We understand that teams have unique requirements and deployments with many different vendors—You can run Gravwell alongside or in front of your SIEM [+SOAR and XDR platforms] and with the ability to query every log at a lower cost.
How many times has your search shown raw syslog data, then attempted to process as RFC 5424 (e.g. "correct" syslog) and oh wouldntyaknowit the access point logs don't match the spec. That's ok, Gravwell can adjust our autoextractor to pull out the fields you want and process as JSON, all without having to re-ingest or alter any sort of schema.
Because Gravwell is structure-on-read, we can do a minor tweak to our query and pull the JSON from the Ubiquiti logs for analysis and apply that retroactively.
No data is lost while we "fixed" any schema. No upfront work is required either. Gravwell can do this on the fly at any time, which is crucial for investigating basic things like this syslog or complicated things like attackers exfiltrating data over DNS.
Empowering you to monitor and secure your
infrastructure faster than ever.
Drag and drop your way to advanced automations.
"Gravwell is ideally suited for security teams and responders to prepare for the next breach."