GRAVWELL 5.2 INTRODUCES A NEW SET OF DYNAMIC THREAT HUNTING FEATURES WHICH LOWER THE BARRIER TO ENTRY FOR ANALYSTS.

Gravwell, a leading provider of big data solutions that help customers improve enterprise log management, threat hunting, and security lakes, is excited to announce its participation in the RSA Conference 2023. Attendees can visit Gravwell at Booth #6086 in the North Hall of the Moscone Center to learn more about the company's latest release, Gravwell 5.2.

Gravwell 5.2 offers new features to remove the barrier to entry for threat hunting. With hunting help like query autocomplete, diagnostics, auto-field aggregation, and more, even novice threat hunters can combat advanced threats who are "living off the land" within their environments. The update represents Gravwell's ongoing commitment to delivering advanced data analytics capabilities in a user-friendly interface.

"In my earlier career, I developed custom 0day exploits and became alarmed at how easily an attacker with novel techniques could evade detection by living off the land. The essence of threat hunting lies in understanding your environment and asking a lot of questions. To achieve that, access to data and a dynamic query capability is crucial. Traditional SIEM systems often fall short of empowering both seasoned and novice analysts to delve into their data and address crucial concerns. With this release, we are taking a significant stride towards enhancing the defender's advantage capabilities and minimizing the time attackers can linger in your system undetected." said Corey Thuen, CEO of Gravwell.

Key features of Gravwell 5.2 include:

Autocomplete: Gravwell now offers completion hints for most parts of the query language, including tag names, modules, flags, enumerated values, and resources.

Diagnostics: Improved error messages and diagnostics help users identify issues in their queries and even offer suggestions for improvements.

Folds and Formatting: Users can now collapse compound query segments (folding) and pretty print their entire query (formatting) for better readability.

Command Palette: The Command Palette, accessible via right-click or F1, offers additional editor commands for a more streamlined experience.