Blog

Want deeper insights? Read exclusive commentary from the Gravwell team on the issues that matter most.
Filter By

Announcing Gravwell 4.2.0 - Voyager Release

Announcing Gravwell 4.2.0
Blog
07.27.2021

The Sky is no longer the limit. Gravwell blasts off into space.

As a Gravwell founder, it has been absolutely incredible to watch a growing team take a product that I started in a basement with my college buddy and create a powerhouse startup serving large...
Blog
07.27.2021

Back-up to Backblaze with Gravwell Automations

Gravwell's backup/restore functionality lets you save all your user-generated content (dashboards, resources, users) into a convenient tarball for restoration in case your server's disk crashes. Of...
Blog
07.15.2021

Gravwell 4.2 Sneak Peek - Data Explorer

Greetings from the R&D department of Gravwell! We’re here today to show you a sneak peek of one of many features coming in our next release, Gravwell 4.2.0. 
Blog
06.18.2021

Top 5 Questions to Ask when Considering Log Management Solutions

Compare Scalability, Cost, and Performance There have been no shortage of self-proclaimed "Splunk Killers" and log analytics products throughout the years as hype and buzzwords get thrown about like...
Blog
06.03.2021

Threat Hunting, Spaf, Sun Tzu, and You

I often quote Spaf who says "A system is good if it does what it's supposed to do, and secure if it doesn't do anything else." Making our systems secure requires a few things. We first have to know...
Blog
05.27.2021

How to move to Gravwell from Splunk (or another platform)

As applications generate more data, as we adopt more IoT, and as more things move to cloud, log volumes explode. Traditional log management solutions have trouble keeping up and cause major budgeting...
Blog
05.13.2021

Add Threat Hunting to your SIEM with Gravwell

Enhance Security by Removing Limits SIEMs have historically done well in helping organizations detect threats. Modern threat activity has shown, however, that tracking pre-selected data and relying...
Blog
05.06.2021

IPMI and Gravwell Part 2: Making an IPMI Kit

Welcome back to Gravwell HQ! Today we bring you the second post in our two-part blog series on building IPMI ingest and analysis tools. In part one we walked through building an ingester from...
Blog
04.22.2021

What the HEC - Gravwell HTTP Ingester Supports Splunk Compatibility

The Gravwell HTTP ingester now supports a default config block that's compatible with Splunk HEC ingester defaults. To show this in action, we will use an awesome attacker simulation tool, Scythe and...
Blog
04.15.2021

IPMI and Gravwell Part 1: Building an IPMI Ingester

(This post is part one of a two-part technology series around building and using an IPMI ingester and kit. Part two coming soon.) In many data aggregation and analysis tools, the ecosystem is fully...
Blog
04.08.2021

Grouping Related Entries with the Transaction Module

In today's blog, we’ll give a short overview of the transaction module introduced in our most recent update: Gravwell 4.1.5. The transaction module is a powerful module that can rewrite individual...
Blog
04.01.2021

Monitoring HomeLab and Network with Gravwell Community Edition

Gravwell launched our free Community Edition in July 2018, and it has become an invaluable resource for home lab users and anyone looking to monitor their personal network or wrangle large amounts of...
Blog
03.25.2021

Practical Application of MITRE ATT&CK

SC Magazine published an article headlined "SIEM rules ignore bulk of MITRE ATT&CK framework, placing risk burden on users." In the article, Bradley Barth writes about a study showing only 16 percent...
Blog
03.18.2021

Announcing the Gravwell Sysmon Kit

We are pleased to announce the immediate availability of the Gravwell Sysmon kit.  This kit is designed to get you started quickly with Sysmon data and demonstrate the art of the possible.  This post...
Blog
03.10.2021

Slice it Like Roast Beef: Parsing Raw ARP Messages in Gravwell

One of Gravwell's great strengths is binary ingest: you can store things like raw packets, then parse them later when you know what you want to extract. This came in handy recently when I set up IPv6...
Blog
02.23.2021

Easy Custom Implementations with Gravwell Client Library

Version 3.7.0 of the Gravwell open source repository introduces an exciting new feature: a Go library for interacting directly with Gravwell! Our Data Fusion platform has always been about meeting...
Blog
02.08.2021

Enable Data Fusion & Pivot on Dataset Properties with the Enrich Module

Gravwell 4.1 introduces a new module - Enrich - that can add static data to every entry in a query. Sometimes you need to add static data to a dataset, such as the standard deviation itself across...
Blog
01.19.2021

4.1.0 Feature Spotlight: Upload Data from the Gravwell UI

Sometimes, you just need to get data into Gravwell without setting up any ingesters--maybe you want to analyze a collection of log files somebody emailed you, or maybe you've got a pcap file from...
Blog
01.12.2021

