|
By Jeff Darrington
In cybersecurity as in sports, teamwork makes the dream work. In a world where security analysts can feel constantly bombarded by threat actors, banding together to share information and strategies is increasingly important. Over the last few years, security operations center (SOC) analysts started sharing open source Sigma rules to create and share detections that help them level the playing field.
|
By Jeff Darrington
A structured approach to incident response enables you to create consistently repeatable processes. Your incident response playbook defines responsibilities and guides your security team through a list of activities to reduce uncertainty if or when an incident occurs. MITRE ATT&CK Framework outlines the tactics and techniques that threat actors use during different stages of an attack.
|
By Graylog Security
Researchers at AhnLab Security Intelligence Center (ASEC) recently published a report on the Andariel threat group, a DPRK state-sponsored APT active for over a decade, that has been leveraging RID hijacking and user account concealment techniques in its operations to stealthily maintain privileged access to compromised Windows systems.
|
By Jeff Darrington
After a long day, you sit down on the couch to watch your favorite episode of I Love Lucy on your chosen streaming platform. You decide on the episode where Lucy can’t keep up with the chocolates on the conveyor belt at the factory where she works. Without realizing it, you’re actually watching an explanation of how the streaming platform – and your security analytics tool – work. Data streaming is the real-time processing and delivery of data.
|
By The Graylog Team
As digital transformation expands the threat landscape, compliance mandates adapt to meet new challenges. In 2020, the European Commission announced its decision to accelerate its revision of the Directive on Security of Network and Information Systems (NIS2). When carrying out its impact assessment, the Commission realized that it needed to update the NIS Directive in response to new risks.
|
By Jeff Darrington
It’s a warm, sunny day as you lie in the sand under a big umbrella. Suddenly, you feel the waves crashing against your feet, only to look down and see numbers, letters, usernames, and timestamps. You try to stand up, but you feel the tide of big data pulling you under… With a jolt, you wake up, realizing that you were having another nightmare about your security Data Lake and analytics.
|
By Jeff Darrington
Your Domain Name System (DNS) infrastructure enables users to connect to web-based resources by translating everyday language into IP addresses. Imagine going into a restaurant, in the age before the internet, only to find that the staff speaks and the menu is written in a different language from yours. Without some shared communication form, you can’t order dinner, and they can’t give you what you want.
|
By The Graylog Team
Many organizations today have strict data privacy regulations that they must comply with. These privacy regulations can often clash with the requirements of security, application and operations teams who need detailed log information. This how to guide walks you through redacting message fields for privacy purposes. At Graylog, many of the organizations who use our tool are logging sensitive data that may contain personally identifiable information, health related data or financial data.
|
By Jeff Darrington
Wherever you live, people can find you using either a street address or a set of latitude and longitude numbers. In the digital world, your website’s domain name or URL is the street address while the IP address is the latitude and longitude. For example, it would be cumbersome to tell people that you live at 35°05′17″N 109°48′23″W, but easy to say a number and street name. IP address data is useful for both protective and detective cybersecurity functions.
A recent analysis by JPMorganChase criticized the CVSS scoring process, finding missing context leads to misleading prioritization. When it comes to cybersecurity, patching vulnerabilities often feels like the Holy Grail. Get those CVEs patched, and you’re safe, right? Well, not exactly. As we know, patching isn’t as straightforward—or as effective—as we’d like to believe.
|
By Graylog
Navigate a shifting SIEM market: Challenges, lessons and strategic insights The SIEM market is evolving, and legacy systems struggle to keep up with today’s complex security challenges. Many mid-to-large enterprises, particularly those with revenues up to $5B, find outdated SIEMs hinder their agility and responsiveness. Vendor consolidation and shifting market dynamics add to the difficulty of selecting the right solution.
|
By Graylog
In today’s rapidly evolving threat landscape, the ability to detect and neutralize threats before they inflict damage is critical. This session will showcase how combining multiple log collection strategies can supercharge your threat detection capabilities. By merging traditional DNS logs from your domain controllers with DNS alerts from Cisco Umbrella, you'll gain unprecedented insight into compromised systems at the earliest stages of an attack.
|
By Graylog
Are you ready to streamline your path to cloud compliance while ensuring top-tier security and efficiency? Join us for an exclusive live demonstration of XccelerATOr and Command Center, the cutting-edge solutions that are transforming how organizations achieve and maintain FedRAMP, DoD, and other stringent compliance standards.
|
By Graylog
What does it take to create a truly modern Security Operations Center (SOC)? In this session, we’ll dive into the essential components and architecture that define a cutting-edge SOC, exploring the challenges that organizations face during the modernization process. Through real-world examples, we’ll showcase how forward-thinking clients are successfully navigating these challenges and transforming their SOCs into modern security powerhouses.
