Graylog is a open-source log aggregation platform that is quickly gaining traction among the security community. This talk aims to show that by creatively utilizing some of the built-in capabilities, Graylog can transform from a log management platform into a SIEM, becoming a SecOps team’s most powerful tool. The talk will start by defining the concepts of a log management tool vs a SIEM so, throughout the talk, a distinguished outline of how these customizations can be leveraged to make that transition. The different Graylog capabilities that will be leveraged to achieve SIEM status will be covered with a variety of examples of how they can be leveraged. Lastly, the shortcomings of the platform as a SIEM that users should be aware of from drinking from the Graylog kool-aid will be revealed.