Gravwell Resources

Learn about everything from customer success stories, product info, to viewpoints from
the core team.

All

The Shift from SIEM to Cybersecurity Data Platform

The Shift from SIEM to Cybersecurity Data Platform

Read Time: 4 minutes
Log Analysis with Logbot

Log Analysis with Logbot

Read Time: 2 minutes
Gravwell 5.6.0 New License Tiers

Gravwell 5.6.0 New License Tiers

Read Time: 2 minutes
Gravwell 5.4.0 New Feature: Updated Eval Module

Gravwell 5.4.0 New Feature: Updated Eval Module

Read Time: 4 minutes
Gravwell 5.4.0 released - New alerting features

Gravwell 5.4.0 released - New alerting features

Read Time: 3 minutes
Using lookup to invert matches

Using lookup to invert matches

Read Time: 2 minutes
Accelerated Filtering with Eval

Accelerated Filtering with Eval

Read Time: 3 minutes
Home Assistant Integration: Analyzing Smart Homes with Gravwell

Home Assistant Integration: Analyzing Smart Homes with Gravwell

Read Time: 1 minutes
Kris Trust Issues: Gravwell's Capability-Based Access Control

Kris Trust Issues: Gravwell's Capability-Based Access Control

Read Time: 2 minutes
Debunking Myths: IT, OT, ICS Security from an Engineer's Perspective

Debunking Myths: IT, OT, ICS Security from an Engineer's Perspective

Read Time: 8 minutes
Gravwell 5.2 gets a query editing environment

Gravwell 5.2 gets a query editing environment

Read Time: 1 minutes
Fundamentals: Structure on Read

Fundamentals: Structure on Read

Fundamentals: Structure on read | Video Series

Fundamentals: Structure on read | Video Series

Visualizing Custom Data from a CSV

Visualizing Custom Data from a CSV

Read Time: 2 minutes
Gravwell Forms Tool- Drag-and-Drop Builder

Gravwell Forms Tool- Drag-and-Drop Builder

The Webhook Action-Automating Repetitive Manual Processes

The Webhook Action-Automating Repetitive Manual Processes

Gravwell + SCinet at Supercomputing 22

Gravwell + SCinet at Supercomputing 22

Read Time: 3 minutes
Gravwell v5.1 - New Features

Gravwell v5.1 - New Features

Click to Victory in Gravwell 5.1

Click to Victory in Gravwell 5.1

Read Time: 1 minutes
Jupyter + Gravwell=Unleash the Power of Python

Jupyter + Gravwell=Unleash the Power of Python

Read Time: 2 minutes
Splunk Integrations for Gravwell

Splunk Integrations for Gravwell

Read Time: 2 minutes
Security Data Lake-Get started with Gravwell

Security Data Lake-Get started with Gravwell

Gravwell Story: What?

Gravwell Story: What?

Gravwell Challenge- Gravwell Vs Your Data Tool

Gravwell Challenge- Gravwell Vs Your Data Tool

Gravwell Story: Why?

Gravwell Story: Why?

Making things awk-ward: Gravwell and AWK

Making things awk-ward: Gravwell and AWK

Read Time: 1 minutes
New Kit for pfSense® software

New Kit for pfSense® software

Read Time: 3 minutes
The basics of Gravwell API Access Tokens

The basics of Gravwell API Access Tokens

Read Time: 4 minutes
Unlimited Data Fusion Platform with Clear-Cut Pricing

Unlimited Data Fusion Platform with Clear-Cut Pricing

Tracking BART Trains with Gravwell

Tracking BART Trains with Gravwell

Read Time: 1 minutes
Gravwell Flows: Leveraging Best Buy API for Sony Playstation 5

Gravwell Flows: Leveraging Best Buy API for Sony Playstation 5

Read Time: 2 minutes
Kit: Palo Alto Networks Next-Generation Firewall

Kit: Palo Alto Networks Next-Generation Firewall

Read Time: 3 minutes
Hello world! With Gravwell Flows

Hello world! With Gravwell Flows

Read Time: 3 minutes
Announcing Gravwell 5.0.0 Orion

Announcing Gravwell 5.0.0 Orion

Read Time: 5 minutes
CSV over Syslog? How to analyze nested data formats

CSV over Syslog? How to analyze nested data formats

Read Time: 2 minutes
Did that BIOS Update Do Anything?

Did that BIOS Update Do Anything?

