What's New in Graylog 6.1?

Graylog 6.1 provides numerous significant enhancements across the platform. This update delivers new inputs, advanced data management features, Illuminate parser bundles for Graylog Open, and enriched dashboards and reports. It also introduces new tools for investigations and asset enrichment, making it easier than ever for security teams to collect, manage, and analyze data effectively.

Inputs

• Beats Kafka Input: Create a Beats inputs to be fed to Kafka for queuing before sending to Graylog for parsing.

• Raw HTTP Input: Ingest plain-text HTTP requests to receive arbitrary log format messages in Graylog over HTTP protocol.

• Google Workspace Input: Collect logs from Google BigQuery using the Google Workspace logs and reports in BigQuery export capability.

• AWS S3 Input: Ingest newline-delimited and JSON root array messages into an Amazon S3 bucket.

• Palo Alto Networks TCP Input: Receive SYSTEM,THREAT, and TRAFFIC logs directly from a Palo Alto device. Updated for PAN-OS 11.

Data Management

• Data Node Migration: Migrate your data infrastructure to Graylog's Data Node for a more streamlined data management system with enhanced health monitoring capabilities.

• Data Routing: Set up Data Routing to move your logs through Graylog streams, apply pipeline processing, and filter logs into destinations, like index sets or Data Warehouses.

• Data Warehouse: Utilize a Data Warehouse to store and manage large volumes of log data, routing logs to Amazon S3 or network storage for efficient retrieval and analysis.

• Index Set Templates: Use pre-built index template configuration or build your own reusable templates.

Illuminate Parser Bundles for Graylog Open

• Parser Bundles for Graylog Open: Provide Graylog Open users Graylog Information Model (GIM) schema along with parsing support for popular Open-Source applications. Support includes Apache Web Server, Linux Auditbeat, NGINX, and pfSense.

Dashboards and Reports

• Report Creation Wizard: Use the new report wizard to create and edit reports.

• Field Unit Values: Learn how Graylog converts field unit values to display the best outcome in a widget.

• Threat Coverage Widget: Visualize threat detections enabled and available mapped by the MITRE ATT&CK Matrix.

Investigations

• Investigation Timeline: Display events and messages within an investigation in a time sequence.

• Investigation Report by AI: Use AI to interpret and summarize evidence pieces added to an investigation (log messages, alerts, and events).

Asset Enrichment

• Asset Source Syncing: Collect information from AD/LDAP as a continuous sync.

• Vulnerability Scan Ingestion: Ingest and store reports from vulnerability scanners as asset enrichment information to be used in reporting, risk scoring, and more.

• Microsoft Defender and Tenable Nessus Scanners: Collect scan results from popular vulnerability management systems.

• Asset Risk Scores: Utilize alert-based risk score capability to enhance investigations regarding asset data.

• Asset Drawer: Engage with a dedicated asset interface that contains risk scores, associated events, and vulnerabilities attached to each asset.

• Expand Asset Imports to Include Entra ID: Set up an additional asset source for retrieving user and machine information.