Graylog

05/13/2026

Graylog 7.1 is built for lean security and IT operations teams who need real outcomes, not more tools, more add-ons, or more manual work. This 30-minute deep dive session covers what's new and what it means for your team.

What you'll learn:
- How native anomaly detection catches threats your rules won't, with full tuning transparency
- How investigations build themselves automatically from asset risk thresholds
- How AI Reporting generates audit-ready documentation at case closure
- Infrastructure updates for Enterprise and Security users: parallel restores, dynamic sharding, and native Azure Blob Storage

Other platform improvements available across all editions, Graylog Open, Enterprise, and Security

See Graylog 7.1 in action: detection, triage, and documentation without compromise May19th, 11:AM EDT.
Link: https://graylog.info/4ntQtRc

05/11/2026

OWASP released the Top 10 for Agentic AI Applications (2026) — and if you're building or deploying AI agents, this should be required reading.

Agentic systems introduce an entirely new threat landscape. We're not just talking about prompt injection anymore.

The risks span everything from how agents interpret instructions, to how they communicate with each other, to how they behave over time. Some of the most dangerous threats aren't loud or obvious — they're slow, subtle, and already inside your pipeline.

The common thread? Agents are autonomous, persistent, and trusted — which makes every gap in your security posture much more dangerous than it used to be.

Key principles every team should act on now:
✅ Treat all natural-language inputs as untrusted
✅ Enforce least privilege at the tool and action level
✅ Require human-in-the-loop for high-impact decisions
✅ Log everything — agents need an audit trail
✅ Design for zero-trust from the ground up

Agentic AI is moving fast. Your security posture needs to move faster.

📖 Read the full breakdown:

Explore OWASP’s 2025 Agentic AI Threats & Mitigations Guide. View the top risks of autonomous AI agent and strategies to secure multi-agent systems and safeguard data.

05/06/2026

Less tools. Less manual work. Real outcomes.

Graylog 7.1 is built for lean security and IT ops teams — and we're showing it live in a free 30-minute session on May 19.

Here's what we'll cover:
→ Native anomaly detection that catches what your rules miss
→ Investigations that build themselves from asset risk thresholds
→ AI Reporting that generates audit-ready docs at case closure
→ Infrastructure upgrades: parallel restores, dynamic sharding & native Azure Blob Storage
→ Improvements across all editions — Open, Enterprise, and Security

Detection, triage, and documentation — without compromise.

📅 Tuesday, May 19, 2026 | 11:00 AM EDT

Register below 👇

05/05/2026

Lean security teams don't need a smaller version of an enterprise SOC. They need a different approach entirely.

Graylog Director of Product Management, Rich Murphy, joins Logs and Lattes to explain why 2-to-4-person security teams are the most underserved segment in cybersecurity and what needs to change.

In this episode:
Why alert fatigue causes judgment erosion, not just burnout
Why credential compromise defeats rules-based detection
Why SOAR never delivered for small teams and what should replace it
How to support junior analysts without constant senior escalations
What CISOs on lean teams need to answer the board question "are we covered?"

This episode is for security analysts, SOC managers, IT directors, and CISOs at mid-market companies who are tired of tools built for 40-person SOCs.

Check it out here: https://graylog.info/3P3anWg

05/04/2026

Graylog 7.1 is here, and lean security teams should be excited 👇

A long time ago, in a SOC far, far away... analysts spent more time chasing alerts than stopping threats. Graylog 7.1 changes that.

7.1 shifts triage from chasing individual alerts to case-based investigations driven by asset risk. Auto-investigation creation kicks in at your risk thresholds. Slice-By filters your alert table by asset, investigation, or event status in one click.

Plus: anomaly detection wired directly into event workflows, Sigma rules from private repos, dynamic shard sizing for faster search, and a full input page overhaul for large environment admins.

If your team is doing more with less, this release was built for you. May the 4th be with your alert queue.

See everything in 7.1: https://graylog.info/3OUnPfh

Graylog 7.1 is here. Slash alert fatigue, automate investigations, and sharpen detections — because the signal was with you all along. May the Fourth be with you.

04/29/2026

Security teams are under constant pressure to prove impact.
But without the right metrics, it’s nearly impossible to show how your program is actually reducing risk.

We put together 40 essential infosec metrics every organization should be tracking—from MTTD and MTTR to patching efficiency, threat coverage, and beyond.

These aren’t just numbers—they’re how you:
• Demonstrate value to leadership
• Identify gaps in your security posture
• Improve response and resilience over time

If you’re building or refining your SOC metrics strategy, this is a solid place to start.
Read the full breakdown: https://graylog.info/4mYy5zJ

InfoSec metrics help organizations identify the key performance indicators for a data-driven approach to evaluating security program maturity.

04/24/2026

Introduction to the NIST Risk Management Framework

In today's threat landscape, managing cybersecurity risk isn't optional, it's essential. The NIST Risk Management Framework (RMF) gives organizations a structured, repeatable process to identify, assess, and respond to security risks across their systems and operations.

