Understanding index.mapping.total_fields.limit in OpenSearch/ElasticSearch
Sometimes, you can get the associated error Limit of total fields has been exceeded I will explain what it is…
Threats
UAC-0185 aka UNC4221 Attack Detection: Hackers Target the Ukrainian Defense Forces and Military-Industrial Complex
Since russia launched its full-scale invasion of Ukraine, defense organizations have been heavily targeted by multiple hacking groups via the…
Monitoring Elasticsearch Cluster With Metricbeat
Monitoring Elasticsearch is crucial for maintaining its performance and ensuring cluster health. Metricbeat, a lightweight shipper by Elastic, simplifies this…
Understanding indices.query.bool.max_clause_count in OpenSearch
The indices.query.bool.max_clause_count setting in OpenSearch specifies the maximum number of clauses allowed in a bool query. A clause in this…
Decoding the PROCTITLE Field in Auditd Event Streams with Logstash
By default, the PROCTITLE field contains the command used to start a process, encoded in HEX. Learn how to decode…
BlueAlpha Attack Detection: russia-affiliated Hacking Collective Abuses Cloudflare Tunnels to Distribute GammaDrop Malware
The russian state-sponsored threat actor BlueAlpha (aka Gamaredon, Hive0051, Shuckworm, UAC-0010, or Armageddon) has been orchestrating cyber-espionage campaigns against Ukraine…
Interesting URL Schema Abuse Patterns (Merry Phishmas)
One interesting feature of the specification of the URL schema parsing is that literal IP addresses can be accepted as…
Migrating Dashboards Between OpenSearch Instances
If you need to migrate visualizations or dashboards from one OpenSearch instance to another, you can do the following steps:…
Enhancing Request Handling with Custom Headers in AWS WAF
AWS WAF allows you to insert custom headers into HTTP requests for non-blocking actions. This feature enables tailored downstream processing…
Generating a CSR and Using an External Certificate with Elasticsearch
This guide is aimed at beginners and provides a step-by-step walkthrough for connecting Elasticsearch to external certificates issued by a…