💡 As you build out your #security program, you should know some of the more critical #Windows Event IDs to monitor and what they mean. Read on to get a list of critical Event IDs for:

👉 Logon events
👉 Privilege use
👉 Windows Server
👉 Microsoft Defender Antivirus

Plus, learn how you can build a single source of log information that enables observability and visibility across your environment. 🙌

https://graylog.org/post/25-linux-logs-to-collect-and-monitor/ #CyberSecurity #SIEM #InfoSec #GraylogLabs

Is your financial institution as safe as it could be from #ransomware and other cyber threats? 🤔 Groups like FIN7, Lazarus Group, and Carbanak often specifically target banks with sophisticated attacks, like SWIFT compromises and more. 🏦 💰

But have no fear, Graylog + Model Context Protocol (MCP) are here to help! 🦸💪 Today, Seth Goldhammer is walking you through a real world example where a bank in the north east, with a simple #Anthropic prompt, learned that it needed to understand the threat landscape and map it to their current log sources — to enable threat detection content in their current #Graylog deployment.

See how they mastered the challenge and enabled real-time, context-aware recommendations based on their actual environment, in our latest Graylog Labs article.👇

https://graylog.org/post/how-to-use-mcp-to-optimize-your-graylog-security-detections/

#CyberThreats #FinServ #GraylogLabs #TDIR #ThreatDetection

Let's take a look back today at #Graylog's first-ever Engineering Hackathon! 👩‍💻 🎉 In October, we gave our engineers a full week to build whatever they believed would make #Graylog better. This allowed them to step away from their day-to-day work, explore new ideas, experiment with technologies, and more.

Some highlights included:
🌎 Watching new collaborations take place across our teams & different continents
💻 A project built primarily via vibe coding
🛠️ The project "Portal Gun" team turning a 10-year old POC into a dynamic, usable UI element that you can try out in Graylog 7.1 Alpha 1

Read all about it, in our latest blog by Dev Team Engineering Directors Rob Curtis and Martina Kohn!👇

https://graylog.org/post/the-first-graylog-engineering-hackathon/ #Hackathon #CyberSecurity #Devs #GraylogLabs

💡It's time to learn about some features and fixes that will make your daily work in #Graylog smoother. 👍 In our most recent blog by the Graylog Development Team, we're highlighting a minor but functional enhancement — Graylog time-range stepping.

To fix manual time-range adjustment limitations we now have two new time range navigation buttons that let you step forward and backward through your logs, one time range at a time. ⬅️ ➡️ Learn more about this feature here: https://graylog.org/post/sliding-through-log-time-space/

📻 And, stay tuned for more in this series from Konrad Merz and the rest of the Graylog Development Team! #CyberSecurity #SIEM #APISecurity #GraylogLabs

It's time to tune in for the latest from #GraylogLabs! 📺 🎊 Today we're taking about the new Caddy Webserver Content Pack. Say what? No, not #Caddyshack! ⛳ 🦫 Caddy Webserver! 🖥️

This new content pack is going to help you quickly turn raw logs into structured, searchable insights. 🔎💡 🙌 It's available in Illuminate 6.4 and a Graylog Enterprise or Graylog #Security license, and delivers ready-to-use parsing rules, streams, and dashboards. 🚚

Read up on:
❓ What this pack does
🪵 Getting logs into #Graylog
🫵 Why you should log Caddy Webserver logs
🔍 How this helps you quickly detect anomalies, identify suspicious requests, and feed relevant data directly into your #TDIR workflows

https://graylog.org/post/caddy-webserver-data-in-graylog/ #cybersecurity #threatdetection #incidentresponse #SIEM

Out now! 👉 Our latest #GraylogLabs post on the exploitation of the SharePoint RCE. CVE-2025-53770 and CVE-2025-53771 are critical remote code execution vulnerabilities (CVSS base score 9.8) impacting #Microsoft #SharePoint. In this blog, we simulate the exploitation of this SharePoint RCE vulnerability and analyze the resulting telemetry inside #Graylog. 📊

Read an overview on this attack, follow along as we emulate the adversary SharePoint RCE, explain the requirements to detect this exploit, review indicators, and more. Plus, learn about actionable threat hunting and detection strategies.👇

https://graylog.org/post/adversary-tradecraft-exploitation-of-the-sharepoint-rce/ #SharePointRCE #CVE #cybersecurity #CVE202553770 #CVE202553771

Do you know the clues to look for? 🔍 When threat actors gain unauthorized access to systems, networks, or devices, they leave behind clues. And your #security team needs to be able to find them to mitigate risk.🕵 Indicators of compromise (IOCs) can be network-based, host-based, email-based, behavioral, or third-party. 🤔

Learn more about IOCs, plus check out this handy list of 17 common IOCs to look out for! 👀👇

https://graylog.org/post/17-common-indicators-of-compromise/?utm_content=337930088&utm_medium=social&utm_source=linkedin&hss_channel=lcp-2783090 #GraylogLabs #cybersecurity #threatactors

Getting your data from GitLab’s audit logs into #Graylog for centralized analysis is easier than you might think! 🤔 😃 Take a look at this two-part guide to learn how. 👁️ 👇

This guide covers:
👉 Prerequisites for setting up the raw HTTP input for GitLab
👉 Configuring GitLab to stream logs
👉 Configuring the raw HTTP input
👉 Requirements for enriching GitLab logs with Illuminate
👉 Setup Instructions
And more...

Ready to centralize GitLab Logs? Check out the guide to get started with wiring up GitLab’s Audit Event Streaming, and you'll be on your way to visualizing enriched events in a purpose-built dashboard! Let's go...

https://graylog.org/post/bringing-gitlab-logs-into-focus-with-graylog/ #cybersecurity #logmanagement #loganalysis #GraylogLabs

Knowing the most common indicators of compromise (IoCs) can improve your key threat detection and response (TDIR) metrics. 👍 And, if you are keeping an eye out for common IOCs, then you're able to take a more proactive approach to #security. So, let's dig in and learn all about IOCs! 🙌

IoCs fall into the following categories:
🔹 Network-based
🔹 Host-based
🔹 Email-based
🔹 Behavioral
🔹 Third-party

In this blog we outline 17 common indicators of compromise, including:
🚦 Network traffic anomalies
💻 Unusual sign-in attempts
🗺️ Geographical anomalies
⚠️ Privilege account irregularities
🔄 Changes to systems configurations
🖥️ Unexpected software installations or updates
📂 Numerous requests for the same file
🫴 Unusual Domain Name Systems (DNS) requests
📖 Swells in database read volume
❗ HTML response sizes
🚥 Mismatched port-application traffic
🤔 Suspicious registry or system file changes
📧 Influx of spam emails
⬅️ Moved or aggregated data
🤖 Non-human website traffic
📱 Changes to mobile devices
🚫 System outages or reduced performance

Read on and learn about the details for each of these 17 common IoCs—so that you can be ready to search your environment for clues that will help you confirm security incidents and/or data breaches.

https://graylog.org/post/17-common-indicators-of-compromise/ #threatdetection #incidentresponse #cybersecurity #GraylogLabs