Want deeper insights? Read exclusive commentary from the Gravwell team on the issues that matter most.
Filter By

Add Threat Hunting to your SIEM with Gravwell

Enhance Security by Removing Limits SIEMs have historically done well in helping organizations detect threats. Modern threat activity has shown, however, that tracking pre-selected data and relying...

Announcing the Gravwell Sysmon Kit

We are pleased to announce the immediate availability of the Gravwell Sysmon kit.  This kit is designed to get you started quickly with Sysmon data and demonstrate the art of the possible.  This post...

Amp Up Your Data Analysis with the new Zeek Kit

Zeek can give you so much insight into what's going on in your network, but it can feel like drinking from the firehose - dozens of files full of terse log entries, and no easy way to cross-reference...

Introducing the Gravwell CoreDNS Kit

What’s in a Domain Name? That which we call a CNAME by any other AAAA record would still be used by malware to steal your data. This article introduces the Gravwell CoreDNS Kit, which provides...

Windows DNS threat hunting with Sysmon and Gravwell

This month has been a big deal for IT logging of windows endpoints. Sysmon v10 was released last Tuesday and it includes the major changes of DNS logging and OriginalFileName reporting for Windows...

Gravwell And Bro

In this detailed technical guide we’ll cover analyzing Bro security analytics with Gravwell. Bro is a passive network security sensor designed to provide a plugin friendly detection framework. There...

Security Auditing DNS With CoreDNS and Gravwell

DNS auditing is an integral part of any I.T. security program. Name resolutions can act as a great tip for discovering malware, command and control streams, or misbehaving employees. Acquiring DNS...

Gravwell and Windows Event Logging

Update This post uses the xml parser module to evaluate windows logs. We have since released the winlog module, which you can reference here:!search/winlog/

Subscribe for Gravel Updates

Signup for the Gravwell newsletter to be the first to hear about announcements, new product features, events, and more.