We’re extremely excited to announce a new major release of the Gravwell analytics platform to our testers. It’s been a long road full of interesting (and sometimes annoying) challenges.

In the past couple months we have more than doubled our team which has accelerated development and enabled us to support a growing customer base and we are excited about the future. On the product side we have seen some nice performance improvements, additional search modules, and delightful UX refinements. We have a roadmap that includes storage compression, new renderers, geospatial processors, and an extremely powerful permissions system. Outside of product we are looking forward to upcoming events and conferences, the next being S4x18, the most advanced and largest ICS cyber security event in the world.


Gravwell is participating in the S4x18 ICS bakeoff, intended to separate the wheat from the chaff. We are admittedly the outsiders for this competition; while our founders have a deep history in ICS security (we have broken more than a few), Gravwell is not an indicator-based ICS threat product. We are entering this competition to show what binary compatible unstructured data analytics can do in the ICS space. Our goal is to combat the lack of cybersecurity personnel with better tools that enhance your experts, rather than replace them. With Gravwell, it’s possible to analyze Apache logs right alongside process data so you can hunt the full extent of a threat, like phishing campaigns directed at OT personnel.


To see the technical details of the release you can view the changelog and our new and improved documentation at docs.gravwell.io. Also, as part of this release we have three other announcements. First, We're opening up our "Drafthouse" cluster for your sleuthing. Spread across two indexers we have:

  • Over 14TB of Shodan scans
  • 22 million FCC comments
  • 500 MB of system logs
  • 10 million samples of hardware health
  • Network captures from a cloud honeypot
  • 200 million Reddit comments (be ye warned...)
  • All growing continuously

You can get started with this wonderful button: 


Second, we have provided our ingest API and three primary ingesters under the BSD 2 clause license. The ingest library and license make it easy to integrate Gravwell directly into 3rd party products.


Third, we’re happy to announce the closure of an investment round lead by Gula Tech Adventures, a fund created by Ron and Cyndi Gula of Tenable fame. It was extremely important to us to find investors who had domain experience. With Ron and Cyndi taking point, we feel like this is a valuable partnership with investors rather than just a source of capital. I sat down with Ron for a brief interview which you can read here.


We are encouraged by the response we have received so far. Perhaps we should have expected the level of interest, given that we set out to solve the very problems we were experiencing daily. Still, it is heartening to receive validation of our assumptions and to see such a bright looking future ahead.