AWS WAF: Creating Custom String Match Rule
Start with navigating to Add Rules. Go to the Add Rules and Rule Groups page.Click Add Rules, then Add my…
Threats
Addressing read_only_allow_delete After Disk Space Issues
Occasionally, as Elasticsearch administrators we may encounter a situation where all indices are automatically set to read_only_allow_delete=true, preventing write operations.…
How to Check What Task is Stuck and Cancel it on Dev-tools
I had a problem with long-running stuck tasks. These tasks were stuck due to various reasons, such as resource constraints,…
Handling the Dynamic Pruning Failure in Cardinality Aggregations in Elasticsearch
When working with Elasticsearch, you may encounter the following error during complex queries involving cardinality aggregations: This error typically occurs…
OpenSearch Alert Monitoring: High CPU Usage Example
OpenSearch alerting feature sends notifications when data from one or more indices meets certain customizable conditions. Use cases include monitoring…
How to Retrieve and Restore Snapshots from S3 Repository in OpenSearch
Step 1: List Available Snapshots First, you need to list the snapshots available in your S3 repository. You can do…
Creating Snapshot Management Policies with Keystore Integration and Slack Notification Setup
Step 1: Add AWS Credentials to the Keystore To securely store your AWS credentials, use the OpenSearch keystore. Add your…
Making Use of Building Block Rules in Elastic
Within the “Advanced Options” of the “About Rule” section of Elastic hides a useful feature that gets little attention. This…
Fields Aren’t Always Faster, Keyword Searches to Speed Up Splunk
When possible, use datamodels, they are generally your best bet for speed. However, not everything in your Splunk will be…
Making Use of Fillnull and Values() to Increase Rule Resiliency in Splunk
Within splunk we use “stats” and “tstats” a bunch as threat hunters. However, these useful operations can cause interesting events…