How Lean Security Teams Stay Ahead of AI-Powered Attacks AI-powered attacks are accelerating. Learn how lean security teams can outpace larger SOCs with faster detection, cleaner data, and smarter workflows.

When AI can chain zero-day exploits without a human in the loop, detection speed matters more than team size.

Some thoughts on what that means for lean security teams and how to get more from the tools already in place.

graylog.org/post/how-lea...

#cybersecurity #infosec

How To Build an Effective IT Disaster Recovery Plan Discover the critical components of a robust IT disaster recovery plan. From risk assessment to implementation, this guide covers everything you need to protect your data and operations.

Disasters don’t wait. Your recovery plan shouldn’t either.
A solid IT disaster recovery plan = less downtime, lower costs, and faster recovery when systems fail.

Learn how to build one that actually works 👇
graylog.org/post/how-to-...
#ITOps #DisasterRecovery #Cybersecurity

What is the OWASP Top 10 for LLM Application Security Explore the OWASP Top 10 for LLM Application Security (2025) and learn how to identify, understand, and mitigate emerging risks.

Building with LLMs? The OWASP Top 10 for LLM Security (2025) is your threat checklist:

Don’t ship AI apps without reading this: graylog.org/post/what-is...

#LLMSecurity #OWASP #CyberSecurity #AI

Centralized Log Management for NIS2 Directive Compliance As Member States enforce implementing policy, companies use centralized log management with security analytics for NIS2 Directive compliance.

NIS2 sets a 24-hour window to report a significant security incident.

Centralized log management gives you the visibility to detect, investigate, and report on time — no scrambling required.

Full breakdown of CLM for NIS2 compliance: graylog.org/post/clm-for...

#NIS2 #Cybersecurity #Compliance

Understanding the European Cybersecurity Certification Framework Ace EUCC certification with centralized logging, continuous monitoring, and audit-ready reporting that reduces compliance risk.

EU cybersecurity certification (EUCC) is now a reality for ICT vendors. Know your TOE, your Security Target, and your assurance level, and make sure your logging and monitoring can back up your security claims.
graylog.org/post/underst...
#Cybersecurity #EUCC

Unified Logging for a Single Source of Truth Transform your data management with unified logging. Uncover how it creates a single source of truth and streamlines your operations.

Logs shouldn’t live in silos.
Unified logging creates a single source of truth across your entire environment—so security, ops, and engineering work from the same data.

Faster investigations. Better visibility. Less overhead.
Read more: graylog.org/post/unified...

Understanding AI Compliance When Choosing AI-Enabled Solutions Discover the ins and outs of AI compliance. Make informed decisions when choosing AI-enabled technologies with this beginner's guide.

AI compliance is becoming essential—not just for regulations, but for trust.

Learn what it means, key global frameworks, and how to evaluate AI-enabled solutions responsibly.
Human oversight, transparency, and accountability matter.
graylog.org/post/underst...
#AI #Cybersecurity #Compliance

Grateful and humbled. Another RSA in the books, great conversations, and new hardware to show for it.

Thanks to all who stopped by and chatted with us.

#RSAC2026 #Graylog #SIEM #CyberSecurity

Graylog team at RSAC 2026.

Most SIEMs reward complexity. We don't.

Come see us at Booth S-3118 to learn more!

Experience a #SIEM that actually works for lean security teams.

#cybersecurity #RSAC2026

At #RSAC?

Find us at Booth S-3118. @socalledseth.com and the @graylog.bsky.social team are showing how to turn telemetry into real-time threat detection and faster response.

Less noise. Better decisions. Faster outcomes.

Cyber Resilience: The Key to Maintaining Business Operations Strengthen your business with cyber resilience. Learn strategies to maintain operations, mitigate risks, and recover swiftly from cyber incidents.

Cyber resilience isn’t about stopping every attack—it’s about how fast you recover.
Disruption is expected. Downtime doesn’t have to be.
Here’s what resilient organizations do differently 👇
graylog.org/post/cyber-r...

