Seth Goldhammer, Vice President of Product Management at Graylog told MSSP Alert, “Graylog 7.0 adds AI Summarization, which turns complex dashboard and investigation data into clear, plain-language insights. Analysts can quickly see what’s driving a spike or anomaly and understand why it matters without running extra queries. The same capability generates summary reports during investigations, capturing key findings and context so teams can validate conclusions and share them faster. It speeds up analysis while keeping humans firmly in control of interpretation.”

Bringing Natural Language to Security Data
The release also introduces Graylog MCP Server Access - a secure new way for teams to interact with their Graylog environments using natural language. The MCP Server connects LLMs or AI agents to Graylog through authenticated APIs, enabling natural language queries for investigations and system monitoring.“The MCP integration lets approved AI agents work with Graylog data using secure, authenticated API connections,” Goldhammer explained. “Every request is tied to an API key and bound by Graylog’s existing role-based access controls, so an agent only sees what its assigned user role can access. Customers can connect either local or external large-language-model tools, and they decide where those models run and what data they reach. Graylog never expands permissions or exposes data beyond those limits.”
Integrating with AWS Security Data Lake to Cut Costs
Graylog’s AWS Security Data Lake integration extends unified visibility across cloud and on-premise environments. Using selective data retrieval and filtered ingestion, teams can preview or collect only the log data that matters most, without redundant storage or transfer costs.“Graylog 7.0 delivers strong data management capabilities, increasing efficiency for service providers,” said Goldhammer. “Filtered AWS Security Lake Inputs let teams ingest only relevant logs to cut noise and control storage costs. Lake Retrievals and Preview tools accelerate long-term data lookups across tenants. AI Summarization speeds up triage by explaining patterns at a glance, while Collections extend role-based access control so MDR and MSSP teams can securely share dashboards or threat-intelligence content without exposing proprietary rules. Together, these updates make it easier to scale investigations and maintain data separation across customers.”




