API Security adds Continuous Discovery and Risk Scoring PLUS a Free Version | LEARN MORE>

The Graylog blog

Gary’s DefCon Journal  

Day 1-

Hey Blue Team Village! Guess who’s back, back again? Gary’s back, tell a friend. It’s check in day at DefCon and I am so excited I’m rapping Eminem. Why am I so excited? Because people are back at DefCon. Wonderful, lovely, vaccinated and mask wearing people. I checked in this morning and got my wristband. I still had Lennart’s Amex (he definitely should have noticed all the cat food I’ve bought) so I planned on going even bigger this year than last year. Stay tunaed to read all about my adventures.

 

Thursday I listened to Abe give a talk called, “Logjamming: Tales of Inovation, Intrigue, & Shenanigans from Combining Data.” Which is good because I need some more tips and tricks in that area. Apparently a certain Graylog founder/ can opener doesn’t have time to entertain all my questions. I bet Abe will help a cat out.

Questions-

 

What kind of log sources can I ingest into Graylog?

– Raw-TCP/UDP, Beats, CEF, AWS-FlowLogs-Cloudtrail-Kenisis, Syslog-tcp-udp, Plain TCP UDP

 

What Illuminate content packs are available?

– 0365, Palo Alto, OKTA, Windows Events, Sysmon

 

What is the best way to get started with Graylog?

-the best way to get started is to download a deployment available, install via the docs

-checkout the graylog community and our website for video content and howtos

 

Gary, do you use Graylog?
Yes, obviously, I have a very successful business with many logs to ingest. But would you believe that Lennart didn’t give me a discount on the product? And to think I let him live in my house and open my cans.

 

Is there formal training on Graylog?

– Yes there are enterprise training modules available at academy.graylog.org

– now Training is offered as part of a paid course for anyone.

 

Can you describe how Graylog scales?

-scaling is done via a cluster of Graylog Severs with Mongo DB, Elastic Search and the graylog application

 

How is your new dog sister?

Please don’t make me answer this. But here is a picture of the wretched creature to please all of dog loving simpletons. But be warned, it is rather hideous.

 

 

Can I run Graylog in the cloud?

-yes, Graylog Managed cloud offering, we use a new product in premise called Graylog Forwarder

that forwards your logs encrypted and compressed into the cloud securing them.

 

Azure AD logging?

– yes when you have Microsoft E5/A licensing tier to allow these logs to be enabled.

 

Logging sources

– AD/DNS/ logging, utilizing winlogbeat, however with multiple AD servers

 

 

Abe gave an excellent talk, but I did take a cat nap towards the end. I couldn’t help meowself. Then I went to check out the town on Lennart’s dime. I toured around Vegas in style and in fear. Cats do hate water after all, aww the things I will do for good content. The attention I get really sustains my ego. Thursday was such a big day for me that I only managed to fit in about 12 cat naps. I will have to strive to do better tomorrow.

 

 

Day 2-

I began my day by blessing the people with my presence a bit and did a couple laps around Defcon. It was nice to be able to collect all the free treasures. Keychains are my favorite, they are incredible to swat. I am putting in a request for laser pointers next year now.

 

After exploring I was feeling rather catatonic and in desperate need for some sunbathing. I ordered a few tunatinis to help take the edge off of such a stressful week. Humans do not appreciate how hard it is to be a cat. The cabana was a bit of a splurge but I deserve it. After all, Lennart did adopt a mongrel without my knowledge.

After my rest and relaxation I was ready to get going with some capture the flag. I believe my cat reflexes will really help me win.

 

Unsurprisingly, I was able to win. Defeating you Plebeians was kitten’s play. No one saw me as a threat. Meanwhile I became King of Defcon. Please feed me tuna accordingly. We also learned that unfortunately, my party was cancelled. That’s right, the party was really for me. But I rallied because I am a benevolent ruler who can go with the flow. I did sit in the hotel room in my party hat for a bit, it just looked so good on me. In the end the party was moved from Saturday to Friday night. Good thing I got ready so early. It became a virtual event instead, which meant I was able to hit the tables for some craps. I won a lot of money that I will use to hire a good lawyer and sue Miller for trespassing, emotional damage, embezzlement, racketeering, and whatever I find in the legal textbook I am reading.

Going Home-

What a weekend. Wow, it was so awesome to see so many of you there. My personal highlight was my time at the cabana. I did not realize how much I needed that kind of relaxation. Ever since the mongrel invaded my home I have harbored a lot of stress. I hopped on my jet, no commercial flights for this cat, and headed home. I wonder if Lennart even knew I was gone. Well that is it for me from Defcon this year. Hope to see you all back again next year.

 

Thanks to everyone who followed along with Gary’s antics this year. Click the link below and fill out the form to get a Gary approved Graylog patch from Defcon 29.

 

SEND ME THE PATCH

About the Author

Gary is a cat, which considering you’re reading this on the Graylog blog, makes complete sense. Gary is best known for dreaming up cool new features for Graylog while resting on Lennart Koopmann’s lap. He’s also known for sunbathing, bird watching, and swatting at the occasional piece of string. Gary enjoys napping, as should all right-thinking people. He’s agreed to stay mostly awake during DEF CON 28 to write daily reports about the conference.

 

Get the Monthly Tech Blog Roundup

Subscribe to the latest in log management, security, and all things Graylog Blog delivered to your inbox once a month.