Stop by 𝐛𝐨𝐨𝐭𝐡 𝐒-𝟑𝟏𝟏𝟖 at #RSAC2026 to see our new hardware in person!

Graylog Earns Two Global InfoSec Awards at RSA Conference 2026 for SIEM and Central Log Management Innovation Awards recognize practical AI-driven platform that helps security teams detect threats faster and manage log data at scale   SAN FRANCISCO – March 23, 2026 — Graylog, the AI-powered SIEM built for lea...

Two awards. One booth. Zero tolerance for SIEM that creates more work than it closes.

Graylog won Hot Company SIEM and Best Solution Central Log Management at #RSAC 2026.

Come see us at Booth S-3118 this week.

Full story: graylog.org/news/graylog...

#RSAC2026 #SIEM #CyberSecurity #LogManagement

Find Graylog at RSA Booth S-3118 (Moscone South, March 23–26) and see how teams are:
✔ Prioritizing real threats—not noise
✔ Closing investigations faster
✔ Learning how to use explainable AI

If your SIEM is slowing you down… we should talk.
#RSAC #RSA #RSAC2026

The Essential Eight: The Foundation of Australian Compliance Best practices for ASD ACSC Mitigations: centralized logging, audit visibility, and monitoring to support Essential Eight compliance.

Australia’s Essential Eight provides the baseline security practices for reducing cyber risk and strengthening compliance.
Read more: graylog.org/post/the-ess...
#CyberSecurity #EssentialEight #Compliance

SIEMs in 2026 are very expensive noise machines with a billing problem.

The 2026 State of SIEM Report: Top 10 threats ranked. 12-point buying checklist. 12-month roadmap. Built for 1-10 practitioner teams who need decisions, not more tabs to open.
graylog.org/resources/st...

The Stryker Cyberattack: Why Endpoint and Mobile Device Monitoring Matter What the Stryker cyberattack reveals about endpoint monitoring, mobile device management, and maintaining visibility across devices.

A cyberattack on medical device maker Stryker disrupted systems used by healthcare providers and emergency responders worldwide.

Key lessons: endpoint monitoring, MDM, centralized logs, and visibility.

Read more:
graylog.org/post/the-str...

#CyberSecurity #HealthcareIT #SIEM

Log Correlation for Security and Performance Monitoring Log correlation connects events to improve security, performance monitoring, and root-cause analysis with clearer visibility and faster response.

Modern IT systems generate millions of log events every day.
Log correlation connects those events across systems to uncover threats, performance issues, and root causes faster.
Learn how correlation engines turn fragmented logs into actionable insights.
graylog.org/post/log-cor...

Graylog Resource Library Explore the Graylog Resource Library for a comprehensive collection of videos, case studies, datasheets, eBooks, and whitepapers.

Their SIEM shouldn't need more care than their patients.

Kennedy Krieger Institute swapped infrastructure headaches for Graylog Cloud and got faster investigations, compliance-ready log retention, and costs that don't spike mid-quarter.

Full story: graylog.org/resources/cu...

Understanding the ENS Framework: A Guide to Spain’s National Security Framework Learn how the ENS Framework protects Spain’s public sector systems and how centralized log management supports monitoring and ENS compliance.

What is the ENS Framework?
Spain’s Esquema Nacional de Seguridad defines cybersecurity requirements for public sector systems and vendors.
Learn who it applies to and how centralized log management supports ENS compliance.
Read more:
graylog.org/post/underst...
#Cybersecurity #ENS #Compliance

Centralizing Docker Logs for Observability and Security There's a lot of graylog documentation, etc around the topic so this should be a good opportunity to pull those into a blog post

Learn what Docker logs capture, their limitations, and best practices for centralizing and analyzing them for better observability and security.
Read the blog:
graylog.org/post/central...
#Docker #DevOps #Observability

Your Data is Whispering and Needs a Human to Listen Design dashboards that answer real questions. Learn which charts to use, how to structure axes, and how to turn logs into insight.

