Fluentd: How to Make Nested Hash from Dot-Separated Keys
When a log record has keys like test.test, you can use two methods record_transformer and explode plugin, to process these…
Threats
Essential Dev Tools Commands for Elasticsearch & OpenSearch Administrators
As an Elasticsearch administrator, using the Dev Tools Console in Kibana can significantly simplify cluster management and troubleshooting. Below is…
How to Increase index.max_regex_length in OpenSearch
The error index.max.regex_length in OpenSearch is related to the maximum length of regular expressions that can be used in index…
Secret Blizzard Attack Detection: The russia-Linked APT Group Targets Ukraine via Amadey Malware to Deploy the Updated Kazuar Backdoor Version
Hot on the heels of russia-linked BlueAlpha’s exploitation of Cloudflare Tunneling services to spread GammaDrop malware, another russia-backed state-sponsored APT…
Fluentd: How to Change Tags During Log Processing.
I have a case where I need to drop unnecessary logs. I found a plugin that helps do that.The rewrite_tag_filter…
IBM QRadar: How to Create a Rule for Log Source Monitoring
Create a Custom RuleYou can create a custom rule to generate an offense or send notifications when logs stop coming…
Using Roles and Users for Data Access in Elasticsearch
Elasticsearch uses a security model to control access to data through roles and users. This allows only authorized users to…
CVE-2024-50623 Detection: Attackers Actively Exploit a RCE Vulnerability in Cleo Harmony, VLTrader, and LexiCom File Transfer Products
High-profile attacks often stem from the exploitation of RCE vulnerabilities in commonly used software products. In late October 2024, security…
OpenSearch: Cluster Blocks Read-Only
OpenSearch can enforce read-only states on clusters or indices to protect against issues like low disk space or cluster instability.…
SOC Prime Threat Bounty Digest — November 2024 Results
Welcome to the new Threat Bounty monthly digest edition and learn about the November results and updates. First and foremost,…