1 min
IT Ops
10 Best Practices for Log Management & Analytics: Part 1
This 3-part series covers Logentries’ 10 best practices for log management and
analytics. To download the complete article, click here
.
As applications, hosting environments and infrastructure continue to grow in
size and complexity, having a well defined set of logging strategies and
practices is more important than ever.
In Logentri
2 min
IT Ops
Using Log Data Streams for Real-Time Analytics: Part 1
This 3-part series explores the definition and benefits of using log data
streams and real-time analytics for some common IT Ops uses cases. To download
the complete article,click here
.
Analytics tools are often focused on analyzing historical data. Taking a sample
of data from historical events, you can perform calculations to determine what
happened during that period of time and report on you
6 min
IT Ops
How to Implement ANTLR4 Autocomplete
Antlr4 is a new iteration of a popular Antlr parse tree
generator. Antlr4 features great documentation
and an in-depth book
on the
subject. However, the topic of autocompletion lacks any substantive material. I
hope this article will steer you in the right direction if you are looking to
implement autocomplete functionality
1 min
Discover Assets Dynamically with Infoblox DHCP
A highlight of the Nexpose 5.15 release is the addition of Infoblox Trinzic DDI
to the growing list of Dynamic Discovery sources. With nearly 8,000 customers
worldwide, Infoblox is a market leader in DNS, DHCP and IP address management.
Building upon existing support for Microsoft DHCP log monitoring, released this
past spring, Nexpose customers that use Infoblox to manage DHCP activity can now
detect previously unknown devices whenever they connect to the network,
providing a more complete un
2 min
IT Ops
Announcing Logentries as Google Cloud Platform's First Log Analytics Partner
Today we’re excited to announce
our partnership with Google Cloud Platform, making Logentries
the first provider of log analytics for Google Cloud
customers.
Logentries’ Google Cloud integration enables Google customers to perform
advanced analysis on their log data,
3 min
IT Ops
Introducing Logentries NEW Query Language: LEQL
We are excited to announce that Logentries’ new SQL-like query language, LEQL,
is now available
for more advanced analytics and easy extraction of valuable insights from your
log data.
A SQL-Like Query Language
If you’ve ever used SQL, LEQL should feel familiar. In fact, Logentries already
supports a number of SQL-like search functions, including:
* SUM: Sums a set of values
*
2 min
IT Ops
How to Log with the Docker Logentries Container
Logentries offers a variety of ways to get logs out of your containerized
environment , including our
Linux Agent, application plugin libraries, and Syslog. In this post we’ll cover
collecting and forwarding logs via our Docker Logentries Container, which
requires Docker 1.5 or higher.
To configure the Docker Logentries Container you’ll need to do the following:
* Create a destination log in your Logentries account to record your Docker
lo
8 min
Metasploit
Wassenaar Arrangement - Frequently Asked Questions
The purpose of this post is to help answer questions about the Wassenaar
Arrangement. You can find the US proposal for implementing the Arrangement here
,
and an accompanying FAQ from the Bureau of Industry and Security (BIS) here
. For Rapid7's
take on Wassenaar, and information on the comments we intend to submit to BIS,
please read this companion pie
2 min
Malware
What exactly is Duqu 2.0?
Overview:
Duqu, a very complex and modular malware platform thought to have gone dark in
late 2012, has made its appearance within the environment of Kaspersky Labs.
Dubbed “Duqu 2.0” by Kaspersky, the level of complexity found within the malware
represents a high level of sophistication, skill, funding and motivation seen by
nation-sponsored actors. Infections related to this malware have reveale
3 min
How to be a Combination King
I recently spent a wonderful week in London to participate in Infosecurity
Europe as part of a larger group of
internationally-based Rapid7 employees. If you've been to many events, you know
that vendors quite often come up with clever ways to attract people to their
booth through giveaways, technical presentations, and product demonstrations.
Lucky for me, our booth happened to be right next to a vendor who had a rather
neat contest involving a keypad lock
1 min
MsfPayload and MsfEncode are Being Removed from Metasploit
Oh hi folks,
Last year on December 9th
, we made an official announcement about deprecating MsfPayload and MsfEncode.
They are being replaced by msfvenom. Well, today is the day we pull the plug. We
are currently in the process
of removing these two
utilities, and in a day or two you will never see them from upstream again.
If you are still not so familiar
2 min
Metasploit
Metasploit Framework Rails 4.0 Upgrade
It is always a running battle to keep an application's backend up to date with
various technologies. Today, we are excited to announce that Metasploit
Framework now ships with Rails 4.0.
Upgrades like this are sometimes hard to get excited about because if everything
goes well, users should see no difference. There are many reasons to upgrade to
Rails 4, though.
Why Upgrade
Here are the important reasons to upgrade from our perspective:
* Security is a b
2 min
Vulnerability Disclosure
Remote Coverage for MS15-034 HTTP.sys Vulnerability (CVE-2015-1635)
Patch Tuesday last week saw the release of Microsoft security bulletin MS15-034,
which addresses CVE-2015-1635, a remote code execution vulnerability in
Microsoft Internet Information Services (IIS) running on Windows 7 / Server 2008
R2 and later. This vulnerability can be trivially exploited as a denial of
service attack by causing the infamous Blue Screen of Death (BSoD) with a
simple
HTTP request .
In order to provide better assessment of your ass
2 min
Vulnerability Disclosure
Breaking down the Logjam (vulnerability)
What is it
Disclosed on May 19, 2015, the Logjam vulnerability
(CVE-2015-4000
) is a flaw in
common TLS implementations that can be used to intercept secure communications.
This TLS protocol vulnerability would allow an active man-in-the-middle (MITM)
attacker to silently downgrade a TLS session to export-level Diffie-Hellman
keys. The attacker could hijack this downgraded session b
1 min
Metasploit
2015 Metasploit T-Shirt Design Contest: It's On!
Hacker-designers! We need you! Show us your graphic skills, design an epic
Metasploit t-shirt, and win Eternal Fame and Glory!
Ahem, er, rather, we're looking for someone to design this year's Metasploit
t-shirt.
And if you are this year's winning Metasploit t-shirt designer, you will get
$230USD and the notoriety and/or immense personal satisfaction in knowing that
you're the 2015 Metasploit t-shi