%term

The latest News and Information on Security Incident and Event Management.

Detecting SHA1-Hulud: the logs must flow

Nov 26, 2025 By Daniel Kaiser In Sumo Logic

Sha1-Hulud has burrowed back into our lives, spreading rapidly and causing more destruction than ever. Named after the famous worm from the Dune franchise, this attack is also impacting global organizations. Since its first widescale spread on September 16, 2025, this worm has demonstrated its ability to propagate rapidly with high impact using the following techniques: This variant includes some new behavior, including.

Read Post

Sumo Logic

Read more about Detecting SHA1-Hulud: the logs must flow

5 Signs You've Outgrown Your Open-Source SIEM

Nov 25, 2025 By Jeff Darrington In Graylog

The evolution of your security stack is similar to the different phases of buying cars. In the beginning, you just need enough to transport a few items, maybe yourself and a few friends. The inexpensive two-door hatchback is perfect. However, as your family grows, whether with small humans or pets, you increasingly need more space and more capacity, leading to purchasing a four-door sedan or, even, a mini-van.

Read Post

Graylog

Read more about 5 Signs You've Outgrown Your Open-Source SIEM

Ep 19: The atomic habits of cybersecurity professionals

Nov 25, 2025 By Sumo Logic, Inc. In Sumo Logic

In this Masters of Data episode, we welcome back Zoe Hawkins and Roland Palmer to discuss building better security practices through small, incremental improvements personally and professionally. We emphasize regularly auditing security policies to avoid unnecessary friction that forces workarounds, treating security as sociology rather than just technology. We cover practical approaches like habit-stacking, weekly business reviews, staying informed about threats through intentional news consumption, and developing cognitive humility with security prompts.

View Video

Sumo Logic

Read more about Ep 19: The atomic habits of cybersecurity professionals

Mastering Dojo AI: How Agentic Intelligence Transforms SecOps - Customer Brown Bag - Nov 20th, 2025

Nov 21, 2025 By Sumo Logic, Inc. In Sumo Logic

Join us as Chas and Christopher review Sumo Logic's Dojo AI, our multi-agent platform designed to power proactive security and modern incident response.

View Video

Sumo Logic

Read more about Mastering Dojo AI: How Agentic Intelligence Transforms SecOps - Customer Brown Bag - Nov 20th, 2025

How to Use Data Lakes to Reduce SIEM Costs and Strengthen Investigations

Nov 21, 2025 By The Graylog Team In Graylog

Most teams think of data lakes as cold storage. A long-term archive. A place to keep logs “just in case” while budgets tighten and ingest volumes rise. Functional, sure. But limited. The traditional data lake keeps everything, helps occasionally, and rarely fits the way analysts work. Graylog approaches the data lake differently. In Graylog 7.0, the data lake is not a warehouse. It is a pressure release valve for teams overwhelmed by storage cost, investigation delays, and cloud data sprawl.

Read Post

Graylog

Read more about How to Use Data Lakes to Reduce SIEM Costs and Strengthen Investigations

You can't secure what you can't see: Why AgentCore logs matter

Nov 20, 2025 By David Girvin In Sumo Logic

AI agents are finally moving past cute demos and into actual production workflows. With AWS AgentCore, teams can build agents that write tickets, call APIs, deploy infrastructure, invoke external tools, and make changes faster than any human operator ever could. That’s powerful, but it also introduces a brand-new operational and security surface. And here’s the uncomfortable truth: most organizations have no idea what their agents are actually doing. Agentic AI isn’t magic.

Read Post

Sumo Logic

Read more about You can't secure what you can't see: Why AgentCore logs matter

Why your security analytics needs proactive threat hunting

Nov 19, 2025 By Christopher Beier and Janet Alexander In Sumo Logic

Even the mightiest and most prestigious companies and enterprises are not exempt from the sophisticated threats posed by cyber attackers. Your security team needs robust security measures for network security, endpoint security, threat detection, anomaly detection, data protection, security monitoring, application security and information security.

Read Post

Sumo Logic

Read more about Why your security analytics needs proactive threat hunting

Exabeam and Recorded Future Partner to Power Intelligence-Led Threat Detection and Response

Nov 18, 2025 By Exabeam In Exabeam

Strategic integration enables security teams to move from reactive to proactive with real-time threat context and automated response.

Read Post

Exabeam

Read more about Exabeam and Recorded Future Partner to Power Intelligence-Led Threat Detection and Response

Detecting the undetectable: Building a fraud detection framework with Elastic

Nov 17, 2025 By Kyle Rozanitis In Elastic

Learn how public sector organizations are using Elastic to identify fraudulent activity with rules and anomaly detection jobs fine-tuned for their specific use cases. Every organization faces the challenge of identifying and combating fraud. In the financial services industry, it might be credit card fraud; in the auto insurance space, staged accident fraud; and in the public sector, unemployment, health insurance, or tax fraud.

Read Post

Elastic

Read more about Detecting the undetectable: Building a fraud detection framework with Elastic

Log everything from anywhere: Centralizing log collection with Log360

Nov 14, 2025 By Ramprashad Guruswamy In ManageEngine

In today's complex IT environments, comprehensive log collection is crucial for effective auditing and security monitoring. Without this, endpoints, especially those that are VPN-joined, stay out of your reach while auditing. This was the bottleneck faced by our Log360 customer who recently availed OnboardPro, ManageEngine's professional services. They knew Log360 was capable of collecting logs from all their network devices—but what about the endpoints that were connected remotely via VPN?

Read Post