As companies responded to the COVID-19 pandemic with remote work, cybercriminals increased their social engineering and ransomware attack methodologies. Ransomware, malicious code that automatically downloads to a user’s device and locks it from further use, has been rampant since the beginning of March 2020. According to a 2020 report by Bitdefender, ransomware attacks increased by seven times when compared year-over-year to 2019.
Today we are officially releasing Graylog v3.3.6. This release includes a new enterprise output along with bug fixes that improve the functionality of Graylog. Please read on for a detailed description of the new output and the bug fixes. Many thanks to our community for reporting issues and contributing fixes!
Whether you are planning to use Graylog for security and threat hunting, IT Operations analysis and reporting, or any other use case, getting your logs into Graylog is essential. The process of log collection is sometimes a daunting task, especially if you are planning to collect massive amounts of data. But if you take a minute to answer some key questions before you begin, you can transform the log collection task from daunting to smooth sailing. Here we go with the questions...
Here at Graylog, we have recently had an increase in conversations with security teams from leading companies. We want to share our key findings with the Graylog community. The good thing is that cybercriminals use a methodical approach when planning an attack. By understanding their process and knowing your network, you will be better prepared and able to stay one step ahead.
The first thing we tell Graylog users is, “Monitor your disk space.” The core set of metrics discussed below should always be in acceptable parameters and never grow over extended periods without going back to normal levels. This is why it is critical to monitor metrics that come directly from the hosts running your Graylog infrastructure.
Graylog Illuminate for authentication is a brand new offering designed by our Enterprise Intelligence team. It eliminates the manual setup necessary to detect, monitor, and analyze authentication activities and issues across your IT infrastructure by providing pre-built Dashboards, Alerts, and data enrichment. Initially, Graylog Illuminate for Authentication will address Windows authentication issues and activities. We will release additional data sources in the coming weeks so stay tuned!
Graylog is an advanced log management system, capable of ingesting all of your corporate logs into a central repository for easy searching and analysis of your data.
Today we are officially releasing Graylog v3.3 This release includes enhancements to search, events, and alerts that introduce greater efficiencies to your daily log management efforts and strengthen your audit and compliance capabilities. Please read on for detailed descriptions of each feature.
Monitoring all DNS requests in your network, including those that were blocked by (e.g., by a firewall) is a great way to increase visibility, enforce compliance and detect threats. A common problem with collecting DNS logs is that DNS server logs are notoriously hard to parse. Also, parsing only the logs of your DNS servers leaves a blind spot when it comes to usage of, or the attempt to use, an external DNS server like Google's 8.8.8.8.
