The constant evolution of security threats has long-since made preventing cyber-attacks and network intrusion attempts a nearly impossible task. Real threats are often hard to identify among a multitude of false alarms, and many experts understand that a well-integrated and fully-automated threat intelligence strategy is the best approach. Nevertheless, 70% of security industry professionals still believe threat intelligence to be too complex and bulky to provide actionable insights.

‍ Log file parsing is the process of analyzing log file data and breaking it down into logical syntactic components. In simple words - you’re extracting meaningful data from logs that can be measured in thousands of lines. There are multiple ways to perform log file parsing: you can write a custom parser or use parsing tools and/or software.

Every log management solution out there has its own alerting feature. Alerts are a critical component of every logging tool. They can tell you whether an event is something you want to check out rather than just normal everyday activity you want to ignore. Graylog’s simplified interface is incredibly accessible to assist you with all the information you need in real-time, yet scalable enough to never compromise the level of detail provided.

The Graylog ExtendedLog Format (GELF) is a uniquely convenient log format created to deal with allthe shortcomings of classic plain Syslog. This enterprise feature allows you tocollect structured events from anywhere, and then compress and chunk them inthe blink of an eye.

In computing, an audit log is a record of an event. An event is any significant action that impacts the hardware or software of a computer – anything from a mouse click to a program error. Besides documenting which resources were accessed and what for, an audit file system will also include the source and destination addresses, the timestamp, and the user ID information.

Today we are officially releasing Graylog v3.1.1 This release brings a whole new AWS Kinesis/CloudWatch Input to Graylog. The new input guides the user through the setup process and performs validation checks along the way. It also supports an automated CloudWatch Logs to Kinesis Streams setup, eliminating the complexity of manual setup.

Every organization that handles large volumes of data should implement an archiving system to separate active from inactive data, including log files. With recent changes in data laws in the EU and the growing needs for log archiving, finding a quality file storage and archiving solution is more important than ever. We will discuss the reasons for archiving data and show you how to successfully store logs and use the Archive feature in Graylog Enterprise.

Managed Security Service Providers (MSSP) are IT companies that operate some portion of their customer’s security infrastructure such as firewalls, VPNs, spam / antivirus systems, and intrusion detection tools.

In the world of information technology, data has become the fundamental currency that holds the highest value. IT Operations Analytics (ITOA) represents one of the largest and richest sources of fresh and actionable data. Many automated tools can be used to make sense of all the information that comes from day-to-day IT operations, from log to agent to wire data.