|
By Graylog
Aspire Bakeries' Graylog journey began in mid-2017 when we realized the current method of log review/collection on each device wasn’t working for us in Operations and we needed better way of working. Over the years we have grown our Graylog implementation from a single Graylog Open 2.0 VM for Operations Teams to a multi-node cluster handling 100MM+ messages per day and the center of our SOC.
|
By Graylog
While a 200 OK status often signals success, its appearance can be deceiving, especially when it cloaks significant threats within API interactions. This session expands on the critical role of APIs as part of the broader attack surface essential for robust Threat Detection, Identification, and Response (TDIR) programs. We’ll explore intricate case studies where seemingly successful responses harbored risks that bypass traditional monitoring. Learn how to enhance your SIEM capabilities by effectively detecting anomalies in API traffic, ensuring that every layer of interaction is scrutinized—not just the surface.
|
By Graylog
Think you've implemented every security measure possible? Think again. While you may have addressed many common attack vectors from both threat actors and Red Team engagements, there's always more to uncover. This session is designed to push your defenses to the next level by diving deep into the often-overlooked tactics that can significantly enhance your security posture.
|
By Graylog
Kubernetes has revolutionized cloud applications, enabling them to function as microservices distributed across global clusters, significantly enhancing fault tolerance, high availability, and cost efficiency. However, with this great power comes the critical responsibility of maintaining security and observability. Despite its many strengths, Kubernetes lacks a built-in centralized log store, relying instead on third-party plugins for this essential functionality.
|
By Graylog
In February 2024, I discovered a whisper campaign targeting folks in critical infrastructure with a pirate streaming box. While Illicit streaming devices are not new, this one is particularly ""chatty"". When I discovered it was communicating to qqcom, I knew I needed to start ingesting logs and needed a SIEM. I was able to quickly deploy Graylog and collect and correlate logs to understand behavior of the device.
|
By Graylog
When it comes to security data enrichment, it's helpful to think beyond threat intelligence. This white paper explores viable standard and advanced third-party intelligence enrichment sources that are often overlooked.
|
By Graylog
In this guide, what to consider when selecting a source of threat intelligence and how to make threat intelligence work for your organization.
|
By Graylog
When alerts go unheeded or don't deliver next steps on how to mitigate threats, SIEM can become an expensive and ineffective tool.
|
By Graylog
This paper examines the critical criteria to consider when evaluating tools for managing your data. There are compelling reasons why Graylog is the best choice for log management and analysis.
|
By Graylog
The previous data protection directive passed long before the Internet became the primary marketplace for businesses. In light of recent data and privacy issues, consumers demand higher standards for more security.
- February 2025 (6)
- January 2025 (6)
- December 2024 (9)
- November 2024 (8)
- October 2024 (6)
- September 2024 (3)
- August 2024 (5)
- July 2024 (3)
- June 2024 (7)
- May 2024 (5)
- April 2024 (5)
- March 2024 (9)
- February 2024 (8)
- January 2024 (5)
- December 2023 (7)
- November 2023 (2)
- October 2023 (2)
- September 2023 (5)
- August 2023 (4)
- July 2023 (6)
- June 2023 (5)
- May 2023 (4)
- April 2023 (3)
- March 2023 (3)
- February 2023 (5)
- January 2023 (2)
- December 2022 (2)
- November 2022 (2)
- October 2022 (5)
- August 2022 (2)
- July 2022 (1)
- June 2022 (4)
- May 2022 (5)
- April 2022 (6)
- March 2022 (6)
- February 2022 (1)
- January 2022 (3)
- December 2021 (3)
- November 2021 (1)
- October 2021 (4)
- September 2021 (6)
- August 2021 (4)
- July 2021 (3)
- June 2021 (7)
- May 2021 (3)
- April 2021 (1)
- March 2021 (2)
- December 2020 (2)
- October 2020 (4)
- May 2020 (1)
- January 2019 (3)
- December 2018 (2)
Graylog is a leading centralized log management solution built to open standards for capturing, storing, and enabling real-time analysis of terabytes of machine data. We deliver a better user experience by making analysis ridiculously fast and efficient using a more cost-effective and flexible architecture. Thousands of IT professionals rely on Graylog's scalability, comprehensive access to complete data, and exceptional user experience to solve security, compliance, operational, and DevOps issues every day.
Purpose-built for modern log analytics, Graylog removes complexity from data exploration, compliance audits, and threat hunting so you can find meaning in data more easily and take action faster.