How Graylog Uses Explainable AI to Help Security Teams
Security teams face an endless stream of alerts, false positives, and investigation backlogs. Every second counts, yet many AI-driven tools promise to handle everything for you that leaves analysts uncertain about how conclusions were made. Graylog takes a different path. The company develops assistive AI that helps analysts make faster, smarter calls with context, transparency, […]
SIEM’s Next Chapter: Evolving, Not Dying
The obituary for SIEM has been written more than once. The latest headline from Dark Reading calls it “dying a slow death.” Catchy. But wrong. If you work in a SOC, you already know the need for centralized, contextualized visibility is not going anywhere. What is changing the future of SIEM, is how SIEM delivers […]
How Graylog Helps You Spot LockBit-Style Attacks Sooner
The DFIR Report recently detailed a LockBit attack with ransomware intrusion that succeeded without advanced exploits or zero-day vulnerabilities. The attack relied on a stolen AnyDesk installer, credential reuse, and renamed PowerShell scripts that blended into routine activity. These moves were not sophisticated, but they were fast and effective. The end result: complete domain encryption. […]
The Value of a Robust Vulnerability Management Program
Back before live security video feeds in homes, people would walk around at night checking to make sure they locked every window and door. They took these precautions because they knew that a single open lock gave burglars an opportunity to steal from them. For organizations, vulnerability management programs are a way to lock […]
Cyber Attack Disrupts Airports Across Europe
When Heathrow, Brussels, and Berlin airports suffered a cyber attack that disrupted their check-in and baggage systems, the fallout was immediate. Flights were canceled, queues stretched through terminals, and staff scrambled to switch to manual processes. For some of Europe’s busiest hubs, this was more than an inconvenience. It was a reminder that disruption, not […]
40 Infosec Metrics Organizations Should Track
In today’s data-driven world, CISOs and senior leadership need to prove that their security programs mitigate risk. Just like grades theoretically quantify how well students understand material their teachers present, cybersecurity metrics quantify your security controls’ effectiveness. As the threat landscape becomes more complex, security teams struggle to identify the metrics that best showcase their […]
Five Essential Strategies to Combat Phishing Threats
Phishing threats remain one of the most common and effective attack methods. Research shows it contributes to over 34% of confirmed breaches. The financial impact is significant as well, with credential-related breaches averaging $4.76 million per incident. And despite years of security awareness training, nearly a third of employees still click on simulated phishing emails. […]
Get To Know Graylog GO
Graylog GO Virtual User Conference September 16-17, 2025 Your front-row seat to get the most out of Graylog Experience Graylog GO online—two can’t-miss half-days of innovation, insights, and community. Discover how real users solve security and IT challenges, explore the newest product features, and get a first look at what’s next. Engage with experts, ask […]
Caddy Webserver Data in Graylog
If you’re running Caddy Webserver on Ubuntu, Graylog now has a new way to make your access logs more actionable without tedious parsing or manual setup. The new Caddy Webserver Content Pack, available in Illuminate 6.4 and a Graylog Enterprise or Graylog Security license, delivers ready-to-use parsing rules, streams, and dashboards so you can quickly […]
Advanced Persistent Threat: What They Are and Why They Matter
Nearly everyone has had “that cold,” the one where most symptoms have resolved except that lingering cough. The cough can continue for weeks or months, all while you feel mostly well across the board. In cybersecurity, an advanced persistent threat (APT) is your IT environment’s lingering cough, albeit a much more damaging one. An […]
Are You Protecting the Right People in Your Organization?
If your security priorities still center on CVSS scores and device vulnerabilities, you’re missing a significant piece of the risk puzzle. People. Attackers aren’t following your org chart. They’re targeting whoever gives them access. Enter the concept of Very Attacked People (VAPs): individuals in your environment who attract the most persistent, targeted attacks. And they’re […]
Bringing GitLab Logs into Focus with Graylog
GitLab’s audit logs offer a goldmine of insights into user activity, project changes, and security events. Getting that data into Graylog for centralized analysis is easier than you might think—especially with the flexibility of our Raw HTTP input and Illuminate’s GitLab Spotlight Pack. In this two-part guide, we’ll walk you through how to get it […]
