Graylog

Understanding the ENS Framework: A Guide to Spain’s National Security Framework Learn how the ENS Framework protects Spain’s public sector systems and how centralized log management supports monitoring and ENS compliance.

What is the ENS Framework?
Spain’s Esquema Nacional de Seguridad defines cybersecurity requirements for public sector systems and vendors.
Learn who it applies to and how centralized log management supports ENS compliance.
Read more:
graylog.org/post/underst...
#Cybersecurity #ENS #Compliance

Centralizing Docker Logs for Observability and Security There's a lot of graylog documentation, etc around the topic so this should be a good opportunity to pull those into a blog post

Learn what Docker logs capture, their limitations, and best practices for centralizing and analyzing them for better observability and security.
Read the blog:
graylog.org/post/central...
#Docker #DevOps #Observability

Your Data is Whispering and Needs a Human to Listen Design dashboards that answer real questions. Learn which charts to use, how to structure axes, and how to turn logs into insight.

Most dashboards technically work.
Fewer actually inform.
The key? Let the question choose the chart.
When the right visualization meets the right question, the answer should appear instantly.
That’s when message data stops being noise and becomes insight.
New post: graylog.org/post/your-da...

Logs & Lattes Episode 5: Top 10 Cybersecurity Threats Hybrid Teams Actually Face in 2026 YouTube video by Graylog

Lean security teams don’t lose to threats first. They lose to time. Logs & Lattes Ep. 5 covers the top 10 threats hybrid orgs face in 2026 and why triage slows when evidence is scattered across email, identity, VPN, cloud, endpoints, and network tools.
youtu.be/Wobkafs-Ca8

What is OpenTelemetry and Why Do Organizations Use it? Explore how OpenTelemetry standardizes logs, metrics, and traces, the key security use cases it enables, and how Graylog provides the scalable, affordable backend needed for unified observability.

OpenTelemetry is observability sanity.

Telemetry multiplies, schemas drift, costs climb… and root cause turns into “find the right format.”

Add guardrails (retention, context, sampling) and correlation stops being a craft project.

graylog.org/post/what-is...

#OpenTelemetry #SRE

What is the Model Context Protocol (MCP) Interested in understanding Model Context Protocol? This concise overview explains MCP's role in optimizing data interactions and evaluating SIEM deployments.

MCP is what makes “AI in the SOC” usable.

Not the model. The integration layer. Standard connections to tools and data with controls that security teams can live with.

Breakdown: graylog.org/post/what-is...

#MCP #SecurityEngineering

Detecting Notepad++ CVE-2025-49144 Using Sysmon Logs How to detect CVE-2025-49144, a local privilege escalation vulnerability, using Sysmon logs with Graylog searches and Sigma Rules.

CVE-2025-49144 is a local privilege escalation in the Notepad++ installer that abuses how regsvr32.exe is called during setup.
We break down:
• what it looks like on real systems
• why Sysmon catches it cleanly
• a high-signal Graylog search + Sigma rule
graylog.org/post/detecti...

The Human-AI Alliance in Security Operations AI in security operations reduces context switching in SOC investigations, supports analyst judgment, and keeps workflows fast, and human-led.

Security teams buy “one more tool” to reduce toil.
Then investigations turn into nine tabs and a Slack thread.

As @socalledseth.com puts it: AI only pays off when it reduces steps inside the analyst’s flow — not when it becomes tab #10.
Read the blog:
graylog.org/post/the-hum...

Anomaly Detection with Machine Learning to Improve Security Learn how machine-learning–driven anomaly detection enhances security and performance by identifying behavioral deviations in real time. Explore how enriched logs, behavioral baselines, and automated ...

Security today is “Where’s Waldo” at terabyte scale.
ML-powered anomaly detection helps teams spot the behaviors that don’t fit the norm, from zero-days to insider threats without drowning in alerts.
Click here: graylog.org/post/anomaly...
#CyberSecurity #MachineLearning #Graylog

Observability vs Monitoring: Getting a Full Picture of the Environment Gain insights into observability and monitoring, two key concepts in maintaining system health. Explore their roles and how they complement each other.

Monitoring detects issues — observability helps you understand why they happen.

