Cyber Defense with MITRE Framework | Graylog + SOC Prime | On-Demand Webinar >>

Try Graylog
See Demo

The Graylog blog

Announcing Illuminate v1.5

Today we are excited to announce Graylog Illuminate v1.5. 

This release includes Elasticsearch 7 template support, enhancements to Office 365 applications (e.g., Teams, OneDrive, DLP, Sharepoint, etc.), and additional content for Okta and Windows, all designed to add more flexibility and efficiency to authentication, networking, and application activities and best practices. 

ADDITIONS AND IMPROVEMENTS

ILLUMINATE CORE

  • NEW script to set the proper lookup directory and file permissions during the installation (#94)
  • Improved category and priority enrichments in Illuminate Core (#11, #83)

ELASTICSEARCH TEMPLATE 

  • The Illuminate Elasticsearch template application script and associated templates now support ES versions 6 and 7 (#23)
  • Expanded use of associated_* fields in Illuminate ES template (#14, #112)
  • Expanded date/time formats recognized in Illuminate ES templates (#105)

WINDOWS

  •  Added script to set the proper lookup directory and file permissions during the installation (#94)
  • Added normalization of Windows Security Event ID 4688/4689, added process widget to account drill down dashboard (#113)
  • Added Windows built-in groups to Windows static accounts lookup (#42)

IMPORTANT NOTE

We have removed Window copy rules from the Illuminate Window’s Spotlight and merged the Windows normalization into the Windows content pack.

OFFICE 365

Illuminate v1.5 comes with multiple refinements to O365 dashboards, including widgets highlighting DLP messages. Also, we have improved O365 message normalization by applying Graylog Illuminate categories, and we’ve made 

enhancements to Office 365 applications (e.g., Teams, OneDrive, DLP, Sharepoint, etc.).

OKTA

  •  Improved Okta message normalization by applying Graylog Illuminate categories

BUG FIXES

  •  The Illuminate template application script now detects the ES version in use (#23)
  •  The Illuminate template application script now has better detection and handling of errors when applying the templates (#23)
  •  The lookup cache configurations will now expire cached entries after a defined time period (#104)
  • Improved deleted accounts reporting in Windows IAM dashboards (#132)

Compatibility

Graylog v3.3.8 – v3.3.12

Graylog v4.0.2 – v4.0.6

The Graylog Product Team

The Graylog Product Team

View More Posts By The Graylog Product Team

Get the Monthly Tech Blog Roundup

Subscribe to the latest in log management, security, and all things Graylog Blog delivered to your inbox once a month.

Read Now

Products

Graylog Security
Graylog Operations
Graylog Open
Graylog Cloud
Graylog API Security
Graylog Small Business
Pricing

Features

Alerting
Anomaly Detection ML / UEBA
Archiving
Audit Logs
Content Packs
Correlation Engine
Dashboards
Forwarder
GELF
Incident Investigations
Illuminate
Log View
Multi-threaded Search
Reporting
Rest API
Search Parameters
Search Workflows
Sidecar
Teams Management

LEARN

Resource Hub
Blog
Videos
Webinars
Events
Community

SUPPORT

Customer Support
Documentation
Graylog Academy
Open Community

Company

About
Leadership
Partners
Careers
News & Awards
Contact

[email protected]

Follow Us:

Facebook-f Linkedin Github Youtube Reddit-alien

GRAYLOG HEADQUARTERS

1301 Fannin St, Ste. 2000
Houston, TX 77002

GRAYLOG COLORADO

1919 14th Street, Suite 700, Office 18
Boulder, CO 80302

GRAYLOG LONDON

35 New Broad Street
London, EC2M 1NH
United Kingdom

GRAYLOG GERMANY GMBH

Poolstraße 21
20355 Hamburg, Germany

© 2024 Graylog, Inc. All rights reserved

Privacy Policy | Legal | Sitemap