DNS auditing is an integral part of any I.T. security program. Name resolutions can act as a great tip for discovering malware, command and control streams, or misbehaving employees. Acquiring DNS audit data can be difficult with some DNS servers (*cough* Windows *cough*); for this post we are going to show an extremely easy method of getting DNS audit data directly into Gravwell.
Security Auditing DNS With CoreDNS and Gravwell
Jul 26, 2018 11:16:19 AM / by Kris Watts posted in Network Analytics, Case study, Logging, Security, automation, Integrations, Home Operations Center, Orchestration
Monitoring Netflow with Gravwell Community Edition
Jul 18, 2018 1:21:59 PM / by John Floren posted in Network Analytics, Community Edition, Home Operations Center
Gravwell Community Edition is perfect for monitoring your home network. With a generous 2GB/day ingest quota, you can capture netflow records, DNS requests, WiFi hotspot associations, and more. In this blog post, we’ll show how to ingest and analyze netflow records. We’ll assume you’ve already set up a Gravwell instance as described in the quickstart (https://dev.gravwell.io/docs/#!quickstart/community-edition.md); for this post, we’ll assume the Gravwell instance is at 192.168.1.52. Your instance will almost certainly be different, so be sure to substitute your own information.
OT Security Analytics - Finding the ground truth
Nov 16, 2017 11:22:40 AM / by Corey Thuen posted in Network Analytics, Case study, OT Analytics
In this post, we take a look at analyzing Industrial Control System data to detect unauthorized manipulation of relays in a process.
Gravwell wifi analytics roundup of the Wild West Hackin' Fest
Nov 1, 2017 1:42:44 PM / by Leah Figueroa posted in Network Analytics, Wifi Analytics
You never forget the first time… and we’ll always remember getting together with hundreds of leading security experts at the first ever Wild West Hacking Fest in Deadwood, South Dakota. We got a lot of praise before the first guest arrived at our table, but that’s probably because we sponsored the coffee! Still, when people came over to look at Gravwell’s products, we got a lot of positive feedback and eager experts wanting to test what we can do.
Hunting torrent machines with network analytics
Sep 12, 2017 12:11:37 PM / by Corey Thuen posted in Network Analytics, Case study