Whether your cybersecurity detection and response capabilities are in-house or managed through a partner, a prioritized approach to threat hunting is a key indicator of your security program’s maturity and effectiveness.
In my previous post, I explained the fundamental purpose and use cases of pipelines in Graylog – now let's move towards some more advanced topics.
If you are here hoping to learn more about using Graylog for the purpose of monitoring the security posture of your organization, strap in – it's about to get real.
Much has already been said about the recently reported SolarWinds compromise. In this post, we are not attempting to further investigate the attack, but rather, to provide a SecDevOps perspective on a few of the underlying software and development processes that are reported to have been involved in the initial compromise at SolarWinds. These processes are not unique to SolarWinds, and in fact, are often considered best practices in software development.
TL;DR - we needed to ingest multiple sources of Cylance logs into Graylog, and this is how we did it.
I tweeted this the other day, and had a lot of folks reach out asking for more details/a diagram of this setup.