Want deeper insights? Read exclusive commentary from the Gravwell team on the issues that matter most.
Filter By

CSV over Syslog? How to analyze nested data formats

Greetings, fellow data wardens. Structure on read is particularly powerful for security use cases like tcp-over-dns tunneling. We first extract the DNS information, isolate the payloads, strip away...

Did that BIOS Update Do Anything?

I had been having some trouble with stability on my desktop system for a while: browser tabs crashing, random segfaults, occasionally the entire system would lock up. It's an AMD Ryzen 7 3700X...

Four Tips to Improve Your Search by Enhancing Your Query's Structure

Parts of a Query A short but important post today - we’ll go over four easy tips and tricks for improving your search performance by putting a little thought into how you structure your query. But...

Expanding Gravwell Community Edition - Major Changes

We’re opening up CE in two major ways. First, we’re upping the ingest limit from the current 2GB/day to 1/10th of an AU in bytes (which is about 13.9 GB/day). Second, we’re removing the non-commercial restrictions on a CE license. You can now get Gravwell, for free up to 13.9GB/day, to use at your home and/or your place of work.

Correlate Weak Signals to Detect Anomalies with Time-based Analysis of Logs

This quick-read will show that by understanding what's present on the network, how hosts behave, and what's typical for your organization, one can correlate weak signals through a time-based analysis of logs to detect anomalies inside your network.

CVE-2021-44228 Log4J does not impact Gravwell products

CVE-2021-44228 Log4J does not impact Gravwell products Recommendation CVE-2021-44228 relates to a vulnerability in Log4j, a Java logging framework. No Gravwell products are written in Java. No...

Get Your Kits into Git with Kitctl

Gravwell's kit builder makes it easy to collect things you've built--dashboards, scheduled searches, and so on--into a single file you can version control your insights. Not to mention, packing your...

What's in a Sysmon Event - Windows Registry EventIDs 12, 13, 14

Overview For this post we are going to be focusing on three EventIDs that pertain to the Windows Registry.  These sysmon events occur when a registry key is created, updated, deleted, or renamed. ...

What's in a sysmon event - eventid 5, process termination

Sysmon Eventid 5 - Process Termination This article pairs especially well with the Sysmon Process Creation blog post. We recommend you start there.

Announcing Gravwell 4.2.4 and a Tour of Query Studio

Introduction  We are pleased to announce the immediate availability of Gravwell 4.2.4. This release fixes several minor issues from the previous release, improves performance, and brings both Data...
1 2 3 4 5

Subscribe for Gravel Updates

Signup for the Gravwell newsletter to be the first to hear about announcements, new product features, events, and more.