Graylog Removes Barriers to SIEM to Deliver Uncompromised Security Operations

Company Introduces Adversary Campaign Intelligence to Prioritize True Cyber Threats; Data Lake Preview and Retrieval for Smart Data Retention

Graylog, the no-nonsense platform for Security, API protection, and IT Operations, today launched its Spring 2025 release of Graylog Security—pushing further past the limits of traditional SIEM. Building on the Fall 2024 release (version 6.1), Graylog sharpens analyst workflows, accelerates time-to-value, and sets a new bar for speed and flexibility in threat detection.

With Adversary Campaign Intelligence, Data Lake Preview, Selective Data Restore, and Threat Coverage Analyzer, Graylog can now equip teams with better detection, real-time context, and more control over what matters. Analysts get alignment between content and the data it’s meant to catch, while CISOs get the visibility to prove it’s working without making tradeoffs.

“SIEMs have forced teams into a corner for too long—more logs mean more cost, more alerts mean more noise, and every pivot adds drag,” said Seth Goldhammer, Vice President of Product Management at Graylog. “This release flips that model. We’re using automation to clear the clutter, dial in detection, and make sure your stored data delivers value—not just volume.”

Adversary Campaign Intelligence

Graylog’s Adversary Campaign Intelligence redefines threat detection by continuously assessing activities based on their common targets, asset value, and exposure levels, and identifying their relationship with known attack campaigns. This calculated true attack probability reduces noise and surfaces at-risk users, endpoints, and entities by automatically corroborating evidence and context.

With updated detections to support Sigma 2.0 and responses empowered with AI guidance and automation, analysts act faster, triaging only what’s relevant and cutting down response time.

Data Lake Preview

Graylog allows for direct alignment to SIEM costs and the data that answers questions without sacrificing visibility by extending the data routing and data lake capabilities launched in the Fall 2024 release. Graylog’s Data Lake Preview allows teams to see if the data they need is in the Graylog Data Lake before retrieving a data set. Then, with Selective Data Retrieval, teams retrieve a narrow range of log messages on demand, greatly reducing their license consumption.

Threat Coverage Analyzer

Graylog’s Threat Coverage Analyzer gives security leaders clarity into what their teams are detecting—and what they might be missing. This feature highlights detection gaps mapped to the MITRE ATT&CK framework, guiding users to detect content aligned to their SIEM’s log collection and new log collection strategies to strengthen coverage posture through data-driven decisions.

Graylog Live at RSAC 2025

The Graylog Spring 2025 release is now live. Visit Graylog.com to explore new features and learn more, or join us at #RSAC 2025, Booth S-3134, to see a live demo.

About Graylog

Graylog is the no-nonsense SIEM that cuts through noise and complexity. It delivers what security teams need most: full visibility, faster investigations, and smarter detection—without trade-offs or surprise costs. Graylog helps analysts move faster and stay focused, from automated workflows to correlation and anomaly detection. With a product suite spanning Graylog Enterprise, Security, API Security, and Open, Graylog supports everyone from large enterprises to lean teams. Graylog is trusted by more than 60,000 organizations around the world. Learn more at graylog.com or connect with us on Bluesky and LinkedIn.

View source version on businesswire.com: https://www.businesswire.com/news/home/20250428034584/en/