Optimizing Elasticsearch Master Node for Cluster Stability
The master node is responsible for lightweight cluster-wide actions such as creating or deleting an index, tracking which nodes are…
Threats
Standard Logstash Template for Event Processing (Gold Template)
This standard template for configuring Logstash pipelines, commonly referred to as a “gold template,” ensures consistent metadata enrichment for events…
Configuring Disk Allocation Thresholds in Elasticsearch and OpenSearch
When running an Elasticsearch or OpenSearch cluster, efficient disk space management is essential for ensuring stability and performance. These platforms…
Understanding index.mapping.total_fields.limit in OpenSearch/ElasticSearch
Sometimes, you can get the associated error Limit of total fields has been exceeded I will explain what it is…
UAC-0185 aka UNC4221 Attack Detection: Hackers Target the Ukrainian Defense Forces and Military-Industrial Complex
Since russia launched its full-scale invasion of Ukraine, defense organizations have been heavily targeted by multiple hacking groups via the…
Monitoring Elasticsearch Cluster With Metricbeat
Monitoring Elasticsearch is crucial for maintaining its performance and ensuring cluster health. Metricbeat, a lightweight shipper by Elastic, simplifies this…
Understanding indices.query.bool.max_clause_count in OpenSearch
The indices.query.bool.max_clause_count setting in OpenSearch specifies the maximum number of clauses allowed in a bool query. A clause in this…
Decoding the PROCTITLE Field in Auditd Event Streams with Logstash
By default, the PROCTITLE field contains the command used to start a process, encoded in HEX. Learn how to decode…
BlueAlpha Attack Detection: russia-affiliated Hacking Collective Abuses Cloudflare Tunnels to Distribute GammaDrop Malware
The russian state-sponsored threat actor BlueAlpha (aka Gamaredon, Hive0051, Shuckworm, UAC-0010, or Armageddon) has been orchestrating cyber-espionage campaigns against Ukraine…
Interesting URL Schema Abuse Patterns (Merry Phishmas)
One interesting feature of the specification of the URL schema parsing is that literal IP addresses can be accepted as…