Gravwell helps turn your data fire hose into a well of knowledge
Modern analytics should handle binary data streams. They should not force customers to drop data because of licensing costs. Most importantly, they should not force you to know what you want before you have it. Modern analytics should work for you, not against you; that's where Gravwell comes in.
When experienced hackers and big data experts team up, you get an analytics platform capable of things never seen outside of Hollywood. We exist to provide analytics capabilities to people who need more than just text log searching and need it sooner rather than later at a price they can afford.
Gravwell was built to handle massive amounts of data, so our pricing isn't based on how much you ingest. You should be focused on having the data you need when you need it instead of dumping data to keep costs reasonable. Throwing away data is throwing away the answers to future questions. With Gravwell, cost is never part of the data retention decision.
Gravwell is all about flexibility. We want you to get your data into the system as quickly and painlessly as possible; that's why we've built a selection of ingesters for both general and specific uses. We've ingested many different kinds of data, including but not limited to:
- Raw network packets (ethernet and wifi)
- Linux log files
- Windows event data
- Bro and Suricata logs
- Video streams
- The live Shodan network scan stream
- Reddit and Hacker News comments
We acknowledge we can't forsee every possible use case, so we've also released an open-source API so you can easily write custom ingesters.
During the training, our process got hit by a cyber attack. The system gave an "all clear" but our tanks were overflowing! Gravwell showed us the ground truth history, helped us identify the source of the attack, and enabled our incident response.
Critical Infrastructure Training Attendee
Gravwell is a full-stack analytics platform built to handle huge amounts of unstructured data. Our benchmarks outpace competitors and improve with every release cycle.
Our platform is proudly built on open-source components like Go, and we do our best to give back by sending patch requests upstream instead of forking internally. We're also open-sourcing utilities and APIs for Gravwell, allowing more flexibility for our users. Check our Github account to see what we're up to!
Gravwell began with two engineers, working in cybersecurity and extremely large-scale internet emulation. These engineers were working with huge volumes of data, investigating the big questions ("what happens if you reboot the internet?" or "how does malware propagate between hundreds of thousands of Android devices?").
The analytics tools available struggled to meet their needs, wasting time while barely touching the capabilities of their hardware and rapidly increasing the price tag associated with that much data. The engineers had to make hard decisions about which data was to be kept and which could be dropped on the floor -- a decision that goes against the ideals of big data analysis.
One day, those engineers looked at all the issues and thought, "We can do this better." Gravwell was born.
A couple years have passed and Gravwell has moved from a side project to a part-time job to a full-stack enterprise analytics platform. The team continues to grow as more people who share the same goal and vision join the ranks to expand the already robust platform with great new features.
Gravwell onboarding engineering helped me set up a machine learning facial recognition system to correlate badge-ins with faces on camera. I can easily pull up full badge history, identify issues like piggybacking, and find the one camera feed out of hundreds that is actually relevant to the problem I'm investigating.
Secure Facility POC Participant