Graylog, a provider of AI-powered SIEM solutions, has announced the general availability of Graylog 7.1. This Spring 2026 release introduces new capabilities designed to assist lean security teams with behavioral threat detection and automated investigation workflows, integrating functions often dispersed across multiple platforms.

According to Andy Grolnick, CEO of Graylog, the goal of Graylog 7.1 is to consolidate detection, triage, and documentation into a single platform. This approach aims to allow analysts to concentrate on actual threats rather than administrative tasks. The update includes features such as configurable risk thresholds for asset groups, which allow for varying urgency levels based on asset categories. For example, a privileged account crossing a risk score of 50 could automatically trigger an investigation, while standard users might only do so at a score of 75.

The investigation workflow in Graylog 7.1 automatically initiates a comprehensive investigation when an asset’s risk score surpasses a defined threshold. This process attaches relevant events, alerts, and remediation procedures without manual input. Other enhancements to the investigation workflow include consolidated event procedures, which present all remediation steps from various alerts in a single list, and bulk log addition, enabling analysts to attach multiple log messages to a case in one action. A new context sidebar also provides real-time details, guidance, and asset context to accelerate response times.

For threat detection, Graylog 7.1 offers native behavioral anomaly detection with expanded machine learning capabilities. This includes an Impossible Travel Detector to identify potential credential compromises based on geographically impossible user locations, and a Log Volume Detector to spot unusual spikes or drops in log activity, which could indicate data exfiltration, misconfigurations, or source failures. Additionally, security engineers can now integrate Sigma Rules directly from private GitHub, GitLab, or Bitbucket repositories, supporting a detection-as-code workflow with full version control.

Regarding infrastructure, Graylog 7.1 introduces dynamic shard sizing to eliminate manual cluster tuning for IT operations and infrastructure teams. It also adds native support for Azure Blob Storage, facilitating archive, warm tier, and Data Lake functionalities, thus enabling fully Azure-native log management deployments.

Seth Goldhammer, VP of Product Management at Graylog, stated that the development of every capability in 7.1 focused on reducing friction for analysts and optimizing their time across detection, triage, reporting, and infrastructure. Graylog 7.1 is available across Graylog Security and Graylog Enterprise platforms. Further details can be found on graylog.com, and a demo is accessible at graylog.org/see-demo.

Graylog is recognized for its AI-powered SIEM and centralized log management platform, designed to transform data into actionable insights for security and IT teams. It aids in faster threat detection and investigation through explainable AI that summarizes dashboards, prioritizes risks, and automates workflows, while maintaining human oversight. The company serves over 60,000 organizations globally.