LAS VEGAS, NV // June 10, 2024
Play Video

Solve your greatest data mysteries

On June 10th more than 800 Cribl users came together at the Caesar’s Palace in Las Vegas to celebrate each other and the power of learning at CriblCon. Our attendees discovered exactly how to make their data management unstoppable. Solved that mystery at CriblCon. Find clues to how the data engine for IT and Security helps them analyze, collect, process, and route all their data. At any scale. Uncover more value from your SIEM, AI Ops, and analytics tools, too.

CriblCon provided a unique platform for users of the data engine for IT and Security to delve into the world of Cribl and witness firsthand how we “Do different.” Participants were captivated by engaging customer presentations, immersive hands-on labs, and insightful discussions on how Cribl and our users are revolutionizing the industry. While the excitement of an in-person event is hard to recreate online, we have done our best below, bringing you presentations with tips and best practices that you can start using today.


How Cribl saves us 400k per year

Chris Affleck, Senior Cyber Security Engineer, Epiq Global
Dan Wilson, Cyber Security Engineer, Epiq Global
Sidd Shah, Staff Solution Engineer, Cribl

In this session, we’re going to dig into how Epiq transitioned our security infrastructure from on-premise to cloud with the help of Cribl. We’ll talk about the challenges we faced in learning how to parse and shape Microsoft Sentinel data, and the victories we achieved by simplifying our infrastructure for cost savings and to streamline our data processes. We’ll share some valuable lessons we learned along the way helping others navigate similar digital transformations successfully.

Navigating Transition: From Syslog and Logstash to Cribl

Chanda Pulliam, ​​Senior Information Security Engineer, Synopsys

In this session, we’ll explore the transition from traditional syslog and Logstash setups to the dynamic capabilities of Cribl. We’ll share our firsthand experiences, from scalability issues to performance challenges, how we navigated these obstacles, to effectively transition to Cribl and Elastic.

s/Chaos/Control/g -> Modernizing the Data Pipeline with Cribl

Jon Rust, Staff Solutions Engineer, Cribl
Aaron Wilson, SRE Manager, iHerb

In the quest to turn our outdated and disorderly SIEM into a modern, streamlined and manageable solution, we turned to Cribl. Together we develop a centrally managed environment that empowered our teams to manage multiple data sources and destinations with improved time-to-value, reducing data flow steps, and increasing sustainability. Join this session to learn how we used Cribl to modernize and streamline our SIEM operations into a single point of management solution.

Battle of the Beards: Architecture, Tuning and Tactics for Styling Your Cribl Deployment

Duca, Director Professional Services, Cribl
Anoop Ramachandran, Senior Consultant, Discovered Intelligence
Scott Burger, Senior Staff Security Engineer, ServiceNow
Troy Wilkinson, CISO, Interpublic Group of Companies (IPG)
Eugene Katz, Staff Professional Services Consultant, Cribl

This interactive panel discussion dives deep into the practical realities of deploying Cribl.Cloud in a hybrid environment. Hear from experienced users who have successfully leveraged Cribl.Cloud's capabilities (Including Cribl Lake and Cribl Search) alongside their on-premises infrastructure.

Next-Gen Logging : Deep Dive with a Large Financial Institution

Raanan Dagan, Staff Solutions Engineer, Cribl

Learn how one of the largest U.S. financial institutions handles a diverse and high-volume logging ecosystem while supporting a multi-cloud integration across on-prem, SaaS, and public cloud. Serving approximately 70 million customers, this financial institution follows an Infrastructure-as-code approach to manage their logging platform and deliver dashboards, alerts, and queries across multiple lines of businesses. You’ll see how to care for sensitive data with the utmost care, minimizing risk and maximizing peace of mind with Cribl, the data engine for IT and Security. From logs to business insights in a matter of clicks, you are sure to rethink the power of logs!

Data – A Team Sport

Nick “Tank” Tankersley, Cribl

Cribl offers a suite of tools designed to optimize data pipelines, with different components tailored for managing and orchestrating data flows at scale across different teams and data sources. One of the biggest problems with building and running a multi-team data engine is isolation. This presentation will cover how we at Cribl have handled the challenge of data, configuration, and access isolation for growing teams through features such as Cloud Workspaces, Worker Groups, and Stream Projects, and how they provide isolation and crafted experiences for different levels of data access and control.

Delivering Observability for Highly Available Services with Cribl (aka How Cribl Makes Better Products with Cribl)

Jacob Gorney, Cribl
Josh Biggley, Cribl

Learn how Cribl uses its own purpose-built data engine for IT and Security capable of discovering and collecting data from any source, processing billions of events per second, automatically routing data to optimized storage, and analyzing any data, at any time, in any location to drive the Cribl.Cloud team’s observability practice, make quick decisions, and continuously improve Cribl Stream, Edge, and Search from the inside.

