Grapl includes models for relationships between processes and network connections.
Grapl ingests your raw logs
Parses and supports any log inputs like osquery and sysmon, extracting out underlying information
Builds a unified graph data structure that represents all of the entities and behaviors in your network
Exposes that graph for analytics
You write attack signatures in Python
Abstract data regardless of the source
Build up a set of tools for querying the graph
Programmatic contexting of signatures
You can use it for for follow-up actions like custom additional contexting or notification actions.
Grapl detects suspicious activities other SIEMS can't in graph
Automatically send alerts to your D&R team
Responders can investigate the attack visually and in Jupyter notebooks
Correlate attacker behaviors at a glance
You catch attackers
Start off with a small, suspicious graph
Encompass the full scope of an attacker’s behaviors
Gives detection engineers control over how they want to explore their logs
Built by security engineers for
professional security teams
Catch attackers in your environment faster with more powerful, contextualized detection logic.
Confidence in Alerts
Express complex attacker behavior as a graph, and unit tests, linters, and static typing to your attack signatures.
Grapl leverages a risk based approach instead of
a binary black-and white alert based approach, eliminating the concept of false positives altogether.
Extend Grapl to represent all of your data using our plugin system.
Leverage powerful data science tools like Jupyter notebooks for your investigations.
Code First Detentions
Build summary risk profiles using Python Programming Language to investigate suspicious activity in your environment.
Frequently asked questions
Can Grapl support my custom data sources?
Grapl provides plugin capabilities that can be leveraged to parse arbitrary datasources - you have the full power of code at your disposal to parse even the most complex data formats, leveraging open source libraries to do so.
Does Grapl come with any detection rules out of the box?
We build detection rules and open source them based on our own usage or user feedback. Some rules may only be available to customers upon request, and we're happy to assist customers who are looking to detect attacks we don't yet cover. You can find a set of Grapl detection rules
How does Grapl compare to other SIEMs?
Grapl is truly different from the rest of the SIEM marketplace. We're the only SIEM that provides a code and API first approach with powerful graph analytics, enabling detection that are hard or impossible in other SIEMs
When will I be able to use Grapl?
We're hard at work to make sure that Grapl is efficient, effective, and as secure as it can be. We expect to release in early 2022 - reach out for more details or if you're interested in being an early adopter.