Provides a standard Gravwell configuration to use alongside the TI Firewall’s powerful syslog export features.
Ready-to-roll dashboards, queries, templates, playbooks, and actionables, using the Gravwell CoreDNS Plugin.
Documentation and a pattern resource file that allows usage of Grok patterns for data extraction within Gravwell.
Greatly simplifies extractions that would otherwise use regular expressions directly.
Ready-to-roll dashboards, queries, templates, playbooks, and actionables for working with IPFIX data.
Depends on the Gravwell Netflow Ingester and makes heavy use of the ipfix search module.
Ready-to-roll dashboards, queries, templates, playbooks, and actionables.
Depends on the Gravwell IPMI Ingester.
This kit provides ready-to-roll dashboards, queries, templates, playbooks, and actionables.
The Netflow v5 kit depends on the Gravwell Netflow Ingester and makes heavy use of the netflow search module.
Queries, dashboards, templates, and actionables to support monitoring and investigating Sysmon data. Helps you monitor DNS, network, file, and registry activity provided by the Sysmon toolkit, and an invaluable resource for day-to-day monitoring as well as hunting misbehaving applications & malware.
A baseline set of queries, dashboards, templates, and investigative resources for the Zeek Network Security Monitor.
This kit provides ready-to-roll dashboards, queries, templates, playbooks, and actionables.
The Netflow v5 kit depends on the Gravwell Netflow Ingester and makes heavy use of the netflow search module.
A learning kit that gathers current weather conditions for a list of locations, which can be viewed using the included dashboard.