The Graylog Blog
Security
Graylog Insights -- How 2021 Will Shape 2022
January 11, 2022
Many of the challenges companies faced in 2021 aren’t going anywhere. In 2022, common security problems will become a variation in previous issues. To move forward with confidence, you want to be prepared for what you know and ready to face and overcome those security challenges you haven’t yet encountered.
Small IT Teams with Big Security Problems
October 26, 2021
Small IT teams face the same big security problems as large SOCs. They just have fewer - or no - specialists. This makes their smaller teams a bigger target for threat actors. Centralized log management gives small IT teams a way to manage both security and operations so that they can do more with less.
A CISO's Guide to Log Management for Cybersecurity
October 19, 2021
CISOs face two big problems: protecting data and reporting their activities to the Board. Log management is fundamental to protecting data, but high volumes of data generated by cloud applications make using logs difficult. With modernized log management, CISOs can get the best of both worlds: the visibility they need and the visibility they need to provide.
Phight the Phish
October 12, 2021
To continue to fight the good fight, security analysts need cybersecurity awareness training around how to optimize their log management strategies so that they can keep pace with threat actors.
The Rising Tide of Data Breach Awareness
October 5, 2021
High-profile security incidents might be making headlines, but those headlines are impacting companies’ bottom lines. Businesses need to stay aware as best practices change and start modernizing their own security infrastructures.
Be Cybersmart with Graylog
October 4, 2021
It’s that time of year when the skeletons and pumpkins are in the windows and the bad actors are lurking in the shadows of your network. Watch this space for blog posts focused on Cybersecurity Awareness. Don’t get phished by the bucket of candy.
Security Hygiene - Why Is It Important?
September 15, 2021
Despite best intentions, organizations focus more on cybersecurity than security hygiene. As threats become more numerous and diverse, here’s how fixing the relationship between cybersecurity and security hygiene better protects your organization.
Bolster OT Security with Graylog
August 31, 2021
Many organizations struggle to secure OT assets like pumps, turbines, and generators. Graylog can help by discovering key asset information that informs security strategies, quantifying and supporting OEM negotiations, empowering backup strategies that mitigate ransomware, and delivering the insights of AI security solutions to the rest of the security architecture.
Graylog Illuminate: Getting Started with Sysmon
July 19, 2021
The Windows System Monitor (Sysmon) is one of the chattiest tools. With all the information coming in, it can be difficult and expensive to use it efficiently. However, the Graylog Illuminate package gives you a way to fine-tune it so that you can get better data and manage your ingestion rate better.
How to Proactively Plan Threat Hunting Queries
June 1, 2021
As your security capabilities improve with centralized log management, you can create proactive threat hunting queries for proactive planning. Setting baselines, determining abnormal behavior, and choosing an attack framework helps you mitigate risk and respond to incidents.
Security Log Management Done Right: Collect the Right Data
May 18, 2021
Nearly all security experts agree that event log data gives you visibility into and documentation over threats facing your environment. Even knowing this, many security professionals don’t have the time to collect, manage, and correlate log data because they don’t have the right solution. The key to security log management is to collect the correct data so your security team can get better alerts to detect, investigate, and respond to threats faster.
Executive Orders, Graylog, and You
May 13, 2021
On May 12, 2021, President Biden released the “Executive Order on Improving the Nation’s Cybersecurity” (the Executive Order) prompting many organizations to ask, “What does this mean for me?” One of Graylog’s essential functions is to help you monitor your threat landscape. Read on to find out how we provide the visibility you need to understand what is happening on (and to) your IT infrastructure to better understand where to focus your efforts.
Red Team Tools Detection and Alerting
December 16, 2020
The Graylog alert feature can detect the signature from any log source in your organization with the signature/hash value in them. This blog post walks you through the bits of information from the YARA rules and create a rule in Graylog to alert when an IoC is detected.
SUNBURST Backdoor: What to look for in your logs now - Interview with an incident responder
December 15, 2020
Graylog's Founder and CTO, Lennart Koopmann interviews Eric Capuano, Founder and CTO, of Recon InfoSec about the FireEye report on the global intrusion campaign that utilized a backdoor planted in SolarWinds Orion.
Triaging Log Management Through SIEMS
October 30, 2020
While all cybersecurity professionals agree that log management is integral for robust proactive and reactive security, managing the enormous amount of data logs can be a challenge. While you might be tempted to collect all logs generated from your systems, software, network devices, and users, this “fear of missing out” on an important notification ultimately leads to so much noise that your security analysts and threat hunters cannot find the most important information.
Event Log Management for Security and Compliance
October 15, 2020
Every action in an organization’s network generates event data, including records produced by operating systems, applications, devices, and users. By following best practices for event log management, you can enhance your cybersecurity posture and enable a more robust compliance program.
Detecting Security Vulnerabilities with Alerts
October 8, 2020
Every day we discover new vulnerabilities in our systems, cracks in the fence the adversaries take advantage of to get into your organization and wreak havoc. Alerts from centralized log management can give advance notice of an attack or alert you when they are going on.
