Baking a SIEM: A Recipe for Graylog Open to Security and Beyond

Aspire Bakeries' Graylog journey began in mid-2017 when we realized the current method of log review/collection on each device wasn’t working for us in Operations and we needed better way of working. Over the years we have grown our Graylog implementation from a single Graylog Open 2.0 VM for Operations Teams to a multi-node cluster handling 100MM+ messages per day and the center of our SOC. We will explore how Aspire has handled new data, scaling, and security challenges using Graylog. From using pipelines to enrich and prevent unneeded data ingestion, to using Assets in Graylog Security to provide near real-time tracking, we will share stories and lessons learned along the way. **Key Takeaways** 1. Scaling and Optimization - Learn how Aspire Bakeries successfully scaled their Graylog implementation to handle massive data loads while optimizing performance and security. 2. Practical Insights - Discover practical strategies for enriching data, preventing unnecessary ingestion, and using Graylog Security Assets for real-time tracking, all based on real-world experiences. Checkout Documentation https://go2docs.graylog.org/current/home.htm Direct Downloads Page https://graylog.org/downloads Subscribe to Our Blog https://graylog.org/blog/ Join the Community https://community.graylog.com/company/graylog Twitter: https://twitter.com/graylog2 Facebook: https://www.facebook.com/graylog/ LinkedIn: https://www.linkedin.com/company/graylog Reddit: https://www.reddit.com/r/graylog/ Mastodon: https://infosec.exchange/@Graylog Bluesky: https://bsky.app/profile/graylog.bsky.social Want to contact us? https://graylog.org/contact-us/