In my previous post, we looked at how event correlation can be used to deal with advanced persistent threats (APTs). The thing is, an APT is just one ugly face of a much larger epidemic: the data breach. In this blog, we examine this larger problem and the role of event correlation in securing sensitive data.
As reported on Issue #228, if scout_apm is disabled on a node via the configuration monitor = false, we don't intend to install any instruments, but a few snuck in anyway. Since the rest of the agent isn't running, they (slowly but steadily) built up recorded info, but didn't purge it, causing a slow memory leak that became clear over the course of a week or two. We've stopped the offending instruments from installing themselves when Scout is disabled.
Just when you think you’ve got this whole “knowledge economy” thing figured out, here comes the “creative economy” – the world in which your ability to succeed and add value is limited only by your imagination. Of course, that creativity needs to be informed by a deep understanding of your customers.
Sematext provides a single pane of glass and machine learning powered alerts for logs, metrics, traces and user experience data. Sematext Cloud provides advanced monitoring, logging and tracing for all Docker platforms such as Docker EE, Kubernetes, GKE, AWS ECS, and IBM Cloud. Sematext’s new monitoring agent leverages the powerful eBPF Linux kernel observability functionality and uses the Kubernetes API to enrich the container and cluster level metrics.
Logagent is a modern, open-source, light-weight data shipper with out of the box and extensible log parsing, on-disk buffering, secure transport and bulk indexing to Elasticsearch and Sematext Cloud. Its low memory footprint and low CPU overhead make it suitable for deploying on edge nodes and devices, while its ability to parse and structure logs makes it a great Logstash alternative.
It’s nearly the end of 2018 and we still discuss CI/CD and agile as separate concepts. The truth is, the line between them is blurring. Doing either or both well is very difficult. In fact, many organizations struggle to effectively execute an agile workflow, or reach CD because they are so difficult to do well. This article focuses on why it is so important to keep striving toward this gold standard duo because CI/CD and agile result in quality and predictability.
One of the most common security use cases, is the ability to identify connections generated by malicious actors, or internal components connecting to suspicious servers (e.g malware C&Cs). In this post, we will show how to leverage the Falco engine, to identify connections made to IPs that were flagged by multiple security sensors, and are streamed as a feed to the Falco engine.
We are happy to announce that Graylog v2.5 is now available. This release includes several new features, including support for Elasticsearch 6.x, along with numerous bug fixes.
The EU General Data Protection Regulation (GDPR) was authored in 2016 and became applicable on May 25th of 2018. You can read the regulation in its entirety in this PDF. If you have legal questions about GDPR and how it applies to your organization, you should seek the advice of a professional who is familiar with the regulation.
Grafana v5.4 brings new features, many enhancements and bug fixes. This article will detail the major new features and enhancements.
