PCAP collection and analysis on-demand with Gravwell Packet Fleet

May 27, 2020 8:30:00 AM / by Fritz posted in Network Analytics

Gravwell is designed to work with your data, in your infrastructure, and within your constraints. Whether you have petabytes of packet capture, data-at-rest sensitivity requirements, or are simply integrating existing infrastructure, Gravwell is built to enable a workflow that meets your needs. Today we’ll look at an example integration with multiple Google Stenographer installations, our new Gravwell Packet Fleet ingester, and a powerful new feature in Gravwell Big Bang - Actionables. 

Read More

New Release with Netflow v9 Support for Gravwell

Jan 8, 2020 9:30:00 AM / by John Floren posted in Network Analytics, Integrations

Gravwell has officially supported Netflow v5 and IPFIX for some time. As of Gravwell 3.3.3, we're happy to announce that we now support Netflow v9 as well! This post will talk about the essential differences between Netflow v9 and IPFIX, how we implemented support, and how to get up and running with Netflow v9 ingest. We'll also talk about some pretty serious efficiency improvements we made in our IPFIX/Netflow v9 parsing module.

Read More

Security Auditing DNS With CoreDNS and Gravwell

Jul 26, 2018 11:16:19 AM / by Kris Watts posted in Network Analytics, Case study, Logging, Security, automation, Integrations, Home Operations Center, Orchestration, DNS

DNS auditing is an integral part of any I.T. security program. Name resolutions can act as a great tip for discovering malware, command and control streams, or misbehaving employees. Acquiring DNS audit data can be difficult with some DNS servers (*cough* Windows *cough*); for this post we are going to show an extremely easy method of getting DNS audit data directly into Gravwell.

Read More

Monitoring Netflow with Gravwell Community Edition

Jul 18, 2018 1:21:59 PM / by John Floren posted in Network Analytics, Community Edition, Home Operations Center

Gravwell Community Edition is perfect for monitoring your home network. With a generous 2GB/day ingest quota, you can capture netflow records, DNS requests, WiFi hotspot associations, and more. In this blog post, we’ll show how to ingest and analyze netflow records. We’ll assume you’ve already set up a Gravwell instance as described in the quickstart (!quickstart/; for this post, we’ll assume the Gravwell instance is at Your instance will almost certainly be different, so be sure to substitute your own information.

Read More

OT Security Analytics - Finding the ground truth

Nov 16, 2017 11:22:40 AM / by Corey Thuen posted in Network Analytics, Case study, OT Analytics

In this post, we take a look at analyzing Industrial Control System data to detect unauthorized manipulation of relays in a process.

Read More

Gravwell wifi analytics roundup of the Wild West Hackin' Fest

Nov 1, 2017 1:42:44 PM / by Leah Figueroa posted in Network Analytics, Wifi Analytics

You never forget the first time… and we’ll always remember getting together with hundreds of leading security experts at the first ever Wild West Hacking Fest in Deadwood, South Dakota. We got a lot of praise before the first guest arrived at our table, but that’s probably because we sponsored the coffee! Still, when people came over to look at Gravwell’s products, we got a lot of positive feedback and eager experts wanting to test what we can do.

Read More

Hunting torrent machines with network analytics

Sep 12, 2017 12:11:37 PM / by Corey Thuen posted in Network Analytics, Case study

Read More