Graylog

Anomaly Detection with Machine Learning to Improve Security Learn how machine-learning–driven anomaly detection enhances security and performance by identifying behavioral deviations in real time. Explore how enriched logs, behavioral baselines, and automated ...

Security today is “Where’s Waldo” at terabyte scale.
ML-powered anomaly detection helps teams spot the behaviors that don’t fit the norm, from zero-days to insider threats without drowning in alerts.
Click here: graylog.org/post/anomaly...
#CyberSecurity #MachineLearning #Graylog

Observability vs Monitoring: Getting a Full Picture of the Environment Gain insights into observability and monitoring, two key concepts in maintaining system health. Explore their roles and how they complement each other.

Monitoring detects issues — observability helps you understand why they happen.

In modern distributed systems, you need both.
New blog: Monitoring vs. Observability + the pillars of telemetry (logs, metrics, traces).
👉 graylog.org/post/observa...
#Observability #DevOps #Graylog

Compliance Readiness with Audit Logging Strengthen compliance readiness with centralized audit logging, real-time analytics, and automated reporting powered by parsed, normalized, and correlated data.

Audit logs aren’t just “logs”. They’re proof.
Who acted? What changed? When? Where?

Discover audit logging basics, log types, compliance use cases, and best practices for security.
📌 graylog.org/post/complia...

#CyberSecurity #Compliance #AuditLogging

From Atlassian JSON to Actionable Audit Insights Turn raw Atlassian audit JSON into stable, searchable events. Learn why edge modeling beats pipelines for faster triage, better alerts, and dashboards.

Atlassian audit logs aren’t useless. They’re shaped wrong.
Nested JSON and shifting arrays turn simple questions into manual work. Dashboards break. The fix isn’t more parsing in the SIEM. It’s modeling audit data at the edge.
graylog.org/post/from-at...
#SecurityOperations #SIEM #AuditLogs

Kubernetes Logging Best Practices Enhance your Kubernetes logging skills with these best practices. Ensure efficient log management for improved performance and error tracking.

Kubernetes without good logging is just mystery pings.
This post breaks down:
• How Kubernetes logging works
• The key log types every cluster generates
• Practical best practices for centralization & retention
👉 graylog.org/post/kuberne...
#Kubernetes #Observability #DevOps #CloudNative #Security

How to Ignore Cybersecurity AI Bubble FOMO AI FOMO is hitting the SOC. Prepare security operations for an AI bubble correction with execution discipline, clarity, and workflows.

AI pressure is already hitting the SOC.
Boards want ROI. Teams inherit risk.

The issue isn’t AI—it’s tools that add noise, unchecked automation, and zero proof of impact.

7 bubble-proof moves to invest in AI you can defend.
Read more: graylog.org/post/how-to-...
#securityAI #SOC #ExplainableAI

Introducing The First Graylog Helm Chart Beta V1.0.0 Graylog introduces its first supported Helm chart for Kubernetes, available now as a Beta through Graylog Labs.

We’ve released the first-ever Graylog Helm Chart for Kubernetes — now available in beta.

Graylog in K8s using standard Helm workflows, without hiding the important knobs. No duct-taped manifests. No surprises.
graylog.org/post/introdu...

#Kubernetes #graylog

SIEM Automation to Improve Threat Detection and Incident Response SIEM automation uses AI, ML, and playbooks to streamline threat detection, investigation, and response with enriched, context-driven alerts.

If your SIEM automation still leaves analysts buried in alerts, it’s not helping. It’s just louder.

Good automation cuts noise, adds context, and speeds response.
What actually works (and what doesn’t):
👉 graylog.org/post/siem-au...

Using LLMs, CVSS, and SIEM Data for Runtime Risk Prioritization Why LLM-only CVSS scoring fails without SIEM context, and how log-driven AI enables runtime risk prioritization across APIs and infrastructure IT.

Runtime risk isn’t harder to analyze. It’s easier to misread. A UNC Wilmington study of 31k+ vulns shows LLMs can infer CVSS but fail without runtime context.

The same applies to MITRE mappings. Seth Goldhammer explains why AI needs SIEM data.
graylog.org/post/using-l...

