Operations | Monitoring | ITSM | DevOps | Cloud

Hey, there. This is part six of the Elastic SIEM for home and small business blog series. If you haven’t read the first, second, and third blogs, you may want to before going any further. In the Getting started blog, we created our Elasticsearch Service deployment and started collecting data from one of our computers using Winlogbeat. In the Securing cluster access blog, we secured access to our cluster by restricting privileges for users and Beats.

Editor’s note: CVE-2020-0601, unsurprisingly, has created a great deal of interest and concern. There is so much going on that we could not adequately provide a full accounting in a single blog post! This post focuses on detection of the vulnerability based on network logs, specifically Zeek as well as Endpoint. If you are collecting vulnerability scan data and need to keep an eye on your inventory of systems that are at risk, then check out Anthony Perez’s blog.

Software vulnerabilities are part of our lives in a digitalized world. If anything is certain, it’s that we will continue to see vulnerabilities in software code! Recently the CVE-2020-0601 vulnerability, also known as CurveBall or “Windows CryptoAPI Spoofing Vulnerability”, was discovered, reported by the NSA and made headlines. The NSA even shared a Cybersecurity Advisory on the topic. Anthony previously talked about it from a public sector and Vulnerability Scanner angle.

For some organizations, even the best isn’t quite enough. That’s why JFrog Xray provides a way for you to specify your own additional data, to detect even more sensitive issues in your binaries before they can reach production. JFrog Xray is a tool for DevSecOps teams to gain insight into the open source components used in their applications.

We recently received a notification from a concerned user, because he had found a “vulnerability” in Pandora FMS. Besides, not just any vulnerability but one that seemed to give root access to the system. Next, this user called k4m1ll0 wrote a post in Medium warning the community about this vulnerability. If you want to read the original post, click here.

Starting April 21, 2020, all requests to Elasticsearch Service on Elastic Cloud must use HTTP over TLS (HTTPS) with support for TLS 1.2. We’ve decided to make this change in the best interest of our users so we can ensure the security of data in transit and stay up to date with modern encryption, security protocols, and practices.

It’s 2020, which means it’s time to look back at 2019 and reminisce about the good times – fun with family and friends, good food, travel, and memories to last a lifetime. Who am I kidding? Everyone remembers the bad stuff. The increasing impacts of climate change; relentless fires in the Amazon, California, and Australia; political and social unrest around the globe; and the last season of Game of Thrones. Jon Snow... you still know nothing.

Hey Everyone, We recently did a webinar with Christian Heger, technical head of the DATEV SOC, as well as Sebastian Schmerl, head of cyber defense of Computacenter. They shared their 6-month path of modernizing their security operations with help of Splunk technology and the MITRE ATT&CK framework. As we weren’t able to address all of the questions during the webinar, we discussed these afterwards and share them in this blog post as a Q&A follow-up.