Route data to multiple destinations
Enrich data events with business or service context
Search and analyze data directly at its source, an S3 bucket, or Cribl Lake
Reduce the size of data
Shape data to optimize its value
Store data in S3 buckets or Cribl Lake
Replay data from low-cost storage
Collect logs and metrics from host devices
Centrally receive and route telemetry to all your tools
Redact or mask sensitive data
Optimize data for better threat detection and response
Streamline infrastructure to reduce complexity and cost
Simplify Kubernetes data collection
Optimize logs for value
Control how telemetry is stored
Easily handle new cloud telemetry
Ensure freedom in your tech stack
Accelerate the value of AIOps
Effortlessly search, collect, process, route and store telemetry from every corner of your infrastructure—in the cloud, on-premises, or both—with Cribl. Try the Cribl Suite of products today.
Learn moreGet telemetry data from anywhere to anywhere
Get started quickly without managing infrastructure
Streamline collection with a scalable, vendor-neutral agent
AI-powered tools designed to maximize productivity
Easily access and explore telemetry from anywhere, anytime
Instrument, collect, observe
Store, access, and replay telemetry.
Get hands-on support from Cribl experts to quickly deploy and optimize Cribl solutions for your unique data environment.
Work with certified partners to get up and running fast. Access expert-level support and get guidance on your data strategy.
Get inspired by how our customers are innovating IT, security, and observability. They inspire us daily!
Read customer storiesFREE training and certs for data pros
Log in or sign up to start learning
Step-by-step guidance and best practices
Tutorials for Sandboxes & Cribl.Cloud
Ask questions and share user experiences
Troubleshooting tips, and Q&A archive
The latest software features and updates
Get older versions of Cribl software
For registered licensed customers
Advice throughout your Cribl journey
Connect with Cribl partners to transform your data and drive real results.
Join the Cribl Partner Program for resources to boost success.
Log in to the Cribl Partner Portal for the latest resources, tools, and updates.
Case Study
“OUR CLIENTS NO LONGER HAVE TO CHOOSE BETWEEN ACCEPTING THE RISK OF LIMITED VISIBILITY OR ASKING FOR MORE MONEY. THEY CAN ONBOARD ALL OF THEIR SOURCES WITHOUT INCURRING ADDITIONAL COSTS.”
MICHAEL POLISE,
DIRECTOR OF ADVISORY SERVICES
“SOC ANALYSTS WITHIN THE CLIENT’S ENVIRONMENT CAN ACCESS EVERYTHING DIRECTLY FROM SENTINEL AND CAN QUERY AZURE DATA EXPLORER NATIVELY FROM SENTINEL, WHICH IS GREAT FOR EFFICIENCY AND REDUCING THE MEAN TIME TO RESPOND.”
MICHAEL POLISE,
DIRECTOR OF ADVISORY SERVICES
“THE EASY MANAGEABILITY OF CRIBL MAKES IT POSSIBLE TO DELIVER QUICKLY FOR OUR CLIENTS.”
MICHAEL POLISE,
DIRECTOR OF ADVISORY SERVICES
Share:
As part of their new SCALR™ XDR service, SRA designs, configures, and builds out their customers’ security architectures. They perform managed security services, 24/7 monitoring, curated out-of-the-box threat detections, and act as a SOC for critical data sources like cloud alerts, EDR, threat detection alerts, and more.
A turn-key solution like this wasn’t possible until SRA decided to implement Cribl Stream.
“We looked at a few open-source alternatives, but none of them had the enterprise level scalability, capabilities, and features that our clients need for something this critical in their data pipeline. Cribl Stream and Cribl’s overall portfolio and innovative direction also just continues to get better.”
Michael Polise
Director of Advisory Services
SRA’s proprietary XDR solution is deployed and co-managed within the client’s environment, which allows the client to keep complete control over their data at all times. Data sources get routed to Cribl Stream — all data that are used for generating alerts, correlating events, or otherwise actioned on by a SOC analyst gets forwarded to Microsoft Sentinel.
Data used for investigations, IOC sweeps, threat hunts, long-term retention, or regulatory purposes goes to Azure Data Explorer (ADX). In many cases, ADX serves as an organization’s very first security data lake, instantly elevating its security maturity level. A solution that could not have been made possible without the unified data processing engine, Cribl.
“Everything is provisioned in the client’s environment, so they have full access to everything. They can create their own alerts for themselves and funnel data to their teams internally.”
Michael Polise
Director of Advisory Services
“We get pretty aggressive with Windows Event Log reduction and often get a 60% reduction or more for those data sources without losing any of the context we need for triggering detection content. Reduction of other sources might be less than that, but we can typically cut out the junk to reduce data volumes by half.”
Michael Polise
Director of Advisory Services
“In general, we see 70-80% license cost savings in the tech stack compared to a client’s existing SIEM platform. A recent client had a $900K per year Splunk license that was reduced to $200K after using Cribl Stream to migrate to Sentinel and Azure Data Explorer.”
Michael Polise
Director of Advisory Services
“In our most aggressive migration, a client moving from Splunk to Sentinel went live in two to three weeks. We can’t move everyone over that fast, but as long as the log sources are redirected, we can typically onboard and go live within a 30-60 day window.”
Michael Polise
Director of Advisory Services
Michael and his team started with the out-of-the-box Cribl Packs to facilitate this process, then created custom Packs to accelerate SIEM migrations even further.
“SOC analysts can read queries, and focus on threat data that is important to them, and query data in Azure Data Explorer if they need additional information. Our clients can also use Sentinel to automatically pull pertinent data to the front of the screen for an analyst.”
Michael Polise
Director of Advisory Services
“To validate that our client’s tools are functioning appropriately, we perform threat simulations based on TTPs that threat actors perform on a regular basis. We bring red teams and blue teams to the table to perform some of those simulations, then work with clients to improve the detection logic in Sentinel and their cloud-based EDR.”
Michael Polise
Director of Advisory Services
To improve future offerings, SRA is exploring Cribl Search and Data Lake to expand services and infrastructure beyond SCALR™ XDR. With Cribl’s federated “search-in-place” queries, on data of any format or location, users can conduct precise analysis and forward results effortlessly. Adding platform-agnostic data warehousing, Cribl’s Data Lake delivers unified retention, security, and access control policies across object stores and clouds from one easy management platform. Functionality that will be particularly beneficial for clients using Splunk as a SIEM or for those sending logs to S3, extending SRA’s reach beyond Microsoft products.
Security Risk Advisors (SRA) is a Cribl Partner who provides specialized security services including Cribl Engineering and Enablement, Penetration Testing, Purple Teams, Cloud Security, Resilience, Cyber Physical Systems Security, Engineering, and 24x7x365 Cybersecurity Operations. SRA’s mission is to “Level Up” every day to protect our clients and their customers. SRA delivers security services to Fortune and Global 1000 companies, innovating technology startups, and mission-oriented non-profits across Healthcare, Pharmaceutical, Retail, Financial Services, and Manufacturing industries. SRA is headquartered in Philadelphia, with offices in Rochester, and Kilkenny, Ireland. SRA is an official partner of Cribl (https://sra.io/cribl/).
Classic choice. Sadly, our website is designed for all modern supported browsers like Edge, Chrome, Firefox, and Safari
Got one of those handy?