Webinar: What's New in Graylog 7.0 | Watch On-Demand >>

Contact Us
Free Tools
See Demo

Announcing Graylog Illuminate v7.0.2

Announcing Graylog Illuminate v7.0.2

 

ADDED

AWS Security Hub Content Pack (3119)

  • AWS Security Hub is a centralized security and compliance service.
  • Aggregates and normalizes findings from:
    • Multiple AWS services
    • Third-party security tools
  • Uses the AWS Security Finding Format (ASFF).
  • Provides a unified view of security posture across AWS accounts to aid in prioritization and remediation.

 

OSSEC Content Pack (3073)

  • OSSEC is an open-source Host Intrusion Detection System (HIDS) designed to collect, analyze, and correlate security-relevant events from servers, workstations, and networked devices.
  • Monitors:
    • Log activity
    • File integrity changes
    • Rootkit indicators
    • Configuration alterations
    • System behavior
  • OSSEC agents forward events to a central manager where rules, decoders, and normalization logic categorize detections by severity and type.
  • Commonly used for:
    • System monitoring
    • Compliance reporting
    • Security operations
  • Notable for its modular design and cross-platform support.

 

F5 BIG-IP Content Pack – Modern RFC 5424 Syslog Support (3165)

  • Adds beta support for Modern RFC 5424 Syslog format (BIG-IP 13.x+).
  • The existing content pack continues to support the legacy syslog format.
  • Field renaming works with default field names defined in K05327372.
  • Custom field names are not currently supported.

 

FortiWeb Content Pack (3145)

  • FortiWeb protects websites and APIs from attacks by inspecting inbound traffic.
  • Blocks:
    • Web exploits
    • Malicious bots
    • Other harmful activity
  • Helps reduce the risk of security incidents and improve web application security posture.

 

Curated Alerts – Windows Threat Campaigns II (Sigma Rules) (3106)

  • A curated collection of Sigma detection rules.
  • Sourced from TruKno’s Threat Detection Marketplace.
  • Selected and curated by the Illuminate team.

 

ProFTPD Content Pack (3101)

  • ProFTPD is an open-source FTP server for Unix and Linux systems.
  • Designed for high configurability and strong security.
  • Supports:
    • TLS/SSL encryption
    • Virtual hosts
    • Fine-grained access controls

 

Metricbeat Content Pack (2636)

  • Metricbeat is a lightweight metrics shipper.
  • Collects system and service performance metrics, including:
    • CPU usage
    • Memory usage
    • Filesystem utilization
  • Sends metrics to Graylog for:
    • Monitoring
    • Alerting
    • Operational visibility across environments

 

FIXED

  • Curated Alerts – Sigma Rules (3163)

    • Corrected incorrect field names in the rule “Possible Bind or Reverse Shell via NetCat.”

  • Dynamic Analyzer – Hash Field Handling (3171)

    • Fixed incorrect hash field ordering.

    • Restored proper mapping to previously generated hash values.

 

CHANGED

  • Apache Tomcat Content Pack (3158)

    • Updated the Spotlight description for clarity and accuracy.

 

Let us know what you’d like to have included in our GitHub issue tracker.

The Graylog Product Team

View More Posts By The Graylog Product Team

Categories

Get the Monthly Tech Blog Roundup

Subscribe to the latest in log management, security, and all things Graylog blog delivered to your inbox once a month.

Blog Graphic
Read Now