Gravwell Blog

Gravwell Goes to Washington

Feb 2, 2018 1:34:00 PM / by Leah Figueroa posted in Gravwell Story

0 Comments

Shmoocon, an InfoSec conference held annually by The Shmoo Group since 2005, is held early each year in Washington, D.C. ShmooCon is a purposely smaller conference, focused on bringing original research to attendees and supporting networking. ShmooCon XIV was held January 19-21 at the Washington Hilton (for those history buffs out there, you might recall that ARPANET made its debut at this hotel in 1972). It is important to us at Gravwell to be involved in the community, so I jumped at the chance to attend this year's Shmoo!

Read More

Mojitos in Miami - S4 or Bust

Jan 12, 2018 1:46:42 PM / by Corey Thuen posted in Gravwell Story

0 Comments

Read More

Gravwell and Windows Event Logging

Dec 18, 2017 9:00:00 AM / by Kris Watts posted in Case study, EventLog, Windows, Security

0 Comments

TL;DR

We are going to dive into Windows and show how to get logs flowing into Gravwell in under 5 minutes with the WinEvent ingester. Using the Windows queries we will audit login behavior, RDP usage, some Windows Defender, and identify when Bob from accounting is copying sensitive financial data to external storage devices. Also, Taylor Swift is involved; don't panic, just stay with me.

Overview

This Gravwell post is all about the wild world of Windows Event logging and analytics. Both Unix and Windows provide standardized central logging facilities; however, the structure and format of the stored logs are dramatically different. Syslog and most other logging systems with roots in Unix approach logging as an unstructured stream: a log entry is a string of text, no more, no less (we are going to ignore journald and its binary madness). Windows, however, logs all events in fully-formed XML and the logging system is integrated into the operating system itself.  We should also note that logging in Windows is... less than ideal.  If you are coming from the Unix world, throw out all your assumptions; things are different here.

Read More

Amazon Kinesis Streams and Gravwell

Dec 5, 2017 1:11:03 PM / by John Floren posted in developer, API, Amazon, AWS, ingester, Kinesis

0 Comments

Amazon’s Kinesis Streams service provides a powerful way to aggregate data (logs, etc.) from a large number of sources and feed that data into multiple data consumers. For instance, a large enterprise might use one Kinesis stream to gather log data from their cloud infrastructure and another stream to aggregate sales data from the web services running on that infrastructure. Once the data is in the stream, it remains available for up to a day (or optionally longer) for any number of applications to read it back for processing and analysis. This is particularly useful to customers that want to deploy and destroy virtual machines on a whim; data is stored in the stream, rather than the ephemeral VMs.

Read More

Gravwell releases version 1 and attracts notable investor

Dec 1, 2017 10:04:16 AM / by Corey Thuen posted in Gravwell Story, Software Updates

0 Comments

We’re extremely excited to announce a new major release of the Gravwell analytics platform to our testers. It’s been a long road full of interesting (and sometimes annoying) challenges.

Read More

We're thankful for big data analytics

Nov 24, 2017 4:04:39 PM / by Corey Thuen posted in DevOps Analytics

0 Comments

It’s Thanksgiving Weekend in America and that means most people have acknowledged the blessings in their lives and are gearing up for something America does better than anyone: consumerism. I had a bit of down time and thought I’d do something else America is good at: Freedom Fighting.

Read More

How NOT to Launch a Product Around Black Friday

Nov 22, 2017 12:00:00 PM / by Leah Figueroa

0 Comments

With Thanksgiving on Thursday, the start of the winter holidays is here in the states. In addition to seasonal celebrations spanning the weeks, shopping often increases around this time. Two such days, Black Friday and Cyber Monday, are some of the biggest shopping days of the year and people often wait to see what deals can be found. Products are launched on or around Black Friday/Cyber Monday in the hopes of garnering more sales and to drive up excitement. Often, this is a great idea. Sometimes, though, a product drops in such a way that could only be dubbed failure.

Read More

OT Security Analytics - Finding the ground truth

Nov 16, 2017 11:22:40 AM / by Corey Thuen posted in Network Analytics, Case study, OT Analytics

1 Comment

In this post, we take a look at analyzing Industrial Control System data to detect unauthorized manipulation of relays in a process.

Read More

Gravwell wifi analytics roundup of the Wild West Hackin' Fest

Nov 1, 2017 1:42:44 PM / by Leah Figueroa posted in Network Analytics, Wifi Analytics

0 Comments

You never forget the first time… and we’ll always remember getting together with hundreds of leading security experts at the first ever Wild West Hacking Fest in Deadwood, South Dakota. We got a lot of praise before the first guest arrived at our table, but that’s probably because we sponsored the coffee! Still, when people came over to look at Gravwell’s products, we got a lot of positive feedback and eager experts wanting to test what we can do.

Read More

Discovering truth through lies on the internet - FCC comments analyzed

Oct 2, 2017 11:30:00 AM / by Corey Thuen posted in Case study, DevOps Analytics

4 Comments

For this post, the Gravwell analytics team ingested all 22 million+ comments submitted to the FCC over the net neutrality issue. Using Gravwell we were able to rapidly conduct a variety of analysis against the data to pull out some pretty interesting findings. We scraped the entirety of the FCC comments over the course of a night and ingested them into Gravwell afterward. It took about an hour of poking around to get a handle on what the data was and the following research was conducted over about a 12 hour period. So we went from zero knowledge to interesting insights in half a day. We’re kinda nerding out about it.

Read More