Operations | Monitoring | ITSM | DevOps | Cloud

“You can’t investigate what you don’t have”. Every analyst knows the pain of missing context. You’re in the middle of a high-stakes investigation, but the logs you need are gone, archived weeks ago due to retention limits. Or worse, they were never collected in the first place to keep costs under control. This is the Visibility vs. Cost trap, and it puts analysts at a disadvantage every day.

OpenTelemetry is emerging as the common framework for collecting observability data, and for good reason. It’s vendor-neutral, open source, and designed to collect traces, metrics, and logs in a consistent way. But while most of the buzz is around tracing and metrics, let’s not forget: logs are still the backbone of investigation and response. That’s why Graylog now supports native collection of OpenTelemetry data over gRPC.

Sigma rules have become the security team equivalent of LEGO bricks and systems. With LEGO, people can build whatever they can imagine by connecting different types of bricks. With Sigma Specification 2.0 rules, security teams can create vendor-agnostic detections without being limited by proprietary log formats. In response to the Sigma rules’ popularity, the team that built them updated them in August 2024, giving security teams new capabilities.