Outgrown Your Free Graylog? | 6 Reasons to Upgrade | Learn more >>>

Free Tools
See Demo
Free Tools
See Demo

Announcing Illuminate v1.5

Today we are excited to announce Graylog Illuminate v1.5. 

This release includes Elasticsearch 7 template support, enhancements to Office 365 applications (e.g., Teams, OneDrive, DLP, Sharepoint, etc.), and additional content for Okta and Windows, all designed to add more flexibility and efficiency to authentication, networking, and application activities and best practices. 

ADDITIONS AND IMPROVEMENTS

ILLUMINATE CORE

  • NEW script to set the proper lookup directory and file permissions during the installation (#94)
  • Improved category and priority enrichments in Illuminate Core (#11, #83)

ELASTICSEARCH TEMPLATE 

  • The Illuminate Elasticsearch template application script and associated templates now support ES versions 6 and 7 (#23)
  • Expanded use of associated_* fields in Illuminate ES template (#14, #112)
  • Expanded date/time formats recognized in Illuminate ES templates (#105)

WINDOWS

  •  Added script to set the proper lookup directory and file permissions during the installation (#94)
  • Added normalization of Windows Security Event ID 4688/4689, added process widget to account drill down dashboard (#113)
  • Added Windows built-in groups to Windows static accounts lookup (#42)

IMPORTANT NOTE

We have removed Window copy rules from the Illuminate Window’s Spotlight and merged the Windows normalization into the Windows content pack.

OFFICE 365

Illuminate v1.5 comes with multiple refinements to O365 dashboards, including widgets highlighting DLP messages. Also, we have improved O365 message normalization by applying Graylog Illuminate categories, and we’ve made 

enhancements to Office 365 applications (e.g., Teams, OneDrive, DLP, Sharepoint, etc.).

OKTA

  •  Improved Okta message normalization by applying Graylog Illuminate categories

BUG FIXES

  •  The Illuminate template application script now detects the ES version in use (#23)
  •  The Illuminate template application script now has better detection and handling of errors when applying the templates (#23)
  •  The lookup cache configurations will now expire cached entries after a defined time period (#104)
  • Improved deleted accounts reporting in Windows IAM dashboards (#132)

Compatibility

Graylog v3.3.8 – v3.3.12

Graylog v4.0.2 – v4.0.6

The Graylog Product Team

View More Posts By The Graylog Product Team

Categories

Get the Monthly Tech Blog Roundup

Subscribe to the latest in log management, security, and all things Graylog blog delivered to your inbox once a month.

Blog Graphic
Read Now

Products

Graylog Security
Graylog Enterprise
Graylog Open
Graylog API Security
Graylog Cloud
Graylog Illuminate
Graylog Small Business
Pricing

Features

Access Control & Audit Logs
UEBA Anomaly Detection
Graylog Content: Illuminate
Data Collection
Data Enrichment
Data Management
Events & Alerts
Investigations
Reports & Dashboards
Risk Management
Scalable Architecture
Search
SOAR

LEARN

Resource Hub
Blog
Videos
Events
Community

SUPPORT

Customer Support
Documentation
Graylog Academy
Open Community

Company

About
Leadership
Partners
Careers
News & Awards
Contact

[email protected]

Follow Us:

Linkedin Reddit-alien Youtube Github Facebook-f
Graylog Available in AWS Marketplace

GRAYLOG HEADQUARTERS

1301 Fannin St, Ste. 2000
Houston, TX 77002

GRAYLOG COLORADO

1919 14th Street, Suite 700, Office 18
Boulder, CO 80302

GRAYLOG UNITED KINGDOM

34-37 Liverpool Street, 7th Floor
London, EC2M 1PP
United Kingdom

GRAYLOG GERMANY GMBH

Poolstraße 21
20355 Hamburg, Germany

© 2025 Graylog, Inc. All rights reserved

Privacy Policy | Legal | Sitemap