4/20 and It’s Time to Roll Your Own…Packs That Is

Last edited: April 20, 2022

We are excited to announce another first for Cribl – the first community Packs contest!

Don’t bogart that knowledge! Packs enable easy sharing of complex Cribl Stream and Edge configurations (i.e, Routes, Pipelines, Sample Data, and Knowledge Objects) across multiple Worker Groups, Fleets, and organizations. It is as easy as adding a specific Pack to your Stream and/or Edge deployment. Packs are a great way to share expertise and lighten the administrative load for Cribl products, so break free of the grind and smoke ‘em if you got ‘em!

How are packs helping customers?

“With the Microsoft Windows Event pack we’re able to route data to multiple destinations easily, and we are seeing greater than 50% reductions. It’s so much easier to drop event codes and granular process names.”
“We see a 30% reduction in PAN firewall logs in Cribl Stream using the Palo Alto Networks Pack. This reduction coupled with filtering and the ability to enrich data helps us to accelerate security investigations.”
“The ability to leverage best practices has lightened our admin load. Install, test and deploy. It’s that easy to use Packs.”

We created this contest to engage the braintrust–you, our users! You’re the ones integrating data sources, connecting destinations, and architecting how things fit together. You know who needs to see what, and where to make good decisions. You know your tools and your data best. Packs give you the opportunity to parse, parse, pass–and share that expertise in a way the community at large can benefit, and maybe, you’ll find a pack you can use to lighten your load and accelerate your learning as well. Help us to energize the Cribl Community to create, publish, and adopt Packs.

To spark that creativity, there’ll be prizes and recognition to be shared for the hard work, craftsmanship, and creativity. Prizes will be awarded for three categories:

Best Technical
Most Popular
Highest Impact

Winners get to choose their bounty from a list that includes:

DJI FPV Drone (or similar)
A camera lens of choice up to a $1,000 USD
$1,000 Amazon Gift Card
Cribl swag pack worth $1,000
A $1000 charitable donation to a broad selection of approved charities
Lunch w/ a Cribl Founder at an upcoming event in a city near you

Each award category is judged separately.

The Best Technical award, for example includes;

Pack must be performant (25 Points)
- Optimized Regex
- Pipeline performance in 3-5 ms
Must be deployed in Cribl.Cloud (25 points)
- tee and code commands must not be used
Pack must have quality and applicable data samples included (up to 15 points )
The Pack delivers a unique problem solution (up to 15 points)
Pack must be well documented (up to 10 points)
Pack must conform to Packs Publication Standard (up to 10 points)

The Most Popular Pack will be voted by peers in the Community via a Slack poll in the #Packs channel. Voting will be open from Monday, July 18th through July 29th at 3 p.m. PST. The Pack with the most votes wins.

Highest Impact, will be determined by a panel of Cribl luminaries who are judging for the broadest applicability to all Stream customers according to the following criteria, graded on a scale of 1-100.

Pack must solve for a widely deployed infrastructure solution – Palo Alto Networks for example (up to 40 points)
Pack must handle all data sources from chosen solution (up to 30 points)
The Pack delivers a unique problem solution (up to 15 points)
Pack must conform to Packs Publication Standard (up to 15 points)

Packs are submitted in two easy steps:

Complete the Contest Submission form
Submit your Packs to the Cribl Pack Dispensary for consideration.

All entries must be submitted by Friday, July 8th at 5 pm PDT. Existing community authored Packs are eligible and must be submitted following the two step process above for consideration. Winners will be announced at CriblCon August 11th in Las Vegas (during BlackHat/DefCon).

The Roll Your Own Pack contest is open only to legal residents of the United States and the District of Columbia. We wanted to include our international community members, but to satisfy the varied legal country/region requirements will take more time. Assuming there’s interest, version two will extend to include resellers, distributors, and international users We look to include all these key community members in the next iteration of the contest.

Check out the full Official Contest rules on the Cribl Legal page.

Ready to get started on your entry? Check out these resources for best practices:

Also join us for a webinar featuring community member James Curtis, tomorrow, Thursday, April 21, at 10 am PDT to learn how Packs help protect your business. James has authored several Packs and is using Cribl Stream to scale his small but mighty SRE team.

Start Packing!

Cribl, the Data Engine for IT and Security, empowers organizations to transform their data strategy. Customers use Cribl’s suite of products to collect, process, route, and analyze all IT and security data, delivering the flexibility, choice, and control required to adapt to their ever-changing needs.

We offer free training, certifications, and a free tier across our products. Our community Slack features Cribl engineers, partners, and customers who can answer your questions as you get started and continue to build and evolve. We also offer a variety of hands-on Sandboxes for those interested in how companies globally leverage our products for their data challenges.

Previous articleNext article