SIEMs have historically done well in helping organizations detect threats. Modern threat activity has shown, however, that tracking pre-selected data and relying on IOCs …
SIEMs have historically done well in helping organizations detect threats. Modern threat activity has shown, however, that tracking pre-selected data and relying on IOCs …
This quick-read will show that by understanding what's present on the network, how hosts behave, and what's typical for your organization, one can correlate weak signals through a time-based analysis of logs to detect anomalies inside your network.
CVE-2021-44228 Log4J does not impact Gravwell products Recommendation CVE-2021-44228 relates to a vulnerability in Log4j, a Java logging framework. No Gravwell products are written in Java. No...
Gravwell's kit builder makes it easy to collect things you've built--dashboards, scheduled searches, and so on--into a single file you can version control your insights. Not to mention, packing your...
Overview For this post we are going to be focusing on three EventIDs that pertain to the Windows Registry. These sysmon events occur when a registry key is created, updated, deleted, or renamed. ...
Introduction We are pleased to announce the immediate availability of Gravwell 4.2.4. This release fixes several minor issues from the previous release, improves performance, and brings both Data...
Gravwell 4.2.0 includes a lot of great stuff--including a snazzy new default theme--but perhaps the coolest new feature is the Data Explorer. Data Explorer is the easiest way to come to grips with...
As a Gravwell founder, it has been absolutely incredible to watch a growing team take a product that I started in a basement with my college buddy and create a powerhouse startup serving large...
Gravwell's backup/restore functionality lets you save all your user-generated content (dashboards, resources, users) into a convenient tarball for restoration in case your server's disk crashes. Of...
