Expert on sekureco42

Use Grafana Alloy with SigLens

Thu, 24 Jul 2025 12:17:15 +0100

Until now I used vector.dev as my workhorse to collect logs and metrics from systems and deliver them to SigLens. In the mean time there is a new kid on the block: Grafana Alloy. In this article I will show you how you connect Grafana Alloy to your SigLens instance.

Phishing detection with LLM

Thu, 16 Jan 2025 20:16:06 +0100

In a recent project I tried to automate the phishing handling process. So if an email is reported as suspicious from end user the email is sent to a sandbox for a verdict and guess what: The sandbox mostly comes to the conclusion that the email is safe. But: IT IS NOT!

Split log streams into Analytics and Auxiliary Table

Fri, 22 Nov 2024 16:34:12 +0100

In the last article we found out that KQL transformation at ingestion time is not available for Auxiliary Logs. But in real cases you want to have the ability to send selective log lines to Analytics while sending the rest to Auxiliary. In this article we will discover the possibilities.

Remap column names in Data Collection Rules (DCR)

Thu, 21 Nov 2024 07:46:12 +0100

In real world scenarios you have a data source with field names which are not identical to those in your table. Beside of renaming the fields in your agent which sending logs also Data Collection Rules provide the ability to map fields with transformkql.

Auxiliary Logs in Azure Log Analytics

Wed, 13 Nov 2024 17:29:12 +0100

Microsoft provides a new type of Log Analytics tables called Auxiliary Logs. Currently this is in Public Preview and I did some lab testing which I documented in this blog post.

Use Prometheus Node Exporter with SigLens and Vector.dev

Wed, 15 May 2024 10:17:15 +0100

Some days ago I discovered SigLens the first time and wrote a blog post about feeding logs into it with the help of Vector.dev. SigLens does not only provide fast log management - no; it also supports metrics. In this article I show you how to setup ingestion of metrics from Prometheus Node Exporters.

Fast log management with SigLens and Vector.dev

Mon, 13 May 2024 22:29:15 +0100

A new star is born and my new personal favorite if you have to deal with logs: The Log Management solution from https://siglens.com/ together with https://vector.dev/ for log ingestion. This article describes the basic setup and the state of the project per may 2024.

Deploy Ubuntu 24.04 (Noble Numbat) with Autoinstall to Proxmox

Sun, 28 Apr 2024 19:37:15 +0100

Ubuntu provides several methods to automatically install Ubuntu on systems. This article will describe the method with an Autoinstall file to automatically make the base setup of the system.

Introduction

When setting up VMs based on Ubuntu, I often go through the same setup steps. Naturally, I do this with Ansible. However, there’s a bit of a chicken-and-egg scenario: to manage the system with Ansible, a defined user must exist, along with an SSH key.

Azure Batch and how to avoid misuse

Tue, 23 Apr 2024 18:22:15 +0100

Azure Batch is quite powerful tool if you want to scale compute intensive tasks in your environment due it lets you manage scaled workload in Azure. This article will present counter measure to reduce the risk of misuse.

Deploy Windows 11 Dev VM to Proxmox

Sun, 21 Apr 2024 12:22:15 +0100

Microsoft provides Windows 11 Developer VMs for several Hypervisors like VMware, Hyper-V and more - but not for Proxmox. This article shows how to automate the process of deploying Windwos 11 Developer VM to Proxmox.

Add automatically Catch-All addresses as Send-from addresses in Exchange Online

Wed, 19 Apr 2023 07:59:15 +0100

In previous post I wrote about several possibilities to automate tasks in Azure. In this post I will show you an additional possibility to automate tasks in a cloud native environment with the help of Automation Account.

Microsoft Defender for Endpoint API with Logic App

Mon, 20 Mar 2023 20:06:15 +0100

In another post I already wrote about managed identities and using API. There I also showed how to adapt the required permissions. In this post you will see how to set up required permissions for Microsoft Defender for Endpoint (internally called WindowsDefenderATP).

Graph API with Logic App

Wed, 15 Mar 2023 07:51:15 +0100

In the first part of this serie we checked the basics of the Graph API. Now in this part we will use Logic App to query the API. This opens new way to automate tasks.

Nextcloud SSO with Azure Active Directory (AAD)

Wed, 22 Feb 2023 11:00:15 +0100

Nextcloud is a file sharing platform like Sharepoint. Providing SSO for this application for your Azure Active Directory users is easy - especially if you know which SAML properties you have to setup on both ends, Nextcloud and AAD. This article shows you how to do it.

Comment function for static websites with Remark42

Sat, 04 Feb 2023 15:53:15 +0100

Static websites are incredibly fast - but the drawback is that you can’t use dynamic content like commenting of articles. But there is a solution for this issue: You could integrate external commenting services. One of them is Remark42 which can be self-hosted. This Article has some Tipps for setting up Remark42.