In the world of data management, Cribl offers various methods to enhance data using the Lookup Function and many C.Lookup Expressions. While Cribl’s documentation is comprehensive, practical examples are often the most effective learning tools. That’s why we’ve introduced the new Lookup Examples Pack.
Cribl Stream is a real-time security and observability data processing pipeline that can be used to collect, transform, enrich, reduce, redact, and route data from a variety of sources to a variety of destinations. One of the popular destinations for Cribl users is Elastic SIEM. This blog post will walk you through the steps on how to set up Cribl Stream to normalize and forward data to use with Elastic Security for SIEM.
In this blog series, we’ll explore how Cribl Stream can leverage your existing cross-domain solution (CDS) to easily collect and send your log and metric data between disparate security domains or across air-gapped networks. The goal is to retain as much fidelity of the data as possible, deduplicating processes and simplifying management efforts.
Transunion is an American consumer credit reporting agency that operates in over 30 countries. They use Cribl Stream to aggregate and route regional data into a centralized hub, presenting it in a single dashboard that admins can use to interpret the overall health of their system. Watch the full video on YouTube or below to see Transunion’s Steve Koelpin and Don Reilly walk through this use case.
Recently, we launched a new Sandbox focused on handling syslog at scale with Cribl. The marketing messaging behind the Sandbox has been done a couple times already; therefore I wanted to let y’all see what we as Cribl Technical Marketing Engineers(TMEs) actually do in our daily lives. I’ll try to keep it engaging, with tales of danger and subterfuge, but I can only take so much artistic license. What’s in a Sandbox and how the Sandbox platform functions (i.e.
Cribl’s internal metrics are very handy for seeing what Cribl is doing. And while there are many data points related to input vs output volumes, sometimes you need more control over what you’re tracking. This pack allows you to route arbitrarily defined traffic through a stats tracker to capture changes in event count and volume. Perhaps you are onboarding a new host, or trialing a new Pipeline.
Our previous post was all about dipping your toes into the wonderful world of API interaction. By leveraging Cribl’s API you can automate many parts of your event pipeline management and tasks. So we got that goin’ for us. Which is nice. One of the common use cases for the API I hear about is kicking off data collection automatically. Use cases include: Cribl gives you the tools to collect data when you want, from where you want, and to where you want.
Let’s be honest, working with Kubernetes (K8s) has never been the easiest tech to work with. As a seasoned Kubernetes professional, I find myself constantly looking for ways to set up collecting data from my clusters, only to find out that there is a new, more complicated way to get the data I’m looking for.
In this livestream, I talked to Ryan Saunders – Manager of Security Operations at SpyCloud, about how he used the Cribl Reference Architecture to build a scalable deployment. He explained how this approach enabled SpyCloud to grow alongside its evolving needs without requiring significant rework. The reference architecture also facilitated a repeatable data-onboarding process, reducing administrative time and allowing the team to focus on critical security and data analysis tasks.
In an era where cybersecurity threats are not just frequent but increasingly sophisticated (and becoming more costly), the need for robust defense mechanisms has never been more critical. Security Information and Event Management (SIEM) emerges as a cornerstone in this complex data environment. It’s not just another tool in your cybersecurity toolkit; it’s a solution designed to elevate your organization’s security posture.
