Observability
Observability

New to observability? Find out everything you need to know.

What is Observability: A Beginner’s Guide for Success? >

Observability: Use-Cases and Examples >

What is an Observability Engineer? >

What is an Observability Pipeline? >
Telemetry 101

Understanding the Basics of Telemetry and Its Benefits
Learn More >
Products
Cribl Stream

Cribl Stream is a vendor-agnostic observability pipeline that gives you the flexibility to collect, reduce, enrich, normalize, and route data from any source to any destination within your existing data infrastructure.
Learn More >

Vodafone Case Study

Vodafone Dials up Business Insights with Cribl Stream
Read Case Study >

Cribl Edge

Cribl Edge provides an intelligent, highly scalable edge-based data collection system for logs, metrics, and application data.
Learn More >

SpyCloud Edge Story

Listen to how SpyCloud uses Cribl Edge at scale.
Watch Video >

Cribl Search

Cribl Search turns the traditional search process on its head, allowing users to search data in place without having to collect/store first.
Learn More >

Happy 1st Birthday Cribl Search!
Read Blog >

Cribl.Cloud

The Cribl.Cloud platform gets you up and running fast without the hassle of running infrastructure.
Learn More >

Cribl.Cloud Solution Brief

The fastest and easiest way to realize the value of an observability ecosystem.
Read Solution Brief >

AppScope

AppScope gives operators the visibility they need into application behavior, metrics and events with no configuration and no agent required.
Learn More >

Sandbox

Launch an AppScope Sandbox today!
Launch Now >
Solutions
Use Cases

Explore Cribl’s Solutions by Use Cases:

Supercharge Security Insights >

Accelerate Cloud Migration >

Avoid Vendor Lock-in >

Make Room for Interesting Data >

Route From Any Source To Any Destination >

Replay Data from Low-Cost Storage >

Reduce Log Volume & Pay Less for Infrastructure >
Integration

Explore Cribl’s Solutions by Integrations:

Amazon >

Google >

CrowdStrike >

Microsoft >

Elastic >

Splunk >

Exabeam >

View All Integrations >

Seamless Integrations for Your Observability Data
Learn More >
Industries

Explore Cribl’s Solutions by Industry:

AIOps >

Financial Services >

Healthcare >

Managed Security Services >

Manufacturing and Logistics >

Communications and Media >

Public Sector >

Retail >
Resources
Resources

Resource Library >

Documentation >

Guides >

AppScope Docs >

Blog >

Glossary >

Podcasts >

Get this Gartner® report and learn why telemetry pipeline solutions represent a robust and largely untapped source of business insight beyond event and incident response.
Download Report >
Events & Webinars

Events >

Webinars >

CriblCon 2023
Watch Now >

Escaping Data Lock-In Amidst Industry Takeovers

Learn how IT & Security engineers increase resilience & provide more options for analysis to make decisions faster with better data.
Watch On-Demand >
Learning

Try the Sandboxes >

Self Guided Trials >

Cribl University >

Cribl Community >

Cribl Curious Forum >

Try Your Own Cribl Sandbox

Experience a full version of Cribl Stream and Cribl Edge in the cloud.
Launch Now >
Tools & Pricing

Download Library >

Past Releases >

Pricing Plans >

Stream ROI Calculator >

Download Library

Download Cribl’s suite of products for free to get started.
Download >
Customers
Customer Stories

Get inspired by how our customers are innovating IT, security and observability. They inspire us daily!
Read Customer Stories >

Sally Beauty Holdings

Sally Beauty Swaps LogStash and Syslog-ng with Cribl.Cloud for a Resilient Security and Observability Pipeline
Read Case Study >
Customer Experience

Support & Success >

Professional Services >

Service Delivery Partners >

Documentation >

AppScope Docs >

Professional Services

Check out our new Professional Services offering.
Learn More >
Learning

Try the Sandboxes >

Self Guided Trials >

Cribl University >

Cribl Community >

Cribl Curious Forum >

Try Your Own Cribl Sandbox

Experience a full version of Cribl Stream and Cribl Edge in the cloud.
Launch Now >
Company
- About Us
- Newsroom
- Leadership
- Careers
- Contact Us
About Cribl

