Cyber Defense with MITRE Framework | Graylog + SOC Prime | On-Demand Webinar >>

Try Graylog
See Demo

The Graylog blog

Announcing Illuminate v1.6

Today we are excited to announce Graylog Illuminate v1.6. This release includes the Illuminate Sysmon Spotlight.

More Granularity, More Clarification

As with the other Illuminate spotlights, the Sysmon Spotlight reduces the signal-to-noise ratio so you can understand what happened and determine how to prevent it from happening again. It does this by standardizing the processing, tagging, categorization, organization, and extrapolation of relevant data for your windows log sources. It gives you the ability to work faster and more efficiently because you can quickly drill down and do root cause analyses on Windows events. 

Productivity in Minutes

After deploying the spotlight, you have all of your Sysmon endpoint logs in one place for one alert. You can see things like see things like process activity on different systems on different systems instead of checking each one individually. This allows your network to scale with company growth and needs. 

ADDITIONS AND OTHER NOTES

  •  Added additional codes to the ntstatus lookup enrichment (#175)
  •  Converted GIM processing in core to per-category pipelines (#158)

BUG FIXES

  • Windows: Accounted for NXLog overwriting the ProcessID field (#162)
  •  Core: Fixed source_user_category enrichment rule logic error (#166)
  •  Windows: Fixed source_reference mapping logic with Windows Security event 4648 with Winlogbeat 7 (#170)
  •  Windows: Fixed incorrect aggregation field used in Windows dashboard (#173)
  •  Windows: Fixed use of incorrect field with Windows Security event id 4689 (#176)
  •  Added process fields to Illuminate ES template (#128)
  •  Core: Default category placeholder value is spelled incorrectly (#153)
  •  Palo Alto: Dashboard widget had rollup enabled (#155)
  •  Core: network_transport placeholder value assignment incorrect (#157)
  •  Windows: Simplified message routing logic (#190)
  •  Core: Set device investigation dashboard auth time window to 1 day (#188)
  •  Core: Added endpoint data to device investigation dashboard (#187)
  •  Renamed stream “Illuminate:Okta Events” to “Illuminate:Okta Messages” (#185)
  •  Renamed Stream “Illuminate:O365” to “Illuminate:O365 Messages” (#184)
  •  Renamed Rule “Illuminate:Okta;Messag_ Routing:00;Route_All_Event_Log_Messages” to “Illuminate:Okta;Message_Routing:00;Route_All_Event_Log_Messages” (#180)
  • Windows: Fixed issue with authentication dashboard widget “Failures by Source (24h)” time window (#194)”
The Graylog Product Team

The Graylog Product Team

View More Posts By The Graylog Product Team

Get the Monthly Tech Blog Roundup

Subscribe to the latest in log management, security, and all things Graylog Blog delivered to your inbox once a month.

Read Now

Products

Graylog Security
Graylog Operations
Graylog Open
Graylog Cloud
Graylog API Security
Graylog Small Business
Pricing

Features

Alerting
Anomaly Detection ML / UEBA
Archiving
Audit Logs
Content Packs
Correlation Engine
Dashboards
Forwarder
GELF
Incident Investigations
Illuminate
Log View
Multi-threaded Search
Reporting
Rest API
Search Parameters
Search Workflows
Sidecar
Teams Management

LEARN

Resource Hub
Blog
Videos
Webinars
Events
Community

SUPPORT

Customer Support
Documentation
Graylog Academy
Open Community

Company

About
Leadership
Partners
Careers
News & Awards
Contact

[email protected]

Follow Us:

Facebook-f Linkedin Github Youtube Reddit-alien

GRAYLOG HEADQUARTERS

1301 Fannin St, Ste. 2000
Houston, TX 77002

GRAYLOG COLORADO

1919 14th Street, Suite 700, Office 18
Boulder, CO 80302

GRAYLOG LONDON

35 New Broad Street
London, EC2M 1NH
United Kingdom

GRAYLOG GERMANY GMBH

Poolstraße 21
20355 Hamburg, Germany

© 2024 Graylog, Inc. All rights reserved

Privacy Policy | Legal | Sitemap