-
rare Сommand in Splunk
The rare command in Splunk helps you find the least common values in a specific field of your data. This is useful for spotting unusual or infrequent events. By default, the rare command in Splunk returns the 10 least common values for a specified field. Find Rare User Agents To identify the least common user agents in your web…
-
coalesce Function in Splunk
The Splunk coalesce function returns the first non-null value among its arguments. It’s useful for normalizing data from different sources with varying field names. For example, to unify multiple source IP fields into a single src_ip field: | eval src_ip = coalesce(src_ip, sourceip, source_ip, sip, ip) The post coalesce Function in Splunk appeared first on SOC Prime. Go to Source
-
Strela Stealer Attack Detection: New Malware Variant Now Targets Ukraine Alongside Spain, Italy, and Germany
Security experts have uncovered a novel Strela Stealer campaign, which leverages a new iteration of email credential-stealing malware. In this campaign, the updated malware version is enriched with enhanced functionality and is now capable of gathering system configuration data via the “system info” utility. Moreover, Strela Stealer expanded its targets beyond Spain, Italy, and Germany…
-
Reducing Kafka Lag: Optimizing Kafka Performance
Apache Kafka is a powerful distributed messaging system, but like any system, it can face performance bottlenecks. One of the most common challenges is Kafka lag—the delay between producing and consuming messages. Addressing Kafka lag is crucial for maintaining real-time data pipelines and ensuring optimal performance. In this article, we explore practical strategies to reduce…
-
KRaft: Apache Kafka Without ZooKeeper
Apache Kafka has been a cornerstone of modern event streaming architectures, enabling reliable and scalable data pipelines for businesses worldwide. Traditionally, Kafka has relied on ZooKeeper for managing metadata, configurations, and cluster coordination. However, the introduction of KRaft (Kafka Raft) marks a significant shift in Kafka’s architecture, eliminating the need for ZooKeeper and simplifying cluster management. What…
-
Using Kafka as a Fast Correlation Engine
In this article, we explore how Kafka Streams can be utilized for filtering and correlating events in real time, effectively transforming Kafka into a high-speed correlation engine. By leveraging the capabilities of ksqlDB, you can deploy content rules and filter alerts directly within Kafka. This approach enables real-time filtration and aggregation of log event flows using…
-
Fluentd: How to Use a Parser With Regular Expression (regexp)
This guide explains configuring Fluentd to extract structured data from unstructured log messages using the parser plugin with a regular expression (regexp). If you need to extract specific fields, such as log_source and index, from a log message, you can do this as follows. Input Log: { “message”: “Log source ‘WinCollect DSM – SRV-AD-001’ has…
-
We discovered several vulnerabilities in the Milesight UG67 Outdoor LoRaWAN Gateway. The device had an unprotected USB console allowing access to the root file-system for analysis, an undocumented default password usable for remote SSH login, a command execution circumventing the restricted shell and a local privilege escalation using ubus as well as a local privilege escalation using world-writeable webroot. The issues can be combined to allow privileged access from a remote connection.
We discovered several vulnerabilities in the Milesight UG67 Outdoor LoRaWAN Gateway. The device had an unprotected USB console allowing access to the root file-system for analysis, an undocumented default password usable for remote SSH login, a command execution circumventing the restricted shell and a local privilege escalation using ubus as well as a local privilege…
-
We discovered several vulnerabilities in the Single Sign On components of WatchGuard: the protocol used is insecure and can be redirected, an interface based on the Telnet protocol contains a backdoor and the SSO Agent can be crashed by sending unexpected data.
We discovered several vulnerabilities in the Single Sign On components of WatchGuard: the protocol used is insecure and can be redirected, an interface based on the Telnet protocol contains a backdoor and the SSO Agent can be crashed by sending unexpected data. Go to Source
-
Our new blog post describes the exploitation of a remote code execution vulnerabiltiy in the open-source learning platform Moodle. A short summary of the vulnerability discovered by us can be found in the corresponding advisory Moodle: Remote Code Execution via Calculated Questions.
Our new blog post describes the exploitation of a remote code execution vulnerabiltiy in the open-source learning platform Moodle. A short summary of the vulnerability discovered by us can be found in the corresponding advisory Moodle: Remote Code Execution via Calculated Questions. Go to Source