#cybersecurity #SIEM #AI

Graylog is hiring in the USA!! We are looking for a Director of Revenue Operations and a Solutions Engineer. Come join us! These positions are remote.

Click this link for more info. lnkd.in/dzKkMNh2
hashtag#hiring hashtag#NowHiring hashtag#WeAreHiring

That's a wrap! Starting off 2026 at Graylog with our Annual Kickoff and awards ceremony. Great momentum, great people!

Graylog Resource Library Explore the Graylog Resource Library for a comprehensive collection of videos, case studies, datasheets, eBooks, and whitepapers.

600+ micro-services.
10x faster log processing.
Latency cut from 30 seconds to under 3.

Kaizen Gaming uses Graylog Enterprise to keep Betano visible, stable, and responsive even during peak global events.
#logmanagement #observability
graylog.org/resources/ho...

Why AI Transformations in Security Fail Like New Year’s Gym Resolutions Why enterprise AI in security is shifting from fast adoption to explainable, governed systems that SOC teams can trust, audit, and operate safely.

Gyms fill in January, empty in February. Security AI mirrors it: fast launches, big promises—then analysts validate outputs. Skip explainability, governance, and context, and AI stalls. Seth Goldhammer @socalledseth.com : graylog.org/post/why-ai-...

Cloud vs On-Premised SIEM: One or the Other or Both? By understanding the key differences between Cloud and On-Premises SIEM solutions, organizations can choose what aligns best with their needs.

On-prem or cloud? Choosing a SIEM deployment isn’t just about technology. It’s about control, compliance, scale, and operational reality. Learn how to match your SIEM deployment model to your environment, whether that’s on-prem, cloud, or hybrid. #siem #logmanagement

graylog.org/post/cloud-v...

RondoDox botnet exploits React2Shell flaw to breach Next.js servers The RondoDox botnet has been observed exploiting the critical React2Shell flaw (CVE-2025-55182) to infect vulnerable Next.js servers with malware and cryptominers.

The RondoDox botnet has been observed exploiting the critical React2Shell flaw (CVE-2025-55182) to infect vulnerable Next.js servers with malware and cryptominers.

Ransomware responders plead guilty to using ALPHV in attacks on US organizations Two Americans who worked for incident response firms face up to 20 years in prison for turning ransomware upon U.S. businesses.

Cyber incident responders from DigitalMint and Sygnia plead guilty and are facing 20 years in prison for launching ALPHV/Black Cat ransomware attacks themselves.

The two separately tried to flee to Europe before being arrested

therecord.media/ransomware-r...

6 Steps for Using a SIEM to Detect Threats Discover best practices on how to use SIEM tools to detect threats and prioritize high-value alerts for faster response.

Are you using your #SIEM to detect #security threats in the most efficient & effective ways possible❓🤔 Doing so will help you strengthen your security posture & better align strategically with business objectives.

Here are 6 steps to help you get there.👇 graylog.org/post/6-steps... #CyberSecurity

Supervised AI Is the Fastest Path to Better Threat Triage ROI Supervised AI boosts ROI by prioritizing alerts from analyst decisions, reducing noise, accelerating triage, and scaling human judgment.

Should you use supervised #AI in your SOC? 🤖👀 Yes! When applied to 1st-pass alert triage, it strengthens the human decision layer rather than removing it. 🌟💪 It helps by prioritizing #security alerts based on how similar events were previously validated by analysts. More: graylog.org/post/supervi...

Sigma Specification 2.0: What You Need to Know Sigma Specification 2.0 adds new metadata fields, modifiers, rule correlations, and filters to help reduce alert fatigue for security teams.

❄️Winter break is the perfect time to brush up on your #Sigmarules! With v2.0 rules you can create vendor-agnostic detections without being limited by proprietary log formats.

Learn about the key changes & supporting Sigma v2.0 mapped to MITRE ATT&CK framework. graylog.org/post/sigma-s... #CyberSec

25 Linux Logs to Collect and Monitor Knowing what Linux logs to collect and monitor can help you correlate event information for improved operations and security insights.

IT increasingly runs on Linux. And, as more & more of your dev & IT environments rely on #Linux, focusing your collection & monitoring efforts on these top 25 logs will help you investigate performance issues & #security incidents faster.🙌

graylog.org/post/25-linu... #OpenSource #SecurityOperations

25 Linux Logs to Collect and Monitor Knowing what Linux logs to collect and monitor can help you correlate event information for improved operations and security insights.

