What makes data structured or unstructured and how does that affect your logging efforts and information gain? Below we've provided a comparison of structured, semi-structured, and unstructured data. Also below, we discuss ways to turn unstructured data into structured data.
This release unifies views, dashboards, and search for a more flexible and comprehensive approach to threat hunting. The expanded search introduces greater efficiency by making it easier to reuse searches you need to run on a regular basis with saved search and search workflows. Other enhancements such as full screen dashboards, and updates to alerting round out v3.2.
When talking about log management, search history is overlooked more often than not. Past searches can be used as part of log analysis and forensic analysis, but the main issue with this data is the speed of search which gets compromised as data volume gets greater. We will discuss some ways to get the best out of your saved searches and to speed up the search process.
Geolocation can be automatically built into the Graylog platform by using the "GeoIP Resolver" plugin with a MaxMind database. However, you can further improve your ability to extract meaningful and useful data by leveraging the functionality of pipelines and lookup tables. In fact, these powerful features allow you to do much more than the basic plugin.
Log management software operates on the basis of receiving, storing, and analyzing different types of log format files. There are several of these standardized log formats that are most commonly generated by a wide assortment of different devices and systems. As such, it is important to understand how they operate and differ from one another so that you can use them the right way, as well as avoid some common mistakes.
Gathering logs that contain IP addresses are quite common across your infrastructure. Your firewalls, web servers, wireless infrastructure and endpoints can contain IP addresses outside your organization. Having additional data on those logs that gives you the Geolocation of the IP address helps in your investigations and understanding of your traffic patterns. For Example, if you can see logs on a World Map, you know if you are communicating to a country you don’t normally talk to.
Cloud computing has changed the way we think about software, and opened up many new possibilities in both business and software development. Log management tools have also been affected by this, which begs the question – what are the pros and cons of cloud log management when compared to on-premises solutions? There are several key things you should consider before opting for either one, so here is a brief overview of the most important aspects that will help you make an informed decision.
AWS is a popular destination for IaaS that offers quickly saleable resources to meet even the largest customer demands. Cloud scalability like this can generate a large amount of logs you need to monitor to keep up with your cybersecurity goals. Getting those logs into a SIEM or centralized log management platform such as Graylog is key to have proactive monitoring and alerting.
Logs are a wealth of information containing meta-data from IP addresses, User Names, and error codes. While this is all extremely helpful, the task of understanding all this can seem overwhelming at times to an untrained eye. Other times, corporations might have additional resources they would like to enrich their logs with, i.e., adding a department name to a log message that depends on the username in the log.
Any system connected to the Internet is vulnerable to malicious attacks and breaches. If it’s online, there’s someone out there trying to break into it and do something bad with it (usually stealing data). Plain and simple. To protect your most valuable assets, you need bulletproof security measures, a skilled SecOps team, robust investigation tools, and reliable prevention/mitigation strategies.
