Blog

Want deeper insights? Read exclusive commentary from the Gravwell team on the issues that matter most.
Filter By

Add Threat Hunting to your SIEM with Gravwell

Enhance Security by Removing Limits SIEMs have historically done well in helping organizations detect threats. Modern threat activity has shown, however, that tracking pre-selected data and relying...
Blog
05.06.2021

Announcing the Gravwell Sysmon Kit

We are pleased to announce the immediate availability of the Gravwell Sysmon kit.  This kit is designed to get you started quickly with Sysmon data and demonstrate the art of the possible.  This post...
Blog
03.10.2021

Amp Up Your Data Analysis with the new Zeek Kit

Zeek can give you so much insight into what's going on in your network, but it can feel like drinking from the firehose - dozens of files full of terse log entries, and no easy way to cross-reference...
Blog
11.16.2020

Introducing the Gravwell CoreDNS Kit

What’s in a Domain Name? That which we call a CNAME by any other AAAA record would still be used by malware to steal your data. This article introduces the Gravwell CoreDNS Kit, which provides...
Blog
09.15.2020

Windows DNS threat hunting with Sysmon and Gravwell

This month has been a big deal for IT logging of windows endpoints. Sysmon v10 was released last Tuesday and it includes the major changes of DNS logging and OriginalFileName reporting for Windows...
Blog
06.20.2019

Gravwell And Bro

In this detailed technical guide we’ll cover analyzing Bro security analytics with Gravwell. Bro is a passive network security sensor designed to provide a plugin friendly detection framework. There...
Blog
08.10.2018

Security Auditing DNS With CoreDNS and Gravwell

DNS auditing is an integral part of any I.T. security program. Name resolutions can act as a great tip for discovering malware, command and control streams, or misbehaving employees. Acquiring DNS...
Blog
07.26.2018

Gravwell and Windows Event Logging

Update This post uses the xml parser module to evaluate windows logs. We have since released the winlog module, which you can reference here: https://docs.gravwell.io/docs/#!search/winlog/winlog.md...
Blog
12.18.2017

Subscribe for Gravel Updates

Signup for the Gravwell newsletter to be the first to hear about announcements, new product features, events, and more.

TOP