Gravwell is designed to work with your data, in your infrastructure, and within your constraints. Whether you have petabytes of packet capture, data-at-rest sensitivity requirements, or are simply integrating existing infrastructure, Gravwell is built to enable a workflow that meets your needs. Today we’ll look at an example integration with multiple Google Stenographer installations, our new Gravwell Packet Fleet ingester, and a powerful new feature in Gravwell Big Bang - Actionables.
PCAP collection and analysis on-demand with Gravwell Packet Fleet
May 27, 2020 8:30:00 AM / by Fritz posted in Network Analytics
New Release with Netflow v9 Support for Gravwell
Jan 8, 2020 9:30:00 AM / by John Floren posted in Network Analytics, Integrations
Gravwell has officially supported Netflow v5 and IPFIX for some time. As of Gravwell 3.3.3, we're happy to announce that we now support Netflow v9 as well! This post will talk about the essential differences between Netflow v9 and IPFIX, how we implemented support, and how to get up and running with Netflow v9 ingest. We'll also talk about some pretty serious efficiency improvements we made in our IPFIX/Netflow v9 parsing module.
Security Auditing DNS With CoreDNS and Gravwell
Jul 26, 2018 11:16:19 AM / by Kris Watts posted in Network Analytics, Case study, Logging, Security, automation, Integrations, Home Operations Center, Orchestration, DNS
DNS auditing is an integral part of any I.T. security program. Name resolutions can act as a great tip for discovering malware, command and control streams, or misbehaving employees. Acquiring DNS audit data can be difficult with some DNS servers (*cough* Windows *cough*); for this post we are going to show an extremely easy method of getting DNS audit data directly into Gravwell.
Monitoring Netflow with Gravwell Community Edition
Jul 18, 2018 1:21:59 PM / by John Floren posted in Network Analytics, Community Edition, Home Operations Center
Gravwell Community Edition is perfect for monitoring your home network. With a generous 2GB/day ingest quota, you can capture netflow records, DNS requests, WiFi hotspot associations, and more. In this blog post, we’ll show how to ingest and analyze netflow records. We’ll assume you’ve already set up a Gravwell instance as described in the quickstart (https://dev.gravwell.io/docs/#!quickstart/community-edition.md); for this post, we’ll assume the Gravwell instance is at 192.168.1.52. Your instance will almost certainly be different, so be sure to substitute your own information.
OT Security Analytics - Finding the ground truth
Nov 16, 2017 11:22:40 AM / by Corey Thuen posted in Network Analytics, Case study, OT Analytics
In this post, we take a look at analyzing Industrial Control System data to detect unauthorized manipulation of relays in a process.
Gravwell wifi analytics roundup of the Wild West Hackin' Fest
Nov 1, 2017 1:42:44 PM / by Leah Figueroa posted in Network Analytics, Wifi Analytics
You never forget the first time… and we’ll always remember getting together with hundreds of leading security experts at the first ever Wild West Hacking Fest in Deadwood, South Dakota. We got a lot of praise before the first guest arrived at our table, but that’s probably because we sponsored the coffee! Still, when people came over to look at Gravwell’s products, we got a lot of positive feedback and eager experts wanting to test what we can do.
Hunting torrent machines with network analytics
Sep 12, 2017 12:11:37 PM / by Corey Thuen posted in Network Analytics, Case study