Blog

Want deeper insights? Read exclusive commentary from the Gravwell team on the issues that matter most.
Filter By

What's in a sysmon event - eventid 5, process termination

Sysmon Eventid 5 - Process Termination This article pairs especially well with the Sysmon Process Creation blog post. We recommend you start there.
Microsoft , Windows , Sysmon , compound queries
Blog
10.19.2021

Announcing Gravwell 4.2.4 and a Tour of Query Studio

Introduction  We are pleased to announce the immediate availability of Gravwell 4.2.4. This release fixes several minor issues from the previous release, improves performance, and brings both Data...
Community Edition , query , new release
Blog
10.08.2021

Gravwell 4.2 Sneak Peek - Data Explorer

Greetings from the R&D department of Gravwell! We’re here today to show you a sneak peek of one of many features coming in our next release, Gravwell 4.2.0. 
setup , first time
Blog
06.18.2021

IPMI and Gravwell Part 2: Making an IPMI Kit

Welcome back to Gravwell HQ! Today we bring you the second post in our two-part blog series on building IPMI ingest and analysis tools. In part one we walked through building an ingester from...
ingester , query , kits
Blog
04.22.2021

IPMI and Gravwell Part 1: Building an IPMI Ingester

(This post is part one of a two-part technology series around building and using an IPMI ingester and kit. Part two coming soon.) In many data aggregation and analysis tools, the ecosystem is fully...
ingester , HOWTO , IPMI
Blog
04.08.2021

Grouping Related Entries with the Transaction Module

In today's blog, we’ll give a short overview of the transaction module introduced in our most recent update: Gravwell 4.1.5. The transaction module is a powerful module that can rewrite individual...
Software Updates
Blog
04.01.2021

Enable Data Fusion & Pivot on Dataset Properties with the Enrich Module

Gravwell 4.1 introduces a new module - Enrich - that can add static data to every entry in a query. Sometimes you need to add static data to a dataset, such as the standard deviation itself across...
Data Fusion , Software Updates , Logging
Blog
01.19.2021

Combine Datasets Like a Boss: Announcing Gravwell 4.1 & Compound Queries

The Gravwell team is happy to announce the release of Gravwell 4.1.0 - Gamma Burst. A few highlights of what's included in the new release: Compound Query support Web UI based ingester A new “enrich”...
Data Fusion , Software Updates , Logging
Blog
01.06.2021

Introducing the Gravwell CoreDNS Kit

What’s in a Domain Name? That which we call a CNAME by any other AAAA record would still be used by malware to steal your data. This article introduces the Gravwell CoreDNS Kit, which provides...
Security , kits , DNS
Blog
09.15.2020

PCAP collection and analysis on-demand with Gravwell Packet Fleet

Gravwell is designed to work with your data, in your infrastructure, and within your constraints. Whether you have petabytes of packet capture, data-at-rest sensitivity requirements, or are simply...
Network Analytics
Blog
05.27.2020

Subscribe for Gravel Updates

Signup for the Gravwell newsletter to be the first to hear about announcements, new product features, events, and more.

Gravwell is an enterprise data fusion platform that enables security teams to investigate, collaborate, and analyze data from any source, on demand, all with unlimited data collection and retention. Ingest everything. Investigate anything.
TOP