Read Time: 1 minutes
Four Tips to optimize your search through enhanced query structure

Four Tips to optimize your search through enhanced query structure

Read Time: 4 minutes
Expanding Gravwell Community Edition - Major Changes

Expanding Gravwell Community Edition - Major Changes

Read Time: 1 minutes
Anomaly Detection: Correlating Weak Signals in Log Analysis

Anomaly Detection: Correlating Weak Signals in Log Analysis

Read Time: 3 minutes
Announcing the Sysmon kit from Gravwell

Announcing the Sysmon kit from Gravwell

Drink from the Data Firehose with Gravwell

Drink from the Data Firehose with Gravwell

Threat Hunting Exercise using Gravwell's 4.1.0 Gamma Burst release

Threat Hunting Exercise using Gravwell's 4.1.0 Gamma Burst release

Gravwell 4.1.0 Release: Increased productivity for cyber security analysts

Gravwell 4.1.0 Release: Increased productivity for cyber security analysts

CVE-2021-44228 Log4J does not impact Gravwell products

Read Time: 1 minutes
Get Your Kits into Git with Kitctl

Get Your Kits into Git with Kitctl

Read Time: 3 minutes
What's in a Sysmon Event - Windows Registry EventIDs 12, 13, 14

What's in a Sysmon Event - Windows Registry EventIDs 12, 13, 14

Read Time: 7 minutes
What's in a sysmon event - eventid 5, process termination

What's in a sysmon event - eventid 5, process termination

Read Time: 3 minutes
Gravwell 4.2.4 and Query Studio Tour

Gravwell 4.2.4 and Query Studio Tour

Read Time: 3 minutes
Delve into Apache Logs with Gravwell Data Explorer

Delve into Apache Logs with Gravwell Data Explorer

Read Time: 2 minutes
Announcing Gravwell 4.2.0 - Voyager Release

Announcing Gravwell 4.2.0 - Voyager Release

Read Time: 4 minutes
The Sky is no longer the limit. Gravwell blasts off into space.

The Sky is no longer the limit. Gravwell blasts off into space.

Read Time: 1 minutes

Back-up to Backblaze with Gravwell Automations

Read Time: 4 minutes

Fill Gaps In Data With Enrich

Hosts Making A Lot of DNS Requests

Gravwell 4.2 Sneak Peek - Data Explorer

Gravwell 4.2 Sneak Peek - Data Explorer

Read Time: 1 minutes

Query To Detect DNS Beaconing

Read Time: 1 minutes

Failed Sudo Attempts - Use This Query

Top 5 Questions to Ask when Considering Log Management Solutions

Top 5 Questions to Ask when Considering Log Management Solutions

Read Time: 5 minutes

Hosts that have both succeeded and failed at SSH logins

Read Time: 1 minutes

Windows External Storage Audit

Read Time: 1 minutes
Threat Hunting, Spaf, Sun Tzu, and You

Threat Hunting, Spaf, Sun Tzu, and You

Read Time: 2 minutes

Exploring Absurdity: Windows Event Logs and Binary Logs

Read Time: 1 minutes
How to move to Gravwell from Splunk (or another platform)

How to move to Gravwell from Splunk (or another platform)

Read Time: 2 minutes
Traffic Volume by DNS Name

Traffic Volume by DNS Name

Add Threat Hunting to your SIEM with Gravwell

Add Threat Hunting to your SIEM with Gravwell

Read Time: 2 minutes

Monitor Daily Temperature Swings

Read Time: 1 minutes

Squirrel Sightings in Central Park, NY, NY

IPMI and Gravwell Part 2: Making an IPMI Kit

IPMI and Gravwell Part 2: Making an IPMI Kit

Read Time: 7 minutes

Check for "Bouncing" Ingesters

HEC Support: Gravwell's HTTP Ingester for Splunk Compatibility

HEC Support: Gravwell's HTTP Ingester for Splunk Compatibility

Read Time: 4 minutes

Show Last Set of MSI Executions Per Computer

IPMI and Gravwell Part 1: Building an IPMI Ingester

IPMI and Gravwell Part 1: Building an IPMI Ingester

Read Time: 12 minutes

100 Years of Corn Prices- Gravwell

Grouping Related Entries with the Transaction Module

Grouping Related Entries with the Transaction Module

Read Time: 3 minutes

Show How Long Each Application is Listening to the Microphone

Monitoring HomeLab and Network with Gravwell Community Edition

Monitoring HomeLab and Network with Gravwell Community Edition

Read Time: 2 minutes
Pointmap of usernames logging into F5 boxes via latest RCE

Pointmap of usernames logging into F5 boxes via latest RCE

Practical Application of MITRE ATT&CK

Practical Application of MITRE ATT&CK

Read Time: 3 minutes
Announcing the Gravwell Sysmon Kit

Announcing the Gravwell Sysmon Kit

Read Time: 5 minutes
Slice it Like Roast Beef: Parsing Raw ARP Messages in Gravwell

