he Graylog community is what makes the product so exciting. It is awesome to see our community members take the time to help everyone over on our community forums, twitter, reddit or on their own private channels. I wanted to take some time to highlight a blog post by Community member BlueTeamNinja (aka Big Abe) who, after tackling a Graylog deployment shared lessons learned from a non-Linux/non-Elk person.

In this post, I will describe in detail how to use the Threat Intelligence plugin that ships with Graylog. I’ll start with the steps necessary to prepare your data, then explain how to activate the feature and how to configure it for use.

As Stephen Marsland once said, “if data had mass, the earth would be a black hole.” A vast part of the immense amount of structured and unstructured data that we call “Big Data” is nothing but machine-originated log data. Logs are generated for a lot of different purposes – from security to debugging and troubleshooting. They constitute a gold mine of useful information and actionable insights if properly stored, managed, and analyzed.

Now that you have your brand new Graylog instance up and collecting your organization’s logs, all the data is quickly searchable and available for troubleshooting any issues as they arise. Just as easy as it is for you to use, an attacker with access to the logs now has a much simpler job of understanding your environment and seeing all of your data. You need to make sure you are doing all the due diligence you can to protect the data.

ITOps vs. DevOps: where does one end and the other begin? These two terms are commonly confused even within the IT industry, which is understandable since neither is set in stone and they often overlap, especially when talking about infrastructure. What does each role encompass and how can you tell the difference between them?