Help Me See My Data
Every second businesses across the globe log terabytes or even petabytes of data. Analysts want to explore the data to identify events, escalate, conduct security, and respond. IT Ops wants to uncover problems long before they become an outage. Other teams and key stakeholders want answers that can only be found in the log data. And the list goes on…
Graylog’s beginnings are rooted in a desire for visibility into log data minus the complexity that usually accompanies aggregating that data from across the system for exploration, compliance audits, and threat hunting. As centralized log management evolved into a key activity in IT Operations for maintaining the health of the business, the need to see more has grown.
At the start of 2020, Graylog assembled an Enterprise Intelligence team, a group of real-world practitioners with deep field expertise. Our goal is to create usable enterprise visualizations that meet the needs of our customers out-of-the-box.
First Step, Authentication
Functioning and secure authentication is critical to every business and this is why monitoring authentication activities is an ongoing task for organizations of every size. Automating this task requires complex foundational logic that includes data normalization, parsing rules, data enrichment, correlation alerts, dashboards, and alerts, etc.
Every IT team wants the task of monitoring authentication automated and most IT teams don’t have the time to build it. And that is why we built it for you.
Authentication is the first module in the Illuminate application. It creates a foundation to normalize all authentication data, regardless of source. As a result, you get consistency in reporting, alerting, and analysis plus the power to easily correlate authentication data across different types of data sources.
Graylog Illuminate for Authentication
Illuminate for Authentication will include many apps, but the obvious starting point is Windows Active Directory.
Illuminate for Authentication comes with Windows focused data normalization, parsing rules, data enrichment, correlation alerts, dashboards (1 universal and 3 Windows specific, and alerts zipped up and ready to deploy inside Graylog Enterprise v3.3+ (v3.2 will also work in a limited capacity). Once deployed, Graylog Enterprise customers can immediately leverage our in-house expertise and gain visibility into who is trying to log into what throughout your IT environment.
What’s Next for Graylog Illuminate?
Authentication is just the beginning for Illuminate. Our Enterprise Intelligence team will continue to build new modules that continue to deliver faster time to value and better results for our Graylog Enterprise customers.
