When Stream Meets Lake: Cribl Integrates With New Amazon Security Lake to Help Customers Address Data Interoperability

Michelle Zhang
Written by Michelle Zhang

November 29, 2022

We’re excited to announce that Cribl integrates with Amazon Security Lake. Amazon Security Lake allows customers to build a security data lake from integrated cloud and on-premises data sources as well as from their private applications using the Open Cybersecurity Schema Framework (OCSF). Now, AWS customers and partners can now use Cribl to choose data from any source and seamlessly convert it into OCSF, a new industry standard initiative for the normalization of security telemetry announced in August 2022.

What’s the Big Deal?

In today’s ever-changing security climate, security professionals have to continuously monitor, detect, respond to, and mitigate new and existing vulnerabilities and threats. To get that done effectively, security teams must be able to quickly and cost-effectively analyze security-relevant telemetry and log data across multiple tools, technologies, and vendors. It’s like having a new kid… you’ve got to feed them, bathe them, change their diapers, keep them safe, etc… all while hoping that they become useful contributions to society. It’s no wonder why both parents and security professionals are losing sleep!

Now, imagine you’re in the movie Cheaper by the Dozen with 12 kids, but they’re all speaking different languages. According to Cribl’s State of Security Data Management 2022 Report, nearly two thirds of survey respondents are managing over 30 data sources. Customers are struggling with their security data being in different formats and are unable to leverage insights from the data they have.

How Cribl and AWS are supporting OCSF

Security Lake helps organizations aggregate, manage, and derive value from log and event data in the cloud and on-premises to give security teams greater visibility across their organizations. With support for the OCSF standard, Amazon Security Lake reduces the complexity and costs for customers to make their security solutions data accessible. Customers can use the security and analytics solutions of their choice to simply query data in place or ingest the OCSF-compliant data. This addresses use cases such as threat detection, investigation, and incident response.

Cribl Stream’s routing and shaping capabilities allow customers to ingest data from any source and transform it into OCSF-compliant data. With Cribl, AWS customers can automatically gain the freedom to choose any OCSF-enabled tools and services that meet their needs without having to reformat their data on their own.

Customer Benefits

Together with AWS and Cribl, organizations can aggregate, manage, and derive value from log and event data in the cloud and on-premises to give security teams greater visibility across their organizations. This ultimately improves interoperability and data sharing across tools and across teams. Now, security analysts and engineers can easily build, use, and ingest data to a centralized security data lake to improve the protection of workloads, applications, and data.

How to Get Started

Set up a Cribl.Cloud instance and leverage our open source Cribl Pack for OCSF. Use our no-code intuitive UI to transform any event into OCSF compliant formats and send them to any destination, or multiple destinations, you want.

Learn More

Questions about our technology? We’d love to chat with you.