The error index.max.regex_length in OpenSearch is related to the maximum length of regular expressions that can be used in index settings. This setting controls the maximum length of a regular expression used during index creation or mapping, and when a regex pattern exceeds this length, you will encounter an error. To fix this, you can adjust the index.max.regex_length […]

The post How to Increase index.max_regex_length in OpenSearch appeared first on SOC Prime.

Hot on the heels of russia-linked BlueAlpha’s exploitation of Cloudflare Tunneling services to spread GammaDrop malware, another russia-backed state-sponsored APT group comes to the spotlight. The nefarious actor tracked as Secret Blizzard (aka Turla) APT group has been observed leveraging offensive tools and infrastructure of other hacking collectives. The group’s campaigns also focus on deploying […]

The post Secret Blizzard Attack Detection: The russia-Linked APT Group Targets Ukraine via Amadey Malware to Deploy the Updated Kazuar Backdoor Version appeared first on SOC Prime.

I have a case where I need to drop unnecessary logs. I found a plugin that helps do that.The rewrite_tag_filter plugin is used to dynamically modify the tags of incoming log records based on their content. You can rewrite tags,  route logs more effectively, organize them based on certain conditions, and ensure logs are processed […]

The post Fluentd: How to Change Tags During Log Processing. appeared first on SOC Prime.

Create a Custom RuleYou can create a custom rule to generate an offense or send notifications when logs stop coming from any log source. Go to the Rules Section: Navigate to Offenses > Rules. Click Actions > New Event Rule. Then you will Rule Wizard window.In this step, use the default parameter. after that, you will finally see the main configuration for your […]

The post IBM QRadar: How to Create a Rule for Log Source Monitoring appeared first on SOC Prime.

Elasticsearch uses a security model to control access to data through roles and users. This allows only authorized users to log in and perform certain actions according to roles. Implementing role-based access control is essential for data security and operational integrity in an Elasticsearch environment.This guide explains how to configure roles and users for secure […]

The post Using Roles and Users for Data Access in Elasticsearch appeared first on SOC Prime.

High-profile attacks often stem from the exploitation of RCE vulnerabilities in commonly used software products. In late October 2024, security researchers uncovered a critical vulnerability in the FortiManager API (CVE-2024-47575) actively exploited in zero-day attacks. With the holiday season on the horizon, adversaries ramp up their activities as a new security flaw surfaces in the […]

The post CVE-2024-50623 Detection: Attackers Actively Exploit a RCE Vulnerability in Cleo Harmony, VLTrader, and LexiCom File Transfer Products appeared first on SOC Prime.

OpenSearch can enforce read-only states on clusters or indices to protect against issues like low disk space or cluster instability. Understanding and resolving these blocks is crucial for maintaining a healthy and operational cluster. Below is a guide to address common scenarios. How to Resolve cluster.blocks.read_only The cluster.blocks.read_only setting typically occurs when OpenSearch detects a critical issue, […]

The post OpenSearch: Cluster Blocks Read-Only appeared first on SOC Prime.

Welcome to the new Threat Bounty monthly digest edition and learn about the November results and updates. First and foremost, a huge thank you to all the dedicated members of the Threat Bounty Program. In total, 80 detection rules were released on the Threat Detection Marketplace, providing valuable opportunities for detecting emerging cyber threats and […]

The post SOC Prime Threat Bounty Digest — November 2024 Results appeared first on SOC Prime.

AWS WAF Bot Control helps you manage bot traffic effectively by allowing you to distinguish between verified bots, like those from search engines, and unverified or potentially malicious bots. Below is an overview of how to configure your web ACL to allow verified bots: 1. Prerequisites Ensure AWS WAF Bot Control is enabled on your […]

The post How to Allow Verified Bots Using AWS WAF Bot Control appeared first on SOC Prime.

In some log formats, fields can be arrays of hashes, requiring conversion into a structured key-value format. Fluentd supports this through inline Ruby scripts, enabling transformations during log processing. For example, I need to convert the event_data field: Step 1. Write Ruby-Based Transformation Logic The transformation requires iterating over the event_data array, extracting meaningful information, and producing […]

The post How to Convert Arrays of Hashes Into a Structured Key-Value Format During Log Processing appeared first on SOC Prime.