Blog

Want deeper insights? Read exclusive commentary from the Gravwell team on the issues that matter most.
Filter By

Threat Hunting, Spaf, Sun Tzu, and You

I often quote Spaf who says "A system is good if it does what it's supposed to do, and secure if it doesn't do anything else." Making our systems secure requires a few things. We first have to know...
Threat Hunting
Blog
05.27.2021

How to move to Gravwell from Splunk (or another platform)

As applications generate more data, as we adopt more IoT, and as more things move to cloud, log volumes explode. Traditional log management solutions have trouble keeping up and cause major budgeting...
Gravwell Story , IoT , HOWTO
Blog
05.13.2021

Add Threat Hunting to your SIEM with Gravwell

Enhance Security by Removing Limits SIEMs have historically done well in helping organizations detect threats. Modern threat activity has shown, however, that tracking pre-selected data and relying...
Security , SIEM , Threat Hunting
Blog
05.06.2021

IPMI and Gravwell Part 2: Making an IPMI Kit

Welcome back to Gravwell HQ! Today we bring you the second post in our two-part blog series on building IPMI ingest and analysis tools. In part one we walked through building an ingester from...
ingester , query , kits
Blog
04.22.2021

What the HEC - Gravwell HTTP Ingester Supports Splunk Compatibility

The Gravwell HTTP ingester now supports a default config block that's compatible with Splunk HEC ingester defaults. To show this in action, we will use an awesome attacker simulation tool, Scythe and...
ingester
Blog
04.15.2021

IPMI and Gravwell Part 1: Building an IPMI Ingester

(This post is part one of a two-part technology series around building and using an IPMI ingester and kit. Part two coming soon.) In many data aggregation and analysis tools, the ecosystem is fully...
ingester , HOWTO , IPMI
Blog
04.08.2021

Grouping Related Entries with the Transaction Module

In today's blog, we’ll give a short overview of the transaction module introduced in our most recent update: Gravwell 4.1.5. The transaction module is a powerful module that can rewrite individual...
Software Updates
Blog
04.01.2021

Monitoring HomeLab and Network with Gravwell Community Edition

Gravwell launched our free Community Edition in July 2018, and it has become an invaluable resource for home lab users and anyone looking to monitor their personal network or wrangle large amounts of...
Community Edition , Home Operations Center
Blog
03.25.2021

Practical Application of MITRE ATT&CK

SC Magazine published an article headlined "SIEM rules ignore bulk of MITRE ATT&CK framework, placing risk burden on users." In the article, Bradley Barth writes about a study showing only 16 percent...
Data Fusion , ATT&CK
Blog
03.18.2021

Announcing the Gravwell Sysmon Kit

We are pleased to announce the immediate availability of the Gravwell Sysmon kit.  This kit is designed to get you started quickly with Sysmon data and demonstrate the art of the possible.  This post...
EventLog , Windows , Security , kits , Sysmon , DNS
Blog
03.10.2021
1 2 3 4 5

Subscribe for Gravel Updates

Signup for the Gravwell newsletter to be the first to hear about announcements, new product features, events, and more.

Gravwell is an enterprise data fusion platform that enables security teams to investigate, collaborate, and analyze data from any source, on demand, all with unlimited data collection and retention. Ingest everything. Investigate anything.
TOP