The Graylog Blog
Phight the Phish
To continue to fight the good fight, security analysts need cybersecurity awareness training around how to optimize their log management strategies so that they can keep pace with threat actors.
The Rising Tide of Data Breach Awareness
High-profile security incidents might be making headlines, but those headlines are impacting companies’ bottom lines. Businesses need to stay aware as best practices change and start modernizing their own security infrastructures.
Be Cybersmart with Graylog
It’s that time of year when the skeletons and pumpkins are in the windows and the bad actors are lurking in the shadows of your network. Watch this space for blog posts focused on Cybersecurity Awareness. Don’t get phished by the bucket of candy.
Security Hygiene - Why Is It Important?
Despite best intentions, organizations focus more on cybersecurity than security hygiene. As threats become more numerous and diverse, here’s how fixing the relationship between cybersecurity and security hygiene better protects your organization.
Bolster OT Security with Graylog
Many organizations struggle to secure OT assets like pumps, turbines, and generators. Graylog can help by discovering key asset information that informs security strategies, quantifying and supporting OEM negotiations, empowering backup strategies that mitigate ransomware, and delivering the insights of AI security solutions to the rest of the security architecture.
Graylog Illuminate: Getting Started with Sysmon
The Windows System Monitor (Sysmon) is one of the chattiest tools. With all the information coming in, it can be difficult and expensive to use it efficiently. However, the Graylog Illuminate package gives you a way to fine-tune it so that you can get better data and manage your ingestion rate better.
How to Proactively Plan Threat Hunting Queries
As your security capabilities improve with centralized log management, you can create proactive threat hunting queries for proactive planning. Setting baselines, determining abnormal behavior, and choosing an attack framework helps you mitigate risk and respond to incidents.
Security Log Management Done Right: Collect the Right Data
Nearly all security experts agree that event log data gives you visibility into and documentation over threats facing your environment. Even knowing this, many security professionals don’t have the time to collect, manage, and correlate log data because they don’t have the right solution. The key to security log management is to collect the correct data so your security team can get better alerts to detect, investigate, and respond to threats faster.
Executive Orders, Graylog, and You
On May 12, 2021, President Biden released the “Executive Order on Improving the Nation’s Cybersecurity” (the Executive Order) prompting many organizations to ask, “What does this mean for me?” One of Graylog’s essential functions is to help you monitor your threat landscape. Read on to find out how we provide the visibility you need to understand what is happening on (and to) your IT infrastructure to better understand where to focus your efforts.
Red Team Tools Detection and Alerting
The Graylog alert feature can detect the signature from any log source in your organization with the signature/hash value in them. This blog post walks you through the bits of information from the YARA rules and create a rule in Graylog to alert when an IoC is detected.
SUNBURST Backdoor: What to look for in your logs now - Interview with an incident responder
Graylog's Founder and CTO, Lennart Koopmann interviews Eric Capuano, Founder and CTO, of Recon InfoSec about the FireEye report on the global intrusion campaign that utilized a backdoor planted in SolarWinds Orion.
Triaging Log Management Through SIEMS
While all cybersecurity professionals agree that log management is integral for robust proactive and reactive security, managing the enormous amount of data logs can be a challenge. While you might be tempted to collect all logs generated from your systems, software, network devices, and users, this “fear of missing out” on an important notification ultimately leads to so much noise that your security analysts and threat hunters cannot find the most important information.
Event Log Management for Security and Compliance
Every action in an organization’s network generates event data, including records produced by operating systems, applications, devices, and users. By following best practices for event log management, you can enhance your cybersecurity posture and enable a more robust compliance program.
Detecting Security Vulnerabilities with Alerts
Every day we discover new vulnerabilities in our systems, cracks in the fence the adversaries take advantage of to get into your organization and wreak havoc. Alerts from centralized log management can give advance notice of an attack or alert you when they are going on.
Detecting & Preventing Ransomware Through Log Management
As companies responded to the COVID-19 pandemic with remote work, cybercriminals increased their social engineering and ransomware attack methodologies. Ransomware, malicious code that automatically downloads to a user’s device and locks it from further use, has been rampant since the beginning of March 2020. Detection of ransomware through log management offers one way for you to protect your systems, networks, devices, and applications for continued data security.
The Importance of Log Monitoring in Anomalous Behavior Analytics
What role does log monitoring have in intrusion detection and prevention and how does it work together with behavioral analytics?
Using Event Logs To Tighten Up Security
A huge volume of our personal and financial data depends on software code and databases. All of this information is stored in event logs, which is why having a dedicated log management tool is so important to IT security.
Cyber Security: Understanding the 5 Phases of Intrusion
Here at Graylog, we have recently had an increase in conversations with security teams from leading companies. We want to share our key findings with the Graylog community. In this blog post, we are going to review the 5 phases of intrusion and how to best combat attackers that are trying to infiltrate your networks and computer systems.
Server Log Files in a Nutshell
Where do server requests come from and why? You can find this information and more in server log files.
Security Log Monitoring and DNS Request Analysis
By using strategically placed sensors, Graylog’s content pack collects DNS logs guarantees interoperability with any DNS request, even if it is going to an unexpected DNS server or if it was blocked somewhere further down the path.
Strengthening cybersecurity with log forensic analysis
Forensic analysis is a highly reliable approach to enforce a strong cybersecurity posture and can be made even more scientific when coupled with wise log management.
Enhancing AWS security with Graylog centralized logging
Getting AWS logs into a SIEM or centralized log management platform such as Graylog is key to have proactive monitoring and alerting.
Improving IoT security with log management
We know we can strengthen IoT security with a wise log management strategy. But how can we leverage these event logs to improve the cybersecurity of these often extremely vulnerable access points to our systems?
Preventing and mitigating data loss with Graylog
Log management tools such as Graylog can enhance your incident response and management strategies, and help you mitigate the damage when a data loss or breach occur in your database.
The importance of event correlation techniques in SIEM
Event correlation tools are a fundamental instrument in your security information and event management (SIEM) toolbox to detect threats from all sources in real time.
10 Things To Look For In an MSSP
There are several must-have capabilities to look for in a Managed Security Service Provider (MSSP), and these are 10 of the most essential ones.
Integrating Threat Intelligence into Graylog 3+
How to use the Threat Intelligence plugin and integrate it into Graylog 3+.
Keeping Graylog Secure
After you are up and running on Graylog, there are a few different areas where you can limit the attack surface. This a plan which includes best practices. CIA Triad has published some industry best practices which is a good starting framework.
Next-Level Threat Hunting: Shift Your SIEM from Reactive to Proactive
Shift your SIEM from reactive to proactive to start leveling up your threat hunting capabilities.
How to Read Log Files on Windows, Mac, and Linux
This post focuses on log files created by the three main operating systems--Windows, Mac, and Linux, and the main ways to access and read log files for each OS.
Must-Have Features for Your Log Management Software
With so many choices available to us today, knowing what you need in your log management software can be difficult. Here are some tips on what features you should look for.
Improving the Signal-to-Noise Ratio in Threat Detection
It’s unrealistic and cost-prohibitive for analysts to spot every threat. To avoid becoming a statistic, improve your threat intelligence signal-to-noise ratio to ensure real threats get the most attention.
Fishing for Log Events with Graylog Sidecar
The Graylog Sidecar lets you easily update collector configurations so you can always have the log data you need when your requirements change.
A Beginner’s Guide to Integrating Threat Intelligence
In this post, I highlight the basics of what to consider when selecting a source of threat intelligence and provide an outline of what steps are needed to integrate that data.
Filebeat to Graylog: Working with Linux Audit Daemon Log File
If you run the audit daemon on your Linux distribution you might notice that some of the most valuable information produced by auditd is not transmitted when you enable syslog forwarding to Graylog.
Enhance Windows Security with Sysmon, Winlogbeat and Graylog
We’ll show you how to use the WinLogBeat to get the Windows Event Log over to your Graylog Installation.
Tapping Wires for Lean Security Monitoring: DNS Request Analysis with Open Source Software
The combined force of virus scanners, firewalls, IDS systems, and a log management system is a great way to protect your network. We would like to introduce an additional method of security monitoring.
A practical approach to Open Source network security monitoring
We will take a look at how you can analyze network traffic data in order to detect network intrusions. Every phase of intrusion will leave traces and with the correct tools in place, you can detect these early on and take countermeasures.