Want deeper insights? Read exclusive commentary from the Gravwell team on the issues that matter most.
Filter By

CSV over Syslog? How to analyze nested data formats

Greetings, fellow data wardens. Structure on read is particularly powerful for security use cases like tcp-over-dns tunneling. We first extract the DNS information, isolate the payloads, strip away...

Expanding Gravwell Community Edition - Major Changes

We’re opening up CE in two major ways. First, we’re upping the ingest limit from the current 2GB/day to 1/10th of an AU in bytes (which is about 13.9 GB/day). Second, we’re removing the non-commercial restrictions on a CE license. You can now get Gravwell, for free up to 13.9GB/day, to use at your home and/or your place of work.

Correlate Weak Signals to Detect Anomalies with Time-based Analysis of Logs

This quick-read will show that by understanding what's present on the network, how hosts behave, and what's typical for your organization, one can correlate weak signals through a time-based analysis of logs to detect anomalies inside your network.

The Sky is no longer the limit. Gravwell blasts off into space.

As a Gravwell founder, it has been absolutely incredible to watch a growing team take a product that I started in a basement with my college buddy and create a powerhouse startup serving large...

Top 5 Questions to Ask when Considering Log Management Solutions

Compare Scalability, Cost, and Performance There have been no shortage of self-proclaimed "Splunk Killers" and log analytics products throughout the years as hype and buzzwords get thrown about like...

Threat Hunting, Spaf, Sun Tzu, and You

I often quote Spaf who says "A system is good if it does what it's supposed to do, and secure if it doesn't do anything else." Making our systems secure requires a few things. We first have to know...

How to move to Gravwell from Splunk (or another platform)

As applications generate more data, as we adopt more IoT, and as more things move to cloud, log volumes explode. Traditional log management solutions have trouble keeping up and cause major budgeting...

Add Threat Hunting to your SIEM with Gravwell

Enhance Security by Removing Limits SIEMs have historically done well in helping organizations detect threats. Modern threat activity has shown, however, that tracking pre-selected data and relying...

What the HEC - Gravwell HTTP Ingester Supports Splunk Compatibility

The Gravwell HTTP ingester now supports a default config block that's compatible with Splunk HEC ingester defaults. To show this in action, we will use an awesome attacker simulation tool, Scythe and...

Practical Application of MITRE ATT&CK

SC Magazine published an article headlined "SIEM rules ignore bulk of MITRE ATT&CK framework, placing risk burden on users." In the article, Bradley Barth writes about a study showing only 16 percent...
1 2 3

Subscribe for Gravel Updates

Signup for the Gravwell newsletter to be the first to hear about announcements, new product features, events, and more.