Home » Resources » Threat Hunting with Graylog

Threat Hunting with Graylog

In this video, Graylog’s Senior Technical Marketing Manager, Jeff Darrington, along with panelists Abe Abernathy and Nick Carstensen, dive into the topic of threat hunting. They introduce ways to connect with Graylog through their newsletter and social media while setting the stage for a comprehensive discussion on logging and threat hunting. Abe shares his unique background in cybersecurity, and Nick highlights his expertise in logging, with over a decade of experience. The session walks through a demo focused on using Graylog for threat hunting, showcasing how to set up tools like Sysmon and Beats to monitor for Indicators of Compromise (IOCs), especially in incidents like SolarWinds.

Video key takeaways:

Learn the basics of threat hunting: Understand how to set up Sysmon and Beats for effective monitoring and how Graylog can help in identifying IOCs.
Real-world example using SolarWinds: The demo walks through how Graylog tools can be applied to the SolarWinds incident, giving a practical use case for threat hunting.
Advanced features of Graylog: Discover how to leverage Graylog’s powerful capabilities such as parameterized dashboards, asset management, lookups, and alerts for more efficient investigation and response.

This video is perfect for anyone interested in cybersecurity, logging, or gaining hands-on insights into threat hunting with Graylog.

Good day, everyone! Thank you for joining us for our topic on threat hunting today at Graylog. Just to let everyone know, we will be waiting for attendees to join as the numbers are increasing quickly. Here are some ways you can connect with us at Graylog: you can sign up for our bi-monthly newsletter to stay updated on content, product updates, and tips and tricks. Additionally, you can follow us on social media, including Twitter, LinkedIn, and Reddit. Be sure to check out the resources section on our website as well.

I’m Jeff Darrington, the Senior Technical Marketing Manager, and with me today are two additional panelists, Abe Abernathy and Nick Carstensen, for a quick round table. Abe, please introduce yourself.

Abe: Hey, everyone! My name is Abe. I got into the security world in the 90s, spending my youth exploring places labeled ‘Do Not Enter’. I later served in cyber operations with the Canadian Armed Forces and now work with a large city. Today, I’ll be discussing threat hunting with Graylog.

Nick: Thanks, Abe. I’m Nick Carstensen, Product Manager here at Graylog. My background is in logging, which I’ve been doing for over 10 years, having worked with various logging products. Back to you, Jeff.

Jeff: Thanks, Nick. I’m Jeff Darrington, and I’ve been in IT security, IT Ops, and product development for over 23 years. I’m excited to share my journey with Graylog and discuss how we can bring positive change with logging. Please note, you can enter questions anytime in the Q&A window, and we’ll address them at the end. A recording of this session will be available next week. Now, on to our demo.

Abe: Hi, I’m Abe, Training Engineer at Graylog. Today, I’ll be giving a brief introduction to threat hunting using Graylog. We’ll focus on basic starting points and indicators of compromise (IOCs). Our example will involve the SolarWinds incident, where we’ll discuss how to identify and manage IOCs using Sysmon. We’ll set up Sysmon and Beats configurations to capture necessary data, enabling proactive monitoring and logging.

We’ll demonstrate how to search for IOCs, build dashboards, and use Graylog’s parameterized dashboards for investigation. Finally, we’ll cover some advanced use cases, including how to handle asset management, lookups, and alerts using Graylog’s powerful tools.

Products

Graylog Small Business

Pricing