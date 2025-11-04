Graylog launched its Graylog Security Fall 2025 release. The latest version introduces AI-driven insights, Model Context Protocol (MCP) Server Access, and Amazon Security Data Lake integration, enabling SOCs to operate with clarity, speed, and cost efficiency.

The new platform (version 7.0) features AI-enabled dashboards for Enterprise and Security customers, delivering explainable insights into threats and trends. Additionally, it provides MCP Server access, which securely connects large language models (LLMs) directly to Graylog data for natural language queries.

Additionally, the new Amazon Security Data Lake integration further enhances visibility across hybrid environments, providing controls to reduce transfer, storage, and licensing costs. These capabilities deliver measurable efficiency gains for teams that need to accomplish more with fewer resources.

“Security and IT teams are being pushed to their limits by data growth and alert fatigue,” said Seth Goldhammer, VP of Product Management at Graylog. “Our focus is on helping them take back control, with practical AI that drives faster insights, smarter investigations, and measurable efficiency. With this release, we’re giving teams explainable AI they can trust. By combining innovation with simplicity, and AI with human insight, organizations can meet security challenges head-on with technology that works for them.”

Expanding access to security data through natural language

This release introduces Graylog MCP Server Access, a secure new way for teams to interact with their Graylog environment through natural language. The MCP Server connects user-approved AI agents or LLMs to Graylog, adding a conversational layer for querying and analysis – fully governed by user permissions and license tier and available to all Graylog versions.

Analysts (or their AI agents) can ask things like:

“Show me assets that increased in risk score over the past week and are linked to open investigations.”

“Summarize the top five MITRE techniques detected across failed logins in the last 24 hours.”

“Which indices are nearing rotation thresholds, and how much storage is currently in use across the cluster?”

This capability helps teams uncover both security insights and environment health, improving awareness and response times across the SOC. It gives analysts a faster, more intuitive way to interpret and act on data, enhancing productivity, clarity, and confidence without changing what they can access or control.

Reducing cost and complexity with AWS Security Data Lake integration

Graylog 7.0 extends the concept introduced previously with the Graylog internal data lake to external data lakes. Using preview, selective retrieval, and filtered collection, customers gain unified visibility across their AWS services and other environments without incurring unnecessary transfer costs, licensing impacts, or redundant storage for log messages that are not aligned with their active analytics, such as dashboards and threat detections.

Redefining the SOC for the real world

Built for lean, outcome-driven teams, Graylog unifies log management, SIEM, and AI-powered threat detection and investigation in a single, scalable platform. The result is an analyst-centric workflow that delivers actionable clarity without complexity or overhead.

Unlike legacy SIEMs weighed down by cost and complexity, or newer entrants chasing unproven AI claims, Graylog Security delivers transparent and understandable AI that provides analysts with clear context and control. Every alert, summary, and recommendation can be traced and understood, empowering security teams to respond faster and smarter.

The Graylog Security Fall 2025 release is available now.