Monitoring Microsoft SQL Server login audit events in Graylog
One of the most important events you should be monitoring on your network is failed and successful logon events. What comes to most people’s minds when they think of authentication auditing is OS level login events, but you should be logging all authentication events regardless of application or platform. Not only should we monitor these […]
Key Value Parser Delivers Useful Information Fast
Graylog offers different parsers that you can use depending on your needs. One of those is the Key Value Parser. This parser allows you to parse the structured data into discrete fields so that you can search through it faster and more efficiently.
Graylog 5.2: What’s New Interactive Demo
Hey there! Get ready for something special. We’re about to dive into what’s new in Graylog V5.2, but not just through words—this time. We’ve got an awesome self guided demo to show you. Imagine it like a mini-movie inside this blog post. It’s not your typical read; it’s a visual adventure! We want you to […]
Forwarding Windows Events to CLM
Looking at your IT environment, you probably have various machines and applications connected to your networks. From network devices to servers to laptops, you need to know what’s happening at all times. While your log data provides the monitoring information you need, your environment’s diversity makes aggregating and correlating this information challenging. If your company […]
Case Study: Building an Operations Dashboard
Picture a simple E-commerce platform with the following components, each generating logs and metrics. Imagine now the on-call Engineer responsible for this platform, feet up on a Sunday morning watching The Lord of The Rings with a coffee, when suddenly the on-call phone starts to ring! Oh no! It’s a customer phoning, and they report […]
What to Do When You Have 1000+ Fields?
When you have 1000+ fields, Graylog can collect all the logs and have them ready for you to search through in one place.
How-To Guide: Securing Graylog with TLS
Welcome to our technical blog, where we’ll be diving into the world of Graylog and how you can secure your Graylog Server with Transport Layer Security (TLS). As an admin or a tech-savvy user, you know the importance of protecting your Graylog Server and the logs it manages from unauthorized access. TLS is a robust […]
A Guide to Digital Forensics and Incident Response (DFIR)
When you engage in a security incident investigation, you need to quickly sift through vast quantities of data. In that moment, tracking your attacker, containing the attack, and identifying the root cause are the activities that matter most. However, in an attack’s aftermath, the digital recovery process and post-incident paperwork becomes your new nightmare. Between […]
5 Best Practices for Building a Cyber Incident Response Plan
You’ve probably heard the Boy Scout motto, “be prepared.” In his 1908 handbook, Scouting for Boys, the author explained, “it shows you how you must be prepared for what is possible, not only what is probable.” Your cyber incident response plan is how you prepare for a possible, and, also in today’s world, probable security […]
Centralized Log Management for SOX Compliance
Over twenty years ago, a series of corporate financial scandals set off a chain reaction, culminating in criminal convictions and new legislation. After uncovering accounting fraud across public companies like Enron, WorldCom, and Tyco, the US Congress enacted the Sarbanes-Oxley Act of 2002 (SOX). As companies have become more reliant on technology, the Securities and […]
The Phases of the Digital Forensics Investigation Process
Investigating a security event is the less glamorous version of an episode of CSI: Crime Scene Investigation. Without the snazzy, high-end, mostly-fictitious technology that television shows you, your actual digital forensics investigation usually involves an arduous process of reviewing technical data and looking for the breadcrumbs a malicious actor left behind. Further, you need to […]
Detecting the 3CX Supply Chain Attack with Graylog and Sigma Rules
According to reporting by several cybersecurity publications the 3CX Desktop Application has been exploited in a supply chain attack. The 3CX client is a popular VOIP and messaging application used by over 600,000 companies. From the article on Bleeping computer This supply chain attack, dubbed ‘SmoothOperator’ by SentinelOne, starts when the MSI installer is downloaded […]
