Greetings, fellow data wardens. Structure on read is particularly powerful for security use cases like tcp-over-dns tunneling. We first extract the DNS information, isolate the payloads, strip away...
I had been having some trouble with stability on my desktop system for a while: browser tabs crashing, random segfaults, occasionally the entire system would lock up. It's an AMD Ryzen 7 3700X...
Parts of a Query A short but important post today - we’ll go over four easy tips and tricks for improving your search performance by putting a little thought into how you structure your query. But...
We’re opening up CE in two major ways. First, we’re upping the ingest limit from the current 2GB/day to 1/10th of an AU in bytes (which is about 13.9 GB/day). Second, we’re removing the non-commercial restrictions on a CE license. You can now get Gravwell, for free up to 13.9GB/day, to use at your home and/or your place of work.
This quick-read will show that by understanding what's present on the network, how hosts behave, and what's typical for your organization, one can correlate weak signals through a time-based analysis of logs to detect anomalies inside your network.
CVE-2021-44228 Log4J does not impact Gravwell products Recommendation CVE-2021-44228 relates to a vulnerability in Log4j, a Java logging framework. No Gravwell products are written in Java. No...
Gravwell's kit builder makes it easy to collect things you've built--dashboards, scheduled searches, and so on--into a single file you can version control your insights. Not to mention, packing your...
Overview For this post we are going to be focusing on three EventIDs that pertain to the Windows Registry. These sysmon events occur when a registry key is created, updated, deleted, or renamed. ...
Introduction We are pleased to announce the immediate availability of Gravwell 4.2.4. This release fixes several minor issues from the previous release, improves performance, and brings both Data...
