Houston, TX, USA
Mar 25, 2019 | By Graylog
What kind of log information should be reported up the chain? At a certain point during log examination analysts start to ask, “What information is important enough to share with my supervisor?” This post covers useful categories of information to monitor and report that indicate potential security issues. And remember: reporting up doesn’t mean going directly to senior management. Most issues can be reported directly to an immediate supervisor.
Windows logs can be very informative, providing a perfect picture of the activities happening on an endpoint. Unfortunately, the logs can also be hard to decipher when you first start examining them. Graylog uses Pipelines and Data Adapters to enrich logs to make them more functional and easier for you to read.
Feb 25, 2019 | By Graylog
In order to analyze logs efficiently, they must be structured effectively. Often, logs from different sources label data fields differently and/or provide data that’s completely unstructured. The problem is that both types of data need to be structured appropriately in order to key in on particular elements within the log data, such as: Monitoring on source address, Applying rules associated with user names, and Creating alerts for destination addresses.
Feb 21, 2019 | By Graylog
It’s Sunday afternoon, and you’re having a nice relaxing weekend, sitting down watching your favorite sporting event. While enjoying the game, you get a high alert email on your phone, noting something’s going on and you need to jump into action. What do you do in these high stress times? Every second counts, and everyone is waiting on you to tell them what’s happening.
Jan 18, 2019 | By Graylog
When it comes to security data enrichment, it's helpful to think beyond threat intelligence. This white paper explores viable standard and advanced third-party intelligence enrichment sources that are often overlooked.
Jan 1, 2019 | By Graylog
In this guide, what to consider when selecting a source of threat intelligence and how to make threat intelligence work for your organization.