Webinar: What's New in Graylog 6.0? | Watch On-Demand >> ​

Announcing Graylog Illuminate for Networks

Today we are excited to announce Graylog Illuminate for Networks. This is the newest Illuminate module designed by our Enterprise Intelligence team. It centralizes all generated network log data into a single location where it is aggregated and correlated for visibility. This makes it faster to monitor and analyze the data, identify any malicious activity occurring within your network, isolate the source of the activity, and quickly respond to the threats.

Initially, Graylog Illuminate for Networks will spotlight activities detected by Palo Alto v9.x. We will continue to add devices such as Proxies, Firewalls and IDS/IPS to the Network stack in future releases.

Spotlight on Palo Alto v9.x

Graylog Illuminate for Networks comes with Palo Alto focused data normalization, parsing rules, and data enrichment. Illuminate for Networks layers logic on the Enterprise input plugin for Palo Alto 9 in order to pull all of your network data into Graylog, where you can visualize it with a more robust set of dashboards.

Palo Alto Dashboard


Centralizing your log data in Graylog lets you see Palo Alto network traffic from different devices aggregated and correlated into one chart for faster analysis and threat hunting. With data fields aligned, properly classified, and useful information added to the log messages, you can also build “universal” alerts and dashboards for deeper account and device investigation.

Currently, Illuminate for Networks includes Palo Alto Globalprotect and Next-Generation Firewalls (Threat Prevention, URL Filtering, Wildfire, Data Prevention Loss) when used via Firewall appliances.

Palo Alto Detailed Dashboard


Graylog Illuminate for Networks works with Graylog Enterprise v3.3+. To get you started, we provide a detailed installation guide for a user-interactive set up experience along with a detailed Graylog Networks Document that outlines best practices for gathering traffic data from Palo Alto v9.x.


Nick Carstensen, Product Manager – Security & Integrations tells the story of Graylog Illuminate and what’s next here.


  • Event ID 4778 didn’t have destination_reference defined – (Resolves Issue 60)
  • Typo in “event_recieved_time” definition in Illuminate template- (Resolves Issue 38)
  • Illuminate Core account drill down logic for session_id did not work as expected – (Resolves Issue 71)
  • Okta logs generating GIM field error – (Resolves Issue 29)
  • Okta authentication logs do not have event_source – (Resolves Issue 55)

Get the Monthly Tech Blog Roundup

Subscribe to the latest in log management, security, and all things Graylog blog delivered to your inbox once a month.