Combine Datasets Like a Boss: Announcing Gravwell 4.1 & Compound Queries

The Gravwell team is happy to announce the release of Gravwell 4.1.0 - Gamma Burst. A few highlights of what's included in the new release: Compound Query support Web UI based ingester A new “enrich”...
Blog
01.06.2021

Amp Up Your Data Analysis with the new Zeek Kit

Zeek can give you so much insight into what's going on in your network, but it can feel like drinking from the firehose - dozens of files full of terse log entries, and no easy way to cross-reference...
Blog
11.16.2020

Brewing With Gravwell

Overview Today we are going to talk about something very important - beer.  Homebrewing has a long tradition and many master brewers started by making swill in their basement.  So today, I am going...
Blog
11.04.2020

What's in a Sysmon Event Pt. 2 - Network Connections

We're building a Gravwell Kit for Sysmon! This blog series examines some of the event types that Sysmon generates to see what data they contain, opportunities for enhancing security, and example...
Blog
10.09.2020

Introducing the Gravwell CoreDNS Kit

What’s in a Domain Name? That which we call a CNAME by any other AAAA record would still be used by malware to steal your data. This article introduces the Gravwell CoreDNS Kit, which provides...
Blog
09.15.2020

What's in a Sysmon Event Pt. 1 - Process creation

I'm building a Gravwell Kit for Sysmon! This blog series follows the development of that kit for the awesome (free) sensor for Windows EDR, Sysmon. In this series we'll look at each event type that...
Blog
09.03.2020

Gravwell Weather Data Kit - Look Ma, No Ingester!

Maybe you've just signed up for Gravwell Community Edition and are not quite sure where to start. There are a lot of features in Gravwell, and a lot of different ingesters for pulling in data....
Blog
08.03.2020

More Gravwell Fun, Now With Kits

Our final HOWTO for this blog series focuses on Kits, a wonderful thing in the Big Bang Release that makes our data journey quick and easy.  To catch up on our previous HOWTOs check out: Part 1:...
Blog
07.30.2020

First Time with Gravwell

In our continuing series of HOWTOs, today we are walking through the user interface and seeing what questions we can answer in our new data, focusing on Netflow Part 1:  Getting Gravwell Installed in...
Blog
07.23.2020

Getting Data Into Gravwell

In our continuing series of HOWTOs, today we are getting some data into our Gravwell instance setup in Getting Gravwell Installed in 2 Minutes As with install, setting up your data ingesters is quick...
Blog
07.14.2020

Gravwell Installed In 2 Minutes

As resident new guy at Gravwell something struck me right away. So many barriers to entry are removed by good software:  ease of install, straightforward data ingest configuration, powerful UI. First...
Blog
07.09.2020

PCAP collection and analysis on-demand with Gravwell Packet Fleet

Gravwell is designed to work with your data, in your infrastructure, and within your constraints. Whether you have petabytes of packet capture, data-at-rest sensitivity requirements, or are simply...
Blog
05.27.2020

Gravwell 3.3.11

Today we released Gravwell 3.3.11, hot on the heels of last week's 3.3.10. In our previous post, we'd said that 3.3.9 was the final planned release before our big 3.4.0 version, but there were a few...
Blog
05.08.2020

Smarter Gardening with Gravwell

Some time back, I built a small, hydroponic garden in my garage to grow fresh veggies year round. Although I avoided a few hazards of traditional gardening, moving my garden inside proved to have its...
Blog
04.17.2020

Gravwell Version 3.3.9

This week sees the release of Gravwell 3.3.9, our last planned release prior to the 3.4.0 "Big Bang" release.  The Big Bang release will introduce Gravwell kits (our way of providing pre-packaged...
Blog
04.13.2020

Gravwell Ingester Preprocessors

Gravwell's ingesters can pull data from a wide variety of sources and we advocate keeping raw data formats for root cause analysis, but sometimes it's nice to massage the data a little before sending...
Blog
03.30.2020

New Release with Netflow v9 Support for Gravwell

Gravwell has officially supported Netflow v5 and IPFIX for some time. As of Gravwell 3.3.3, we're happy to announce that we now support Netflow v9 as well! This post will talk about the essential...
Blog
01.08.2020

Announcing Gravwell's Office 365 Management Log Ingester

If your enterprise is using Office 365, your users are generating log entries every time they log in, upload files to OneDrive, send an email--the logging is pretty extensive! You can analyze these...
Blog
12.17.2019

Introducing Gravwell Macros

One of the exciting new features in Gravwell 3.3.0 is search macros. Anyone who's experimented much with Gravwell knows you may often end up crafting a long and complex regular expression which...
Blog
11.27.2019

