The Graylog Blog


Red Team Tools Detection and Alerting

December 16, 2020

The Graylog alert feature can detect the signature from any log source in your organization with the signature/hash value in them. This blog post walks you through the bits of information from the YARA rules and create a rule in Graylog to alert when an IoC is detected. 

SUNBURST Backdoor: What to look for in your logs now - Interview with an incident responder

December 15, 2020

Graylog's Founder and CTO, Lennart Koopmann interviews Eric Capuano, Founder and CTO, of Recon InfoSec about the FireEye report on the global intrusion campaign that utilized a backdoor planted in SolarWinds Orion.

Triaging Log Management Through SIEMS

October 30, 2020

While all cybersecurity professionals agree that log management is integral for robust proactive and reactive security, managing the enormous amount of data logs can be a challenge. While you might be tempted to collect all logs generated from your systems, software, network devices, and users, this “fear of missing out” on an important notification ultimately leads to so much noise that your security analysts and threat hunters cannot find the most important information. 

Event Log Management for Security and Compliance

October 15, 2020

Every action in an organization’s network generates event data, including records produced by operating systems, applications, devices, and users. By following best practices for event log management, you can enhance your cybersecurity posture and enable a more robust compliance program.

Detecting Security Vulnerabilities with Alerts

October 8, 2020

Every day we discover new vulnerabilities in our systems, cracks in the fence the adversaries take advantage of to get into your organization and wreak havoc. Alerts from centralized log management can give advance notice of an attack or alert you when they are going on.

Detecting & Preventing Ransomware Through Log Management

October 5, 2020

As companies responded to the COVID-19 pandemic with remote work, cybercriminals increased their social engineering and ransomware attack methodologies. Ransomware, malicious code that automatically downloads to a user’s device and locks it from further use, has been rampant since the beginning of March 2020. Detection of ransomware through log management offers one way for you to protect your systems, networks, devices, and applications for continued data security. 

The Importance of Log Monitoring in Anomalous Behavior Analytics

August 12, 2020

What role does log monitoring have in intrusion detection and prevention and how does it work together with behavioral analytics?

Using Event Logs To Tighten Up Security

August 6, 2020

A huge volume of our personal and financial data depends on software code and databases. All of this information is stored in event logs, which is why having a dedicated log management tool is so important to IT security.

Cyber Security: Understanding the 5 Phases of Intrusion

July 26, 2020

Here at Graylog, we have recently had an increase in conversations with security teams from leading companies. We want to share our key findings with the Graylog community. In this blog post, we are going to review the 5 phases of intrusion and how to best combat attackers that are trying to infiltrate your networks and computer systems.

Server Log Files in a Nutshell

May 15, 2020

Where do server requests come from and why? You can find this information and more in server log files.

Security Log Monitoring and DNS Request Analysis

May 8, 2020

By using strategically placed sensors, Graylog’s content pack collects DNS logs guarantees interoperability with any DNS request, even if it is going to an unexpected DNS server or if it was blocked somewhere further down the path.

Strengthening cybersecurity with log forensic analysis

April 20, 2020

Forensic analysis is a highly reliable approach to enforce a strong cybersecurity posture and can be made even more scientific when coupled with wise log management.

Enhancing AWS security with Graylog centralized logging

December 27, 2019

Getting AWS logs into a SIEM or centralized log management platform such as Graylog is key to have proactive monitoring and alerting.

Improving IoT security with log management

December 6, 2019

We know we can strengthen IoT security with a wise log management strategy. But how can we leverage these event logs to improve the cybersecurity of these often extremely vulnerable access points to our systems?

Preventing and mitigating data loss with Graylog

November 26, 2019

Log management tools such as Graylog can enhance your incident response and management strategies, and help you mitigate the damage when a data loss or breach occur in your database.

The importance of event correlation techniques in SIEM

October 22, 2019

Event correlation tools are a fundamental instrument in your security information and event management (SIEM) toolbox to detect threats from all sources in real time.

10 Things To Look For In an MSSP

September 4, 2019

There are several must-have capabilities to look for in a Managed Security Service Provider (MSSP), and these are 10 of the most essential ones.

Integrating Threat Intelligence into Graylog 3+

June 25, 2019

How to use the Threat Intelligence plugin and integrate it into Graylog 3+.

Keeping Graylog Secure

June 15, 2019

After you are up and running on Graylog, there are a few different areas where you can limit the attack surface. This a plan which includes best practices. CIA Triad has published some industry best practices which is a good starting framework.

Next-Level Threat Hunting: Shift Your SIEM from Reactive to Proactive

January 18, 2019

Shift your SIEM from reactive to proactive to start leveling up your threat hunting capabilities.

How to Read Log Files on Windows, Mac, and Linux

December 13, 2018

This post focuses on log files created by the three main operating systems--Windows, Mac, and Linux, and the main ways to access and read log files for each OS.

Must-Have Features for Your Log Management Software

November 21, 2018

With so many choices available to us today, knowing what you need in your log management software can be difficult. Here are some tips on what features you should look for.

Improving the Signal-to-Noise Ratio in Threat Detection

November 8, 2018

It’s unrealistic and cost-prohibitive for analysts to spot every threat. To avoid becoming a statistic, improve your threat intelligence signal-to-noise ratio to ensure real threats get the most attention.

Fishing for Log Events with Graylog Sidecar

June 21, 2018

The Graylog Sidecar lets you easily update collector configurations so you can always have the log data you need when your requirements change.

Integrating Threat Intelligence with Graylog

May 1, 2018

A Beginner’s Guide to Integrating Threat Intelligence

April 18, 2018

In this post, I highlight the basics of what to consider when selecting a source of threat intelligence and provide an outline of what steps are needed to integrate that data.

Filebeat to Graylog: Working with Linux Audit Daemon Log File

February 5, 2018

If you run the audit daemon on your Linux distribution you might notice that some of the most valuable information produced by auditd is not transmitted when you enable syslog forwarding to Graylog.

Enhance Windows Security with Sysmon, Winlogbeat and Graylog

January 26, 2017

We’ll show you how to use the WinLogBeat to get the Windows Event Log over to your Graylog Installation.

Tapping Wires for Lean Security Monitoring: DNS Request Analysis with Open Source Software

October 10, 2016

The combined force of virus scanners, firewalls, IDS systems, and a log management system is a great way to protect your network. We would like to introduce an additional method of security monitoring.

A practical approach to Open Source network security monitoring

August 1, 2016

We will take a look at how you can analyze network traffic data in order to detect network intrusions. Every phase of intrusion will leave traces and with the correct tools in place, you can detect these early on and take countermeasures.

Ready to get started?

Get Graylog