by   | 

Our final HOWTO for this blog series focuses on Kits, a wonderful thing in the Big Bang Release that makes our data journey quick and easy.  To catch up on our previous HOWTOs check out:
Part 1:  Getting Gravwell Installed in 2 Minutes
Part 2:  Getting Data Into Gravwell
Part 3:  First Time With Gravwell 

Part 4:  Kits to Help You on the Trail  

Our new data playground is like an open world video game - Unlimited possibilities, but where do we begin?  In our last blog we barely scratched the surface of what we can do with 1 data type and a few basic questions.  As we expand capabilities it can be easy to become overwhelmed and my first instinct is to write a blog for everything.

Luckily the brains on the team thought way ahead of this new guy.  In our Big Bang release we are pleased to introduce Kits.  Kits are made up of several components which we'll define and look at here.

Let's define some new and old terms
Queries:  In part 3 we created some queries against our data.  A query is comprised of a tag, search modules, operators, renders and other things to ask questions of our data
Query Library:  A collection of queries 
Dashboards:  A group of rendered queries set in tiles

dashboard1

Netflow Dashboard Comprised of Multiple Queries

Templates:  Set of variable based queries, where the user can create dynamic dashboards based off of...
Actionables:  Smart regex that can recognize something like an IP address in a table of results and allow the user to set an action based on that, such as opening a dashboard (using the IP address through a template), copy, or setting off a...
Scripts:  Allow you to query your data and perform actions, such as sending alerts and orchestrating other systems
Playbooks:  Wiki style HOWTOs within the Gravwell system, either based around a data type (such as Netflow) or an activity (such as Threat Hunting).  Can contain links to queries as seen below:
playbook


Your Kit

Kits take all the things you need:  armor, weapons, spells, items...
I mean...
Queries, dashboards, templates, resources, playbooks, etc., and wraps them into a package you can download, modify and manage. 

The Gravwell team is developing these kits as a launchpad, but you can create and share your own kits.  For instance, at home, I'm creating a kit for all of my monitored "Internet of Things" that combines netflow, packet capture, syslog and even some windows logs into one area.  Kits can be created and shared internally to your environment based on area of responsibility or use case.

Like builds/loadouts for your characters, each tank, mage, support team member may need specialized queries, dashboards and playbooks.  With Kits in the Big Bang Release we are empowering you to make the best of your data.  

How to Install Your Kit

Like everything else, we've made this easy and straightforward:  
  1. Click "Manage Kits"
  2. Click "Available Kits"
  3. Choose the Kit you want and click "Deploy"
  4. Next - Next - OK
  5. Success!

kits1

We are constantly creating and updating our kits for you, but feel free to create and customize!  Gravwell is here to empower you and your team, and Kits are just one of the ways we can help equip you on your Data Zero to Hero journey.  Here's a video from Corey, one of our founders, diving into the Netflow Kit for your viewing pleasure:

Thanks for reading these short Gravwell HOWTOs!  If you'd like give Gravwell a try hit our trial signup page.  As I continue my journey from Data Zero to Hero I look forward to sharing more of what I've learned.  Feel free to contact at any time with questions or comments.




Until next time!
Written by Ron Fabela

Loves ICS, brewing and dissecting data.

Related posts

Back to blog