When managing an Elasticsearch cluster, fine-tuning certain settings can enhance stability and performance, especially under high data loads or cluster transitions. Below are some advanced settings and their descriptions to help improve cluster efficiency. Adjusting Timeout for Unassigned Shards Command: Purpose: The refresh_interval controls how often Elasticsearch refreshes its index to make newly indexed documents […]

The post Additional Settings for Optimizing Elasticsearch Cluster Performance appeared first on SOC Prime.

Apache Kafka is an open-source platform designed for building real-time data pipelines and streaming applications. Initially developed by LinkedIn and later donated to the Apache Software Foundation, Kafka has become a cornerstone for handling large-scale, high-throughput, and low-latency data streams. At its core, Kafka operates as a distributed messaging system. It allows systems to publish […]

The post Understanding Basics of Apache Kafka appeared first on SOC Prime.

The map command in Splunk is a powerful tool that enables executing secondary searches based on the results of a primary search. This capability allows for dynamic, nested investigations, making it particularly useful in cybersecurity for uncovering indicators of compromise (IOCs) or analyzing specific user activity patterns. Example of using – we can make the […]

The post Using map Command in Splunk appeared first on SOC Prime.

In some scenarios, you may need to save the results of a search into another index—for example, to reuse the data for correlation or trend analysis. The collect command in Splunk allows you to write search results into a summary index for long-term storage or faster analysis. Example: Aggregate Failed Login Attempts Suppose you want […]

The post Splunk: Using collect Command for Creating New Events in a New Index appeared first on SOC Prime.

If you are using Logstash and need to enrich event data with geolocation information based on IP addresses, the following filter configuration can help. This setup checks if the source IP is an external IP and applies geolocation enrichment. For internal IPs, geolocation is skipped to optimize processing. Recommended Logstash Filter for Geolocation Enrichment Explanation […]

The post Enhancing Events with Geolocation Data in Logstash appeared first on SOC Prime.

The Split Index API in OpenSearch is a useful feature that allows you to split an existing index into multiple smaller indices. This can be particularly valuable when you want to improve performance, scale your index, or rebalance the data without re-ingesting it. What is the Split Index API? The Split Index API enables you to take […]

The post OpenSearch Split Index API appeared first on SOC Prime.

This article provides a step-by-step guide for ArcSight administrators to replace the self-signed certificate used by the ArcSight Manager. This process involves using the managersetup utility to generate a new key pair and restarting the ArcSight services to apply changes.  Steps to Renew the Self-Signed Certificate in ArcSight 1.Execute the Manager Setup CommandLog in to the […]

The post ArcSight Administrator Guide: Renewing the Self-Signed Certificate appeared first on SOC Prime.

Reindexing is an essential Elasticsearch operation that enables administrators to copy documents from one index to another, either within the same cluster or across clusters. This guide provides examples of reindexing and monitoring tasks, including cross-cluster reindexing, along with references to the official Elasticsearch documentation. Basic Reindexing Example The following example demonstrates how to copy […]

The post Reindexing in Elasticsearch: A Guide for Administrators appeared first on SOC Prime.

Hard on the heels of the cyber-espionage campaign by UAC-0099 via the phishing attack vector, another hacking collective has evolved in the cyber threat arena to target Ukrainian organizations. CERT-UA notifies defenders about the discovery of fake websites that mimic the official page of the “Army+” application and are hosted using the Cloudflare Workers service. […]

The post UAC-0125 Attack Detection: Hackers Use Fake Websites on Cloudflare Workers to Exploit the “Army+” Application appeared first on SOC Prime.

OpenSearch, a powerful open-source search and analytics engine, provides robust cluster management features to ensure efficient data distribution and availability. One of these key features is the routing allocation settings, which dictate how shards (data fragments) are distributed across nodes in a cluster. In this article, we’ll take a closer look at a specific configuration, […]

The post Understanding OpenSearch Routing Allocation Settings appeared first on SOC Prime.