Tune your Data Engine: How Packs and Forks Supercharge Value

John Lim, Lead Systems Engineer, Cox Automotive

Grease the wheels of adoption and step on that pipelining gas pedal! Integrating Cribl Stream into your existing data engine can be a challenge for large organizations with well-established processes. Learn how Cox Automotive is methodically incorporating Stream through the extensive use of packs and data forks, and how stakeholders can realize the value of Cribl Stream with minimal impact to their day to day operations. Furthermore, learn how Cox Automotive is using data tiering and replay to ensure high availability and accelerated resolution times.

Exploring the Synergy: Correlating Traces with Logs for Enhanced Observability

BhoopeshKumar Jayasekaran, AutoDesk

This proposal aims to investigate the correlation between traces in OpenTelemetry (Otel) and logs in Splunk, two widely used tools in the field of observability and log management. The objective of this research is to explore how the integration of trace data from Otel and log data from Splunk can provide a comprehensive understanding of application performance and behavior. By analyzing the relationship between these two data sources, we aim to identify patterns, uncover hidden dependencies, and gain insights into system bottlenecks and potential issues. Through this correlation, we hope to enhance troubleshooting capabilities, optimize system performance, and improve overall observability of distributed applications. The findings of this study will contribute to the development of effective monitoring and analysis techniques, enabling organizations to proactively address performance challenges and deliver more reliable and efficient software systems.

Reduce Risk with Cribl and Choose the right SIEM

Chris Talbott, Cyber Security Manager, Amex GBT
Adam McLaughlin, Cyber Security Engineer, Amex GBT

This session explores how our team utilized Cribl Stream to navigate a complex SIEM landscape. We faced several challenges: evaluating new SIEMs, managing high-volume data in our current SIEM, and ultimately migrating to a new solution – all without disrupting ongoing security operations.

Great Scott! Doc Brown's Guide to Weaponizing the SOC

Andre “Dre” Tucker, Cribl

In an era where security incidents are as inevitable as the ticking clock, we embrace the wisdom of Henry Ford: “The only real mistake is the one from which we learn nothing.” Imagine a world where every security incident becomes a stepping stone to greater resilience. With the powerhouse trio of Cribl Search, Cribl Stream, & Cribl Lake as our “DeLorean”, we’ll harness the lessons of the past & transform them into an arsenal for the future. With this innovative approach, you’ll learn an automated way to turn your old incidents into dynamic, interactive training modules that empower your SOC to navigate incident triage with the agility Marty McFly on a hoverboard, test SIEM correlations with the precision of Doc Brown, and bring your security tooling skills from Biff to buff.

Cribl Search: From Zero to Hero in 30 Minutes (Seriously!)

Roman Trusov, Cribl

Ever feel like untangling log data takes forever? Us too. That’s why we built Cribl Search – a supercharged federated search engine for IT and security data. Join this hands-on lab and see Cribl Search in action! We’ll throw a massive 1TB dataset (think common log format) at you and show you how Cribl Search cuts through the noise to get you the answers you need – fast. Walk away from this session with the skills to unleash the power of Cribl Search in your organization. No more data dead ends – just lightning-fast insights!

Cracking the Code (Function) [HoL]

Chris Breshears, Product Advocacy, Cribl
Jeff Wroblewski, Product Advocacy, Cribl

As the saying goes, with great power comes great responsibility. In this lab, we will delve into the often misunderstood and sometimes misused Code function. We’ll examine when and when not to use it, and explore use cases that reveal its true potential. By the end of this lab, you’ll have another valuable tool in your superhero toolkit.

Mining the Data Swamp [HoL]

Chris Breshears, Product Advocacy, Cribl
Jeff Wroblewski, Product Advocacy, Cribl

With the announcement of Cribl Lake, storing data for investigations and compliance has become as easy as clicking a button. But what about your existing lakes? How do you free data that is currently locked away deep in a S3 bucket? This lab will walk you through setting up AWS S3 permissions, and building Cribl Search datasets making these gems actionable.

Advanced Pipelines

Jeff Wroblewski, Product Advocacy, Cribl

Gear up for a session packed with:

  • Intriguing clues: We’ll provide a real-world scenario brimming with hidden data gems. Your mission: craft intricate pipelines to extract, transform, and route this valuable intel.
  • Pipeline puzzles: Challenge yourself with a series of head-scratching pipeline exercises designed to push your Cribl expertise. Hone your skills in filtering, parsing, enriching, and routing data like a seasoned pro.
  • Collaborative code-cracking: Work together with fellow Cribl enthusiasts to decipher the data puzzles and build masterful pipelines. Share your sleuthing techniques and learn from each other’s data wrangling prowess.
  • Unveiling the solution: No detective work is complete without a satisfying reveal. We’ll walk you through the optimal pipeline design, showcasing the power of Cribl’s advanced features.

