At Elastic, we are adding data layers to our Maps Service on a regular basis. We are proud to announce that we have recently finished adding a number of layers that complete the European continent for all second level national boundaries. The list of new layers are Albania, Andorra, Bosnia and Herzegovina, Bulgaria, Czechia, Greece, Greenland, Iceland, Latvia, Liechtenstein, Lithuania, North Macedonia, Moldova, Montenegro, Romania, Serbia, and Ukraine.

As businesses transform their traditional business models into new digital ones, and aggressively compete for turf within the digital economy, their constant pursuit of competitive edge drives technology, process, and architectural innovations. As a result, it seems that every 18 months a technology paradigm shift comes about that enables better agility, lower cost, improved quality of service, better intelligence and more.

The power and value that’s embedded in logs are reflected by the status and behavior of our applications and infrastructure. Many times we would like to be alerted when the application or its components show abnormal behavior. This behavior can be reflected by the application sending some logs at a higher than usual volume. Figuring out exactly what ‘higher than usual’ means, or in other words, setting the threshold value at which the alert should trigger can be a daunting task.

What is YAML? YAML is a readable data serialization language used frequently in configuration files for software; it stands for “Ain’t Markup Language.” This article will show you samples of YAML files (written .yml or .yaml) for the ELK Stack and other programs commonly used by DevOps team. And while some people love yaml and some hate it, it’s not going away.

When you login your stacks are displayed on the dashboard. To enable alerts for a stack, choose the 'Settings' button. Next, choose 'Alerts' and then click 'Provision ElastAlert' for this stack

Threat intelligence feeds are a critical part of modern cybersecurity. Widely available online, these feeds record and track IP addresses and URLs that are associated with phishing scams, malware, bots, trojans, adware, spyware, ransomware and more. Open source threat intelligence feeds can be extremely valuable—if you use the right ones. While these collections are plentiful, there are some that are better than others.

Hello, security enthusiasts! This is part seven (can you believe it?) of the Elastic SIEM for home and small business blog series. If you haven’t read the first six blogs in the series, you may want to before going any further. In the prerequisite blogs we created our Elasticsearch Service deployment (part 1), secured access to our cluster by restricting privileges for users and Beats (part 2), then we created an ingest pipeline for GeoIP data and reviewed our Beats configurations (part 3).

Have you ever looked at your website logs and realized they don’t make sense to you? Maybe your log levels have been abused, and now every log categorizes as “Error.” Or your logs fail to give clear information on what went wrong, or they reveal sensitive information that hackers may harvest. Fixing these problems is possible! Let’s explore how you can write meaningful log messages and use log levels correctly.

For those out there searching for “What is syslog?,” this post has answers to all of your questions. Simply put, syslog handles a very important task—collecting events—and is present in almost all systems and peripherals out there. It’s the standard used to collect events in an ever-growing number of devices. Syslog can often be related to Ubuntu and servers, but it’s certainly much more than that.

In the last couple of posts we covered the various ways of connecting data sources to Azure Monitor Logs (Part 2: Getting Started, Part 3: Solutions), so by now we should have loads of data to play around with. The data we’ve collected so far is largely just a blob, and probably not very useful at this point. “Solutions” help with this, but the real fun part starts now: making sense of the data you have using the Kusto Query Language – better known as KQL.