Most dashboards technically work.
Fewer actually inform.
The key? Let the question choose the chart.
When the right visualization meets the right question, the answer should appear instantly.
That’s when message data stops being noise and becomes insight.
New post: graylog.org/post/your-da...

Logs & Lattes Episode 5: Top 10 Cybersecurity Threats Hybrid Teams Actually Face in 2026 YouTube video by Graylog

Lean security teams don’t lose to threats first. They lose to time. Logs & Lattes Ep. 5 covers the top 10 threats hybrid orgs face in 2026 and why triage slows when evidence is scattered across email, identity, VPN, cloud, endpoints, and network tools.
youtu.be/Wobkafs-Ca8

What is OpenTelemetry and Why Do Organizations Use it? Explore how OpenTelemetry standardizes logs, metrics, and traces, the key security use cases it enables, and how Graylog provides the scalable, affordable backend needed for unified observability.

OpenTelemetry is observability sanity.

Telemetry multiplies, schemas drift, costs climb… and root cause turns into “find the right format.”

Add guardrails (retention, context, sampling) and correlation stops being a craft project.

graylog.org/post/what-is...

#OpenTelemetry #SRE

What is the Model Context Protocol (MCP) Interested in understanding Model Context Protocol? This concise overview explains MCP's role in optimizing data interactions and evaluating SIEM deployments.

MCP is what makes “AI in the SOC” usable.

Not the model. The integration layer. Standard connections to tools and data with controls that security teams can live with.

Breakdown: graylog.org/post/what-is...

#MCP #SecurityEngineering

Detecting Notepad++ CVE-2025-49144 Using Sysmon Logs How to detect CVE-2025-49144, a local privilege escalation vulnerability, using Sysmon logs with Graylog searches and Sigma Rules.

CVE-2025-49144 is a local privilege escalation in the Notepad++ installer that abuses how regsvr32.exe is called during setup.
We break down:
• what it looks like on real systems
• why Sysmon catches it cleanly
• a high-signal Graylog search + Sigma rule
graylog.org/post/detecti...

The Human-AI Alliance in Security Operations AI in security operations reduces context switching in SOC investigations, supports analyst judgment, and keeps workflows fast, and human-led.

Security teams buy “one more tool” to reduce toil.
Then investigations turn into nine tabs and a Slack thread.

As @socalledseth.com puts it: AI only pays off when it reduces steps inside the analyst’s flow — not when it becomes tab #10.
Read the blog:
graylog.org/post/the-hum...

Anomaly Detection with Machine Learning to Improve Security Learn how machine-learning–driven anomaly detection enhances security and performance by identifying behavioral deviations in real time. Explore how enriched logs, behavioral baselines, and automated ...

Security today is “Where’s Waldo” at terabyte scale.
ML-powered anomaly detection helps teams spot the behaviors that don’t fit the norm, from zero-days to insider threats without drowning in alerts.
Click here: graylog.org/post/anomaly...
#CyberSecurity #MachineLearning #Graylog

Observability vs Monitoring: Getting a Full Picture of the Environment Gain insights into observability and monitoring, two key concepts in maintaining system health. Explore their roles and how they complement each other.

Monitoring detects issues — observability helps you understand why they happen.

In modern distributed systems, you need both.
New blog: Monitoring vs. Observability + the pillars of telemetry (logs, metrics, traces).
👉 graylog.org/post/observa...
#Observability #DevOps #Graylog

Compliance Readiness with Audit Logging Strengthen compliance readiness with centralized audit logging, real-time analytics, and automated reporting powered by parsed, normalized, and correlated data.

Audit logs aren’t just “logs”. They’re proof.
Who acted? What changed? When? Where?

Discover audit logging basics, log types, compliance use cases, and best practices for security.
📌 graylog.org/post/complia...

#CyberSecurity #Compliance #AuditLogging