See the patterns...
Security experts agree that event log data provides the most significant visibility into and records on threats to the organization’s IT stack. They key to effective incident response is well organized, centralized log data. The more rapidly you respond to an attack, the less damage the malicious actor can cause.
Graylog Illuminate for Networks automates the visualization, management, and correlation log data. It centralizes all generated log data into a single location. The data is aggregated and correlated for visibility so you can monitor and analyze the data, identify any malicious activity occurring within your network, isolate the source of the activity, and quickly respond to the threats. This creates more effective security monitoring and enables comprehensive auditing.
Centralized network data brings faster response times
Built by Graylog’s Enterprise Intelligence team, Illuminate for Networks eliminates the manual set up necessary to detect, monitor, and analyze network issues across your IT infrastructure.
Initially, Illuminate for Networks will spotlight activities detected by Palo Alto. Graylog offers a more robust set of dashboards where you can aggregate and correlate network traffic from different devices into one central location.
How it works
Graylog Illuminate for Networks comes with Palo Alto focused data normalization, parsing rules, data enrichment, dashboards. Once deployed, Graylog Enterprise customers will save hundreds of hours by leveraging our in-house expertise to gain visibility into the traffic throughout your network infrastructure.
Illuminate for Networks layers logic on the Enterprise input plugin for Palo Alto 9 in order to pull all of your network data into Graylog. This enables you to see all of your Palo Alto data aggregated and correlated into one chart for faster analysis and threat hunting. With data fields aligned, properly classified, and useful information added to the log messages, you can also build “universal” dashboards for deeper account and device investigation.
Robust monitoring analysis with Graylog Dashboards
The Graylog Illuminate dashboards offer a more robust experience for monitoring and analyzing your network traffic. The pre-built content dashboards provide the means for your team to visualize what the network activities that Palo Alto is seeing on the network and identify any anomalies you want to investigate further.
If you're troubleshooting a problem or investigating a potential security threat, Graylog eliminates the need to work in different interfaces by aggregating and correlating the data into one dashboard. This streamlines your daily tasks by separating the important data from all the noise. Front and center you can immediately see things like the number of alerts that have triggered during a specified time frame, user activity, maybe traffic via VPNs to foreign countries you might be interacting with, basically the type of data your team wants to see with one search.
Palo Alto provides a number of data feeds. If you're using the URL filtering to block malicious websites, you can pull this data into Graylog then correlate it with any other data you pulled from the grid wall. Then you can visualize a summary of all your traffic on a pre-built dashboard for further investigation.
Most Network Admins want to know who are the top talkers, who are the bandwidth hogs. For example, you might have a small Palo Alto at a remote site, and on Tuesday morning, the site is getting hammered. The bandwidth is disappearing and people are unhappy. With Illuminate for Networks, you can immediately visualize who is using up the bandwidth of the firewall based upon source IP.
Application usage is another area of the network that needs monitoring. What are your top talking applications? They might be windows and email, or maybe web browsing and email. When there is a spike on one or both of these combinations or maybe another application combination, Illuminate for Networks has a dashboard for that.
Frequently Asked Questions
Graylog Illuminate for Networks requires Graylog Enterprise v3.3 or later.
Graylog Illuminate for Networks supports Palo Alto v9.0x.
Currently, Illuminate for Networks includes Palo Alto Globalprotect and Next-Generation Firewalls (Threat Prevention, URL Filtering, Wildfire, Data Prevention Loss) when used via Firewall appliances.
Of course, we encourage you to take advantage of all the Illuminate modules, and you are able to see all the Illuminate content in your core dashboards, but you are free to only install the ones you want to use.
Graylog will continue to add devices to the Network Stack, while no hard dates are set, devices like Proxies, Firewalls, and IDS/IPS are planned.