In modern distributed systems, you need both.
New blog: Monitoring vs. Observability + the pillars of telemetry (logs, metrics, traces).
👉 graylog.org/post/observa...
#Observability #DevOps #Graylog

Compliance Readiness with Audit Logging Strengthen compliance readiness with centralized audit logging, real-time analytics, and automated reporting powered by parsed, normalized, and correlated data.

Audit logs aren’t just “logs”. They’re proof.
Who acted? What changed? When? Where?

Discover audit logging basics, log types, compliance use cases, and best practices for security.
📌 graylog.org/post/complia...

#CyberSecurity #Compliance #AuditLogging

From Atlassian JSON to Actionable Audit Insights Turn raw Atlassian audit JSON into stable, searchable events. Learn why edge modeling beats pipelines for faster triage, better alerts, and dashboards.

Atlassian audit logs aren’t useless. They’re shaped wrong.
Nested JSON and shifting arrays turn simple questions into manual work. Dashboards break. The fix isn’t more parsing in the SIEM. It’s modeling audit data at the edge.
graylog.org/post/from-at...
#SecurityOperations #SIEM #AuditLogs

Kubernetes Logging Best Practices Enhance your Kubernetes logging skills with these best practices. Ensure efficient log management for improved performance and error tracking.

Kubernetes without good logging is just mystery pings.
This post breaks down:
• How Kubernetes logging works
• The key log types every cluster generates
• Practical best practices for centralization & retention
👉 graylog.org/post/kuberne...
#Kubernetes #Observability #DevOps #CloudNative #Security

How to Ignore Cybersecurity AI Bubble FOMO AI FOMO is hitting the SOC. Prepare security operations for an AI bubble correction with execution discipline, clarity, and workflows.

AI pressure is already hitting the SOC.
Boards want ROI. Teams inherit risk.

The issue isn’t AI—it’s tools that add noise, unchecked automation, and zero proof of impact.

7 bubble-proof moves to invest in AI you can defend.
Read more: graylog.org/post/how-to-...
#securityAI #SOC #ExplainableAI

Introducing The First Graylog Helm Chart Beta V1.0.0 Graylog introduces its first supported Helm chart for Kubernetes, available now as a Beta through Graylog Labs.

We’ve released the first-ever Graylog Helm Chart for Kubernetes — now available in beta.

Graylog in K8s using standard Helm workflows, without hiding the important knobs. No duct-taped manifests. No surprises.
graylog.org/post/introdu...

#Kubernetes #graylog

SIEM Automation to Improve Threat Detection and Incident Response SIEM automation uses AI, ML, and playbooks to streamline threat detection, investigation, and response with enriched, context-driven alerts.

If your SIEM automation still leaves analysts buried in alerts, it’s not helping. It’s just louder.

Good automation cuts noise, adds context, and speeds response.
What actually works (and what doesn’t):
👉 graylog.org/post/siem-au...

Using LLMs, CVSS, and SIEM Data for Runtime Risk Prioritization Why LLM-only CVSS scoring fails without SIEM context, and how log-driven AI enables runtime risk prioritization across APIs and infrastructure IT.

Runtime risk isn’t harder to analyze. It’s easier to misread. A UNC Wilmington study of 31k+ vulns shows LLMs can infer CVSS but fail without runtime context.

The same applies to MITRE mappings. Seth Goldhammer explains why AI needs SIEM data.
graylog.org/post/using-l...

#cybersecurity #SIEM #AI

Graylog is hiring in the USA!! We are looking for a Director of Revenue Operations and a Solutions Engineer. Come join us! These positions are remote.

Click this link for more info. lnkd.in/dzKkMNh2
hashtag#hiring hashtag#NowHiring hashtag#WeAreHiring

That's a wrap! Starting off 2026 at Graylog with our Annual Kickoff and awards ceremony. Great momentum, great people!

Graylog Resource Library Explore the Graylog Resource Library for a comprehensive collection of videos, case studies, datasheets, eBooks, and whitepapers.

600+ micro-services.
10x faster log processing.
Latency cut from 30 seconds to under 3.

Kaizen Gaming uses Graylog Enterprise to keep Betano visible, stable, and responsive even during peak global events.
#logmanagement #observability
graylog.org/resources/ho...

Why AI Transformations in Security Fail Like New Year’s Gym Resolutions Why enterprise AI in security is shifting from fast adoption to explainable, governed systems that SOC teams can trust, audit, and operate safely.

