Graylog has rolled out its Spring 2025 release of Graylog Security, advancing beyond traditional SIEM capabilities. Building on the Fall 2024 (v6.1) release, the update enhances analyst workflows, speeds up time-to-value, and raises the standard for speed and flexibility in threat detection.
With Adversary Campaign Intelligence, Data Lake Preview, Selective Data Restore, and Threat Coverage Analyzer, Graylog can now equip teams with better detection, real-time context, and more control over what matters. Analysts get alignment between content and the data it’s meant to catch—while CISOs get the visibility to prove it’s working without having to make tradeoffs.
“SIEMs have forced teams into a corner for too long—more logs mean more cost, more alerts mean more noise, and every pivot adds drag,” said Seth Goldhammer, Vice President of Product Management at Graylog. “This release flips that model. We’re using automation to clear the clutter, dial in detection, and make sure your stored data delivers value—not just volume.”
Adversary Campaign Intelligence
Graylog’s Adversary Campaign Intelligence redefines threat detection by continuously assessing activities based on their common targets, asset value, and exposure levels and identifying their relationship with known attack campaigns. By automatically corroborating evidence and context, this calculated true attack probability reduces noise and surfaces at-risk users, endpoints, and entities.
With updated detections to support Sigma 2.0 and responses empowered with AI guidance and automation, analysts act faster, triaging only what’s relevant and cutting down response time.
Data Lake Preview
Graylog allows for direct alignment to SIEM costs and the data that answers questions without sacrificing visibility by extending the data routing and data lake capabilities launched in the Fall 2024 release. Graylog’s Data Lake Preview allows teams to see if the data they need is in the Graylog Data Lake before retrieving a data set. Then with Selective Data Retrieval, teams retrieve a narrow range of log messages on demand, greatly reducing their license consumption.
Threat Coverage Analyzer
Graylog’s Threat Coverage Analyzer gives security leaders clarity into what their teams are detecting—and what they might be missing. This feature highlights detection gaps mapped to the MITRE ATT&CK framework, guiding users to detect content aligned to their SIEM’s log collection and new log collection strategies to strengthen coverage posture through data-driven decisions.
Graylog Live at RSAC 2025
Related News:
