A feast of new features. A cornucopia of new capabilities. A banquet of breakthroughs (and the T-day puns are just getting started). Graylog 7.0 brings a full plate of advancements that help security teams cut through noise, control cloud costs, and respond with confidence. We’re serving practical improvements across dashboards, automation, and AI support so analysts can focus on action instead of manual effort.
Smarter Dashboards: Insights on a Silver Platter
Dashboards and visualizations built from saved searches now turn complex data into clear, actionable insights. 7.0 introduces widget threshold lines, data drilldowns, text widgets, and AI Summarization to bring meaning to your data faster. Analysts can see patterns, spot anomalies, and communicate impact without switching screens. It’s a smoother, sharper way to understand what’s happening across your environment.
Guided Remediation: No Leftovers of Unclear Alerts
When an alert fires, our job is to get to the root cause, understand the scope, and assess the impact as quickly as possible. Graylog previously provided remediation recommendations in its event definitions to provide context to an analyst. Its about what it means if this event is recognized and what to do about it. The next evolution is Event Procedures and Event Steps, providing clear, step-by-step customizable instructions with single-click actions. Instead of stale instructions hidden in emails or tribal knowledge, teams now have clear guidance right where they need it to reduce triage time. This measurably improves incident response.
AWS Security Lake Integration: Avoid Those Unnecessary Calories
Cloud costs are like calories on Thanksgiving, piling up quickly. Many teams end up ingesting cloud data they don’t need, and it eats away at the budget.
A more unique feature in 7.0 is external data lake connectors, enabling Filtered Inputs, Preview and Selective Retrieval to ingest only the data you need. Keep unnecessary data in AWS, reduce transfer costs, and maintain alignment with your detections, dashboards, and investigations. The result is cleaner data, predictable costs, and stronger performance.
And for Dessert: Native MCP Support
No feast is complete without dessert and in Graylog 7.0 that’s the introduction of native MCP (Model Context Protocol) support. This sweet addition opens LLM-powered communication with your Graylog server, giving you conversational insights, contextual query support, and the ability to build automation with agentic AI.
It’s like adding an expert sous-chef to your SOC, one who can summarize investigations, suggest next steps, and help create playbooks on demand.
A No-Compromise Feast
Graylog 7.0 continues our no-compromise promise with four key ingredients:
- Smarter Dashboards that deliver faster, more meaningful insights
- Guided Remediation that ensures consistent, reliable action
- Cost-efficient Data Lake Integration that simplifies cloud management
- Native MCP Support that brings intelligent collaboration to every investigation
Together, these capabilities provide complete visibility, faster detection, and a lower total cost of ownership.
This Thanksgiving, we’re grateful for the analysts, engineers, and teams who work tirelessly to keep organizations secure. Graylog 7.0 is designed to return time, improve clarity, and reduce compromises, helping you enjoy your work (and your turkey) with confidence.
VP of Product Management
Save room for one more helping and join us for a webinar to experience what no-compromise security really looks like.
