In this four-part series, Combating threats with UEBA, we explore hypothetical cyberattacks inspired by real-life events in four different industries: healthcare, finance, manufacturing, and education. We’ll take a look at unforeseen security attack scenarios, and discover how user and entity behavior analytics (UEBA) can be leveraged to safeguard organizations.
The next version of Netdata has arrived! Aside from dozens of quality-of-life and papercut fixes, we’ve launched some new features we know you’ll be excited to use straight away. Let’s dive in.
Every so often you need to schedule a snapshot on a virtual machine, whether that be a VMware virtual machine or a Hyper-V virtual machine, or even multiple virtual machines because someone or something is going to be changed and you need a quick way to roll them back to a running state, just in case things go belly up. It’s a very common task that administrators need to do.
The recent public release of Cycle’s API has already seen all sorts of innovative uses, from automating the deployments of medical applications, to creating customized monitoring services to track specific performance metrics. Everything you can do in the portal can also be accomplished via the API — it’s actually the exact same API we used to build the portal!
We’ve released our newest feature, Self-Service Transactions (SST), for the beta release. Although you can still have us take care of the scripting for you (Full-Service Transactions), with SST you write and manage your own scripts. You can use our handy visual Step Editor, write your code directly into the text editor, or interface with our API.
Multi-line logs such as stack traces give you lots of very valuable information for debugging and troubleshooting application problems. But, as anyone who has tried knows, it can be a challenge to collect stack traces and other multi-line logs so that you can easily parse, search, and use them to identify problems. This is because, without proper configuration, log management services and tools do not treat multi-line logs as a single event.
Hashicorp Vault is an open-source secret management tool that allows organizations to easily "secure, store and tightly control access to tokens, passwords, certificates, encryption keys for protecting secrets and other sensitive data using a UI, CLI, or HTTP API." This solution prevents sensitive information from being stored in unsecured places, and at times stored in plaintext, throughout the organization’s infrastructure.
Today we are officially releasing Graylog v3.1.1 This release brings a whole new AWS Kinesis/CloudWatch Input to Graylog. The new input guides the user through the setup process and performs validation checks along the way. It also supports an automated CloudWatch Logs to Kinesis Streams setup, eliminating the complexity of manual setup.
AquaSec’s Daniel Sagi recently authored a blog post about DNS spoofing in Kubernetes. TLDR is that if you use default networking in Kubernetes you might be vulnerable to ARP spoofing which can allow pods to spoof (impersonate) the IP addresses of other pods. Since so much traffic is dialed via domain names rather than IPs, spoofing DNS can allow you to redirect lots of traffic inside the cluster for nefarious purposes.
Cloud costs can come with significant sticker shock, especially since many businesses do not have an easy way to track or predict actual cost before the bill arrives. However, there are several architectural changes that businesses can make that will help rein in cloud spend. In some cases, optimal engineering decisions should be made up-front, while in other cases certain areas should be monitored over time to identify opportunities to retool architecture and optimize cloud costs.
