Skip to content

Announcing Graylog Illuminate v7.0


ADDED: New Content Packs & Features

  • Symantec Proxysg (419)

    Added alert_severity_level mapping based on event_action where applicable.

  • Checkpoint FW (2917)

    Added support for additional vendor_event_action values, including encrypt and decrypt. Restructured existing vendor fields to better align with log output: vendor_event_outcome is now vendor_event_action; vendor_event_outcome_reason is now vendor_event_action_reason; vendor_event_action is now vendor_event_operation.

  • Bitdefender GravityZone (3059)

    Added support for New Extended Incident logs. Included basic parsing for RPC formatted GravityZone logs for possible future extension via Filebeat testing.

  • Windows Security (2836)

    Added support for status code 0xC0000413 – STATUS_AUTHENTICATION_FIREWALL_DENIED.

  • Microsoft IIS Content Pack (1067)

    New content pack for Microsoft IIS (Internet Information Services), which is used for hosting web applications and services on Windows. Integrates tightly with ASP.NET and Windows Server ecosystem.

  • AWS Kinesis Content Pack (3076)

    New pack for Amazon Kinesis, supporting the parsing and categorization of AWS VPC Flow logs via AWS Kinesis for real-time data streaming and analysis. Future support for other log types may be added.

  • 1password Content Pack (2993)

    New content pack for 1Password logs, supporting the centralized storage and management of credentials, API keys, and sensitive information for improved security and simplified credential management.

  • Cisco Business 350 Series (CBS) (2263)

    New content pack for Cisco Business 350 Series Switches, supporting managed Layer 3 network switches designed for small and medium-sized businesses.

  • F5 BIG-IP (1137)

    Added a Content Pack that supports the AFM and ASM module.

FIXED: Bugs and Issues

  • NetFlow (2851)

    Fixed IPFIX message identification and added support for different set fields.

  • Bitdefender (3115)

    Fixed wrong input name.

  • Cisco ISE (3004)

    Modified base extraction regex to make syslog header info optional, enabling sending to a syslog or raw tcp input.

  • Symantec ProxySG (3125)

    Moved alert_severity_level lookup data to its own .csv to address lookup complaint of duplicate values.

  • Linux Auditbeat (2928)

    Corrected issue mapping vendor_event_type: changed-promiscuous-mode-on-device.

  • Cisco ISE (3019)

    Fixed CmdSet parsing so the full command is returned as vendor_cmdset, dropping CmdAV and CmdArgAV.

  • Bitdefender GravityZone (3007)

    Fixed wrong search path in the New Incidents Count widget.

  • Curated Alerts (2583)

    Improved rule: Illuminate – Windows Security – Active Directory Database Snapshot Via ADExplorer. The detector now covers execution of the 64-bit variant of ADExplorer.

  • Core DNS Processing (2675)

    Fixed filter causing inconsistent results in the dashboard.

CHANGED: Updates and Streamlining

  • NetFlow (3074)

    Changed NetFlow IPv4/IPv6 renames and field types.

  • Cisco IOS (2823)

    Streamlined identification rule logic to be more efficient.

  • PowerShell, Postfix, Meraki, SEPM, Sophos, Sonicwall, Cisco Meraki, Symantec Endpoint (Multiple IDs)

    Converted the use of multiple grok patterns per rule to use multi_grok for efficiency. Also, standardized gim_event_type_code mappings to align with detection categories and reclassified subtypes from alert to detection across multiple packs (e.g., Defender, Snort, Stormshield, Palo Alto, Fortigate, etc.).

  • Palo Alto (2824)

    Renamed spotlight title.

  • Schema (1940)

    Modified index templates to copy hash related fields (e.g., hash_md5, file_hash_) to associated_hash. This provides additional context to hash objects.

  • Palo Alto 11 (687)

    Updated colors for widgets that reference event_action to reflect schema.

  • AWS Security Lake (2314)

    Changed gim_event_category from alert to detection. The dashboard now supports both categories.

