Monitoring for PCI DSS 4.0 Compliance

Any company that processes payments knows the pain of an audit under the Payment Card Industry Data Security Standard (PCI DSS). Although the original PCI DSS had gone through various updates, the Payment Card Industry Security Standards Council (PCI SSC) took feedback from the global payments industry to address evolving security needs. The March 2022 […]
How I used Graylog to Fix my Internet Connection

In today’s digital age, the internet has become an integral part of our daily lives. From working remotely to streaming movies, we rely on the internet for almost everything. However, slow internet speeds can be frustrating and can significantly affect our productivity and entertainment. Despite advancements in technology, many people continue to face challenges with […]
Announcing Graylog 6.1.8

Announcing Graylog 6.1.8 This is a bug-fix release that improves Graylog’s functionality. Please read on for information on what has changed. Download Links DEB and RPM packages are available in our repositories Docker Compose Container images: Graylog Open Graylog Enterprise Graylog Data Node Tarballs for manual installation: Graylog Server Graylog Server (bundled JVM, linux-x64) Graylog […]
FERC and NERC: Cyber Security Monitoring for The Energy Sector

As cyber threats targeting critical infrastructure continue to evolve, the energy sector remains a prime target for malicious actors. Protecting the electric grid requires a strong regulatory framework and robust cybersecurity monitoring practices. In the United States, the Federal Energy Regulatory Commission (FERC) and the North American Electric Reliability Corporation (NERC) play key roles in […]
Security Misconfigurations: A Deep Dive

Managing configurations in a complex environment can be like playing a game of digital Jenga. Turning off one port to protect an application can undermine the service of a connected device. Writing an overly conservative firewall configuration can prevent remote workforce members from accessing an application that’s critical to getting their work done. In the […]
Graylog Parsing Rules and AI Oh My!

In the log aggregation game, the biggest difficulty you face can be setting up parsing rules for your logs. To qualify this statement: simply getting log files into Graylog is easy. Graylog also has out-of-the-box parsing of a wide variety of common log sources, so if your logs fall into one of the many categories of […]
Understanding Reverse DNS Lookup

On the information superhighway, an IP address is a series of numbers telling the location of a digital resource, similar to having a street address for a building. However, when all you know is the street address, you have no idea what the building itself looks like. If you’re a visual person, you might insert […]
Announcing Graylog 6.1.7

Announcing Graylog 6.1.7 This is a bug-fix release that improves Graylog’s functionality. Please read on for information on what has changed. Download Links DEB and RPM packages are available in our repositories Docker Compose Container images: Graylog Open Graylog Enterprise Graylog Data Node Tarballs for manual installation: Graylog Server Graylog Server (bundled JVM, linux-x64) Graylog […]
Announcing Graylog V6.0.12

Announcing Graylog 6.0.12 This is a bug-fix release that improves Graylog’s functionality. Please read on for information on what has changed. Download Links DEB and RPM packages are available in our repositories Docker Compose Container images: Graylog Open Graylog Enterprise Graylog Data Node Tarballs for manual installation: Graylog Server Graylog Server (bundled JVM, linux-x64) […]
The Ultimate Guide to Sigma Rules

In cybersecurity as in sports, teamwork makes the dream work. In a world where security analysts can feel constantly bombarded by threat actors, banding together to share information and strategies is increasingly important. Over the last few years, security operations center (SOC) analysts started sharing open source Sigma rules to create and share detections that […]
Using MITRE ATT&CK for Incident Response Playbooks

A structured approach to incident response enables you to create consistently repeatable processes. Your incident response playbook defines responsibilities and guides your security team through a list of activities to reduce uncertainty if or when an incident occurs. MITRE ATT&CK Framework outlines the tactics and techniques that threat actors use during different stages of an […]
Adversary Tradecraft: A Deep Dive into RID Hijacking and Hidden Users

Researchers at AhnLab Security Intelligence Center (ASEC) recently published a report on the Andariel threat group, a DPRK state-sponsored APT active for over a decade, that has been leveraging RID hijacking and user account concealment techniques in its operations to stealthily maintain privileged access to compromised Windows systems. This blog post explores hands-on how […]