Managing storage requirements for an OpenSearch cluster deployed via a Helm chart in Kubernetes can present unique challenges, especially when scaling Persistent Volume Claims (PVCs) for StatefulSets. PVC resizing in Kubernetes is a straightforward concept, but its implementation may run into issues depending on the underlying storage class, StatefulSet behavior, and OpenSearch’s requirements. This article […]

The post Resizing Persistent Volume Claims (PVCs) for OpenSearch in Kubernetes: Challenges and Solutions appeared first on SOC Prime.

If index-pattern was recreated and its id hasn’t been customized to the same as it was before, you’ll get an error in all related visualizations: Could not locate that index-pattern (id: index-pattern_id), click here to re-create it The link will lead you to the index-pattern creation menu.   But there is no need to recreate the […]

The post OpenSearch: How to Update index-pattern in “Broken” Visualization appeared first on SOC Prime.

When processing event streams with Logstash, it can be useful to record the time an event was processed and the hostname of the Logstash server handling it. This information is important for debugging, monitoring, and ensuring the traceability of event data.Logstash makes this task straightforward using the Ruby filter plugin, which allows embedding Ruby code […]

The post Adding Processing Timestamp and Hostname in Logstash Using Ruby appeared first on SOC Prime.

To receive logs from your containers in Kafka topic, we have to do these steps: Install Filebeat echo “deb https://artifacts.elastic.co/packages/8.x/apt stable main” | sudo tee -a /etc/apt/sources.list.d/elastic-8.x.list sudo apt-get update && sudo apt-get install filebeat   2. Edit the configuration file /etc/filebeat/filebeat.yml with these lines  3. Enable Filebeat service sudo systemctl enable filebeat 4. Restart Filebeat.

The post Filebeat: Receiving Docker logs in Kafka appeared first on SOC Prime.

OpenSearch employs circuit breakers to prevent nodes from running out of Java Virtual Machine (JVM) heap memory, which could lead to crashes. These circuit breakers estimate the memory required for operations and compare it to the available heap size. If an operation exceeds the configured limit, OpenSearch throws a CircuitBreakerException to avoid potential OutOfMemoryErrors. Types of Circuit […]

The post OpenSearch Circuit Breakers appeared first on SOC Prime.

Step 1:Write a Query to Monitor Multiple Sources Identify the log sources you want to monitor. Create a Splunk search query that checks for events from those sources within a specific timeframe. Example query: Query without additional fields Query with additional fields “message” For example, on the screenshot, I set two hosts to monitor and […]

The post Splunk: How to Write a Query to Monitor Multiple Sources and Send Alert if they Stop Coming appeared first on SOC Prime.

The nefarious SmokeLoader malware resurfaces in the cyber threat arena targeting Taiwanese companies in multiple industry sectors, including manufacturing, healthcare, and IT. Typically used as a downloader for deploying other malicious samples, in the latest attack campaign, SmokeLoader executes the attack directly by retrieving plugins from its C2 server. Detect SmokeLoader Malware Almost 100 million […]

The post SmokeLoader Malware Detection: Notorious Loader Reemerges to Target Companies in Taiwan appeared first on SOC Prime.

Let’s see how to use a custom script to trigger an action if a service has restarted or if there are other problems in Monit – utility for monitoring services on a Unix system.  1) Create a script with an action for what you want to do when Monit triggers an action.        For example, in the code below, I […]

The post Using a Custom Script to Trigger an Action in Monit appeared first on SOC Prime.

To update the GeoLite2 database in your ArcSight Manager environment, follow these steps: 1. Register on the MaxMind Portal Visit the MaxMind Portal and log into your account. If you don’t have an account, register for one. 2. Download the GeoLite2 Database Once logged in, navigate to the Account Portal. In the sidebar menu, select “Download Files”. This will take […]

The post How to Update GeoLite2 Database in ArcSight Manager appeared first on SOC Prime.

After adding rules and rule groups as suggested in this article, complete your web ACL setup.You have to do these steps: Set Rule Priority On the Set rule priority page, arrange the processing order for your rules and rule groups.AWS WAF processes rules from top to bottom. Adjust the order by selecting a rule and […]

The post Finalizing Your AWS WAF Web ACL Configuration appeared first on SOC Prime.