Graylog, the no-nonsense platform for Security, API protection, and IT Operations, is launching its Spring 2025 release of Graylog Security—pushing further past the limits of traditional SIEM.
Building on the Fall 2024 release (version 6.1), Graylog sharpens analyst workflows, accelerates time-to-value, and sets a new bar for speed and flexibility in threat detection, according to the company.
With Adversary Campaign Intelligence, Data Lake Preview, Selective Data Restore, and Threat Coverage Analyzer, Graylog can now equip teams with better detection, real-time context, and more control over what matters.
Analysts get alignment between content and the data it’s meant to catch—while CISOs get the visibility to prove it’s working without having to make tradeoffs, the company said.
“SIEMs have forced teams into a corner for too long—more logs mean more cost, more alerts mean more noise, and every pivot adds drag,” said Seth Goldhammer, vice president of product management at Graylog. “This release flips that model. We’re using automation to clear the clutter, dial in detection, and make sure your stored data delivers value—not just volume.”
Graylog’s Adversary Campaign Intelligence redefines threat detection by continuously assessing activities based on their common targets, asset value, and exposure levels and identifying their relationship with known attack campaigns. By automatically corroborating evidence and context, this calculated true attack probability reduces noise and surfaces at-risk users, endpoints, and entities.
With updated detections to support Sigma 2.0 and responses empowered with AI guidance and automation, analysts act faster, triaging only what’s relevant and cutting down response time.
Graylog allows for direct alignment to SIEM costs and the data that answers questions without sacrificing visibility by extending the data routing and data lake capabilities launched in the Fall 2024 release.
Graylog’s Data Lake Preview allows teams to see if the data they need is in the Graylog Data Lake before retrieving a data set. Then with Selective Data Retrieval, teams retrieve a narrow range of log messages on demand, greatly reducing their license consumption.
Graylog’s Threat Coverage Analyzer gives security leaders clarity into what their teams are detecting—and what they might be missing. This feature highlights detection gaps mapped to the MITRE ATT&CK framework, guiding users to detect content aligned to their SIEM’s log collection and new log collection strategies to strengthen coverage posture through data-driven decisions.
The Graylog Spring 2025 release is now live.
For more information about this news, visit https://graylog.org.