Operations | Monitoring | ITSM | DevOps | Cloud

May 2018

Managing Centralized Data with Graylog

Central storage is vitally important in log management. Just as storing and processing logs into lumber is done in one place, a sawmill, a central repository makes it cheaper and more efficient to process event logs in one location. Moving between multiple locations to process logs can decrease performance. To continue the analogy, once boards are cut at a sawmill, a tool such as a wood jointer smoothes out the rough edges of the boards and readies them for use in making beautiful things.

Integrating Threat Intelligence with Graylog

In my last post, I gave a high-level overview how to select a threat intelligence vendor and how to integrate indicators of compromise (IOCs) into your SIEM or log management environment. In this post, I will describe in detail how to use the Threat Intelligence plugin that ships with Graylog. I’ll start with the steps necessary to prepare your data, then explain how to activate the feature and how to configure it for use.