Splunk: Using collect Command for Creating New Events in a New Index
In some scenarios, you may need to save the results of a search into another index—for example, to reuse the…
Threats
Enhancing Events with Geolocation Data in Logstash
If you are using Logstash and need to enrich event data with geolocation information based on IP addresses, the following…
OpenSearch Split Index API
The Split Index API in OpenSearch is a useful feature that allows you to split an existing index into multiple…
ArcSight Administrator Guide: Renewing the Self-Signed Certificate
This article provides a step-by-step guide for ArcSight administrators to replace the self-signed certificate used by the ArcSight Manager. This…
Reindexing in Elasticsearch: A Guide for Administrators
Reindexing is an essential Elasticsearch operation that enables administrators to copy documents from one index to another, either within the…
UAC-0125 Attack Detection: Hackers Use Fake Websites on Cloudflare Workers to Exploit the “Army+” Application
Hard on the heels of the cyber-espionage campaign by UAC-0099 via the phishing attack vector, another hacking collective has evolved…
Understanding OpenSearch Routing Allocation Settings
OpenSearch, a powerful open-source search and analytics engine, provides robust cluster management features to ensure efficient data distribution and availability.…
Using Ruby Code in Logstash for Translating Text from HEX
In Elasticsearch pipelines, you might encounter scenarios where fields contain hexadecimal-encoded text. To decode this text into its original readable…
Fluentd: Work With Multiple Log Sources Within a Single Instance by Using @label
@label is a feature that defines multiple processing pipelines within a single instance. Labels allow you to route log data…
DarkGate Malware Attack Detection: Voice Phishing via Microsoft Teams Leads to Malware Distribution
Researchers have uncovered a new malicious campaign using voice phishing (vishing) to spread the DarkGate malware. In this attack, adversaries…