Feeding Your First SIEM with Graylog
Before diving into our blog post topic, allow me to introduce myself. My name is Joel and I work with the solution engineering team at Graylog. Our primary task is to work with our customers and prospective clients on how to manage and make the most out of Graylog in their respective IT environments. One of […]
Using VPC Flow Logs to Monitor AWS Virtual Public Cloud
While no man is an island, your Virtual Private Cloud (VPC) is, except it’s a digital island floating in the ocean of a public cloud offered by a cloud service provider (CSP). The VPC means that everything on your digital island is yours, and none of the CSPs other customers can (or should be able […]
Getting Your Daily Security News Into Graylog
For as long as I can remember, I have started my day off by reading various security news sites to figure out what I need to be aware of and any new trends that are being spotted. I used to do this on my phone while commuting, and now I work from home, but I […]
Monitoring Microsoft SQL Server login audit events in Graylog
One of the most important events you should be monitoring on your network is failed and successful logon events. What comes to most people’s minds when they think of authentication auditing is OS level login events, but you should be logging all authentication events regardless of application or platform. Not only should we monitor these […]
Key Value Parser Delivers Useful Information Fast
Graylog offers different parsers that you can use depending on your needs. One of those is the Key Value Parser. This parser allows you to parse the structured data into discrete fields so that you can search through it faster and more efficiently.
Graylog 5.2: What’s New Interactive Demo
Hey there! Get ready for something special. We’re about to dive into what’s new in Graylog V5.2, but not just through words—this time. We’ve got an awesome self guided demo to show you. Imagine it like a mini-movie inside this blog post. It’s not your typical read; it’s a visual adventure! We want you to […]
Forwarding Windows Events to CLM
Looking at your IT environment, you probably have various machines and applications connected to your networks. From network devices to servers to laptops, you need to know what’s happening at all times. While your log data provides the monitoring information you need, your environment’s diversity makes aggregating and correlating this information challenging. If your company […]
Case Study: Building an Operations Dashboard
Picture a simple E-commerce platform with the following components, each generating logs and metrics. Imagine now the on-call Engineer responsible for this platform, feet up on a Sunday morning watching The Lord of The Rings with a coffee, when suddenly the on-call phone starts to ring! Oh no! It’s a customer phoning, and they report […]
What to Do When You Have 1000+ Fields?
When you have 1000+ fields, Graylog can collect all the logs and have them ready for you to search through in one place.
How-To Guide: Securing Graylog with TLS
Welcome to our technical blog, where we’ll be diving into the world of Graylog and how you can secure your Graylog Server with Transport Layer Security (TLS). As an admin or a tech-savvy user, you know the importance of protecting your Graylog Server and the logs it manages from unauthorized access. TLS is a robust […]
A Guide to Digital Forensics and Incident Response (DFIR)
When you engage in a security incident investigation, you need to quickly sift through vast quantities of data. In that moment, tracking your attacker, containing the attack, and identifying the root cause are the activities that matter most. However, in an attack’s aftermath, the digital recovery process and post-incident paperwork becomes your new nightmare. Between […]
5 Best Practices for Building a Cyber Incident Response Plan
You’ve probably heard the Boy Scout motto, “be prepared.” In his 1908 handbook, Scouting for Boys, the author explained, “it shows you how you must be prepared for what is possible, not only what is probable.” Your cyber incident response plan is how you prepare for a possible, and, also in today’s world, probable security […]