Detecting & Preventing Ransomware Through Log Management
October 5, 2020
As companies responded to the COVID-19 pandemic with remote work, cybercriminals increased their social engineering and ransomware attack methodologies. Ransomware, malicious code that automatically downloads to a user’s device and locks it from further use, has been rampant since the beginning of March 2020. Detection of ransomware through log management offers one way for you to protect your systems, networks, devices, and applications for continued data security.
The Importance of Log Monitoring in Anomalous Behavior Analytics
August 12, 2020
What role does log monitoring have in intrusion detection and prevention and how does it work together with behavioral analytics?
Using Event Logs To Tighten Up Security
August 6, 2020
A huge volume of our personal and financial data depends on software code and databases. All of this information is stored in event logs, which is why having a dedicated log management tool is so important to IT security.
Cyber Security: Understanding the 5 Phases of Intrusion
July 26, 2020
Here at Graylog, we have recently had an increase in conversations with security teams from leading companies. We want to share our key findings with the Graylog community. In this blog post, we are going to review the 5 phases of intrusion and how to best combat attackers that are trying to infiltrate your networks and computer systems.
Server Log Files in a Nutshell
May 15, 2020
Where do server requests come from and why? You can find this information and more in server log files.
Security Log Monitoring and DNS Request Analysis
May 8, 2020
By using strategically placed sensors, Graylog’s content pack collects DNS logs guarantees interoperability with any DNS request, even if it is going to an unexpected DNS server or if it was blocked somewhere further down the path.
Strengthening cybersecurity with log forensic analysis
April 20, 2020
Forensic analysis is a highly reliable approach to enforce a strong cybersecurity posture and can be made even more scientific when coupled with wise log management.
Enhancing AWS security with Graylog centralized logging
December 27, 2019
Getting AWS logs into a SIEM or centralized log management platform such as Graylog is key to have proactive monitoring and alerting.
Improving IoT security with log management
December 6, 2019
We know we can strengthen IoT security with a wise log management strategy. But how can we leverage these event logs to improve the cybersecurity of these often extremely vulnerable access points to our systems?
Preventing and mitigating data loss with Graylog
November 26, 2019
Log management tools such as Graylog can enhance your incident response and management strategies, and help you mitigate the damage when a data loss or breach occur in your database.
The importance of event correlation techniques in SIEM
October 22, 2019
Event correlation tools are a fundamental instrument in your security information and event management (SIEM) toolbox to detect threats from all sources in real time.
10 Things To Look For In an MSSP
September 4, 2019
There are several must-have capabilities to look for in a Managed Security Service Provider (MSSP), and these are 10 of the most essential ones.
Integrating Threat Intelligence into Graylog 3+
June 25, 2019
How to use the Threat Intelligence plugin and integrate it into Graylog 3+.
Keeping Graylog Secure
June 15, 2019
After you are up and running on Graylog, there are a few different areas where you can limit the attack surface. This a plan which includes best practices. CIA Triad has published some industry best practices which is a good starting framework.
Next-Level Threat Hunting: Shift Your SIEM from Reactive to Proactive
January 18, 2019
Shift your SIEM from reactive to proactive to start leveling up your threat hunting capabilities.
How to Read Log Files on Windows, Mac, and Linux
December 13, 2018
This post focuses on log files created by the three main operating systems--Windows, Mac, and Linux, and the main ways to access and read log files for each OS.
Must-Have Features for Your Log Management Software
November 21, 2018
With so many choices available to us today, knowing what you need in your log management software can be difficult. Here are some tips on what features you should look for.
Improving the Signal-to-Noise Ratio in Threat Detection
November 8, 2018
It’s unrealistic and cost-prohibitive for analysts to spot every threat. To avoid becoming a statistic, improve your threat intelligence signal-to-noise ratio to ensure real threats get the most attention.
Fishing for Log Events with Graylog Sidecar
June 21, 2018
The Graylog Sidecar lets you easily update collector configurations so you can always have the log data you need when your requirements change.
A Beginner’s Guide to Integrating Threat Intelligence
April 18, 2018
In this post, I highlight the basics of what to consider when selecting a source of threat intelligence and provide an outline of what steps are needed to integrate that data.
Filebeat to Graylog: Working with Linux Audit Daemon Log File
February 5, 2018
If you run the audit daemon on your Linux distribution you might notice that some of the most valuable information produced by auditd is not transmitted when you enable syslog forwarding to Graylog.
Enhance Windows Security with Sysmon, Winlogbeat and Graylog
January 26, 2017
We’ll show you how to use the WinLogBeat to get the Windows Event Log over to your Graylog Installation.
Tapping Wires for Lean Security Monitoring: DNS Request Analysis with Open Source Software
October 10, 2016
The combined force of virus scanners, firewalls, IDS systems, and a log management system is a great way to protect your network. We would like to introduce an additional method of security monitoring.
A practical approach to Open Source network security monitoring
August 1, 2016
We will take a look at how you can analyze network traffic data in order to detect network intrusions. Every phase of intrusion will leave traces and with the correct tools in place, you can detect these early on and take countermeasures.
