#elasticstack — Public Fediverse posts

Security teams depend on telemetry, but raw logs and events are chaos until structured, enriched, and secured.

In Data Engineering for Cybersecurity, James Bonifield shows how to design scalable data pipelines using open source tools like Filebeat, Logstash, Redis, Kafka, and Elasticsearch.

Build systems that turn noise into insight and support real-time detection.

https://nostarch.com/data-engineering-cybersecurity

#CyberSecurity #InfoSec #DataEngineering #ElasticStack #OpenSource

I usually don't post about work-related stuff except for ranting or asking technical questions, but this time I'll make an exception:

Today, Dash0 went out of beta and I am very proud to be part of the magnificent team making this #OpenTelemetry Native #Observability solution possible. 😀

If you’re looking for an observability solution, such as #Grafana, #ElasticStack, #NewRelic, #Datadog or #SigNoz, then give it a spin!

Start your free 14-days trial at www.dash0.com!
#o11y #otel

I usually don't post about work-related stuff except for ranting or asking technical questions, but this time I'll make an exception:

Today, Dash0 went out of beta and I am very proud to be part of the magnificent team making this #OpenTelemetry Native #Observability solution possible. 😀

If you’re looking for an observability solution, such as #Grafana, #ElasticStack, #NewRelic, #Datadog or #SigNoz, then give it a spin!

Start your free 14-days trial at www.dash0.com!
#o11y #otel

I usually don't post about work-related stuff except for ranting or asking technical questions, but this time I'll make an exception:

Today, Dash0 went out of beta and I am very proud to be part of the magnificent team making this #OpenTelemetry Native #Observability solution possible. 😀

If you’re looking for an observability solution, such as #Grafana, #ElasticStack, #NewRelic, #Datadog or #SigNoz, then give it a spin!

Start your free 14-days trial at www.dash0.com!
#o11y #otel

I usually don't post about work-related stuff except for ranting or asking technical questions, but this time I'll make an exception:

Today, Dash0 went out of beta and I am very proud to be part of the magnificent team making this #OpenTelemetry Native #Observability solution possible. 😀

If you’re looking for an observability solution, such as #Grafana, #ElasticStack, #NewRelic, #Datadog or #SigNoz, then give it a spin!

Start your free 14-days trial at www.dash0.com!
#o11y #otel

I usually don't post about work-related stuff except for ranting or asking technical questions, but this time I'll make an exception:

Today, Dash0 went out of beta and I am very proud to be part of the magnificent team making this #OpenTelemetry Native #Observability solution possible. 😀

If you’re looking for an observability solution, such as #Grafana, #ElasticStack, #NewRelic, #Datadog or #SigNoz, then give it a spin!

Start your free 14-days trial at www.dash0.com!
#o11y #otel

Critical Kibana Vulnerability - Arbitrary Code Execution via YAML Deserialization

Date: September 5, 2024

CVE: CVE-2024-37285

Vulnerability Type: Deserialization of Untrusted Data

CWE: [[CWE-502]]

Sources: Elastic Security Advisory

Synopsis

CVE-2024-37285 impacts Kibana versions 8.10.0 to 8.15.0, where a deserialization flaw allows remote code execution if an attacker injects malicious YAML payloads. This vulnerability requires that an attacker has elevated Elasticsearch and Kibana privileges.

Issue Summary

The vulnerability arises from improper YAML deserialization within Kibana. A malicious actor can craft a YAML payload and execute arbitrary code, provided they have specific Elasticsearch index and Kibana privileges. This issue affects Kibana from versions 8.10.0 through 8.15.0 and is critical due to its ease of exploitation and the potential for widespread impact.

Technical Key Findings

Attackers exploit this flaw by submitting a specially crafted YAML document that Kibana deserializes without proper validation. Once the malicious code is parsed, it can run on the server with elevated privileges, enabling arbitrary code execution.

The attacker must have the following Elasticsearch indices permissions;

• write access to system indices .kibana_ingest*
  
• The allow_restricted_indices flag needs to be set to true

The attacker must also have ANY of the following Kibana privileges;

• Under Fleet the All privilege is granted
• Under Integration the Read or All privilege is granted
• Access to the fleet-setup privilege is gained through the Fleet Server’s service account token## Vulnerable Products
• Kibana versions 8.10.0 to 8.15.0.

Impact Assessment

Successful exploitation could allow an attacker to execute arbitrary commands, leading to a complete system compromise. This could affect confidentiality, integrity, and availability, making it a high-risk issue for organizations relying on Kibana for data visualization and exploration.

Patches or Workaround

Upgrading to Kibana version 8.15.1 resolves this vulnerability. Additionally, limiting access to Elasticsearch indices and restricting Kibana privileges reduces exposure.

