AbhinavLogs = Truth in DevOps
Monitor, analyze & debug apps in real-time with Elastic Stack. Stop guessing, start observing.
No Starch PressSecurity teams depend on telemetry, but raw logs and events are chaos until structured, enriched, and secured.
In Data Engineering for Cybersecurity, James Bonifield shows how to design scalable data pipelines using open source tools like Filebeat, Logstash, Redis, Kafka, and Elasticsearch.
Build systems that turn noise into insight and support real-time detection.
https://nostarch.com/data-engineering-cybersecurity
#CyberSecurity #InfoSec #DataEngineering #ElasticStack #OpenSource
Python BrasilCom uma forte ênfase em open source e uma comunidade ativa ao redor do mundo, a Elastic promove a colaboração e a inovação contínua em soluções orientadas por dados.
#python #elastic #elasticstack #elasticsearch #bolhadev #pythonbrasil #pybr2025
Jordan Open Source AssociationThanks to everyone who joined our Elastic Stack workshop. We hope you gained practical insights and are ready to put them to use 🚀 Stay tuned for more events soon.
HyperflexCertified Elastic Engineers
Hyperflex is 100% focused on Elasticsearch.
We help companies scale Observability, Security, and Search.
Why work with us?
– Elastic Partner
– Certified Elastic Experts
– Real-world implementation experience
– Focused on enterprise results, not generic services
Let’s make your Elastic deployment a success.
🔗 hyperflex.co
#Elasticsearch #ElasticSearchConsulting #ElasticPartner #Observability #Security #Hyperflex #AI #ElasticExperts #TechConsulting #ElasticStack
joschiI usually don't post about work-related stuff except for ranting or asking technical questions, but this time I'll make an exception:
Today, Dash0 went out of beta and I am very proud to be part of the magnificent team making this #OpenTelemetry Native #Observability solution possible. 😀
If you’re looking for an observability solution, such as #Grafana, #ElasticStack, #NewRelic, #Datadog or #SigNoz, then give it a spin!
🛡 
Critical Kibana Vulnerability - Arbitrary Code Execution via YAML Deserialization
Date: September 5, 2024
CVE: CVE-2024-37285
Vulnerability Type: Deserialization of Untrusted Data
CWE: [[CWE-502]]
Sources: Elastic Security Advisory
Synopsis
CVE-2024-37285 impacts Kibana versions 8.10.0 to 8.15.0, where a deserialization flaw allows remote code execution if an attacker injects malicious YAML payloads. This vulnerability requires that an attacker has elevated Elasticsearch and Kibana privileges.
Issue Summary
The vulnerability arises from improper YAML deserialization within Kibana. A malicious actor can craft a YAML payload and execute arbitrary code, provided they have specific Elasticsearch index and Kibana privileges. This issue affects Kibana from versions 8.10.0 through 8.15.0 and is critical due to its ease of exploitation and the potential for widespread impact.
Technical Key Findings
Attackers exploit this flaw by submitting a specially crafted YAML document that Kibana deserializes without proper validation. Once the malicious code is parsed, it can run on the server with elevated privileges, enabling arbitrary code execution.
The attacker must have the following Elasticsearch indices permissions;
writeaccess to system indices.kibana_ingest*- The
allow_restricted_indicesflag needs to be set totrue
The attacker must also have ANY of the following Kibana privileges;
- Under
FleettheAllprivilege is granted - Under
IntegrationtheReadorAllprivilege is granted - Access to the
fleet-setupprivilege is gained through the Fleet Server’s service account token## Vulnerable Products - Kibana versions 8.10.0 to 8.15.0.
Impact Assessment
Successful exploitation could allow an attacker to execute arbitrary commands, leading to a complete system compromise. This could affect confidentiality, integrity, and availability, making it a high-risk issue for organizations relying on Kibana for data visualization and exploration.
Patches or Workaround
Upgrading to Kibana version 8.15.1 resolves this vulnerability. Additionally, limiting access to Elasticsearch indices and restricting Kibana privileges reduces exposure.
Tags
#CVE-2024-37285 #Kibana #ArbitraryCodeExecution #YAML #Deserialization #ElasticStack #CyberSecurity
Kibana 8.15.1 Security Update (ESA-2024-27, ESA-2024-28)
Kibana arbitrary code execution via YAML deserialization in Amazon Bedrock Connector (ESA-2024-27) A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse a YAML document containing a crafted payload. This issue only affects users that use Elastic Security’s built-in AI tools and have configured an Amazon Bedrock connector. Affected Versions: Kibana version 8.15.0. Solutions and Mitigations: Users should upgrade to version 8.15.1. For Users tha...
JoeY ☕️🎮✍️🏽Fck it... I've been using #Kibana for quite a while now & just found out that using * for a wildcard match does work. You just didn't put the search term within quotes, or the * will be taken literally as well! 😅🤦🏽♂️ Stupid me!
Beth Pariseau"The No. 1 goal I have is just visibility and awareness that … it's no longer your grandpa and grandma's ELK stack." - Abhishek Singh
#elastic #elasticsearch #ELKstack #elasticstack #observabilty #semanticsearch #vectorsearch #generativeAI #opentelemetry #Datadog #AWS
Martin Boller 
https://github.com/UncoderIO/Uncoder_IO
Uncoder.IO an easy to use online translator for Sigma Rules has just been made available as Open Source.
#SIGMA #IOC #ElasticStack #OpenSearch #Athena #Defense #MicrosoftDefender #MicrosoftSentinel #SOC #Analyst #socprime
GitHub - UncoderIO/Uncoder_IO: An IDE and translation engine for detection engineers and threat hunters. Be faster, write smarter, keep 100% privacy.
An IDE and translation engine for detection engineers and threat hunters. Be faster, write smarter, keep 100% privacy. - GitHub - UncoderIO/Uncoder_IO: An IDE and translation engine for detection e...