Cyber security threat hunters gain unprecedented ability to search through unstructured events and benefit from analytics tailored to their actual environment with the release of Gravwell version 4.1.0, aptly dubbed “Gamma Burst” (release info at www.gravwell.io/gammaburst). Gravwell, a data analytics startup backed by Gula Tech Adventures, continues to expand upon the capabilities offered by their 2020 “Big Bang” update. The new release includes easy-to-use features for cyber security threat hunting and big data analytics, including compound queries, a web UI drag-and-drop ingester, and other powerful tools to facilitate data fusion.
The need to hunt threat actors who “live off the land” is more important than ever, and Gravwell’s 4.1.0 version accelerates the speed at which organizations can ingest, visualize, and interrogate their data to proactively find and remediate undesired activity.
Read More: How Adaptive Applications Can Reduce the Potential Risks Growing Cyberattacks
Don’t Get Caught with Your Logs Down
As the cyber security community continues to deal with implications of the SolarWinds breach, organizations have become keenly aware of the critical nature of having proper visibility and logging throughout their environments.
According to Ron Gula, president of Gula Tech Adventures and former co-founder at Tenable Network Security:
“SolarWinds demonstrated the need for much more thorough collection and analysis of logs and network traffic. Gravwell is ideally suited for security teams and responders to prepare for the next breach.”
The first challenge analysts often face when responding to a possible breach is the lack of data or historical logs needed for proper response. Gravwell disrupts current restrictive models by offering unlimited ingestion and retention of fully unstructured data so organizations can ensure they aren’t caught without the information needed to investigate a potential breach.
Sculpt with Your Data
The 4.1.0 “Gamma Burst” version release includes Compound Queries – a new feature that allows users to take data from multiple datasets and join them in various and unique ways. Combined with Gravwell’s ability to ingest ANY data type, the possibilities are nearly endless.
Ingest natively: Binary | DNS | NetFlow | Zeek | DHCP | Sysmon | JSON | Video | PCAP | + more
Gravwell’s Compound Queries are a powerful way to combine these and other datasets in a single query, enabling data fusion and enrichment.
Light Speed Time to Value
Read More: Lessons learned from Public Key Infrastructure
Another helpful feature included in the new release is the web UI drag-and-drop ingester. This time-saving tool gives users the ability to add any type of data into Gravwell quickly and easily, even offline. Regarding the reason why the feature was added, Gravwell CEO and co-founder Corey Thuen explains:
“At Gravwell we believe that data is better together, and we want to eliminate any barriers companies have to accessing all of their data. The web UI based ingester dramatically speeds up those one-off data capture situations.”