Welcome back! Glad to have you! Just a heads up, I’m gonna use “pt. Deux” a lot this release. For starters, it’s the second installment of this blog. We did it! Two blogs done with a million more well on the way. But hey, you’re not here for my meme-ridden banter (unless you are?), let’s get straight into the good stuff: new features!
Stream
Cribl Guard (pt. Deux) Background Detection
Background Detection in Cribl Guard is an AI-driven capability that scans data flowing through Pipelines and analyzes it in the background to uncover previously unknown sensitive data patterns. Instead of relying solely on predefined rules, Background Detection uses a family of purpose-built transformer models to proactively surface new findings (such as PII, secrets, or regulated data) so customers can review, ignore, or immediately mitigate them with additional Guard rules before they reach downstream Destinations. Background detection enables you to uncover hidden sensitive data risk, improve compliance and reporting capabilities, and shorten the time from discovery to protection without relying on manual audits.
ChatGPT Enterprise Pack for audit logs
The ChatGPT Enterprise Pack for audit logs turns ChatGPT Enterprise telemetry into a first‑class Stream workload, with prebuilt pipelines to ingest, normalize, and enrich audit events from OpenAI’s enterprise APIs. It standardizes fields, applies guardrail‑friendly masking, and fans enriched events out to SIEM, observability, and data lake destinations without custom glue code. Security, compliance, and platform teams get a clean, opinionated path to bring ChatGPT Enterprise activity into their existing detection and governance stack. They can see who is doing what, from where, and with which models, enforce least‑privilege policies, and satisfy audit requirements while keeping AI usage data under the same routing, reduction, and retention controls they already trust in Stream.
Stream & Edge
Full fidelity Pack monitoring
Cribl is expanding Pack monitoring so teams can see metrics for Pipelines and Routes inside Packs, not just Sources and Destinations. This breaks out what was previously one opaque metric into higher‑fidelity signals for every stage of a Pack’s flow. Operations and observability teams get real visibility into where work is happening (and where it’s stuck) inside Pack-based workflows. That makes it easier to tune performance, spot misbehaving routes or pipelines, and prove the impact of Pack changes before customers feel pain.
Pack-to-Pack global routing
Cribl will let data flow cleanly between Packs and globally defined objects instead of forcing everything to stay trapped inside a single Pack. Teams can send data from a Pack into global routes or point global sources and routes into specific Packs, enabling Pack‑to‑Pack, Pack‑to‑global, and global‑to‑Pack paths. Platform teams get far more flexible composition. They can build reusable Packs for common tasks and then wire them together like building blocks instead of cloning monoliths. This cuts duplication, keeps configurations cleaner, and makes it easier to roll out multi‑destination and multi‑team workflows without redesigning everything from scratch.
Edge
Windows installer and upgrade improvements
The Windows installer and upgrade flow for Cribl Edge has been tightened to address common pain points in large Windows estates. Installs and upgrades remain consistent and resilient, even when changes are pushed across thousands of endpoints. Endpoint and platform teams can move faster on Windows without paying a reliability tax every time they roll out or update Edge. This reduces manual cleanup, cuts risk during UF migration waves, and strengthens Edge as the default agent for Windows event data.
Stability and scale hardening
Edge is getting a focused hardening pass that burns down customer‑found defects and smooths operational rough spots across large deployments. This release improves reliability under sustained load so Edge continues to behave predictably as fleets and data volumes grow. ITOps, observability, and security teams get a calmer agent layer they can trust when rolling out UF migrations and new data sources at scale. With fewer surprises in production, teams spend less time firefighting endpoint issues and more time delivering higher‑value outcomes.
Search
New improved Search (pt. Deux; with AI)
New features are coming to Cribl Search! This AI-powered solution brings data ingest, storage, and high-speed analysis together in a single, end-to-end system. With simplified ingestion and AI-driven parsing and extraction, teams can onboard data in just minutes. Data is stored in a high-speed, automatically schematized store, so it’s always ready for fast, easy analysis.
Paired with Cribl Notebooks, teams can ask questions in plain language and let agentic search guide collaboration and investigations. The result is faster discovery, less manual toil, and a more streamlined, more powerful search experience.
Say hello to my little friend 10x investigations! Search makes it fast and easy to onboard data, so teams can start investigating in minutes instead of hours or days. By consolidating tools and eliminating unnecessary log management overhead, it dramatically cuts costs while simplifying operations. The result is up to 10x faster investigations with lower operational burden, helping teams get answers quickly from their data.
Lake
Lakehouse support for more AWS regions
Cribl Lakehouse now supports additional AWS regions, including Tokyo (ap-northeast-1), São Paulo (sa-east-1), Ireland (eu-west-1), and Paris (eu-west-3). This expanded regional availability enables customers to deploy Lakehouse closer to their data, users, and cloud workloads. The result is a more performant, compliant, and resilient data foundation. With Lakehouse available in more regions, teams can reduce latency, improve search and investigation performance, and meet data residency and compliance requirements without added complexity. Global organizations gain the flexibility to standardize on Lakehouse while supporting regional teams and workloads locally. Simply put: faster insights, better control, and fewer tradeoffs as you scale globally.
Conclusion
Many new features! Much wow! Thanks for stopping by! Remember, the Cribl release cycle is monthly. If you need more to do in between releases, why not try a sandbox or watch a video, or start Cribl-ing for free by signing up at Cribl.Cloud. See you next release day! XOXO Cribl Girl