Slice it Like Roast Beef: Parsing Raw ARP Messages in Gravwell

Read Time: 4 minutes
Easy Custom Implementations with Gravwell Client Library

Easy Custom Implementations with Gravwell Client Library

Read Time: 3 minutes
Enable Data Fusion & Pivot on Dataset Properties with Enrich Module

Enable Data Fusion & Pivot on Dataset Properties with Enrich Module

Read Time: 3 minutes
4.1.0 Feature Spotlight: Upload Data from the Gravwell UI

4.1.0 Feature Spotlight: Upload Data from the Gravwell UI

Read Time: 2 minutes
Master Dataset Fusion: Introducing Gravwell 4.1 & Compound Queries

Master Dataset Fusion: Introducing Gravwell 4.1 & Compound Queries

Read Time: 4 minutes
Amp Up Your Data Analysis with the new Zeek Kit

Amp Up Your Data Analysis with the new Zeek Kit

Read Time: 4 minutes
Brewing With Gravwell

Brewing With Gravwell

Read Time: 11 minutes
What's in a Sysmon Event Pt. 2 - Network Connections

What's in a Sysmon Event Pt. 2 - Network Connections

Read Time: 3 minutes
Introducing the Gravwell CoreDNS Kit

Introducing the Gravwell CoreDNS Kit

Read Time: 4 minutes
What's in a Sysmon Event Pt. 1 - Process creation

What's in a Sysmon Event Pt. 1 - Process creation

Read Time: 4 minutes
Gravwell Weather Data Kit - Look Ma, No Ingester!

Gravwell Weather Data Kit - Look Ma, No Ingester!

Read Time: 4 minutes
More Gravwell Fun, Now With Kits

More Gravwell Fun, Now With Kits

Read Time: 2 minutes
First Time with Gravwell

First Time with Gravwell

Read Time: 3 minutes
Getting Data Into Gravwell

Getting Data Into Gravwell

Read Time: 1 minutes
Gravwell Installed In 2 Minutes

Gravwell Installed In 2 Minutes

Read Time: 1 minutes
PCAP collection and analysis on-demand with Gravwell Packet Fleet

PCAP collection and analysis on-demand with Gravwell Packet Fleet

Read Time: 4 minutes
Gravwell 3.3.11

Gravwell 3.3.11

Read Time: 3 minutes
Smarter Gardening with Gravwell

Smarter Gardening with Gravwell

Read Time: 5 minutes
Gravwell Version 3.3.9

Gravwell Version 3.3.9

Read Time: 3 minutes
Gravwell Ingester Preprocessors

Gravwell Ingester Preprocessors

Read Time: 4 minutes
New Release with Netflow v9 Support for Gravwell

New Release with Netflow v9 Support for Gravwell

Read Time: 7 minutes
Announcing Gravwell's Office 365 Management Log Ingester

Announcing Gravwell's Office 365 Management Log Ingester

Read Time: 3 minutes
Introducing Gravwell Macros

Introducing Gravwell Macros

Read Time: 2 minutes
Gravwell 3.3.0 - Overwatch Release

Gravwell 3.3.0 - Overwatch Release

Read Time: 4 minutes
Go Devs: Our Experience Transitioning to Go Modules from Dep

Go Devs: Our Experience Transitioning to Go Modules from Dep

Read Time: 5 minutes
Introducing the Key-Value Search Module

Introducing the Key-Value Search Module

Read Time: 2 minutes
Version 3.2.3 - Performance Improvements

Version 3.2.3 - Performance Improvements

Read Time: 3 minutes
Version 3.2.2! Do you grok it?

Version 3.2.2! Do you grok it?

