Kits

Gravwell ships with ready-to-install kits that you may install in a matter of minutes to monitor and secure your infrastructure. Interested in learning more about these, or new kits currently in development? Schedule a Demo and one of our Gravwell Guides will walk you through our powerful data analytics platform.

Bandura Cyber

The Bandura Cyber kit provides a standard Gravwell configuration for use alongside the  TI Firewall's powerful syslog export features.

Learn more about the Bandura Cyber kit here.

CoreDNS

This kit provides ready-to-roll dashboards, queries, templates, playbooks, and actionables.

The CoreDNS kit depends on the Gravwell CoreDNS Plugin.

Learn more about the CoreDNS kit in this blog.

Grok

The Grok kit provides some documentation and a pattern resource file to allow usage of Grok patterns for data extraction within Gravwell. This greatly simplifies extractions that would otherwise use regular expressions directly.

IPFIX

This kit provides ready-to-roll dashboards, queries, templates, playbooks, and actionables for working with IPFIX data.

The IPFIX kit depends on the Gravwell Netflow Ingester and makes heavy use of the ipfix search module.

IPMI

This kit provides ready-to-roll dashboards, queries, templates, playbooks, and actionables.

The IPMI kit depends on the Gravwell IPMI Ingester.

Netflow

This kit provides ready-to-roll dashboards, queries, templates, playbooks, and actionables.

The Netflow v5 kit depends on the Gravwell Netflow Ingester and makes heavy use of the netflow search module.

Learn more about the Netflow kit in this video.

Network Data Fusion

This kit provides resources which can be used to enrich network data.

Weather

A learning kit that gathers current weather conditions for a list of locations, which can be viewed using the included dashboard.

Learn more about the Weather kit in this blog.

Windows Sysmon

The Sysmon kit provides queries, dashboards, templates, and actionables to support monitoring and investigating Sysmon data. The kit helps you monitor DNS, network, file, and registry activity provided by the Sysmon toolkit, and is an invaluable resource for day-to-day monitoring as well as hunting misbehaving applications & malware.
 
Learn more about the Sysmon kit in this blog or this video.

Zeek

The Zeek Kit provides a baseline set of queries, dashboards, templates, and investigative resources for the Zeek Network Security Monitor.

Learn more about the Zeek kit in this blog or this video.