To the delight of most Graylog users, geolocation is automatically built into the platform via the "GeoIP Resolver" plugin. All that is needed is a MaxMind database and you are ready to roll. However, there is a better way of going about geolocation that might be worth implementing if you are a Graylog power user: lookup tables & pipelines.
Recent Posts
Geolocation via Pipelines in Graylog
Aug 21, 2018 4:10:00 PM / by Megan Roddie posted in InfoSec, NDR, Graylog
Securing G Suite
Jul 19, 2018 4:13:00 PM / by Megan Roddie posted in Security, Cloud, Google
Shortly after publishing Part 1 of my G Suite DFIR blog series, I gave a talk on the topic at BSides SATX. The talk had a super engaged audience and based on a few of the questions I received it became very clear that I needed to take a step back and first tell people how to secure their environment. This post aims to provide readers with a good baseline for a secure G Suite configuration and some recommendations related to preparing for worst case scenario.
G Suite DFIR - Part 1: Incident Response
Apr 26, 2018 4:16:00 PM / by Megan Roddie posted in DFIR, Incident Response, Forensics, Cloud, Google