IT increasingly runs on Linux. And, as more & more of your dev & IT environments rely on #Linux, focusing your collection & monitoring efforts on these top 25 logs will help you investigate performance issues & #security incidents faster.🙌

graylog.org/post/25-linu...
#OpenSource #SecurityOperations

IoT Sensor Data into Graylog: A Lab Guide Here's a howto for an IoT Sensor and sending data into Graylog. Attached is a DIY Lab Guide With an ESP32 Board for your next lab project.

Got some extra time on your hands this week? This is the perfect thing for you.🫵

See how you can create a lightweight #API endpoint on the ESP32, poll ot regularly using #Graylog’s HTTP API input, and visualize the results in a live dashboard.📊👀

graylog.org/post/iot-sen... #HomeLab #CyberSecurity

2025 Security Trends That Defined the SOC and What 2026 Will Demand 2025 showed security teams slowed by data overload, process, and unguided AI. Learn the 2026 trends shaping smarter, governed SOC operations.

Curious what the top 2025 SOC trends were? Take a look.👀👇

🤖 #AI outpaced oversight
📊 Dashboards expanded while context thinned
⛅ Cloud costs quietly dictated #cybersecurity decisions

And there are more! See all of the top trends plus our prediction for the SOC in 2026.

graylog.org/post/2025-se...

Understanding Ransomware Email Threats Ransomware email threats continue to evolve, making it more difficult for security teams to detect and respond to them effectively. By understanding how they work and why they are successful, security...

There's a new look to #ransomware attacks (no) thanks to the #RaaS ecosystem. As attacks are more automated, identifying & mitigating them becomes more challenging. But, implementing email security, centralizing #security data, integrating #threatintel, & more—can help.

graylog.org/post/underst...

BSides312 - Chicago's Hacking Conference BSides312 is Chicago's biggest little non-profit hacking & information security conference.

Don’t miss out! 🚨 Our Early Bird discount is still live.
Save 20% with code BS312-EB20 and join us at #BSides312 on May 16, 2026.
See you there! 👋
bsides312.org for more information.
#BSides

React2Shell fallout spreads to sensitive targets as public exploits hit all-time high Attacker interest in the vulnerability is magnified by an unparalleled number of publicly available exploits, earning the defect the highest verified public exploit count of any CVE ever.

Attacker interest in the vulnerability is magnified by an unparalleled number of publicly available exploits, earning the defect the highest verified public exploit count of any CVE ever. via @mattkapko.com cyberscoop.com/react2shell-...

Wondering how #DevOps, development, & AI-powered #dev tools will impact the industry in 2026? Experts offer thoughtful, insightful, & even some controversial predictions in this DevOps Digest article. Hear from industry luminaries on the topic of AI-powered SDLC. www.devopsdigest.com/2026-devops-...

Understanding the Department of Justice (DOJ) Data Security Program The DOJ Data Security Program seeks to define controls for mitigating risks arising from data sharing to protect government and bulk US data from being shared with foreign adversaries.

Got questions about the DOJ's new #DataSecurity Program (DSP)? Do your current compliance programs need more controls to comply? Learn what's required of you.👇

It's possible to streamline your compliance processes while improving your overall #security posture. See how.

graylog.org/post/underst...

How to Use MCP to Optimize Your Graylog Security Detections Use Model Context Protocol (MCP) with Graylog to turn threat intelligence into prioritized, actionable security detections in seconds.

Is your #finserv institution as safe as it could be from #ransomware & other #cyberthreats? Groups like #FIN7, #LazarusGroup & #Carbanak often target #banks with attacks like SWIFT compromises. 🏦

But have no fear, #Graylog + Model Context Protocol are here to help! 🦸 💪

graylog.org/post/how-to-...

New SantaStealer malware steals data from browsers, crypto wallets A new malware-as-a-service (MaaS) information stealer named SantaStealer is being advertised on Telegram and hacker forums as operating in memory to avoid file-based detection.

A new malware-as-a-service (MaaS) information stealer named SantaStealer is being advertised on Telegram and hacker forums as operating in memory to avoid file-based detection.