Blog

Want deeper insights? Read exclusive commentary from the Gravwell team on the issues that matter most.
Filter By

Practical Application of MITRE ATT&CK

SC Magazine published an article headlined "SIEM rules ignore bulk of MITRE ATT&CK framework, placing risk burden on users." In the article, Bradley Barth writes about a study showing only 16 percent...
Blog
03.18.2021

Slice it Like Roast Beef: Parsing Raw ARP Messages in Gravwell

One of Gravwell's great strengths is binary ingest: you can store things like raw packets, then parse them later when you know what you want to extract. This came in handy recently when I set up IPv6...
Blog
02.23.2021

Enable Data Fusion & Pivot on Dataset Properties with the Enrich Module

Gravwell 4.1 introduces a new module - Enrich - that can add static data to every entry in a query. Sometimes you need to add static data to a dataset, such as the standard deviation itself across...
Blog
01.19.2021

Combine Datasets Like a Boss: Announcing Gravwell 4.1 & Compound Queries

The Gravwell team is happy to announce the release of Gravwell 4.1.0 - Gamma Burst. A few highlights of what's included in the new release: Compound Query support Web UI based ingester A new “enrich”...
Blog
01.06.2021

Windows DNS threat hunting with Sysmon and Gravwell

This month has been a big deal for IT logging of windows endpoints. Sysmon v10 was released last Tuesday and it includes the major changes of DNS logging and OriginalFileName reporting for Windows...
Blog
06.20.2019

Using Data Fusion to hunt infrastructure capacity issues

 In this post we'll walk through a case study with a customer trying to identify an infrastructure capacity issue in which the system becomes unresponsive during a swell in page visits. We'll follow...
Blog
09.28.2017

Subscribe for Gravel Updates

Signup for the Gravwell newsletter to be the first to hear about announcements, new product features, events, and more.

TOP