Geolocation via Pipelines in Graylog

To the delight of most Graylog users, geolocation is automatically built into the platform via the "GeoIP Resolver" plugin. All that is needed is a MaxMind database and you are ready to roll. However, there is a better way of going about geolocation that might be worth implementing…

Auditing GSuite Login Activity

Often times during incident response activities, the responder is overwhelmed with data. The need for tools to automate the analysis and enhancement of this data is crucial. This is the concept behind many SIEM tools, as well as Cortex, the analyzer engine of one of my favorite incident response collaboration…