Tags

#CVE-2024-37285 #Kibana #ArbitraryCodeExecution #YAML #Deserialization #ElasticStack #CyberSecurity

"The No. 1 goal I have is just visibility and awareness that … it's no longer your grandpa and grandma's ELK stack." - Abhishek Singh

https://www.techtarget.com/searchitoperations/news/366566574/Ex-Datadog-AWS-exec-steers-Elastics-observability-strategy

#elastic #elasticsearch #ELKstack #elasticstack #observabilty #semanticsearch #vectorsearch #generativeAI #opentelemetry #Datadog #AWS

"The No. 1 goal I have is just visibility and awareness that … it's no longer your grandpa and grandma's ELK stack." - Abhishek Singh

https://www.techtarget.com/searchitoperations/news/366566574/Ex-Datadog-AWS-exec-steers-Elastics-observability-strategy

#elastic #elasticsearch #ELKstack #elasticstack #observabilty #semanticsearch #vectorsearch #generativeAI #opentelemetry #Datadog #AWS

"The No. 1 goal I have is just visibility and awareness that … it's no longer your grandpa and grandma's ELK stack." - Abhishek Singh

https://www.techtarget.com/searchitoperations/news/366566574/Ex-Datadog-AWS-exec-steers-Elastics-observability-strategy

#elastic #elasticsearch #ELKstack #elasticstack #observabilty #semanticsearch #vectorsearch #generativeAI #opentelemetry #Datadog #AWS

"The No. 1 goal I have is just visibility and awareness that … it's no longer your grandpa and grandma's ELK stack." - Abhishek Singh

https://www.techtarget.com/searchitoperations/news/366566574/Ex-Datadog-AWS-exec-steers-Elastics-observability-strategy

#elastic #elasticsearch #ELKstack #elasticstack #observabilty #semanticsearch #vectorsearch #generativeAI #opentelemetry #Datadog #AWS

"The No. 1 goal I have is just visibility and awareness that … it's no longer your grandpa and grandma's ELK stack." - Abhishek Singh

https://www.techtarget.com/searchitoperations/news/366566574/Ex-Datadog-AWS-exec-steers-Elastics-observability-strategy

#elastic #elasticsearch #ELKstack #elasticstack #observabilty #semanticsearch #vectorsearch #generativeAI #opentelemetry #Datadog #AWS

https://github.com/UncoderIO/Uncoder_IO

Uncoder.IO an easy to use online translator for Sigma Rules has just been made available as Open Source.

#SIGMA #IOC #ElasticStack #OpenSearch #Athena #Defense #MicrosoftDefender #MicrosoftSentinel #SOC #Analyst #socprime

Good morning Fediverse!

Officially retired my TIG stack server now that it's in k8s and just converted it to another node in my Elastic stack. Some girl *may* have been running on an unsupported 2 node config for awhile 😅

#Homelab #Elasticstack

New from me: #DISHMedia swaps #observability sprawl for @elastic #cloud service, as the vendor looks to start a new chapter in its relationship with Amazon Web Services (#AWS) under new executive leadership.

https://www.techtarget.com/searchitoperations/news/252528605/Dish-Media-swaps-observability-sprawl-for-Elastic-Stack-SaaS

#amazon #ITmonitoring #elasticstack #elasticcloud #vulnerabilitymanagement #incidentresponse #dataanalytics #AIOps #elasticsearch #kibana #logstash

New from me: #DISHMedia swaps #observability sprawl for @elastic #cloud service, as the vendor looks to start a new chapter in its relationship with Amazon Web Services (#AWS) under new executive leadership.

https://www.techtarget.com/searchitoperations/news/252528605/Dish-Media-swaps-observability-sprawl-for-Elastic-Stack-SaaS

#amazon #ITmonitoring #elasticstack #elasticcloud #vulnerabilitymanagement #incidentresponse #dataanalytics #AIOps #elasticsearch #kibana #logstash

New from me: #DISHMedia swaps #observability sprawl for @elastic #cloud service, as the vendor looks to start a new chapter in its relationship with Amazon Web Services (#AWS) under new executive leadership.

https://www.techtarget.com/searchitoperations/news/252528605/Dish-Media-swaps-observability-sprawl-for-Elastic-Stack-SaaS

#amazon #ITmonitoring #elasticstack #elasticcloud #vulnerabilitymanagement #incidentresponse #dataanalytics #AIOps #elasticsearch #kibana #logstash

New from me: #DISHMedia swaps #observability sprawl for @elastic #cloud service, as the vendor looks to start a new chapter in its relationship with Amazon Web Services (#AWS) under new executive leadership.

https://www.techtarget.com/searchitoperations/news/252528605/Dish-Media-swaps-observability-sprawl-for-Elastic-Stack-SaaS

#amazon #ITmonitoring #elasticstack #elasticcloud #vulnerabilitymanagement #incidentresponse #dataanalytics #AIOps #elasticsearch #kibana #logstash

New from me: #DISHMedia swaps #observability sprawl for @elastic #cloud service, as the vendor looks to start a new chapter in its relationship with Amazon Web Services (#AWS) under new executive leadership.

https://www.techtarget.com/searchitoperations/news/252528605/Dish-Media-swaps-observability-sprawl-for-Elastic-Stack-SaaS

#amazon #ITmonitoring #elasticstack #elasticcloud #vulnerabilitymanagement #incidentresponse #dataanalytics #AIOps #elasticsearch #kibana #logstash

Hunting with #ELK and #SIGMA rules #ElasticStack Also the best description of #ElastAlert I've seen https://posts.specterops.io/what-the-helk-sigma-integration-via-elastalert-6edf1715b02