Blog

The Gravwell team is happy to announce the release of Gravwell 4.1.0 - Gamma Burst.
A few highlights of what's included in the new release:

• Compound Query support
• Web UI based ingester
• A new “enrich” module
• Temporal mode in the “dump” module
• Internal performance and stability improvements

(Current users - visit the download page for instructions on updating. For a complete list of changes, see the Gravwell 4.1.0 release notes)

We’ll have a series of blog posts discussing the various features of Gravwell 4.1.0, but we wanted to get started with our favorites - Compound Queries.

Zeek can give you so much insight into what's going on in your network, but it can feel like drinking from the firehose - dozens of files full of terse log entries, and no easy way to cross-reference or merge them. That's where Gravwell's new Zeek kit comes in. It's a suite of pre-built queries, dashboards, and more which can help you make sense of what Zeek's telling you with a few clicks.

Overview

Today we are going to talk about something very important - beer.  Homebrewing has a long tradition and many master brewers started by making swill in their basement.  So today, I am going to go over my homebrew setup, how it is instrumented, how I use low-cost sensors to monitor every stage; and how a little bit of automation saved a kegerator and a few carboys.

We're building a Gravwell Kit for Sysmon! This blog series examines some of the event types that Sysmon generates to see what data they contain, opportunities for enhancing security, and example queries with Gravwell. Part 1 covered the Process Creation event type. In part 2 we jump into: Network Connection events!

What’s in a Domain Name? That which we call a CNAME by any other AAAA record would still be used by malware to steal your data. This article introduces the Gravwell CoreDNS Kit, which provides dashboards, queries, and other resources to help you quickly analyze data from a CoreDNS instance using the Gravwell CoreDNS plugin. 

I'm building a Gravwell Kit for Sysmon! This blog series follows the development of that kit for the awesome (free) sensor for Windows EDR, Sysmon. In this series we'll look at each event type that Sysmon generates to see what data it contains, opportunities for enhancing security, and example queries with Gravwell.

Maybe you've just signed up for Gravwell Community Edition and are not quite sure where to start. There are a lot of features in Gravwell, and a lot of different ingesters for pulling in data. Gravwell 4.0 includes a kit that can collect data without any external ingester--and it helps you analyze everyone's favorite topic, the weather!

Our final HOWTO for this blog series focuses on Kits, a wonderful thing in the Big Bang Release that makes our data journey quick and easy.  To catch up on our previous HOWTOs check out:
Part 1:  Getting Gravwell Installed in 2 Minutes
Part 2:  Getting Data Into Gravwell
Part 3:  First Time With Gravwell 

In our continuing series of HOWTOs, today we are walking through the user interface and seeing what questions we can answer in our new data, focusing on Netflow
Part 1:  Getting Gravwell Installed in 2 Minutes
Part 2:  Getting Data Into Gravwell

There's a ton of building blocks here and what I've found is that once you learn each, combining them together to get the answers you need is quick and fun. 

In our continuing series of HOWTOs, today we are getting some data into our Gravwell instance setup in Getting Gravwell Installed in 2 Minutes

As with install, setting up your data ingesters is quick and easy.