What's New in Graylog 7.0?

Graylog 7.0 delivers major enhancements in asset intelligence, dashboard interactivity, data management, and AI integration. This release introduces asset events, Qualys and Tenable Cloud vulnerability scan support, granular access control through Collections, and a suite of other enhancements. It also extends Data Lake functionality with input filtering, retrieval improvements, and expanded preview capabilities in external data lakes.

Assets

  • Asset Events: Adds a new event type that evaluates asset risk, allowing users to trigger events when a user or machine asset surpasses a defined risk threshold.

  • Asset History: Asset changes such as risk score, identifiers, and manual edits are now indexed and searchable, with periodic snapshots enabling time-based evaluation of asset trends.

  • Vulnerability Scan Support for Qualys and Tenable Cloud: Adds native ingestion for QualysGuard and Tenable Cloud vulnerability scan data, improving unified analysis and correlation between vulnerability and threat sources.

Access Control and Security

  • Collections: Introduces grouped permissions for shared content, streamlining access and automatic sharing of user-created resources among team members.

Dashboards and Visualization

  • Dashboard Widget AI Summaries: Adds AI-powered summary for widgets, generating plain-language insights and summaries of dashboard or search results.

  • Dashboard and Widget Improvements: Enhances dashboard usability with new interaction and customization options, including drill-down filtering, configurable threshold lines, Markdown-supported text widgets, row numbers for data tables, improved widget placement, and the ability to revert unsaved edits.

Data Management and Storage

  • External Data Lakes: Expands Data Preview and retrieval capabilities with direct lookups, advanced filtering, and monitoring features to simplify access and improve investigation efficiency.

  • Filtered Input: Enables input filtering for AWS Security Lake ingestion, giving administrators more control over which data enters Graylog.

Inputs

  • 1Password Input: Adds a new input for collecting log and event data from 1Password environments.

Integration

  • MCP Tools: Integrates Model Context Protocol (MCP) to enable interaction with Graylog using large language models (LLMs). Requires MCP client configuration and a valid Graylog API key.