Blog

Super Computing 2018 After Action - a case study in threat hunting

Jan 31, 2019 11:01:46 AM / by Corey Thuen posted in Case study

0 Comments

For the 2018 Super Computing Conference (SC18, held in Dallas, TX), Gravwell provided our analytics platform to the Network Security team. These brave souls were responsible for cyber security on a network consisting of $52 million in contributed hardware, software, and services plus 4.02 Terabits per second of external capacity. This means that not only does the SCinet Network Security team need to protect SCinet from the world, it needs to protect the world from SCinet.

Read More

Announcing Gravwell Version 3

Jan 24, 2019 10:44:56 AM / by Corey Thuen posted in Community Edition, Software Updates, Gravwell Story

0 Comments

Huge Gravwell updates today!

Thanks for your patience during this short period of radio silence, but it’s been for good reason. Today we’re happy to announce Gravwell version 3 which comes with a whole slew of delicious features and improvements.

The 2018 development year was primarily focused on improving search and ingest performance, scalability, and stability. We’ve made tremendous strides on this front and I’m excited to talk briefly about those here and in greater detail during the coming weeks. Our 2019 has a strong focus on improving out-of-the-box functionality -- keep reading for more info about the update and exciting plans for this year.

Read More

Fighting Unpredictable Analytics Costs With All-You-Can-Ingest Pricing

Oct 10, 2018 4:07:31 PM / by Corey Thuen posted in Case study, Gravwell Story, Analytics Economics

0 Comments

One of the biggest complaints that’s heard across the industry is that of cost. “Too expensive” or “untenable pricing scale” are things we have been hearing from colleagues at conferences and on forums for years. Years! Yet we’re still stuck with this extremely frustrating pricing model that disincentivizes people from using the very tool they purchased. What do I mean? Let’s dive in.

Read More

Gravwell And Bro

Aug 10, 2018 2:26:18 PM / by Kris Watts posted in Security, Events, Bro

0 Comments

In this detailed technical guide we’ll cover analyzing Bro security analytics with Gravwell. Bro is a passive network security sensor designed to provide a plugin friendly detection framework. There are a myriad of commercial Bro vendors and almost as many ways to format and store the output. Gravwell provides an efficient and simple interface for acquiring, storing, and querying Bro data.

Read More

Gravwell 2.2.1 Released!

Aug 1, 2018 3:48:22 PM / by John Floren posted in Community Edition, docker, ingester, Software Updates

0 Comments

We’re pleased to announce the release of Gravwell 2.2.1! For a point release, it’s got some very cool new features; read on to learn what we’ve added.

Read More

Security Auditing DNS With CoreDNS and Gravwell

Jul 26, 2018 11:16:19 AM / by Kris Watts posted in Logging, Integrations, automation, Security, Network Analytics, Orchestration, Home Operations Center, Case study

0 Comments

DNS auditing is an integral part of any I.T. security program. Name resolutions can act as a great tip for discovering malware, command and control streams, or misbehaving employees. Acquiring DNS audit data can be difficult with some DNS servers (*cough* Windows *cough*); for this post we are going to show an extremely easy method of getting DNS audit data directly into Gravwell.

Read More

Monitoring Netflow with Gravwell Community Edition

Jul 18, 2018 1:21:59 PM / by John Floren posted in Network Analytics, Home Operations Center, Community Edition

0 Comments

Gravwell Community Edition is perfect for monitoring your home network. With a generous 2GB/day ingest quota, you can capture netflow records, DNS requests, WiFi hotspot associations, and more. In this blog post, we’ll show how to ingest and analyze netflow records. We’ll assume you’ve already set up a Gravwell instance as described in the quickstart (https://dev.gravwell.io/docs/#!quickstart/community-edition.md); for this post, we’ll assume the Gravwell instance is at 192.168.1.52. Your instance will almost certainly be different, so be sure to substitute your own information.

Read More

Monitoring infrastructure metrics with Gravwell and Collectd

Jul 10, 2018 1:35:39 PM / by Kris Watts posted in Community Edition, Integrations, DevOps Analytics, Home Operations Center

0 Comments

To celebrate the release of the Gravwell Community Edition we are also releasing a standalone collectd ingester. Collectd is an excellent tool for monitoring the health of hardware, systems, and applications. For this post we will be demonstrating the installation and configuration of collectd to monitor the health and status of a few machines. We will be providing dashboard import codes so that you can quickly and easily import our ready made dashboards. The collectd ingester is part of the core suite of ingesters and is open source on github.

Read More

Gravwell Community Edition

Jul 10, 2018 12:17:15 PM / by Kris Watts posted in Gravwell Story, Community Edition

0 Comments

Back when we released the first version of Gravwell we immediately began sharing with friends and colleagues. Those initial testers primarily used Gravwell to monitor their home networks. They found rogue devices, neighbors leaching WiFi, poorly behaving IOT devices, and even some children that were playing video games when they should have been in bed. There was one problem, our friends wanted to give Gravwell to their friends but we aren't really a consumer software company. Our from-scratch secret sauce is what enables such game-changing pricing for larger enterprises but because we don't price on the data drip model it doesn't work for very small deployments. All that changes with the community edition...

 Get Community Edition

Read More

Gravwell in the ICS Village and announcing Nozomi Integration

Jun 7, 2018 6:11:20 PM / by Corey Thuen posted in OT Analytics, Integrations

0 Comments

We're excited to join with Nozomi Networks in announcing our integration partnership which was piloted in the ICS Village at the RSA Sandbox in San Francisco earlier this year. Attendees at RSA were also able to see the first glimpse of the newly unveiled ICS Village. For those unfamiliar with conference villages, the idea is to create a hands-on learning environment for security professionals to learn, hack, or break equipment and software that they may not experience on a day-to-day basis. The Gravwell founders have a long history in the ICS space and we believe in the village mission as we think that ICS/SCADA (more so than most industries) could benefit from some disruption and fresh ideas. The ICS Village can be found at many events this year including DEFCON and EnergySec (full event schedule can be found at https://www.icsvillage.com/events).

Read More