Cribl puts your IT and Security data at the center of your data management strategy and provides a one-stop shop for analyzing, collecting, processing, and routing it all at any scale. Try the Cribl suite of products and start building your data engine today!
Learn more ›Evolving demands placed on IT and Security teams are driving a new architecture for how observability data is captured, curated, and queried. This new architecture provides flexibility and control while managing the costs of increasing data volumes.
Read white paper ›Cribl Stream is a vendor-agnostic observability pipeline that gives you the flexibility to collect, reduce, enrich, normalize, and route data from any source to any destination within your existing data infrastructure.
Learn more ›Cribl Edge provides an intelligent, highly scalable edge-based data collection system for logs, metrics, and application data.
Learn more ›Cribl Search turns the traditional search process on its head, allowing users to search data in place without having to collect/store first.
Learn more ›Cribl Lake is a turnkey data lake solution that takes just minutes to get up and running — no data expertise needed. Leverage open formats, unified security with rich access controls, and central access to all IT and security data.
Learn more ›The Cribl.Cloud platform gets you up and running fast without the hassle of running infrastructure.
Learn more ›Cribl.Cloud Solution Brief
The fastest and easiest way to realize the value of an observability ecosystem.
Read Solution Brief ›Cribl Copilot gets your deployments up and running in minutes, not weeks or months.
Learn more ›AppScope gives operators the visibility they need into application behavior, metrics and events with no configuration and no agent required.
Learn more ›Explore Cribl’s Solutions by Use Cases:
Explore Cribl’s Solutions by Integrations:
Explore Cribl’s Solutions by Industry:
Try Your Own Cribl Sandbox
Experience a full version of Cribl Stream and Cribl Edge in the cloud.
Launch Now ›Get inspired by how our customers are innovating IT, security and observability. They inspire us daily!
Read Customer Stories ›Sally Beauty Holdings
Sally Beauty Swaps LogStash and Syslog-ng with Cribl.Cloud for a Resilient Security and Observability Pipeline
Read Case Study ›Experience a full version of Cribl Stream and Cribl Edge in the cloud.
Launch Now ›Transform data management with Cribl, the Data Engine for IT and Security
Learn More ›Cribl Corporate Overview
Cribl makes open observability a reality, giving you the freedom and flexibility to make choices instead of compromises.
Get the Guide ›Stay up to date on all things Cribl and observability.
Visit the Newsroom ›Cribl’s leadership team has built and launched category-defining products for some of the most innovative companies in the technology sector, and is supported by the world’s most elite investors.
Meet our Leaders ›Join the Cribl herd! The smartest, funniest, most passionate goats you’ll ever meet.
Learn More ›Whether you’re just getting started or scaling up, the Cribl for Startups program gives you the tools and resources your company needs to be successful at every stage.
Learn More ›Want to learn more about Cribl from our sales experts? Send us your contact information and we’ll be in touch.
Talk to an Expert ›The second in our Feature Highlights webinar series, Protect the Business with Cribl Packs, highlights Packs and security use cases.
Packs enable you to share complex Stream/Edge configurations across multiple Worker Groups/Fleets, between Stream/Edge deployments or with the Cribl Community. Packs roll up best practices to ensure Site Reliability Engineering (SRE) teams have the required data to protect the business. The full webinar is in Cribl’s resources section. I was honored to have James Curtis, Lead Site Reliability Engineer and Cribl community member join me. James’ SRE knowledge and experience delivered key insights and according to a live attendee “…one bad to the bone!” demo.
We discussed three SRE challenges:
The first two questions are operational. These health measurements ensure the customer experience meets or exceeds the service level indicators (SLIs). James highlighted a Nginx web server Pack that he is building. It provides insight into customer web experience by shaping and routing HTTP responses to Splunk for dashboarding and alerting.
The Cribl Pack for Nix is Cribl authored by Alex Cain. It processes Linux OS data to increase operational visibility of key health measurements i.e. disk space available, memory, and CPU utilization. These logs are shared with the Splunk Technology Add-On(TA) for Nix, which James demonstrated.
James and team also rely on the data enrichment powered by the Palo Alto Networks Pack (authored by Brendan Dalpe) which shortens incident response times. James pointed out how the ‘pan_threat’ pipeline used Lookup and Auto Timestamp functions to set the event timestamp to the “generated time,” an important correlation point when researching and remediating threats.
These Packs enable SRE teams to shape, route, and enrich logs to protect the organization.
Pack creation requires four straightforward steps:
.crbl file
You will invest creativity and craftmanship during Step 2. A pro-tip: use the Live-capturing Data steps to create a sample log file to work with, and include an anonymized version in the published pack.
When you’re ready to get started, here are several Pack building resources:
We regularly poll webinar attendees. It’s a great way to hear directly from attendees.
The first question we asked was, “What is your most requested security data source?”
The options are listed in order of popularity. The poll responses mirrored this.
We also asked, “How do you use Packs today?” We wanted to understand how attendees used Packs to protect their organizations.
The options included:
The results were interesting. A solid 30% use Packs to route and shape security logs, proving the value of Packs. A larger percentage, over 50%, were learning from the webinar conversation.
Engaging the community and educating on feature capabilities, highlighting real-world use cases, are goals of the Feature Highlights webinar series. It’s good to see these being confirmed.
Several questions were answered live during the webinar. I thought it’d be useful to recap them.
Once the Packs are installed (Palo Alto, for example), are there any additional enhancements that need to be done? That is, is a Pack similar to a Splunk TA?
Packs include the processing steps needed to shape the log data for example. Source and Destination configuration is required to get data flowing through the Pack. Population of Knowledge Objects like a Lookup file is also needed. For example, devices_info.csv in the Palo Alto Pack needs details specific to your security infrastructure and timezones.
Packs look like a wonderful turnkey way to apply Cribl towards general / community adopted use cases. Is there a request queue or community voting for focusing efforts of Cribl engineering for new Packs?
The Cribl Packs Dispensary is populated with the most requested Packs; Palo Alto Networks, MS Windows Events, and Syslog are among the most popular. Please submit Pack recommendations to the #packs channel in the Cribl Slack Community, or ask questions about Packs at Cribl Curious, our newly launched Q&A site. An anonymous sample data file would most certainly jump-start the process. You may find a like-minded community member to collaborate with.
The Cribl Packs Dispensary is the place to find and install Packs.
Packs enable you to share complex configurations across multiple Worker Groups/Fleets, between Stream/Edge deployments or with the Cribl Community at large and are a great way to share expertise and best practices that lighten the administrative load for Cribl products.
Join the fun and “Roll your Own” Pack! Contest information is detailed in the blog: 4/20 and It’s Time to Roll Your Own…Packs That Is
Start Packing!
Ready to go deeper with Cribl’s solutions? Explore our sandboxes, join the Cribl Community, and Cribl Curious. Cribl Stream and Edge, by design, support an ever expanding number of sources (explore the entire list).
Experience a full version of Cribl Stream and Cribl Edge in the cloud with pre-made sources and destinations.
Classic choice. Sadly, our website is designed for all modern supported browsers like Edge, Chrome, Firefox, and Safari
Got one of those handy?