In our continuing series of HOWTOs, today we are walking through the user interface and seeing what questions we can answer in our new data, focusing on Netflow
Part 1: Getting Gravwell Installed in 2 Minutes
Part 2: Getting Data Into Gravwell
There's a ton of building blocks here and what I've found is that once you learn each, combining them together to get the answers you need is quick and fun.
In our continuing series of HOWTOs, today we are getting some data into our Gravwell instance setup in Getting Gravwell Installed in 2 Minutes
As with install, setting up your data ingesters is quick and easy.
As resident new guy at Gravwell something struck me right away. So many barriers to entry are removed by good software: ease of install, straightforward data ingest configuration, powerful UI. First in the series of quick HOWTOs, I present to you installing Gravwell
Gravwell is designed to work with your data, in your infrastructure, and within your constraints. Whether you have petabytes of packet capture, data-at-rest sensitivity requirements, or are simply integrating existing infrastructure, Gravwell is built to enable a workflow that meets your needs. Today we’ll look at an example integration with multiple Google Stenographer installations, our new Gravwell Packet Fleet ingester, and a powerful new feature in Gravwell Big Bang - Actionables.
Today we released Gravwell 3.3.11, hot on the heels of last week's 3.3.10. In our previous post, we'd said that 3.3.9 was the final planned release before our big 3.4.0 version, but there were a few important fixes we wanted to get out ASAP! These two releases were almost entirely bug-fixes, except for two little features we snuck in; we'll start by talking about the bug-fixes first and save the fun stuff for the end!
Some time back, I built a small, hydroponic garden in my garage to grow fresh veggies year round. Although I avoided a few hazards of traditional gardening, moving my garden inside proved to have its own set of challenges. I eventually realized that I could better manage my plants if I had a means to continually monitor their condition. Using an Arduino, a few sensors, and a tiny web server, I started collecting and accumulating data about my garden. It didn't take long before the amount of accumulated sensor data became cumbersome to look through. However, after importing the data into Gravwell, I was able to quickly visualize historical sensor information and gain new insights to make my thumb a little greener.
This week sees the release of Gravwell 3.3.9, our last planned release prior to the 3.4.0 "Big Bang" release. The Big Bang release will introduce Gravwell kits (our way of providing pre-packaged dashboards, resources, SOAR scripts, and more) plus lots of new user interface features. But first, let's talk about 3.3.0. This relatively boring release is mostly comprised of bug fixes, a new timegrinder timestamp, and one UI tweak. Full change log available here.
Gravwell's ingesters can pull data from a wide variety of sources and we advocate keeping raw data formats for root cause analysis, but sometimes it's nice to massage the data a little before sending it to the indexers. Maybe you're getting JSON data sent over syslog and would like to strip out the syslog headers. Maybe you're getting gzip-compressed data from an Apache Kafka stream. Maybe you'd like to be able to route entries to different tags based on the contents of the entries. Gravwell's ingest preprocessors make this possible by inserting one or more processing steps before an entry is sent upstream to the indexer.
Gravwell has officially supported Netflow v5 and IPFIX for some time. As of Gravwell 3.3.3, we're happy to announce that we now support Netflow v9 as well! This post will talk about the essential differences between Netflow v9 and IPFIX, how we implemented support, and how to get up and running with Netflow v9 ingest. We'll also talk about some pretty serious efficiency improvements we made in our IPFIX/Netflow v9 parsing module.
If your enterprise is using Office 365, your users are generating log entries every time they log in, upload files to OneDrive, send an email--the logging is pretty extensive! You can analyze these log events in the O365 console, but wouldn't it be nice to pull them into Gravwell and correlate with other data sources? Thanks to the new Office 365 ingester, you can.