  • Bitdefender Telemetry (2950)

    Changed GIM codes for network events from 129999 (default) to 120200 (open) and 120300 (close).

  • Illuminate Core (3008)

    Disabled dynamic date detection for all Illuminate indices to fix mapping errors caused by inconsistent field formats.

  • Zeek (2618)

    Changed DNS request categorization to exclude NBSTAT.

  • Core (1711)

    Added support for MITRE ATT&CK Enterprise attacks_technique_uid & attacks_tactic_uid string values.

REMOVED / DEPRECATED Content

  • o365 (2957)

    Removed redundant type assignment in 22-o365_scc_categorize_alerts rule.

  • Bitdefender GravityZone (3058)

    Removed a possible leading forward slash for the source field (fixes issue when hostname is empty).

  • Compliance Content (2959)

    Removed deprecated ‘Compliance Content Spotlight (Deprecated)’ spotlight.

  • Palo Alto 9.1x (2716)

    DEPRECATED: The Palo Alto 9.1x Spotlight and associated processing content have been deprecated. Users should transition to the Palo Alto 11 Content Pack.

About Graylog
At Graylog, our vision is a secure digital world where organizations of all sizes can effectively guard against cyber threats. We’re committed to turning this vision into reality by providing Threat Detection & Response that sets the standard for excellence. Our cloud-native architecture delivers SIEM, API Security, and Enterprise Log Management solutions that are not just efficient and effective—whether hosted by us, on-premises, or in your cloud—but also deliver a fantastic Analyst Experience at the lowest total cost of ownership. We aim to equip security analysts with the best tools for the job, empowering every organization to stand resilient in the ever-evolving cybersecurity landscape.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

Action1 Named America’s Fastest-Growing Private Software Company on 2025 Inc. 5000 List

Action1, a leader in autonomous endpoint management (AEM), today announced it has been named the fastest-growing private software company in America, ranking #1 in its industry and #29 overall on the prestigious 2025 Inc. 5000 list. This first-time inclusion highlights the company’s hypergrowth and disruption of the traditional IT tools market.

“We are thrilled to be recognized as America’s fastest-growing private software company,” said Mike Walters, President and Co-founder of Action1. “This reflects the massive demand for cybersecurity innovation that is powerful, secure, and simple to deploy. Our growth is driven by an ambitious vision: to prevent all cyberattacks that exploit software vulnerabilities.”

Action1’s rapid growth, which outpaces SaaS and cybersecurity benchmarks, is fueled by its mission to make enterprise-grade security accessible to all. The company backs this by offering its fully functional, cloud-native platform free for the first 200 endpoints, supporting organizations of all sizes.
Mike Hofman, editor-in-chief of Inc., noted that this year’s honorees “didn’t just weather the storm—they grew through it,” praising their tenacity and clarity of vision amid economic challenges.
The full 2025 Inc. 5000 list can be found at www.inc.com/inc5000.

About Action1

Action1 is an autonomous endpoint management platform trusted by many Fortune 500 companies. Cloud-native, infinitely scalable, highly secure, and configurable in 5 minutes—it just works and is always free for the first 200 endpoints, with no functional limits. By pioneering autonomous OS and third-party patching with peer-to-peer patch distribution and real-time vulnerability assessment without needing a VPN, it eliminates routine labor, preempts ransomware and security risks, and protects the digital employee experience.

In 2025, Action1 was recognized by Inc. 5000 as the fastest-growing private software company in America. The company is founder-led by Alex Vovk and Mike Walters, American entrepreneurs who previously founded Netwrix, a multi-billion-dollar cybersecurity company.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

Action1 Launches MSP Partner Program Offering Premium Support, Exclusive Pricing, and New Revenue Streams

Action1, a leader in autonomous endpoint management (AEM), today launched its new MSP Partner Program. The program is specifically designed to equip Managed Service Providers (MSPs) with the tools necessary to deliver high-margin, recurring patch management services and gain a competitive edge, especially when servicing SMBs and mid-market clients who often lack dedicated in-house IT resources.