Gravwell 3.3.0 - Overwatch Release

We are excited to announce the immediate availability of Gravwell version 3.3.0. This release being a Minor release features a few fairly significant features and a whole heap of bug fixes and...
Blog
11.22.2019

Fellow Go Devs, Here's Our Experience Moving to Go Modules From Dep

When we started Gravwell years ago, we knew it was going to be a significant undertaking requiring some serious tooling under the hood. Building a custom data lake and analytics platform from scratch...
Blog
10.17.2019

Introducing the Key-Value Search Module

With Gravwell 3.2.4 we've introduced a new search module: kv, short for 'key-value'. This module is designed to help you extract key-value data from text entries without having to hand-craft regular...
Blog
10.01.2019

Version 3.2.3 - Performance Improvements

We proud to announce the immediate availability of Gravwell version 3.2.3. This release is all about performance and bug fixes, but we did manage to slip in a new Kafka ingester.
Blog
09.25.2019

Version 3.2.2! Do you grok it?

We are pleased to announce the immediate availability of Gravwell version 3.2.2! This one got away from us a bit and probably should be a major release, there is just too much good stuff in here. I...
Blog
09.10.2019

A personal short story about broken pricing models

This personal story I'm about to tell highlights one of the most important differentiators between Gravwell vs Splunk -- a non-abusive pricing model. Data rates aren't always predictable….
Blog
08.21.2019

Announcing Gravwell Version 3.2

We are happy to announce the immediate availability of Gravwell version 3.2.0!
Blog
07.31.2019

Windows DNS threat hunting with Sysmon and Gravwell

This month has been a big deal for IT logging of windows endpoints. Sysmon v10 was released last Tuesday and it includes the major changes of DNS logging and OriginalFileName reporting for Windows...
Blog
06.20.2019

Benchmarking Gravwell's Hybrid Indexing

We've had some benchmarking requests from multiple organizations struggling with ingest performance from Elasticsearch, so we're publishing them here. The latest Gravwell release marks a significant...
Blog
05.22.2019

Monitoring Vehicle CANBus Activity with Gravwell

Before founding Gravwell, I was doing quite a bit of vehicle cybersecurity. Lately I haven't had much opportunity for that kind of fun -- turns out founding a company is time consuming work. Today is...
Blog
04.18.2019

New Gravwell Feature: Introducing Autoextractors

We are excited to introduce autoextractors with Gravwell version 3.0.2.  Autoextractors make it easy for regex gurus and binary ninjas to generate extractions and share them in a portable format. ...
Blog
02.27.2019

Fighting social media propaganda

We're continuing to work with investigative reporters to research unscrupulous activity on social media. Most recently, Engadget published a piece on nefarious political influencers on Reddit. We’ve...
Blog
02.19.2019

Announcing the new Gravwell HTTP Ingester

Gravwell recently introduced a new ingester which accepts entries via HTTP POST requests. Now it's easy to send arbitrary data to Gravwell via scripts using only the curl command. In this blog post,...
Blog
02.07.2019

Super Computing 2018 After Action - a case study in threat hunting

For the 2018 Super Computing Conference (SC18, held in Dallas, TX), Gravwell provided our analytics platform to the Network Security team. These brave souls were responsible for cyber security on a...
Blog
01.31.2019

Announcing Gravwell Version 3

Huge Gravwell updates today! Thanks for your patience during this short period of radio silence, but it’s been for good reason. Today we’re happy to announce Gravwell version 3 which comes with a...
Blog
01.24.2019

Fighting Unpredictable Analytics Costs With All-You-Can-Ingest Pricing

One of the biggest complaints that’s heard across the industry is that of cost. “Too expensive” or “untenable pricing scale” are things we have been hearing from colleagues at conferences and on...
Blog
10.10.2018

Gravwell And Bro

In this detailed technical guide we’ll cover analyzing Bro security analytics with Gravwell. Bro is a passive network security sensor designed to provide a plugin friendly detection framework. There...
Blog
08.10.2018

Gravwell 2.2.1 Released!

