Many organizations today have strict data privacy regulations that they must comply with. These privacy regulations can often clash with the requirements of security, application and operations teams who need detailed log information. This how to guide walks you through redacting message fields for privacy purposes. At Graylog, many of the organizations who use our tool are logging sensitive data that may contain personally identifiable information, health related data or financial data.

Wherever you live, people can find you using either a street address or a set of latitude and longitude numbers. In the digital world, your website’s domain name or URL is the street address while the IP address is the latitude and longitude. For example, it would be cumbersome to tell people that you live at 35°05′17″N 109°48′23″W, but easy to say a number and street name. IP address data is useful for both protective and detective cybersecurity functions.

The Devo Platform has earned its reputation as a powerful and innovative force in Security Information and Event Management (SIEM). Customers rely on Devo to detect and respond to threats in real time, gain complete visibility into their security posture, and streamline their security operations. But the core strengths that make Devo a SIEM leader – unmatched scalability, real-time analytics, and flexible customization – also enable us to solve a variety of other data challenges.

A recent analysis by JPMorganChase criticized the CVSS scoring process, finding missing context leads to misleading prioritization. When it comes to cybersecurity, patching vulnerabilities often feels like the Holy Grail. Get those CVEs patched, and you’re safe, right? Well, not exactly. As we know, patching isn’t as straightforward—or as effective—as we’d like to believe.

The high volumes of security data that cloud environments generate leave security teams swimming in data, but many feel like they need a life preserver to improve their incident response capabilities. Enter security data lakes. As the costs associated with data retention become overwhelming, organizations are embracing the idea of security data lakes and data warehouses.

Factors such as scalability, budget, and security must be considered for businesses considering their cloud storage and data management needs. Still, one of the most crucial factors that must be accounted for is what compliance standards must be met. Compliance with GDPR, HIPPA, SIEM, or other bodies ensures the organization adheres to legal, regulatory, and industry standards that are met to protect sensitive data.

Capturing network traffic is usually done either for security reasons or to troubleshoot networking issues. But by the time you initiate a network capture (either manually or automatically) it’s often too late already – the train has already left the station. Point in case: Say your SIEM (obviously EventSentry) detects abnormal or suspicious behavior in a log and a network capture is initiated.

There are rare moments when technology doesn’t just improve — it leaps forward, leaving behind everything we once thought was enough. The launch of CrowdStrike Falcon Next-Gen SIEM was one of those moments. It’s a game-changer that alters the way security teams think, operate and stop breaches.

Google Workspace is a popular productivity suite, and its broad collection of apps (such as Gmail, Drive, Calendar, and Docs) can give attackers a central point of entry for accessing sensitive and valuable data if they compromise an account. Learning how to identify malicious activity in your Workspace environment enables you to stop threats before they become more serious. In this post, we’ll look at a few ways attackers gain access to and take advantage of Google Workspace.

A primary goal for security teams is identifying specific threats to their environment, but they often face the daunting task of reviewing vast amounts of log data and alerts. Even with well-crafted detection rules, sifting through irrelevant data to pinpoint essential details for an investigation can be a significant challenge. This not only prolongs investigation times but also increases the risk of overlooking critical information.