Webinar: What's New in Graylog 7.0 | Register Now >>

Contact Us
Free Tools
See Demo

Tag: Enterprise Feed

Announcing Graylog V6.0.12

Announcing Graylog 6.0.12 This is a bug-fix release that improves Graylog’s functionality. Please read on for information on what has changed.   Download Links DEB and RPM packages are available in our repositories Docker Compose Container images: Graylog Open Graylog Enterprise Graylog Data Node Tarballs for manual installation: Graylog Server Graylog Server (bundled JVM, linux-x64) […]

The Ultimate Guide to Sigma Rules

In cybersecurity as in sports, teamwork makes the dream work. In a world where security analysts can feel constantly bombarded by threat actors, banding together to share information and strategies is increasingly important. Over the last few years, security operations center (SOC) analysts started sharing open source Sigma rules to create and share detections that […]

Using MITRE ATT&CK for Incident Response Playbooks

A structured approach to incident response enables you to create consistently repeatable processes. Your incident response playbook defines responsibilities and guides your security team through a list of activities to reduce uncertainty if or when an incident occurs. MITRE ATT&CK Framework outlines the tactics and techniques that threat actors use during different stages of an […]

Adversary Tradecraft: A Deep Dive into RID Hijacking and Hidden Users

Detecting RID Hijacking with Graylog

Researchers at AhnLab Security Intelligence Center (ASEC) recently published a report on the Andariel threat group, a DPRK state-sponsored APT active for over a decade, that has been leveraging RID hijacking and user account concealment techniques in its operations to stealthily maintain privileged access to compromised Windows systems.   This blog post explores hands-on how […]

Syslog Protocol: A Reference Guide

Syslog Protocol - A Reference Guide

Syslog was developed in the 1980s by Eric Allman as part of the Sendmail project and adopted by many systems over the years. When looking at Syslog, there are a few protocol options, each with slight differences. In this reference guide, I’ll break down the differences so that you have a guide to see these […]

Announcing Graylog Illuminate v6.2

This is a bug-fix release improving the functionality of Graylog. Please read on for detailed descriptions of each bug fix.
Many thanks to the Graylog Community for reporting issues and contributing fixes.

Using Data Pipelines for Security Telemetry

Using Data Pipelines for Security Telemetry

It’s a warm, sunny day as you lie in the sand under a big umbrella. Suddenly, you feel the waves crashing against your feet, only to look down and see numbers, letters, usernames, and timestamps. You try to stand up, but you feel the tide of big data pulling you under…   With a jolt, […]

DNS Security Best Practices for Logging

Your Domain Name System (DNS) infrastructure enables users to connect to web-based resources by translating everyday language into IP addresses. Imagine going into a restaurant, in the age before the internet, only to find that the staff speaks and the menu is written in a different language from yours. Without some shared communication form, you […]

An Introduction to the OWASP API Security Top 10

Intro to OWASP API Security TOP 10

If you ever watched Stargate, then you have some understanding of how application programming interfaces (APIs) work. While APIs don’t give you the ability to traverse the galaxy using an alien wormhole, they do act as digital portals that allow data to travel between applications. However, as sensitive data moves from one application to another, […]

Building a Security Data Lake Strategy

Building a Data Lake Strategy

The high volumes of security data that cloud environments generate leave security teams swimming in data, but many feel like they need a life preserver to improve their incident response capabilities.   Enter security data lakes. As the costs associated with data retention become overwhelming, organizations are embracing the idea of security data lakes and […]

Load Balancing Graylog with NGINX: Ultimate Guide

Graylog NGINX Load Balancing Guide

In cybersecurity, “Load Balancing Graylog with Nginx: The Ultimate Guide” is your reference guide. This guide helps to install Nginx. Imagine your Graylog, already proficient at managing vast log data, now enhanced with the Nginx load balancing capability to ensure peak performance. NGINX ensures your Graylog cluster isn’t over-taxed, similar to a well-organized team where […]

Leveling Up Security Operations with Risk-Based Alerting

In life, you get a lot of different alerts. Your bank may send emails or texts about normal account activities, like privacy notices, product updates, or account statements. It also sends alerts when someone fraudulently makes a purchase with your credit card. You can ignore most of the normal messages, but you need to pay […]