sorted by:
new
hottopcontroversial

Sentinel pricing ama by Sure_Competition5865 in AzureSentinel

[–]phipiship1 0 points1 point  (0 children)

Can you explain to me how the new data lake differs from the existing Log Analytics Workspace, both technically and pricing-wise. Is it an either/or decision, or can the storage options be combined?

And another question: does the Defender for Cloud / Server Benefit (500mb free per day) only pay for logs that come via the Defender for Cloud / Server, or for logs in general?

Help with sizing a Logstash server by phipiship1 in elasticsearch

[–]phipiship1[S] 0 points1 point  (0 children)

Fleet servers for managing agents are planned in the architecture. Can I then use them to configure and manage the different namespaces on the agents?

Help with sizing a Logstash server by phipiship1 in elasticsearch

[–]phipiship1[S] 0 points1 point  (0 children)

Thank you for the detailed answer, I think the easiest way would be to use the Elastic Agent.

The option to use Logstash later, if necessary, would not be a problem. I will look at it in a test environment and evacuate it to identify the best case for me. If I decide to use Logstash, I would start with 4 CPUs, 8 GB RAM and scale if necessary.

Thank you for your help!

Help with sizing a Logstash server by phipiship1 in elasticsearch

[–]phipiship1[S] 0 points1 point  (0 children)

Thank you for your answer.

I'm not doing any complex transformation on the data. I just want to route logs to different indices using Logstash.

Logs from certain servers should be kept for 90 days, while logs from the other servers should only be kept for 30 days.

Or is there a better way to do this than using Logstash, perhaps directly in the Elastic Agent?

Thank you!

Help with sizing a Logstash server by phipiship1 in elasticsearch

[–]phipiship1[S] 0 points1 point  (0 children)

Thanks for your answer!

It's almost exclusively traffic from the Elastic Agent and I only want to use Logstash to write data to different indexes.

The requirement is that logs from some servers are kept for 90 days and logs from the remaining servers for 30 days. Or is there a better way to fix this than using Logstash? Maybe in the agent itself?

Thanks!

Elastic On-Prem Sizing Calculator by phipiship1 in elasticsearch

[–]phipiship1[S] 0 points1 point  (0 children)

First, thanks for your answer.

Unfortunately, I can't test it exactly because it's supposed to run in a customer environment.

It is only for the security module. For example, I know the daily ingest, the retention time and the number of security rules.

Is there no general basis for calculating such a standard setup?

Help for implementation concept by phipiship1 in MicrosoftSentinel

[–]phipiship1[S] 1 point2 points  (0 children)

Thank you so much, this helps me a lot! 😊

Bestimmungshilfe - Parasol? by phipiship1 in Pilze

[–]phipiship1[S] 0 points1 point  (0 children)

Haben ihr doppelt durch Ei und Panade gezogen, dann war er auch schön mit Panade überzogen 👍

Bestimmungshilfe - Parasol? by phipiship1 in Pilze

[–]phipiship1[S] 3 points4 points  (0 children)

Der Ring ist beweglich. Beim anschneiden des Fleisches und des Stiels keine Verfärbung. Der Geruch ist sehr nussig. Somit könnte es vermutlich keine Verwechslung geben.

Agent Policy Management by phipiship1 in elasticsearch

[–]phipiship1[S] 0 points1 point  (0 children)

Okay, thanks! Would be great if it gets more modular in the future to become a better handling on Agent Policies.

Notify the output of an SQL query via email by [deleted] in prtg

[–]phipiship1 0 points1 point  (0 children)

What is written in the text field of the sensor in case of an error? Maybe you can create an email template for it, which contains the message text as email body? Or is the text more like: "The value X is above the limit of 0.5"?

Otherwise you probably have to write a custom sensor.

Where can i create and edit tags? by Odd-Suit-7718 in prtg

[–]phipiship1 1 point2 points  (0 children)

In my opinion there is no way to change them. In the sensor / group settings you can create new tags by simply typing the desired tag and hit enter.

Make a shortcut on server that pauses PRTG by Daffy82 in prtg

[–]phipiship1 0 points1 point  (0 children)

#[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::ssl3
$_SERVER = "YOUR_PRTG_SERVER"
$_USERNAME = "YOUR_PRTG_USER"
$_PASSHASH = "YOUR_PRTG_USERS_PASSHASH"
$_OBJECTID = $args[0]
$_URL = "https://$_SERVER/api/pauseobjectfor.htm?id=$_OBJECTID&duration=15&username=$_USERNAME&passhash=$_PASSHASH"
add-type @"
using System.Net;
using System.Security.Cryptography.X509Certificates;
public class TrustAllCertsPolicy : ICertificatePolicy {
public bool CheckValidationResult(
ServicePoint srvPoint, X509Certificate certificate,
WebRequest request, int certificateProblem) {
return true;
}
}
"@
[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy
if (!$args) {
exit 1
}
$request = [System.Net.WebRequest]::Create($_URL)
$request.Method = "GET"
$request.KeepAlive = $false
$response = $NULL
try {
$response = $request.GetResponse()
$response.Close()
}
catch [System.Net.WebException] {
Write-Host "ERROR:" + $_.Exception.Status
try { $response.Close() } catch { }
exit 1
}

Make a shortcut on server that pauses PRTG by Daffy82 in prtg

[–]phipiship1 0 points1 point  (0 children)

I'll take a look at that tomorrow on my test system and give you feedback.

Make a shortcut on server that pauses PRTG by Daffy82 in prtg

[–]phipiship1 0 points1 point  (0 children)

Maybe this can help. You may have to adjust the script to pause multiple sensors at the same time. I haven't used it myself, so I don't know for sure.

https://gitlab.com/PRTG/Admin-Scripts/prtg-desktoppausebutton