Today we are releasing Graylog v2.4.0-beta.1. This release includes four new plugins that will be shipped with Core and new visualizations! If you are interested to see a first version of the new features, please download the new beta release and let us know if you have any feedback or run into problems.
Remember, this is a beta release so it might be a bit rough around the edges and things might change until the final release.
Please report bugs and any other issues in our GitHub issue tracker.
Download Graylog v2.4.0-beta.1:
- DEB or RPM packages are available in our repositories. Check our documentation for details
- Docker image
- OVA / Appliance
- Tarball (manual installation)
NEW DEFAULT PLUGINS
Beginning with the 2.4 release, we are shipping the following plugins by default. That means you don’t have to manually install and update them anymore. The plugins also got moved from graylog-labs into our official Graylog organization on GitHub.
- AWS Plugin – https://github.com/Graylog2/graylog-plugin-aws
- Threat Intelligence Plugin – https://github.com/Graylog2/graylog-plugin-threatintel
- NetFlow Plugin – https://github.com/Graylog2/graylog-plugin-netflow
- CEF Plugin – https://github.com/Graylog2/graylog-plugin-cef
QuickValue Widget Improvements
We have three big improvements to our visualizations!
The feature we are most excited about and the most requested is stacking or grouping of data with another field! Within the UI, you can take a quick value result value and stack it against another field. For example, take a source address and then get a new result set with all destination addresses of this field. This is one of the top methods for threat hunting.
In addition, you can now sort the result set based on the field value or count. This is important for threat hunting where you often want to find the most common or uncommon values. (For example, suspicious network connections will usually be found in the top or bottom 5% of all connections made.)
Lastly, you can build a chart of the result set over time. The aggregated result that we previously offered only gave you a view into the “now.” With this improvement, you can now see “how have these values changed over time” to detect important changes or past outliers.
GRAYLOG V2.4.0 PODCAST
For this release, we’ve introduced our new podcast! You can hear Bernd Ahlers, Lennart Koopmann, and Taylor Rhoades discuss the features of Graylog v2.4.0, give a sneak-peek of Graylog 3.0, talk bug-fixes in Graylog v2.3.2 and the open-source tool, Nzyme. You can listen on SoundCloud.
Please find the complete changelog in our documentation.
The following community members contributed bug fixes and new features for this release:
Thank you very much!