Gravwell is an enterprise data fusion platform that enables security teams to investigate, collaborate, and analyze data from any source, on demand, all with unlimited data collection and retention. Ingest everything. Investigate anything.
Gravwell launched our free Community Edition in July 2018, and it has become an invaluable resource for home lab users and anyone looking to monitor their personal network or wrangle large amounts of data (up to 2GB/day) into actionable insights. In this blog post, Dustin Finn, one of our first CE users and recipient of the inaugural “CE User of the Year” Award, shares some of the cool projects he’s working on using Gravwell Community Edition.
I learned about Gravwell from the Paul’s Security Weekly podcast/video series and it caught my attention for two specific reasons. One was having the ability to obtain a "Community Edition" with simple signup and renewal and most importantly a business model that allowed me to "Ingest it all, and let Gravwell sort it out." I could also hear the passion from the team presenting that they were all in on their work for this product. That resonated with me.
The CE Gravwell instance I have is capturing both my home network and my HomeLab efforts, and I've been strictly using that to identify outgoing connections and sustained connections. Multiple times I have found IoT devices ignoring their DHCP assigned DNS and sending requests outbound. This helped push me to move towards forcing all DNS requests internally, regardless of what the IoT device would want to do.
I wrote an overview of what that effort and research involved here : https://www.busysignal.io/gravwell-a-place-for-all-your-stuff-netflow-focus/
The NetFlow reporting is primarily what Gravewell is doing for me in the HomeLab, however it has enabled further curious efforts into mounting RasperryPi devices all throughout the house and running script that will send temp and humidity, and send it to Gravwell for a dashboard of temp sensors. Basement, Garage and the Beer/Soda Fridge - these are important things to know too. [Read these blogs for more info about the Weather Kit and Brewing with Gravwell]
In another effort to know what my home network security camera Windows box was doing, I am forwarding the Window Events logs with the Gravwell events ingester. This helped identify what processes were throwing events more centrally, rather than having to remote into the Security Camera Server. From there, I wanted to get proper performance monitoring in place so I could keep tabs on the health of my system. I used the Gravwell File Follower ingester to read CSV output from a performance monitoring application that creates log data for temperatures across the server and components, as well as RAM and CPU load. These are all charted and graphed in a dashboard, and I am working to bring in other HomeLab servers.
Finally, some future items still in very early stages are working with Sysmon and getting the events to Gravwell. With some feature improvements from Gravwell and their recent blog post [Announcing the Gravwell Sysmon Kit], I feel once I get my Sysmon config sorted out I can get better detail of the endpoints in the house.
The team at Gravwell and their continued effort in the product keeps me engaged with their posts and sparks new interest in items and tasks I want to try and learn about in the HomeLab. Gravwell CE continues to be an excellent resource in my own monitoring of data and activity, and as the product grows I've been thankful that the enhancements and upgrades make it to the community.
~ Dustin Finn, CE user
We would like to thank Dustin for sharing information about his home lab projects, and for the feedback and suggestions he has offered to help make the Community Edition an even better resource for our users. If you’re interested in checking out the free Community Edition, get started using the button below: