One of the most common questions I hear from customers is simple: “How do I know what the system is actually doing?” With Zero Trust, visibility matters just as much as enforcement. That’s why in our latest release, we’ve made a significant update to the Invisinet Message Format (IMF) for SIEM platforms like Graylog—giving security teams clearer, richer, and more actionable insight into the real-time state of their environments.
At its core, IMF is our enhanced syslog message format. Every action carried out is logged and indexed for future reference and for auditing. Historically, syslog has been used primarily to report events. What we’ve done is go further: we’ve expanded and refined IMF so that it now conveys the operational state of the gateway itself—not just what occurred, but how the system is configured and behaving at that moment in time.
With this release, IMF messages now include detailed information such as the list of gateways and their enforcement modes, protected and unprotected resources configured on the system, resource locations and names, group configurations, trust levels, and connection activity. In Graylog, this means you can see exactly which gateways are enforcing policy, which users connected most recently, which did not, and how resources are being segmented and protected—all time-stamped and searchable.
You might ask: “Isn’t this information already visible in the GUI?” It is—but that’s not the point. These messages provide a second, independent view of the system’s state, covering your entire Invisinet deployment. They are sent automatically and are read-only by design. Team members with access to the SIEM can observe what the system is doing without the ability to change or manipulate sensitive security controls. For many organizations—especially those with segmented responsibilities across security, operations, and compliance—this matters. Not everyone who needs visibility should have access to the gateway itself.
What this ultimately delivers is greater operational intelligence. Security teams can validate that gateways are running in the correct enforcement mode. Operations teams can verify which resources are protected and where they reside. Compliance teams can review system posture without touching production controls. Everyone gets the same source of truth, presented in a format that integrates seamlessly with their existing SIEM workflows.
Zero Trust isn’t just about blocking threats—it’s about understanding your environment with precision and confidence. By enhancing IMF, we’ve made Invisinet not only more secure, but more transparent. And when you can clearly see what your security architecture is doing, you’re better equipped to trust it, audit it, and scale it.
If you’re using Graylog or another SIEM platform, this update gives you a deeper window into your Zero Trust fabric—without adding complexity or risk. That’s exactly how we believe security should work.
To learn more or schedule a demo of v4.3, reach out to your Invisinet representative or schedule a demo at www.invisinet.com/get-a-demo.
.avif)