Gyms fill in January, empty in February. Security AI mirrors it: fast launches, big promises—then analysts validate outputs. Skip explainability, governance, and context, and AI stalls. Seth Goldhammer @socalledseth.com : graylog.org/post/why-ai-...

Cloud vs On-Premised SIEM: One or the Other or Both? By understanding the key differences between Cloud and On-Premises SIEM solutions, organizations can choose what aligns best with their needs.

On-prem or cloud? Choosing a SIEM deployment isn’t just about technology. It’s about control, compliance, scale, and operational reality. Learn how to match your SIEM deployment model to your environment, whether that’s on-prem, cloud, or hybrid. #siem #logmanagement

graylog.org/post/cloud-v...

RondoDox botnet exploits React2Shell flaw to breach Next.js servers The RondoDox botnet has been observed exploiting the critical React2Shell flaw (CVE-2025-55182) to infect vulnerable Next.js servers with malware and cryptominers.

The RondoDox botnet has been observed exploiting the critical React2Shell flaw (CVE-2025-55182) to infect vulnerable Next.js servers with malware and cryptominers.

Ransomware responders plead guilty to using ALPHV in attacks on US organizations Two Americans who worked for incident response firms face up to 20 years in prison for turning ransomware upon U.S. businesses.

Cyber incident responders from DigitalMint and Sygnia plead guilty and are facing 20 years in prison for launching ALPHV/Black Cat ransomware attacks themselves.

The two separately tried to flee to Europe before being arrested

therecord.media/ransomware-r...

6 Steps for Using a SIEM to Detect Threats Discover best practices on how to use SIEM tools to detect threats and prioritize high-value alerts for faster response.

Are you using your #SIEM to detect #security threats in the most efficient & effective ways possible❓🤔 Doing so will help you strengthen your security posture & better align strategically with business objectives.

Here are 6 steps to help you get there.👇 graylog.org/post/6-steps... #CyberSecurity

Supervised AI Is the Fastest Path to Better Threat Triage ROI Supervised AI boosts ROI by prioritizing alerts from analyst decisions, reducing noise, accelerating triage, and scaling human judgment.

Should you use supervised #AI in your SOC? 🤖👀 Yes! When applied to 1st-pass alert triage, it strengthens the human decision layer rather than removing it. 🌟💪 It helps by prioritizing #security alerts based on how similar events were previously validated by analysts. More: graylog.org/post/supervi...

Sigma Specification 2.0: What You Need to Know Sigma Specification 2.0 adds new metadata fields, modifiers, rule correlations, and filters to help reduce alert fatigue for security teams.

❄️Winter break is the perfect time to brush up on your #Sigmarules! With v2.0 rules you can create vendor-agnostic detections without being limited by proprietary log formats.

Learn about the key changes & supporting Sigma v2.0 mapped to MITRE ATT&CK framework. graylog.org/post/sigma-s... #CyberSec

25 Linux Logs to Collect and Monitor Knowing what Linux logs to collect and monitor can help you correlate event information for improved operations and security insights.

IT increasingly runs on Linux. And, as more & more of your dev & IT environments rely on #Linux, focusing your collection & monitoring efforts on these top 25 logs will help you investigate performance issues & #security incidents faster.🙌

graylog.org/post/25-linu... #OpenSource #SecurityOperations

25 Linux Logs to Collect and Monitor Knowing what Linux logs to collect and monitor can help you correlate event information for improved operations and security insights.

IT increasingly runs on Linux. And, as more & more of your dev & IT environments rely on #Linux, focusing your collection & monitoring efforts on these top 25 logs will help you investigate performance issues & #security incidents faster.🙌

graylog.org/post/25-linu...
#OpenSource #SecurityOperations

IoT Sensor Data into Graylog: A Lab Guide Here's a howto for an IoT Sensor and sending data into Graylog. Attached is a DIY Lab Guide With an ESP32 Board for your next lab project.

Got some extra time on your hands this week? This is the perfect thing for you.🫵

See how you can create a lightweight #API endpoint on the ESP32, poll ot regularly using #Graylog’s HTTP API input, and visualize the results in a live dashboard.📊👀

graylog.org/post/iot-sen... #HomeLab #CyberSecurity