CrowdStrike is a class-leading endpoint monitoring solution. It collects a wealth of activity data from each managed endpoint that can be fairly voluminous. This includes network connectivity, DNS request, process activity, health checks, and the list goes on. In fact, there are over 400 event types reported by CrowdStrike! These events are a gold mine for threat hunters and blue teams looking for unusual or malicious activity. It can be extremely costly to place all this data in a SIEM.

We announced Cribl Search in May, and customer reaction has been incredibly positive. We’ve heard for some time that organizations have data everywhere. They have data in their observability lakes, analytics tools, object stores, and at the edge. The big challenge facing enterprises is that existing search models require you to take all of this data that you don’t know is valuable or not, move it into one place, and then make decisions about whether this is valuable?

One of the things about Silicon Valley culture is the obsession around the technology that gets created and the idea of the engineer as the hero of the story. You see the same kind of thing with other professions — like with finance executives in New York, celebrities in Hollywood, or firefighters and police officers in different areas across the US.

Cribl Stream has supported external Lightweight Directory Access Protocol (LDAP) authentication since version 2.0 was released in late 2019. LDAP directories offer many features, and it’s up to clients to implement them for compatibility. Here is a non-exhaustive list of LDAP features that Cribl Stream does not support: This blog post explores how Cribl Stream implements LDAP for user authentication and assumes you have a working knowledge of the topic.

A few weeks ago, I did a live Cribl Edge demo for the Cribl Community, and I wanted to explain more about the importance of Cribl Edge for IT admins. Managing traditional log shipping agents is very time-consuming and brittle. Just the act of a once-a-year upgrade can require the help of a kind god! Admins need help to make this vital workflow easier and faster so they can focus time on delivering value to the business.

Building Packs is good. Sharing Packs is better! The Cribl Pack Dispensary is the go-to place to find, install and share Cribl Packs. What are Packs? A Cribl Pack is a collection of pre-built routes, pipelines, data samples, and knowledge objects. Packs enable sharing of best-practice configurations that route, shape, reduce and enrich the log source, Palo Alto Networks logs for example. And it’s the quickest, easiest way to get started with Stream and Edge supports Packs too.

Cribl Edge is the easiest and most manageable agent for exploring, processing, and collecting Observability data at the edge for Linux servers. Today, we’re excited to announce that it’s not just Linux admins whose lives have been made easier with Edge. With the Cribl Software Suite 3.5.0, Cribl Edge now supports Windows Server 2016, 2019, and 2022, bringing that same intuitive experience for deploying, setting up, and collecting observability events to your Windows infrastructure.

We’ve been busy building more features for Cribl Stream, and are excited to share the new value we offer our users. Cribl Stream 3.5 is now available! This release brings some much-requested features that will help users build more robust observability pipelines, with new sources and destinations. Let’s dive into what’s new!

Cribl.Cloud’s Summer 2022 release is now available in an AWS cloud near you! As part of this release, we are excited to share the features we have been building, including the latest Cribl product releases (Stream 3.5 and Edge 3.5). This release brings some much-requested features that will help customers increase their compliance, reduce overall costs, and deploy a more resilient observability data pipeline.

What is an observability engineer? They build monitoring tools, right? Develop data pipelines? For time series data? Maybe distributed tracing? Ah, got it…an observability engineer is just an extension of an SRE with a wider ‘end-user’s’ perspective? But don’t they also build solutions that move telemetry for security tools? Maybe monitor and review an organization’s overall security posture?