Security Interface

The following article exclusively pertains to a Graylog Security feature or functionality. Graylog Security is a part of the Graylog centralized log management platform and requires a separate license. Contact the Graylog Sales team for more information on this product.

The Graylog Security interface provides you with an enhanced and unified view of all Graylog security components—security events, investigations, anomalies, sigma rules, and asset enrichment—in a single, accessible space. This unified view allows for seamless navigation through security functionality, utilizing widgets, metrics, notifications, and dashboards all from a central hub and eliminating the need to switch between different tabs.

Hint: The General layout remains the default Graylog interface while the Security layout provides a home for those utilizing Graylog Security features. Users with Security licenses, contingent upon their permissions, have the flexibility to toggle between the General and Security layouts, enriching their user experience.

Key Features

Unified Security Space

  • Centralized User Interface: All Security features are accessible from a single location, providing a holistic overview of Security components without the need to switch between various pages.

  • Optimized for Security Tasks: The dedicated Graylog Security layout is optimized to provide tools and features specifically for security analysis allowing for targeted investigation.

  • Integrated Widgets and Metrics: You can interact with Security data through widgets and metrics, allowing for real-time analysis and monitoring of security events.

Granular Control

  • Permission Settings: Assign and manage permissions with refined control over who can view or edit security-related information, ensuring compliance with organizational policies and practices.

  • Alert and Event Management: Enhance your response to alerts and events by utilizing tailored options designed to address distinct security scenarios more efficiently.

Dual Layout Interface

  • General vs. Security Layout: Switch between the default Graylog General layout and the Graylog Security layout, depending on role and security licensing permissions.

To access the Graylog Security layout:

  1. Log in to your Graylog instance with the necessary permissions.

  2. On the top navigation bar, click the Change UI perspective drop-down menu located beside the Graylog logo on the top-left corner.

  3. Select Security.

Upon switching to the Security layout, you are presented with a welcome page:

Explore Security Widgets

The following key widgets are included on the Security homepage: 

  • Events & Alerts: This widget provides real-time insights into your current security events, enabling swift responses to detected threats. The Security interface allows for direct viewing of your security event and alerts via this widget.

  • Investigations: Here, you can track ongoing investigations by toggling between All Investigations and My Investigations, allowing for efficient management and resolution of security incidents.

  • Assets: This provides a short list of your associated assets in Graylog and their risk scores. You can toggle between machine and user assets.

  • Last Opened: This is a quick-access section for your most recently engaged Security components, allowing you to pick up where you last stopped.

  • Threat Coverage: The threat coverage widget is a representation of your environment's threat coverage by Graylog as defined by the tactics and techniques listed in the MITRE ATT&CK Matrix.

  • News: The latest updates, news, and announcements from Graylog are showcased here, keeping you informed about new features and best practices.

  • Recent Activity: This widget tracks the latest actions taken by users within the platform, offering insights into usage patterns and potential security maintenance.

  • Releases: Information about the latest Graylog releases, including updates, enhancements, and bug fixes is provided here.