Route data to multiple destinations
Enrich data events with business or service context
Search and analyze data directly at its source, an S3 bucket, or Cribl Lake
Reduce the size of data
Shape data to optimize its value
Store data in S3 buckets or Cribl Lake
Replay data from low-cost storage
Collect logs and metrics from host devices
Centrally receive and route telemetry to all your tools
Redact or mask sensitive data
Optimize data for better threat detection and response
Streamline infrastructure to reduce complexity and cost
Simplify Kubernetes data collection
Optimize logs for value
Control how telemetry is stored
Easily handle new cloud telemetry
Ensure freedom in your tech stack
Accelerate the value of AIOps
Effortlessly search, collect, process, route and store telemetry from every corner of your infrastructure—in the cloud, on-premises, or both—with Cribl. Try the Cribl Suite of products today.
Learn moreGet telemetry data from anywhere to anywhere
Get started quickly without managing infrastructure
Streamline collection with a scalable, vendor-neutral agent
AI-powered tools designed to maximize productivity
Easily access and explore telemetry from anywhere, anytime
Instrument, collect, observe
Store, access, and replay telemetry
Get hands-on support from Cribl experts to quickly deploy and optimize Cribl solutions for your unique data environment.
Work with certified partners to get up and running fast. Access expert-level support and get guidance on your data strategy.
Get inspired by how our customers are innovating IT, security, and observability. They inspire us daily!
Read customer storiesFREE training and certs for data pros
Log in or sign up to start learning
Step-by-step guidance and best practices
Tutorials for Sandboxes & Cribl.Cloud
Ask questions and share user experiences
Troubleshooting tips, and Q&A archive
The latest software features and updates
Get older versions of Cribl software
For registered licensed customers
Advice throughout your Cribl journey
Connect with Cribl partners to transform your data and drive real results.
Join the Cribl Partner Program for resources to boost success.
Log in to the Cribl Partner Portal for the latest resources, tools, and updates.
Case Study
“SINCE WE’VE ADOPTED CRIBL STREAM, WE’RE NO LONGER HELD HOSTAGE TO OUR SIEM TA’S — WE CAN ONBOARD SYSTEMS MUCH FASTER NOW.”
ERIC JEANMAIRE, CEO
“CRIBL STREAM’S IMMEDIATE VALUE PROPOSITIONS WERE THAT IT ALIGNED WELL WITH OUR ARCHITECTURE, AND IT PROVIDED SIGNIFICANT DATA REDUCTION THAT ALLOWED US TO USE OUR SIEM LICENSING ELSEWHERE.”
ERIC JEANMAIRE, CEO
“CRIBL HAD IMMEDIATE VALUE TO US AND OUR CUSTOMERS — WE KNOW THERE’S EVEN MORE SAVINGS COMING.”
ERIC JEANMAIRE, CEO
Share:
One of Finality’s most common challenges is navigating federal agencies’ license limits with their SIEM (security and information event management) providers. As data volumes increase alongside stagnant budgets, this problem becomes more prevalent and difficult to manage.
Eric Jeanmaire, Finality’s CEO, was in search of an innovation to address this problem when he was introduced to Cribl Stream in October 2020 — less than a year before the Executive Order on Improving the Nation’s Cybersecurity and subsequent memorandum M-21-31 were issued. Significantly greater log collection, retention, and analysis requirements, coupled with the urgency of business imperatives, compelled the Finality team to implement Cribl Stream within the Department of Homeland Security just one month later.
Since deploying Cribl Stream, the Finality team has found it easier to fulfill their commitment to his Federal Customers. Agencies can’t afford to onboard new system data from a financial perspective, but they can’t afford not to from a security perspective — so being able to make room for additional logs was one of the most immediate value propositions.
Cribl Stream allows admins to filter out repetitive or otherwise unnecessary data. Logs can be filtered in their entirety or at the individual field level to remove as much bloat as possible. Eric and his team have seen great results.
