IBM QRadar: How to Create a Rule for Log Source Monitoring
Create a Custom RuleYou can create a custom rule to generate an offense or send notifications when logs stop coming…
Threats
Using Roles and Users for Data Access in Elasticsearch
Elasticsearch uses a security model to control access to data through roles and users. This allows only authorized users to…
CVE-2024-50623 Detection: Attackers Actively Exploit a RCE Vulnerability in Cleo Harmony, VLTrader, and LexiCom File Transfer Products
High-profile attacks often stem from the exploitation of RCE vulnerabilities in commonly used software products. In late October 2024, security…
OpenSearch: Cluster Blocks Read-Only
OpenSearch can enforce read-only states on clusters or indices to protect against issues like low disk space or cluster instability.…
SOC Prime Threat Bounty Digest — November 2024 Results
Welcome to the new Threat Bounty monthly digest edition and learn about the November results and updates. First and foremost,…
How to Allow Verified Bots Using AWS WAF Bot Control
AWS WAF Bot Control helps you manage bot traffic effectively by allowing you to distinguish between verified bots, like those…
How to Convert Arrays of Hashes Into a Structured Key-Value Format During Log Processing
In some log formats, fields can be arrays of hashes, requiring conversion into a structured key-value format. Fluentd supports this…
New Cyber-Espionage Campaign Detection: Suspected China-Backed Actors Target High-Profile Organizations in Southeast Asia
Defenders observe increasing numbers of cyber-attacks linked to China-backed APT groups, primarily focused on intelligence gathering. In September 2024, a…
Designing Index Structure for Large Volumes of Data in Elasticsearch
Elasticsearch, a powerful distributed search and analytics engine, requires careful index structure design for optimal performance with large datasets, avoiding…
How to prevent BufferOverflowError
In this guide, I will tell you how to prevent BufferOverflowError when you get logs from Kafka/in_tail, and your output…