Git Your Goat @ CriblCon

Jenna Eagle, Staff Solutions Engineer
Yasmin Hovakeemian, Staff Solutions Engineer
Jon Rust, Staff Solutions Engineer

Ever feel like untangling log data takes forever? Us too. That’s why we built Cribl Search – a supercharged federated search engine for IT and security data. Join this hands-on lab and see Cribl Search in action! We’ll throw a massive 1TB dataset (think common log format) at you and show you how Cribl Search cuts through the noise to get you the answers you need – fast. Walk away from this session with the skills to unleash the power of Cribl Search in your organization. No more data dead ends – just lightning-fast insights!

What a kickoff to the summer! That’s right, in the past two weeks, we got to welcome a lot of our ecosystem back with hugs, high fives, fist bumps, and air fives! It has been a great way to get welcomed into my new work family. That’s right, there’s no better feeling than getting to meet customers and THEY are the ones educating me on what Cribl does well, what would be awesome to see, AND more importantly, what Cribl would be like if it was a person (or a GOAT… shoutout to Ian, our mascot!)

If you didn’t get a chance to join us at our first ever CriblCon, I’d say skip all the way to the end of this blog to get the links, or else this might trigger a bit of FOMO! I’m only kidding, but it will only get you more excited about what we’re bringing to you at BlackHat and later this year.

Alright, let’s kick things off with a little recap. Earlier this year, YOU told us you wanted choice and control for your data AND for your live Cribl experience, so we went to work on delivering. After a little brainstorming, we realized that you probably already had other conferences planned and we didn’t want to “lock you in” if we decided to “roll our own” (just a pun to make sure you check out our Roll Your Own Pack contest), so we decided to bring the action to you! So, we set out to get you together with other Criblers to learn about what’s next and share best practices. No death by PowerPoint, just ways to collaborate, solve problems, share ideas, say ‘Hi’ in person, and have fun!

The First Criblcon!

How did we do? Well, keeping in line with our ‘Customers First, Always’ value, let me quote a customer who said, “It was fun! It was packed! It was a wall of people… Clint gave a talk and it was one of the best talks ever because it didn’t ramble on and it was not very salesy, it was just perfect! Now, I’m biased, however, I will agree with this customer–he also happens to lead the Cribl User Group, if you’d like to catch up with us virtually! The whole event was awesome, but since the NHL playoffs are about to wrap-up (which means I might gain a bunch of time back in a week), let’s do a quick ESPN-style breakdown by the numbers of the event. We had over 280 attendees made up of folks who were curious about Cribl, folks who are just starting out their journey, those looking to see what the goats are all about, and seasoned Criblers there to share better and best practices with each other. It was great to see the community in action. What you can’t see in the pictures is the fire marshall making sure we didn’t create an unsafe situation since we were the HOTTEST TICKET in Vegas on that Monday evening! Now for folks who didn’t get a chance to stop by, let’s jump into a recap and get people excited to join us on our next stop!

Let’s dive into CEO Clint Sharp’s talk. As Rich said, it was efficient and not too salesy. Clint reminded us of Cribl’s purpose which is to create breakthrough enterprise software that takes tech professionals from “THIS SUCKS” to “HELL YEAH!” Now in typical Clint fashion, he might have used a different vocabulary, but details, details. He then jumped to the topic of continuously delivering value through our vision. From Cribl Stream to Edge, and Search in the near future. At Cribl, we want to unlock ALL of your observability data and we will not rest until we do. He also reminded us that building the functionality of this platform is important to you, therefore it’s important to Cribl as we focus on our first-principles approach to developing and delivering solutions.

Solving Customer Problems In Rapid Fashion

Clint also covered one of my favorite customer stories. The one about Geneva Trading, a leading proprietary trading firm that completed dual ingestion, tagging, and index renaming within the first week of deployment. The rest of the 6 week migration timeline was focused on data integrity, field enrichment, and alert validation. If that’s not an amazing return on investment, I don’t know what is. For more Cribl + Splunk goodness, check out TransUnion’s presentation: TransUnion Teams Up with Cribl Stream to Drive Greater Efficiency.

After the presentation, we unleashed the masses back to the tee boxes for a little bit more fun and a whole lot more conversations. As I said before, I AM biased, but I really think this was an awesome event. It was especially amazing to me to see our community out in full force interacting with each other and sharing knowledge to help each other succeed. I hope to meet more of you at our second event next month!

Now if you aren’t part of the community yet, don’t delay any longer. Head on over to our Community page for more information.

See you at Blackhat!

So you're rockin' Internet Explorer!

Classic choice. Sadly, our website is designed for all modern supported browsers like Edge, Chrome, Firefox, and Safari

Got one of those handy?