Take Control of Your Observability Data with Cribl
Learn More >

Cribl Corporate Overview

Cribl makes open observability a reality, giving you the freedom and flexibility to make choices instead of compromises.
Get the Guide >

Cribl Newsroom

Stay up to date on all things Cribl and observability.
Visit the Newsroom >

Press Releases

Read our most recent press releases.
Recent Press Releases >

Leadership

Cribl’s leadership team has built and launched category-defining products for some of the most innovative companies in the technology sector, and is supported by the world’s most elite investors.
Meet our Leaders >

Careers

Join the Cribl herd! The smartest, funniest, most passionate goats you’ll ever meet.
Learn More >

Cribl Named to the Inc. 5000 List of Fastest Growing Private Companies
Learn More >

Contact Us

Want to learn more about Cribl from our sales experts? Send us your contact information and we’ll be in touch.
Talk to an Expert >

TRY CRIBL NOW TALK TO AN EXPERT

When Stream Meets Lake: Cribl’s Integration With Amazon Security Lake Helps Customers Address Data Interoperability

May 30, 2023

Written by

Jackie McGuire is a Senior Market Strategy Manager at Cribl, focused on the security mark... Read Moreet. Prior to joining Cribl, Jackie was a Research Analyst with S&P Global, writing, speaking, and providing thought leadership on information security and Web3. Jackie has also worked as a data scientist in cybersecurity, developing behavior analysis and anomaly detection models, been co-founder, CEO, and CFO for several startups, and before her work in technology, was a licensed securities broker and SEC Registered Investment Advisor. Read Less

Categories: Announcements

Back To Blogs

We’re excited to announce that Cribl integrates with Amazon Security Lake from Amazon Web Services (AWS). Now generally available, Amazon Security Lake allows customers to build secure data storage from integrated cloud and on-premises data sources, as well as their private applications, using the Open Cybersecurity Schema Framework (OCSF). OCSF is a new industry standard initiative for the normalization of security telemetry announced in August 2022. AWS Partners and customers can use Cribl to ingest data from any third-party source, seamlessly convert it into OCSF, and route it to Amazon Security Lake.

What’s the Big Deal?

To protect their organizations, security professionals need to move at the speed of technology. Monitoring, detecting, and responding to threats in a rapidly evolving landscape requires teams to quickly analyze telemetry and log data across multiple tools, technologies, and vendors. As if this challenge weren’t enough, teams must balance the need to collect enough data to effectively secure their organizations with the cost of storing and searching that data.

According to Cribl’s State of Security Data Management 2022 Report, nearly two thirds of survey respondents are managing over 30 data sources. And each data source has its own formats, fields, and syntax. Incompatible or unsupported formats from one tool to the next leave many customers struggling to leverage insights from their data. Forget that noise.

How Cribl and AWS are supporting OCSF

Amazon Security Lake helps organizations aggregate, manage, and derive value from log and event data in the cloud and on-premises, giving security teams greater visibility across their organizations and reducing the complexity and costs for customers to access and manage their security data. Customers can use the security and analytics solutions of their choice to simply query data in place or ingest the OCSF-compliant data for threat detection, investigation, and incident response.

While Amazon Security Lake natively supports the OCSF standard for Amazon’s own products, Cribl is the only launch partner actively helping customers get data from any 3rd party source and transform it to OCSF complete with the partitioning and format (parquet) required. Customers then have the choice and control to route it to Amazon Security Lake, and any additional OCSF-enabled tools.

“The integration between Cribl and Amazon Security Lake is essential in accelerating data onboarding from third-party sources and providing customers with a comprehensive overview of their organization. With Cribl, customers have the ability to format and shape their data, allowing them to utilize Amazon Security Lake or send it to any analytics tool. As customers evaluate Amazon Security Lake, they rely on Cribl to search, route, optimize, and transform data efficiently.”

– Rod Wallace, General Manager for Amazon Security Lake

Customer Benefits

Centralizing data from on-premise and cloud sources in a storage solution purpose-built for quickly normalizing, managing, and searching data is critical for protecting the modern enterprise, delivering improved protection of workloads, applications, and data, and driving visibility across the organization.