“We designed this program to give MSPs a competitive advantage that directly boosts their bottom line. We are committed to helping them deliver patch management that is far beyond what traditional RMM tools can achieve, allowing them to deepen their value as trusted advisors.”
— Branden Boag, VP of Sales & Alliances at Action1
 

Key Program Benefits for MSPs

The Action1 MSP Partner Program focuses on enhancing partner profitability, efficiency, and service quality:

  • Advantage Pricing: Exclusive, lower pricing compared to non-partners, which directly contributes to higher profit margins.
  • Premium Support: Access to a dedicated customer success manager and premium technical support for faster remediation of critical issues.
  • New Revenue Opportunities: Resale and referral options for serving larger organizations outside their traditional managed services base.
  • Superior Patching: A more comprehensive and effective patch management solution than traditional RMM tools, ensuring significantly higher endpoint compliance and security.
  • Co-Marketing & Certification: Access to co-marketing resources and financial incentives for technician certification to help validate expertise and drive leads.
“Working with Action1 gives us fast, automated patching across all client environments—no infrastructure, no hassle. It allows us to deliver high-value, scalable services that enhance security and drive recurring revenue.”
— Tunde Odeleye, Principal Security Architect & CISO at Data Center Warehouse

The Action1 MSP Partner Program is now open to qualified Managed Service Providers globally, with a primary focus on the US market, ready to help partners expand their managed security services portfolio.

The Action1 MSP Partner Program is now open to qualified MSPs globally, with a primary focus on the US market.

About Action1

Action1 is an autonomous endpoint management platform trusted by many Fortune 500 companies. Cloud-native, infinitely scalable, highly secure, and configurable in 5 minutes—it just works and is always free for the first 200 endpoints, with no functional limits. By pioneering autonomous OS and third-party patching with peer-to-peer patch distribution and real-time vulnerability assessment without needing a VPN, it eliminates routine labor, preempts ransomware and security risks, and protects the digital employee experience.

In 2025, Action1 was recognized by Inc. 5000 as the fastest-growing private software company in America. The company is founder-led by Alex Vovk and Mike Walters, American entrepreneurs who previously founded Netwrix, a multi-billion-dollar cybersecurity company.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

Action1 Doubles Endpoint Coverage for Free to Turn Cybersecurity Awareness into Action


Action1, a provider of autonomous endpoint management (AEM) solutions, is doubling its endpoint coverage for all customers and free-tier users worldwide throughout October. This no-cost initiative for Cybersecurity Awareness Month (CAM) is designed to help organizations move beyond awareness to immediate, tangible action against rising cyber threats.
The company’s initiative responds to an escalating threat landscape, highlighted by its 2025 Software Vulnerability Ratings Report, which found a 96% increase in exploited vulnerabilities. By doubling endpoint coverage, Action1 empowers IT teams to detect and patch vulnerabilities across twice as many devices, removing budget barriers to critical security, especially for smaller and under-resourced organizations.
“Awareness is important, but action is what truly secures environments,” said Mike Walters, President and Co-founder of Action1. He noted that patching can dramatically reduce vulnerabilities and that this initiative aims to make “real progress toward a safer digital world” by making robust cybersecurity more accessible.

About Action1

Action1 is an autonomous endpoint management platform trusted by many Fortune 500 companies. Cloud-native, infinitely scalable, highly secure, and configurable in 5 minutes—it just works and is always free for the first 200 endpoints, with no functional limits. By pioneering autonomous OS and third-party patching with peer-to-peer patch distribution and real-time vulnerability assessment without needing a VPN, it eliminates routine labor, preempts ransomware and security risks, and protects the digital employee experience.

In 2025, Action1 was recognized by Inc. 5000 as the fastest-growing private software company in America. The company is founder-led by Alex Vovk and Mike Walters, American entrepreneurs who previously founded Netwrix, a multi-billion-dollar cybersecurity company.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.