Graylog, a provider of SIEM and threat detection solutions, has announced new cloud-native integrations with AWS Security Hub and Amazon EventBridge, enhancing real-time event ingestion and supporting the Open Cybersecurity Schema Framework (OCSF) to streamline log analysis and accelerate threat detection for mid-market enterprises.

Graylog’s integration with AWS Security Hub positions it as a launch partner, enabling users to analyze and correlate security data more efficiently within its cloud-delivered platform. The adoption of the OCSF standard is designed to simplify security event formats across various platforms, thereby reducing the need for custom parsing by security teams.

Robert Rea, CTO at Graylog, commented on the development, stating, “Security teams need to move at the speed of cloud infrastructure. By integrating Graylog with AWS Security Hub and Amazon EventBridge, we’re removing bottlenecks and giving analysts faster, structured access to security events, with no additional engineering burden.”

The native connection to Amazon EventBridge facilitates real-time event monitoring, allowing security events to flow into Graylog instantly as they occur. This integration removes the necessity for custom code, external agents, or manual configuration, simplifying deployment. Once ingested, these events can automatically trigger correlation rules and alert workflows, enabling security teams to respond to threats with minimal manual intervention and scale with their AWS environment.

AWS Security Hub centralizes findings from various AWS services, enriching and correlating signals from threat detection and vulnerability management tools to provide actionable insights. Graylog’s native support for OCSF allows the integration of Security Hub telemetry into its cloud-native SIEM workflows, enabling teams to analyze structured data without custom parsing, correlate events across accounts, and accelerate detection from a centralized, scalable platform.

Aaron VanWart, director of Cloud Alliances at Graylog, added, “Our goal is to provide security engineers and CISOs with meaningful insights the moment they need them, not minutes or hours later. This is a major step toward cloud-native SIEM workflows that are both fast and frictionless.” These capabilities are tailored for cloud-first teams, offering an intuitive and scalable alternative to traditional SIEM platforms.

The new integrations are currently available for Graylog (Cloud) customers through the AWS Marketplace or directly from Graylog. Deployment is designed to require no custom code and includes comprehensive documentation and onboarding guidance.

Graylog is recognized as an AI-powered SIEM and log management platform that assists security and IT operations teams. The platform centralizes and analyzes event data to facilitate faster threat detection, smarter investigations, and controlled data costs. With its roots in open source and headquartered in Houston, Graylog serves over 60,000 organizations across 180 countries through products like Graylog Security, Enterprise, API Security, and Open.