Cyber Defense with MITRE Framework | Graylog + SOC Prime | On-Demand Webinar >>

The Graylog blog

Announcing Graylog Illuminate for Authentication

Graylog Illuminate for authentication is a brand new offering designed by our Enterprise Intelligence team. It eliminates the manual setup necessary to detect, monitor, and analyze authentication activities and issues across your IT infrastructure by providing pre-built Dashboards, Alerts, and data enrichment.

Initially, Graylog Illuminate for Authentication will address Windows authentication issues and activities. We will release additional data sources in the coming weeks so stay tuned!


Graylog Illuminate for Authentication comes with Windows authentication focused data normalization, parsing rules, data enrichment, correlation alertsdashboards, and alerts zipped up and ready to deploy inside Graylog Enterprise v3.3+ (v3.2 will also work in a limited capacity).

Enterprise Auth Dashboard

Once deployed, Graylog Enterprise customers can immediately leverage our in-house expertise and gain visibility into who is trying to log into what throughout your IT environment.

Windows Auth Dashboard


This new app works with Graylog Enterprise v3.3+. (v3.2 will also work in a limited capacity.) Other requirements are Winlogbeat 6.4 (included with Sidecar), Winlogbeat 7.6, or NXLog 2.1.

To get you started, we provide a detailed installation guide for a user-interactive set up experience along with a detailed Graylog Authentication and Monitoring Document that outlines best practices for gathering authentication data from Active Directory and Windows devices using Windows Auth Spotlight.


Nick Carstensen, Product Manager – Security & Integrations tells the story of Graylog Illuminate and what’s next here.

Get the Monthly Tech Blog Roundup

Subscribe to the latest in log management, security, and all things Graylog Blog delivered to your inbox once a month.