Read Time: 4 minutes
A personal short story about broken pricing models

A personal short story about broken pricing models

Read Time: 2 minutes
Announcing Gravwell Version 3.2

Announcing Gravwell Version 3.2

Read Time: 1 minutes
Windows DNS threat hunting with Sysmon and Gravwell

Windows DNS threat hunting with Sysmon and Gravwell

Read Time: 8 minutes
Benchmarking Gravwell's Hybrid Indexing

Benchmarking Gravwell's Hybrid Indexing

Read Time: 12 minutes
Monitoring Vehicle CANBus Activity with Gravwell

Monitoring Vehicle CANBus Activity with Gravwell

Read Time: 3 minutes
New Gravwell Feature: Introducing Autoextractors

New Gravwell Feature: Introducing Autoextractors

Read Time: 4 minutes
Fighting social media propaganda

Fighting social media propaganda

Read Time: 2 minutes
Announcing the new Gravwell HTTP Ingester

Announcing the new Gravwell HTTP Ingester

Read Time: 2 minutes
Super Computing 2018: A Threat Hunting Case Study

Super Computing 2018: A Threat Hunting Case Study

Read Time: 1 minutes
Announcing Gravwell Version 3

Announcing Gravwell Version 3

Read Time: 3 minutes
Combat Unpredictable Analytics Costs: All-You-Can-Ingest Pricing

Combat Unpredictable Analytics Costs: All-You-Can-Ingest Pricing

Read Time: 5 minutes
Getting Started With Bro and Gravwell

Getting Started With Bro and Gravwell

Read Time: 15 minutes
Gravwell 2.2.1 Released!

Gravwell 2.2.1 Released!

Read Time: 2 minutes
DNS Security Audit With CoreDNS and Gravwell

DNS Security Audit With CoreDNS and Gravwell

Read Time: 18 minutes
Monitoring Netflow with Gravwell Community Edition

Monitoring Netflow with Gravwell Community Edition

Read Time: 7 minutes
Monitoring infrastructure metrics with Gravwell and Collectd

Monitoring infrastructure metrics with Gravwell and Collectd

Read Time: 10 minutes
Gravwell Community Edition-Free of Charge

Gravwell Community Edition-Free of Charge

Read Time: 2 minutes
Gravwell in the ICS Village and announcing Nozomi Integration

Gravwell in the ICS Village and announcing Nozomi Integration

Read Time: 3 minutes
Ingesting Google Cloud Platform PubSub

Ingesting Google Cloud Platform PubSub

Read Time: 2 minutes
Distributed Webserver Frontends in Gravwell

Distributed Webserver Frontends in Gravwell

Read Time: 5 minutes
Gravwell And Docker Deployment

Gravwell And Docker Deployment

Read Time: 12 minutes
Gravwell Release Update: Version 2 Lands

Gravwell Release Update: Version 2 Lands

Read Time: 3 minutes
Gravwell Goes to Washington

Gravwell Goes to Washington

Read Time: 2 minutes
Mojitos in Miami - S4 or Bust

Mojitos in Miami - S4 or Bust

Read Time: 2 minutes
Gravwell and Windows Event Logging

Gravwell and Windows Event Logging

Read Time: 18 minutes
Amazon Kinesis Streams and Gravwell

Amazon Kinesis Streams and Gravwell

Read Time: 3 minutes
Gravwell releases version 1 and attracts notable investor

Gravwell releases version 1 and attracts notable investor

Read Time: 2 minutes
We're thankful for big data analytics

We're thankful for big data analytics

Read Time: 3 minutes
How NOT to Launch a Product Around Black Friday

How NOT to Launch a Product Around Black Friday

Read Time: 4 minutes
OT Security Analytics - Finding the ground truth

OT Security Analytics - Finding the ground truth

Read Time: 9 minutes
Gravwell wifi analytics roundup of the Wild West Hackin' Fest

Gravwell wifi analytics roundup of the Wild West Hackin' Fest

Read Time: 2 minutes
Unveiling Truth: Analyzing FCC Comments Online

Unveiling Truth: Analyzing FCC Comments Online

Read Time: 10 minutes
Using Data Fusion to hunt infrastructure capacity issues

Using Data Fusion to hunt infrastructure capacity issues

Read Time: 5 minutes
Hunting torrent machines with network analytics

Hunting torrent machines with network analytics

Read Time: 4 minutes
Reddit Relationship Analytics: Mayweather vs McGregor Discourse

Reddit Relationship Analytics: Mayweather vs McGregor Discourse

Read Time: 2 minutes
Why we created Gravwell

Why we created Gravwell

Read Time: 1 minutes

DOCUMENTATION

All Gravwell documentation is open to everyone. 

If you’re just starting out with Gravwell, we recommend reading the Quick Start first, then moving on to the Search pipeline documentation to learn more.

SEE DOCUMENTATION