Starting at $15,000/yr*
Enterprise Log Management for SecOps, ITOps, and DevOps teams. Built on the Graylog Platform, Graylog Enterprise is designed to maximize your systems’ uptime, alert you to issues and outages, enhance productivity, and meet data retention requirements for larger teams and complex situations.
Learn More
*Paid annually
Starting at $18,000/yr*
Graylog Security delivers on the promise of SIEM without all the complexity, alert fatigue, and high costs. Built on the Graylog platform, Graylog Security reduces the strain on your cybersecurity staff, improves your overall security posture, and reduces risk. Technical support included.
Learn More
*Paid annually
Starting at $18,000/yr*
Graylog API Security is a comprehensive solution designed to offer discovery and end-to-end protection for your business-critical APIs and peace of mind as your business thrives, safe in the knowledge you are guarded by a state-of-the-art, adaptable shield against the most sophisticated cyber threats.
Learn More
*Paid annually
Want a printable version of this feature comparison? Click here >>
Feature
Graylog Open
Graylog Enterprise
Graylog Security
Support for Syslog, CEF, GELF, BEATS, HTTP JSON, IPFIX, Netflow, Plain Text
Log Collection
Sidecar Central Log Collector Management
Index Field Type Profiles
Pipelines & Streams
Data Normalization
Collections
Asset History
Asset Event Definition
Distinguish Illuminate vs. User-Created Entities
Visualization Widgets
Save to Dashboard
Guided Search
Save & Share
Filters
Parameters
AI Dashboard Summarization
Drill Down from Aggregation Widgets
Widget Thresholds and Labels
Text Widgets with Markdown
Revert Changes When Canceling Widget Edit
Data Table Row Numbers
Right-click Graylog + Custom Saved Searches
Scheduled Email Reports
Dashboard Drill Down
Custom Reports
Customizable Visualization Widgets
Save & Share
Input Wizard
Partial
Illuminate Content Hub
Limited with free Illuminate content
Illuminate Content
Parsers (free packs)
only available for certain, Open-source tools
Ops Content
All Content
Sharing Searches for Illuminate + Content Packs
Graylog Schema
Manual
Illuminate
Illuminate
REST API
Content Pack Import/Export
Distinguish Illuminate vs. User-Created Entities
TCP RAW & TCP Syslog Outputs
Security Detection content (e.g. Sigma Rules)
Feature
Graylog Open
Graylog Enterprise
Graylog Security
Data Enrichment Connectors
IPinfo + MaxMind GeoIP (vendor subscription required
Lookup Tables
Static
Dynamic
Dynamic
Asset Data
Vulnerability Scan Support (Qualys, Tenable Cloud, Nessus, Microsoft Defender)
MCP Server Integration for Natural Language Tools
AI Dashboard Summarization
UEBA + Anomaly Detection (ML)
AI Investigation Report Generation
Feature
Graylog Open
Graylog Enterprise
Graylog Security
Basic Triggers and Aggregations
Alerting
Notifications
Basic
Advanced
Advanced
Automated Script Triggers
Correlation Engine
Sigma Rules
User Activity, Suspicious Data Movement, File and System Integrity, Network and Perimeter Threats
Custom Detectors
Evidence Collection
AI Investigation Report Generation
Investigation Timeline Visualization and Analytics
Event Procedures (Guided Steps)
Automation
Guided Response and Workflow
Third Party SOAR and Ticketing Integration, add-on
Feature
Graylog Open
Graylog Enterprise
Graylog Security
Compliance Reports
Asset-based Risk Scoring
Events and Alerts Risk Scoring
Adversary Campaign Intelligence
Field Actions with Threat Intel Lookups and Watchlists
Threat Coverage Analyzer and Visualization
Vulnerability Scan Ingest (Qualys, Tenable Cloud, Nessus, Microsoft Defender)
Teams Management
OIDC, Okta, Auth0, AzureAD, Google, Keycloak, PingIdentity, OneLogin
Graylog User Audit Logs
Role-based Access
Internal
AD or LDAP
AD or LDAP
Feature
Graylog Open
Graylog Enterprise
Graylog Security
Multi Cluster
Enterprise Forwarder
Cluster to Cluster Forwarder
Cloud Forwarder
Data Node (OpenSearch 2.19)
Data Pipeline Management and Routing
Data Lake
Data Lake Preview and Selective Retrieval
Amazon Data Lake Preview + Retrieval
Filtered AWS Security Lake Input (3rd-party data lake)
Lake Retrievals Page
Data Tiering, Hot and Warm and Archive
HDFS Warm Tier Support
Feature
Graylog Open
Graylog Enterprise
Graylog Security
Documentation
Graylog Academy
Graylog Community
Onboarding and Architecture Review Services
Technical Account Manager (add on)
Optional
Optional
*Graylog Open only supports a very limited number of Parsers and Spotlights. Graylog Open users must first upgrade their 6.2+ instance to include the Enterprise plug-in before being able to install the Illuminate Content Hub.