[staticassertion]

Wow, thanks for the mention alongside such a solid list of tools.

I'm the author of Grapl and I'd be happy to answer any questions. Grapl's under active development (I'm working full time on it, and others are joining), and there's lots of exciting stuff on the way.

[canada_dry]

Grapl looks quite interesting though the lack of documentation is a stumbling block.

Is the primary Grapl use case AWS log analysis? Or, can it be setup and run for an on-prem linux system?

Could it also be setup to analyze logs from several VM's (e.g. running win/ubuntu-server/debian)?

More detailed deployment instructions for a variety of scenarios (installation and usage) would be helpful!

[staticassertion]

> Grapl looks quite interesting though the lack of documentation is a stumbling block.

Totally. I intend to change this once things stabilize - right now the docs would be changing so fast that I'd be spending all of my time updating them (though things are slowing down a lot).

> Is the primary Grapl use case AWS log analysis? Or, can it be setup and run for an on-prem linux system?

Grapl runs in AWS, but it can analyze any log that it can parse - currently that's just sysmon, or anything that fits into its generic (and unstable) format. There will be an AWS Plugin in the future that will allow you to send various AWS sourcetypes, as well as various linux oriented plugins such as for audit or osquery.

> Could it also be setup to analyze logs from several VM's (e.g. running win/ubuntu-server/debian)?

Absolutely.

> More detailed deployment instructions for a variety of scenarios (installation and usage) would be helpful!

Noted - this is going to be a top priority very soon.

[_wldu]

Very neat project. I've thought about representing attacks as a graph problem before, but never dug into it. Thanks for making it open source!

[staticassertion]

Turns out it's a lot of work haha but the payoff is, in my opinion, huge - and Grapl does the hard work for you.