Data Collection for Security Investigations
According to a 2018 study by the Ponemon Institute, the average time from the occurrence of a security breach to detection is...
…Like a Multi-Tool For Your Observability Pipeline
In my last post, I focused on a specific use case for routing observability data: separating retention from analysis.  That’s just one...
Measuring Home Internet Latency and Performance using mtr, Cribl LogStream, InfluxDB and Grafana
One of the most shocking things to me during the current COVID-19 crisis is that the infrastructure we’ve come to depend upon...
Building an observability pipeline on top of open source Apache NiFi, Logstash, or Fluentd: a journey
If one thing has become crystal clear in the last few years as we’ve entered the market, it’s that the need for...
The Observability Pipeline
We’ve tried several terms over the last year to describe our place in the market: log pre-processor, log processing engine, real time...
How to run your own Cribl Proof of Concepts
Tl;Dr – in v1.7 we introduced two very significant improvements that help you as a customer prove Cribl capabilities fast and efficiently....
Understanding Splunk’s New License Model: It’s Not the Pricing Model, It’s the Price Tag that Matters
I’m a product person. There are many, many key decisions in the life of a product that make it what it is,...
Estimating Capacity using LogStream
One frequent concern we hear is capacity anxiety: will this new source blow up my system? No matter the use case: IT,...
Practical Logs to Metrics Conversion With Cribl LogStream
When monitoring your infrastructure, applications, users, devices, sensors etc. you’re likely to be using a variety of data sources and a number...
Getting Smart and Practical With Dynamic Sampling
In the past we’ve written multiple posts about how Cribl helps you maintain visibility in high-volume/low-value scenarios without having to egregiously scale your...
Streaming Data Deduplication with Cribl
The Problem It’s not uncommon for machine data systems to send and receive duplicate or repeated events. This could be due to a variety of...
Trimming Unnecessary Fields from Logs
The author of a log has very different motivations from the consumer of that same log. For the author, they must conceive...
Helping Threat Hunters While Staying Compliant: Categorizing and Scoring AWS CloudTrail Events in Real-Time
AWS CloudTrail is a service that “enables governance, compliance, operational auditing, and risk auditing of your AWS account.” It continuously monitors accounts...
Context is King: Turning Ugly Logs into Rich Structured Events
Logs themselves often do not contain the necessary information in themselves to point an investigator in the right direction. Let’s say I’m...
Using Cribl to Analyze DNS Logs in Real-Time – PART 2
In a previous post we showed how to use detect data exfiltration with Cribl in real-time. The analysis focused on checking DNS labels from DNS logs...
Encrypting sensitive information in real-time with Cribl
If your machine data does not contain sensitive information, you don’t really need to read this – you got it all figured out. Just...
One of the more surprising realizations as we’ve started Cribl and started working with customers across all kinds of industry verticals is...
Update: Part 2 is now here The recent massive data breach at Marriot’s newly minted SPG (Simply Phucked Guests) program got me thinking...
Organizations with AWS footprint have many options to get data in to their log and event management platforms. So did we. Up...
A very popular use-cases for Cribl is routing of data to the best possible store. Given the types, costs and complexity of managing data...
Adding context with lookups is an awesome way to enrich your operational data. Whether you’re running simple searches or reporting on your...
One of the key problems with creating a centralized repository of logs is it also creates a single place where attackers can...
The need for operational & performance visibility grows at least linearly with your infrastucutre sprawl; The more data your VMs, containers, APIs,...