Graylog unveils Spring 2025 release with enhanced security tools

Graylog has introduced its Spring 2025 release, focusing on enhancements in security and data management.

The newly launched version of Graylog Security features several updates, including Adversary Campaign Intelligence, Data Lake Preview, Selective Data Retrieval, and a Threat Coverage Analyzer, with the aim to improve detection accuracy and the efficiency of security workflows.

Seth Goldhammer, Vice President of Product Management at Graylog, stated, "SIEMs have forced teams into a corner for too long—more logs mean more cost, more alerts mean more noise, and every pivot adds drag. This release flips that model. We're using automation to clear the clutter, dial in detection, and make sure your stored data delivers value—not just volume."

The newly introduced Adversary Campaign Intelligence is designed to continuously assess activities by evaluating their common targets, asset value, and exposure levels, as well as their association with known attack campaigns. By automatically corroborating evidence and context, the feature calculates true attack probability, which reduces unnecessary noise and highlights at-risk users, endpoints, and entities.

This release also includes support for Sigma 2.0 and responses that are enhanced through AI-driven guidance and automation. According to Graylog, this enables analysts to act more quickly, concentrating on relevant incidents and reducing response times by triaging only the most pertinent threats.

Another key component of the Spring 2025 release is the Data Lake Preview. Building upon previous data routing and data lake features, this update allows teams to review whether their required data exists in the Graylog Data Lake before initiating a retrieval process. This preview capability is complemented by Selective Data Retrieval, which enables the extraction of a specific subset of log messages on demand. As a result, organisations can optimise their license usage and streamline their data management practices without compromising on operational visibility.

The new Threat Coverage Analyzer provides security leaders with the ability to identify detection gaps. This feature maps findings to the MITRE ATT&CK framework, helping users pinpoint both what their teams are actively detecting and areas that might require further attention. The tool also supports decisions around new log collection strategies, ultimately aiming to bolster an organisation's overall coverage posture using data-driven analyses.

Graylog claims that the suite of updates together ensures better alignment between detection content and the data it is designed to identify. This alignment is also intended to give Chief Information Security Officers improved visibility into the effectiveness of detection and reporting capabilities, while avoiding the need for operational trade-offs.

The integration of automation and AI throughout the new release is positioned to support analysts with streamlined workflows, reduced noise, enhanced detection, and improved response times.

Graylog's product range spans Security, API Security, Enterprise editions, and open-source offerings, serving both large organisations and smaller teams.