Whether you're just getting started with formal risk management or looking to align with federal standards, understanding the RMF is a foundational step.

This post covers:
• What the NIST RMF is and why it matters
• The seven steps of the framework
• How it fits into a broader security program

If you work in IT, security, compliance, or risk, this one's for you.
Read here: https://graylog.info/4uc4epW

A concise overview of how the NIST Risk Management Framework (SP 800-37 Rev. 2) guides organizations in managing security and privacy risk across the system lifecycle through continuous monitoring, control assessment, authorization, and ongoing risk response to support resilient and compliant operat...

04/22/2026

Best Practices for Managing Hybrid Cloud Security

Hybrid clouds are the fruit punch of IT. A complex mix of on-premises infrastructure and public cloud services. And just like fruit punch, the combination creates something entirely new... including new security challenges.

The top threats organizations face in hybrid cloud environments:

- Multi-cloud complexity creating dangerous visibility gaps
- Misconfigurations in APIs, storage buckets, and access permissions
- Compromised credentials enabling lateral movement across environments
- Third-party SaaS supply chain risks
- Ransomware propagating between public and private cloud workloads
- API and identity abuse through weak MFA and token theft

So how do you defend a distributed, interconnected environment?

✅ Centralize and correlate logs across all environments
✅ Implement continuous threat detection with behavioral baselines
✅ Monitor every identity, service account, and API token
✅ Build rapid incident response workflows
✅ Continuously monitor compliance and detect configuration drift

Your attack surface grows with every cloud you add. Your security strategy needs to keep pace.

Read the full breakdown: https://graylog.info/4sNvU32

Enhance your hybrid cloud security with best practices and tips to safeguard your infrastructure and ensure seamless operations.

04/16/2026

The instinct after reading about AI finding thousands of zero-day vulnerabilities is to assume bigger security teams are better equipped to respond.

That assumption is wrong.

Large SOCs dismiss up to 30% of alerts, not through negligence, but necessity. Burnout-driven churn exceeds 25% annually. Scale doesn't solve fragmentation. It compounds it.

Lean security teams operate differently. When two or three people cover an entire environment, there's no room for disconnected tools or workflows that span multiple platforms. That constraint builds the kind of operational discipline that AI-assisted detection actually rewards.

Speed beats headcount. The organizations that respond fastest aren't the ones with the most seats in their SOC, they're the ones with the clearest path from alert to action.

We wrote about what that looks like in practice: the workflows, the detection principles, and the one two-minute test every security team should run on their alert stack this week.

Link: https://graylog.info/3OmVeyY

AI-powered attacks are accelerating. Learn how lean security teams can outpace larger SOCs with faster detection, cleaner data, and smarter workflows.

04/14/2026

When disaster hits, recovery isn’t the time to start planning.
An effective IT disaster recovery plan ensures your organization can restore systems quickly, reduce downtime, and maintain customer trust when it matters most.

In this blog, we break down:
• What qualifies as an IT disaster
• The difference between disaster recovery and business continuity
• Practical steps to build a recovery plan that actually works
• Why testing and observability are critical to success

Preparation isn’t optional—it’s what separates disruption from resilience.
Read more: https://graylog.info/3QBSA90

Discover the critical components of a robust IT disaster recovery plan. From risk assessment to implementation, this guide covers everything you need to protect your data and operations.

04/10/2026

Is your organization building or using LLM-powered applications? You need to know about the OWASP Top 10 for LLM Application Security — and the 2025 update is more relevant than ever.

The list covers the 10 most critical threats facing LLM applications today:

1️⃣ Prompt Injection — Malicious inputs that hijack model behavior
2️⃣ Sensitive Information Disclosure — Unintentional leakage of PII, credentials, or business data
3️⃣ Supply Chain Vulnerabilities — Risks from third-party models, datasets, and dependencies
4️⃣ Data & Model Poisoning — Corrupted training data leading to biased or harmful outputs
5️⃣ Improper Output Handling — Failing to validate LLM output before it reaches downstream systems
6️⃣ Excessive Agency — Over-permissioned AI agents that can wreak havoc if manipulated
7️⃣ System Prompt Leakage — Exposing hidden instructions that attackers can reverse-engineer
8️⃣ Vector & Embedding Weaknesses — Attacks targeting RAG pipelines and embedding stores
9️⃣ Misinformation & Hallucination — Fabricated outputs treated as authoritative
🔟 Unbounded Consumption — Resource exhaustion and "Denial of Wallet" attacks

Understanding these threats isn't optional anymore, it's a baseline for any team deploying AI responsibly.

Read our full breakdown 👇
https://graylog.info/4tyJkRf

Explore the OWASP Top 10 for LLM Application Security (2025) and learn how to identify, understand, and mitigate emerging risks.