We’re pleased to announce the release of Gravwell 2.2.1! For a point release, it’s got some very cool new features; read on to learn what we’ve added.
Blog
08.01.2018

Security Auditing DNS With CoreDNS and Gravwell

DNS auditing is an integral part of any I.T. security program. Name resolutions can act as a great tip for discovering malware, command and control streams, or misbehaving employees. Acquiring DNS...
Blog
07.26.2018

Monitoring Netflow with Gravwell Community Edition

Gravwell Community Edition is perfect for monitoring your home network. With a generous 2GB/day ingest quota, you can capture netflow records, DNS requests, WiFi hotspot associations, and more. In...
Blog
07.18.2018

Monitoring infrastructure metrics with Gravwell and Collectd

To celebrate the release of the Gravwell Community Edition we are also releasing a standalone collectd ingester. Collectd is an excellent tool for monitoring the health of hardware, systems, and...
Blog
07.10.2018

Gravwell Community Edition

Back when we released the first version of Gravwell we immediately began sharing with friends and colleagues. Those initial testers primarily used Gravwell to monitor their home networks. They found...
Blog
07.10.2018

Gravwell in the ICS Village and announcing Nozomi Integration

We're excited to join with Nozomi Networks in announcing our integration partnership which was piloted in the ICS Village at the RSA Sandbox in San Francisco earlier this year. Attendees at RSA were...
Blog
06.08.2018

Ingesting Google Cloud Platform PubSub

Thanks to Gravwell's Google PubSub ingester, it's easy to collect logs and other data from services deployed in the Google Cloud Platform. In this blog post, we'll show how to set up Gravwell in GCP...
Blog
04.24.2018

Distributed Webserver Frontends in Gravwell

With the release of Gravwell 2.0, Gravwell customers can now deploy multiple webservers tied to a central storage system. This means you can deploy multiple webservers behind a load balancer for...
Blog
04.19.2018

Gravwell And Docker Deployment

Update (1/24/2019) This post is mostly about building your own docker images. If you're interested in getting up and running fast using Gravwell+Docker, head over to our docs that cover our pre-built...
Blog
04.05.2018

Gravwell Release Update: Version 2 Lands

This week marks the release of a Gravwell version 2. It’s been a journey with plenty of long days and nights but we’re really excited about the new capabilities. We’ll be publishing a series of blog...
Blog
04.05.2018

Gravwell Goes to Washington

Shmoocon, an InfoSec conference held annually by The Shmoo Group since 2005, is held early each year in Washington, D.C. ShmooCon is a purposely smaller conference, focused on bringing original...
Blog
02.02.2018

Gravwell and Windows Event Logging

Update This post uses the xml parser module to evaluate windows logs. We have since released the winlog module, which you can reference here: https://docs.gravwell.io/docs/#!search/winlog/winlog.md...
Blog
12.18.2017

Amazon Kinesis Streams and Gravwell

Amazon’s Kinesis Streams service provides a powerful way to aggregate data (logs, etc.) from a large number of sources and feed that data into multiple data consumers. For instance, a large...
Blog
12.05.2017

Gravwell releases version 1 and attracts notable investor

We’re extremely excited to announce a new major release of the Gravwell analytics platform to our testers. It’s been a long road full of interesting (and sometimes annoying) challenges.
Blog
12.01.2017

We're thankful for big data analytics

It’s Thanksgiving Weekend in America and that means most people have acknowledged the blessings in their lives and are gearing up for something America does better than anyone: consumerism. I had a...
Blog
11.25.2017

How NOT to Launch a Product Around Black Friday

With Thanksgiving on Thursday, the start of the winter holidays is here in the states. In addition to seasonal celebrations spanning the weeks, shopping often increases around this time. Two such...
Blog
11.22.2017

OT Security Analytics - Finding the ground truth

In this post, we take a look at analyzing Industrial Control System data to detect unauthorized manipulation of relays in a process.
Blog
11.16.2017

Gravwell wifi analytics roundup of the Wild West Hackin' Fest

You never forget the first time… and we’ll always remember getting together with hundreds of leading security experts at the first ever Wild West Hacking Fest in Deadwood, South Dakota. We got a lot...
Blog
11.01.2017

Discovering truth through lies on the internet - FCC comments analyzed

For this post, the Gravwell analytics team ingested all 22 million+ comments submitted to the FCC over the net neutrality issue. Using Gravwell we were able to rapidly conduct a variety of analysis...
Blog
10.02.2017

Using Data Fusion to hunt infrastructure capacity issues

 In this post we'll walk through a case study with a customer trying to identify an infrastructure capacity issue in which the system becomes unresponsive during a swell in page visits. We'll follow...
Blog
09.28.2017

Relationship analytics of Reddit discussing Mayweather vs McGregor

We are happy to announce the release of version 0.2.6. This release has your standard array of bug fixes and quality of life improvements but the major change comes in the form of relational...
Blog
08.31.2017

Why we created Gravwell

We felt like our first blog post should start at the place all good stories start: the beginning.
Blog
08.08.2017

Subscribe for Gravel Updates

Signup for the Gravwell newsletter to be the first to hear about announcements, new product features, events, and more.

TOP