Gravwell Blog

Security Auditing DNS With CoreDNS and Gravwell

Jul 26, 2018 11:16:19 AM / by Kris Watts posted in Network Analytics, Case study, Logging, Security, automation, Integrations, Home Operations Center, Orchestration

0 Comments

DNS auditing is an integral part of any I.T. security program. Name resolutions can act as a great tip for discovering malware, command and control streams, or misbehaving employees. Acquiring DNS audit data can be difficult with some DNS servers (*cough* Windows *cough*); for this post we are going to show an extremely easy method of getting DNS audit data directly into Gravwell.

Read More

Monitoring Netflow with Gravwell Community Edition

Jul 18, 2018 1:21:59 PM / by John Floren posted in Network Analytics, Community Edition, Home Operations Center

0 Comments

Gravwell Community Edition is perfect for monitoring your home network. With a generous 2GB/day ingest quota, you can capture netflow records, DNS requests, WiFi hotspot associations, and more. In this blog post, we’ll show how to ingest and analyze netflow records. We’ll assume you’ve already set up a Gravwell instance as described in the quickstart (https://dev.gravwell.io/docs/#!quickstart/community-edition.md); for this post, we’ll assume the Gravwell instance is at 192.168.1.52. Your instance will almost certainly be different, so be sure to substitute your own information.

Read More

OT Security Analytics - Finding the ground truth

Nov 16, 2017 11:22:40 AM / by Corey Thuen posted in Network Analytics, Case study, OT Analytics

1 Comment

In this post, we take a look at analyzing Industrial Control System data to detect unauthorized manipulation of relays in a process.

Read More

Gravwell wifi analytics roundup of the Wild West Hackin' Fest

Nov 1, 2017 1:42:44 PM / by Leah Figueroa posted in Network Analytics, Wifi Analytics

0 Comments

You never forget the first time… and we’ll always remember getting together with hundreds of leading security experts at the first ever Wild West Hacking Fest in Deadwood, South Dakota. We got a lot of praise before the first guest arrived at our table, but that’s probably because we sponsored the coffee! Still, when people came over to look at Gravwell’s products, we got a lot of positive feedback and eager experts wanting to test what we can do.

Read More

Hunting torrent machines with network analytics

Sep 12, 2017 12:11:37 PM / by Corey Thuen posted in Network Analytics, Case study

0 Comments

Read More