“Being able to get a 47% reduction on average in our Windows Events by dropping repetitive fields is huge — because all of that can go into onboarding additional logs that we need from other systems.”
Eric Jeanmaire
CEO
The ease-of-use and scalability of Cribl Stream was a big factor in Finality’s decision to build Stream into the security and compliance stack he delivers for his customers. Because of how easy it is to deploy and scale, Finality has been able to onboard data 10 times faster than before. That increase is representative in accelerating data extractions and making it easier to map data to Splunk’s Common Information Model (CIM), making for better and faster correlations once data hits the SIEM, as well as ensuring data consistency in both the SIEM and in S3 or other cheap storage.
For one of the federal agencies they work with, nothing gets deployed manually — so Stream fits nicely into the automated pipelines of the customer’s environment.
“I like that Cribl Stream leans towards open source but also adopts a lot of modern architecture best practices. We can scale a cluster very easily and replace or upgrade nodes automatically. Everything is version controlled through Git, so it makes for an easy deployment.”
Eric Jeanmaire
CEO
“We’ve shifted CPU-intensive activities-like CMDB and threat enrichment–to Cribl Stream, adding to our SIEM license and infrastructure savings. By doing our data model compliance at the Cribl level, we’re taking away a lot of that compute utilization from our indexers. Savings can still be had, even in the new licensing schema.”
Eric Jeanmaire
CEO
Another benefit of Cribl Stream is the ability to capture and analyze production data without disruption to operations. With Cribl’s innovative ability to see data manipulations and changes visually through the UI as they would appear in Splunk or Elastic beforehand, Cribl eliminates hard cutovers, perfect for SOCs that need to collect data 24/7 and don’t want to suffer any feed outages.
Eric and his team take advantage of this by first using Cribl as a catch-all pipeline that simply forwards the data to its destination. Then, they can cut over single feeds as necessary.
“With Cribl Stream, we can capture feeds as they're flowing through, create samples, work on our pipeline, QA it, and then turn the pipeline on. From there, we can shift to doing field extraction, normalization, and data model compliance right in Stream, without having it flow through our catch-all.”
Eric Jeanmaire
CEO
Instead of burning developer hours updating technical add-ons (TAs), the Finality team leverages Stream as the universal connector to prepare data.
“It’s easy to wean yourself off of TAs that need updating by cutting feeds over to Cribl Stream as you're ready. It doesn't have to be one big upfront effort to rewrite all of them on day one.”
Eric Jeanmaire
CEO
One of the architectural, best-practice decisions that Finalty made is to only develop content off of their data models. Cribl Stream makes it easy to transform raw data to your destination schema of choice, to accelerate identification of important Indicators of Compromise (IOCs).
“It’s easy to get into trouble operating products over time when you have written a lot of content off of raw feeds. You really have to make sure you're sticking to Data Model compliance, and Cribl is a great way to ensure CIM compliance very quickly.”
Eric Jeanmaire
CEO
“With Cribl Stream, we’ve dramatically shortened the content delivery timeline. New source data goes to Stream, and we do field extraction, normalization, and data model compliance all in Stream instead of our SIEM. Then we can start working on detection content and correlation searches much more quickly.”
Eric Jeanmaire
CEO
Partnering with Cribl is a great choice for systems integrators looking to enhance their offerings and deliver value to customers. Cribl complements and enhances already-existing tooling, allowing for repeatable, automated management and configurations. Spend less time onboarding data and working with outdated TAs and spend more time delivering value to your customers.
With free training, reference architectures, and sandboxes, SIs can easily develop certified subject matter experts (SME’s) who can leverage Cribl’s capabilities. Our team is well-staffed with a bench of knowledgeable folks willing to help, and a great Federal team that provides support when needed to meet any and all deadlines.
Classic choice. Sadly, our website is designed for all modern supported browsers like Edge, Chrome, Firefox, and Safari
Got one of those handy?