With Cribl, AWS customers gain the freedom to choose from any of the OCSF-enabled tools and services that meet their needs without having to reformat their data on their own through the following capabilities:

Route Data from 3rd party sources to Amazon Security Lake – Accelerate data onboarding from any 3rd party source to gain greater visibility across your security and operating environments
Transform data into OCSF in parquet schema – Enrich raw data from any source with a repeatable transformation process that requires minimal effort for modifications.
Search data in Amazon Security Lake – Increase the scope of analysis and mine data at rest in OCSF for quicker searches to capture deeper insights.

Cribl and Amazon Security Lake Architecture

“With the explosion of data and the rapidly changing security climate, security teams struggle to continuously monitor, detect, respond to, and mitigate threats,” said Abby Strong, SVP of Customer Experience and Marketing at Cribl. “Together with Amazon Security Lake, we’re excited to give AWS customers the freedom to ingest data from anywhere and then route it to Amazon Security Lake or any of the OCSF-enabled tools that meet their needs. Cribl makes it easy to get data in and search it to gain insights directly from an Amazon Security Lake.”

Here are some examples of how this integration helps you take back control over your security data:

Analyze data from endpoint, network, application, and cloud sources in one place, in one purpose-built format, so you can quickly find, correlate, and respond to security events.
Empower the entire organization with granular access controls and custom data streams, making it easier to provide the right data to the right users, while preventing unauthorized access and remaining compliant with regulations

How to Get Started

Learn how Cribl can help you with your AWS use case with a custom demo.

Leverage our AWS-validated open source Cribl Packs and our Amazon Security Lake destination tile to get started quickly. Use Cribl’s no-code intuitive UI to transform any event into OCSF-compliant formats and send them to the best destination, or multiple destinations to deliver your desired security, compliance, and analytics outcomes.

Here are the Cribl Packs that are being mapped to OCSF today:

OCSF Post-Processing Pack – If you have your own data sets you want to map, leverage this on GitHub as a reference to build from
- ZScaler Web Logs
- ZScaler Firewall Logs
- PAN Firewall Traffic
- PAN Firewall Threat
Cribl Packs Dispensary
- CrowdStrike FDR Pack
- SentinelOne Cloud Funnel (coming soon)
- Splunk Forwarder Windows Classic Events to OCSF
- Cisco ASA
- Cisco FTD
- Google Cloud Audit Logs to OCSF

Learn More

Integrating Cribl Stream with Amazon Security Lake Doc – Cribl Docs
Improving Interoperability with Cribl and Amazon Security Lake – One Pager
Amazon Security Lake, OCSF, and Cribl – Podcast
Learn more about Cribl on AWS
Technical Docs on the Integration
Technical Docs on the Destination

Back To Top

.

Blog

How To Guide: Connecting Cribl Search with the Azure API

Blog

Learning by Example with Cribl’s New Lookup Examples Pack

Blog

Sending Data to Elastic Security With Cribl Stream (And Making It Work With Elastic SIEM)

Try Your Own Cribl Sandbox

Experience a full version of Cribl Stream and Cribl Edge in the cloud with pre-made sources and destinations.

Launch Now

Observability

Cribl Stream

Cribl Edge

Cribl Search

Cribl.Cloud

AppScope

Use Cases

Integration

Industries

Resources

Events & Webinars

Learning

Tools & Pricing

Download Library

Customer Stories

Customer Experience

Learning

Try Your Own Cribl Sandbox

About Cribl

Cribl Newsroom

Leadership

Careers

Contact Us

When Stream Meets Lake: Cribl’s Integration With Amazon Security Lake Helps Customers Address Data Interoperability

Written by

Jackie McGuire

Michelle Zhang

What’s the Big Deal?

How Cribl and AWS are supporting OCSF

Customer Benefits

How to Get Started

Learn More

Blog

How To Guide: Connecting Cribl Search with the Azure API

Blog

Learning by Example with Cribl’s New Lookup Examples Pack

Blog

Sending Data to Elastic Security With Cribl Stream (And Making It Work With Elastic SIEM)

Try Your Own Cribl Sandbox