Graphistry 2.25.18: Log ontologies and automatic migrations

Posted by Graphistry Team on Sep 26, 2019

Release 2.25 follows the footsteps of 2.24 of focusing on daily practice. Some of the biggest features in this release are automatic ontology support for popular logging and alert tools and a managed migration & update script. In parallel, much of our time is going to working directly with everyone in the field to assist with your projects, and we're excited to bring the resulting workflows and concepts into features for everyone.

Read on to learn more about this release, and see full release notes at our new release notes page

 

Elasticsearch-Logo-Color-VMicrosoft-Logo

1. Ontologies for ELK, Windows, Gigamon, Zeek/Corelight, FireEye iSIGHT, and more!

Vendors often use non-standard field names, which Graphistry automatically recognizes. This update adds hundreds of new definitions for various endpoint, network, and threat intel data sources. Just query your SIEM as usual and get an intelligently formatted interactive visualization!

ontology_fireeye_isight_small

Animation: Correlating FireEye iSIGHT reports over 1 year

Reminder: You can always add your own custom ontologies and our team is always happy to add new products to the base set.

 

 

2. Expand by column or type

Graphistry makes it easy to pivot on data on-the-fly and in your automations, and 2.25 makes it even easier. Graphistry already automatically classifies your data into types such as IP, email, and timestamp. Pivots now support expanding both by type ("IP") and original column ("src_ip"), including the cases where an entity was found in multiple columns and if you want multiple combinations of types and columns.

expand_selector

Animation: Quickly pivot on specific IP-type columns or all of them

 

 

3. Updates & migrations

Graphistry already makes it easy to get started with GPU analytics software, and 2.25 now makes it fast, easy, and safe to update across versions. Simply spin up a new instance, run the live migrators to copy in data from the old instance, and when you're happy, redirect users to the new instance! Automatic migrations are  supported between 2.25 and later releases, and as always, our team is happy to help with earlier releases.

Full example:
user@old:~/graphistry $ scp -i ~/key.pem user@new.site.com:~/key.pem user@new:~/graphistry $ KEY="-i /home/user/key.pem" FROM="user@old.site.com" TO="user@new.site.com" ./etc/scripts/migrate.sh user@new:~/graphistry $ SITE="my.site.com" IP="123.45.67.89" ./etc/scripts/aws-update-dns.sh

 

4. Tweaks & fixes

As part of releasing new features at a fast pace, we're also making sure they go through the appropriate testing, and based on everyone's feedback, tweaking and fixing them. Check out the release notes for further details, and we encourage you to reach out to our team on ways to make your experiences even better.

 

Curious to multiply your Azure or AWS analytics experience with GPU visual graph analytics and investigation automation? Try Graphistry in your Cloud Marketplace!

 

LAUNCH IN YOUR AWS   LAUNCH IN YOUR AZURE

 

 

Topics: Release