We've got you covered
CSV, TXT
Apps
Apps
Mgmt
Mgmt
The ol’ 80/20 rule: about 80% of the time you are running the same analyses over and over again, especially if you are an MSP, MSSP, or MDR. Whether you’re trying to track down a particular user session to figure out what went wrong or you were alerted to a potential threat and need to do some threat hunting, you need to gather the same types of data every time, and then keep going from there based on the results.
With Graylog’s Search Workflow, you can build and combine multiple searches for any type of analysis into one action and review your delivered results on a dashboard-like screen(or multiple tabs for really complex tasks).
Best of all, you can easily save and share Search Workflows to ensure consistency, save time and empower more junior team members.
Start with one or more input parameters so you don’t have to copy and edit an old query just to change an ip address, mac address, user id, etc.; and even chain queries together so the results of one search become the input parameter to the next.
To keep your search results lightning fast, be sure to set up pipelines and streams correctly so you can easily limit your search to only relevant data. From there you can build your Search Workflow by adding one or more extended searches and specifying the type(s) of input parameter(s) an analyst should initiate the search with. For repetitive tasks, save and share your search workflow for later reuse.
Just like dashboards, you can drill-down into the charts produced by your search workflow and even turn the results into a dashboard with just a click or two.