prime.
When managing an Elasticsearch cluster, fine-tuning certain settings can enhance stability and performance, especially under high data loads or cluster transitions. Below are some advanced settings and their descriptions to help improve cluster efficiency. Adjusting Timeout for Unassigned Shards Command: Purpose: The refresh_interval controls how often Elasticsearch refreshes its index to make newly indexed documents […]
The post Additional Settings for Optimizing Elasticsearch Cluster Performance appeared first on SOC Prime.
