Encrypting traffic in transit to Apache NiFi

In this article we'll explain how to encrypt traffic going to an HTTP handler in NiFi, which is then forwarded to a backend HTTP server - in other words, an SSL offloading reverse proxy. Encrypting traffic in transit to NiFi involves the following steps: Creating a keystore containing a CA certificateCreating a truststore, which contains … Continue reading Encrypting traffic in transit to Apache NiFi

Monitoring DNS requests with PowerShell

@CyberSift we're big fans of monitoring DNS. While there are malware campaigns out there which communicate directly with hard coded IP addresses, monitoring DNS is a good strategy for keeping tabs on what's going on in your environment. When it comes to monitoring windows hosts, Sysmon is an absolute must. There's tons of information out … Continue reading Monitoring DNS requests with PowerShell

Is it Elastalert? No – it’s NiFi!!

One common requirement for users of Elasticsearch is to have automatic alerts sent out whenever some query gets matched, or when some other condition gets satisfied. In fact, Yelp have come up with a python-based solution for this in the form of Elastalert, which at time of writing, is extremely popular with over 5.5K stars … Continue reading Is it Elastalert? No – it’s NiFi!!

Consuming Netflow using NiFi

The problem Several network devices (especially Cisco) tend to use netflow for auditing network connections. It would be useful to log these connections in a structured data store (Elasticsearch is my data store of choice). Alternative Solutions Using the elasticsearch netflow module: https://www.elastic.co/guide/en/logstash/current/netflow-module.htmlThis works well right out of the box, and supports all netflow versions. … Continue reading Consuming Netflow using NiFi

Lessons Learned: GoLang GORM – filtering associations

The problem Given the following code: type User struct { gorm.Model Username string Orders []Order } type Order struct { gorm.Model UserID uint Foobar string } The above Golang code defines a "Has Many" association, leading to a schema where a "User" "has many" "Orders", with the "user_id" key acting as a foreign key. How … Continue reading Lessons Learned: GoLang GORM – filtering associations

Python Pickling in the cloud (or how to get python to execute code it hasn’t seen yet)

Problem - What are we trying to solve? Let's assume you have the beginnings of a simple distributed system: You use redis as your event queueYou have a "master" python script that pickles a python class, and sends it to your redis queueYou have a "worker" python script that waits for a new event, unpickles … Continue reading Python Pickling in the cloud (or how to get python to execute code it hasn’t seen yet)

Exploring Gaussian Process vs Linear Regression

Linear regression is often one of the first algorithms that data analysts are introduced to. The intuition is simple: find the best line that fits a given data set. For example, given the below data set: you'd probably answer with something along these lines: That is, in fact, the answer given by Linear Regression. However, … Continue reading Exploring Gaussian Process vs Linear Regression