Want deeper insights? Read exclusive commentary from the Gravwell team on the issues that matter most.
Filter By

Practical Application of MITRE ATT&CK

SC Magazine published an article headlined "SIEM rules ignore bulk of MITRE ATT&CK framework, placing risk burden on users." In the article, Bradley Barth writes about a study showing only 16 percent...

Slice it Like Roast Beef: Parsing Raw ARP Messages in Gravwell

One of Gravwell's great strengths is binary ingest: you can store things like raw packets, then parse them later when you know what you want to extract. This came in handy recently when I set up IPv6...

Enable Data Fusion & Pivot on Dataset Properties with the Enrich Module

Gravwell 4.1 introduces a new module - Enrich - that can add static data to every entry in a query. Sometimes you need to add static data to a dataset, such as the standard deviation itself across...

Windows DNS threat hunting with Sysmon and Gravwell

This month has been a big deal for IT logging of windows endpoints. Sysmon v10 was released last Tuesday and it includes the major changes of DNS logging and OriginalFileName reporting for Windows...

Using Data Fusion to hunt infrastructure capacity issues

 In this post we'll walk through a case study with a customer trying to identify an infrastructure capacity issue in which the system becomes unresponsive during a swell in page visits. We'll follow...

Subscribe for Gravel Updates

Signup for the Gravwell newsletter to be the first to hear about announcements, new product features, events, and more.