If you are here hoping to learn more about using Graylog for the purpose of monitoring the security posture of your organization, strap in – it's about to get real.
Whether you're on the Defensive or Offensive side of security, it's important to understand how common attack tools look in an environment. As someone defending a network, the use of proper logging can help prevent visibility gaps. You could have the best perimeter detections that are available, but without visibility into the activity on your endpoints, you're essentially missing a piece of the puzzle.
The Recon team is excited to announce the launch of SOC X™, the Professional SOC Team World Championship! The inaugural event will be on March 4, 2021.
The Recon team is thrilled to announce our newest offering, NDR Live Online!
Staying on-top of the latest adversarial methodologies means quickly adjusting to new TTPs and requires a thorough and constant understanding of your own detection capabilities. Given a rapidly changing, dynamic environment, this level of attention can't be a manual process, it requires the magic of automation.
If you couldn't tell by now, we love Graylog. We may have mentioned them a time or two :)
TL;DR - we needed to ingest multiple sources of Cylance logs into Graylog, and this is how we did it.
I tweeted this the other day, and had a lot of folks reach out asking for more details/a diagram of this setup.