|
|
|
|
|
|
by canada_dry
2316 days ago
|
|
|
Grapl looks quite interesting though the lack of documentation is a stumbling block. Is the primary Grapl use case AWS log analysis? Or, can it be setup and run for an on-prem linux system? Could it also be setup to analyze logs from several VM's (e.g. running win/ubuntu-server/debian)? More detailed deployment instructions for a variety of scenarios (installation and usage) would be helpful! |
|
|
Totally. I intend to change this once things stabilize - right now the docs would be changing so fast that I'd be spending all of my time updating them (though things are slowing down a lot).
> Is the primary Grapl use case AWS log analysis? Or, can it be setup and run for an on-prem linux system?
Grapl runs in AWS, but it can analyze any log that it can parse - currently that's just sysmon, or anything that fits into its generic (and unstable) format. There will be an AWS Plugin in the future that will allow you to send various AWS sourcetypes, as well as various linux oriented plugins such as for audit or osquery.
> Could it also be setup to analyze logs from several VM's (e.g. running win/ubuntu-server/debian)?
Absolutely.
> More detailed deployment instructions for a variety of scenarios (installation and usage) would be helpful!
Noted - this is going to be a top priority very soon.