Cribl puts your IT and Security data at the center of your data management strategy and provides a one-stop shop for analyzing, collecting, processing, and routing it all at any scale. Try the Cribl suite of products and start building your data engine today!
Learn more ›Evolving demands placed on IT and Security teams are driving a new architecture for how observability data is captured, curated, and queried. This new architecture provides flexibility and control while managing the costs of increasing data volumes.
Read white paper ›Cribl Stream is a vendor-agnostic observability pipeline that gives you the flexibility to collect, reduce, enrich, normalize, and route data from any source to any destination within your existing data infrastructure.
Learn more ›Cribl Edge provides an intelligent, highly scalable edge-based data collection system for logs, metrics, and application data.
Learn more ›Cribl Search turns the traditional search process on its head, allowing users to search data in place without having to collect/store first.
Learn more ›Cribl Lake is a turnkey data lake solution that takes just minutes to get up and running — no data expertise needed. Leverage open formats, unified security with rich access controls, and centralize access to all IT and security data.
Learn more ›The Cribl.Cloud platform gets you up and running fast without the hassle of running infrastructure.
Learn more ›Cribl.Cloud Solution Brief
The fastest and easiest way to realize the value of an observability ecosystem.
Read Solution Brief ›AppScope gives operators the visibility they need into application behavior, metrics and events with no configuration and no agent required.
Learn more ›Explore Cribl’s Solutions by Use Cases:
Explore Cribl’s Solutions by Integrations:
Explore Cribl’s Solutions by Industry:
Watch On-Demand
3 ways to fast-track your data lake strategy without being a data expert
Watch On-Demand ›Try Your Own Cribl Sandbox
Experience a full version of Cribl Stream and Cribl Edge in the cloud.
Launch Now ›Get inspired by how our customers are innovating IT, security and observability. They inspire us daily!
Read Customer Stories ›Sally Beauty Holdings
Sally Beauty Swaps LogStash and Syslog-ng with Cribl.Cloud for a Resilient Security and Observability Pipeline
Read Case Study ›Experience a full version of Cribl Stream and Cribl Edge in the cloud.
Launch Now ›Transform data management with Cribl, the Data Engine for IT and Security
Learn More ›Cribl Corporate Overview
Cribl makes open observability a reality, giving you the freedom and flexibility to make choices instead of compromises.
Get the Guide ›Stay up to date on all things Cribl and observability.
Visit the Newsroom ›Cribl’s leadership team has built and launched category-defining products for some of the most innovative companies in the technology sector, and is supported by the world’s most elite investors.
Meet our Leaders ›Join the Cribl herd! The smartest, funniest, most passionate goats you’ll ever meet.
Learn More ›Whether you’re just getting started or scaling up, the Cribl for Startups program gives you the tools and resources your company needs to be successful at every stage.
Learn More ›Want to learn more about Cribl from our sales experts? Send us your contact information and we’ll be in touch.
Talk to an Expert ›Case Study
Best Practices for Reduction with Cribl Packs
Follow the step by step process to configure and customize your Cribl Packs.
“STREAM WAS A NO-BRAINER. IT WAS EXTREMELY EASY TO USE AND ADOPT. AFTER EACH CALL WE WOULD JOKINGLY INCREASE OUR DESIRED OUTCOME BECAUSE WE KNEW THE TOOL COULD BLOW IT OUT OF THE WATER.”
Director of Cyber Security Operations,
“A LARGE PART OF OUR STRATEGY WAS TO SEPARATE OUR HIGH-VALUE DATA INTO OUR PRIMARY SIEM AND OUR HIGH-VOLUME DAT INTO A SECONDARY, MORE COST-EFFECTIVE SIEM, CROWDSTRIKE LOGSCALE. WE NEEDED CRIBL TO WORK SEAMLESSLY WITH BOTH OF THESE SOLUTIONS.”
Director of Cyber Security Operations,
Share:
When the travel company expaneded, so did the responsibilities for their corporate security team. They needed to unify and secure their global footprint to maintain their security posture. Upgrading to Crowdstrike Falcon Data Replicator (FDR) met all of their requirements by furthering their Security Operation Center (SOC) with actionable insights from their Endpoint Detection and Response Solution (EDR).
However, after implementation, they found themselves facing an unexpectedly high volume of logs that exceeded the available license space and infrastructure capacity in their Security Information and Event Management (SIEM) tool, Splunk. This put them in the difficult position to prioritize which data they could onboard to drive detection content in their SIEM.
While searching for ways to manage their logging capacity and extract value from Crowdstrike endpoint telemetry data, their Director of Cyber Security Operations, was introduced to Cribl Stream.
“We worked with Cribl to optimize our FDR logs, and we really liked what we saw. We were able to solve our immediate issue with Crowdstrike FDR, by reducing our log volumes to the expected footprint without losing the context we needed for detection. This would allow us to remain within the licensing constraints for our SIEM.”
Director of Cyber Security Operations
The Affordable Way to Desired Destinations
During the evaluation, the SOC team saw an immediate reduction in log volume, simply by leveraging the free Cribl Crowdstrike Pack. Cribl Packs, which can be found in the Cribl Pack Dispensary, are a set of readily available configurations designed to enable Cribl Stream administrators and developers to quickly reduce, optimize and enhance their Crowdstrike data.
“Using Cribl Packs we were able to achieve an immediate 50% reduction in the logs. From there we had team brainstorming sessions on how to reduce the volume of data without impacting the value. It was tricky, and it took us maybe 5-6 sessions, but we were able to achieve a 72% reduction, while still getting the context we needed for investigations.”
Director of Cyber Security Operations
Making Data Travel Woes a Thing of the Past
After getting their logging volume under control, the team set their sights on the future: optimizing their security stack with Cribl Stream.
“A large part of our strategy is to separate data we would need for alerting purposes into Splunk, while data for retention and compliance purposes was directed towards affordable log retention, Crowdstrike LogScale. We needed Cribl to work seamlessly with both of these solutions.”
Director of Cyber Security Operations
It’s important to note that there is no loss of data due to this segmentation. Instead of sending all FDR data directly to Splunk, Cribl is used to easily manage the data pipeline. Reduced, high-fidelity logs helpful for alerting are sent to Splunk, while voluminous raw logs, and logs for longterm compliance are directed to LogScale.
Although the strategy for SIEM Optimization sounds straightforward, the execution of sending the same data to disparate destinations usually requires leveraging each tool’s proprietary ingestion process. Cribl Stream acts as a unified pipeline, allowing several data sources to be modified and redirected, or even enriched with IOC or GeoIP data in flight. The SOC team discovered firsthand just how easy it was to leverage Cribl as part of the optimization process.
New Perspectives for Security
The combination of Cribl Stream’s routing and reduction functions gives the team the flexibility to spend less time managing data onboarding, configurations, normalization and licensing limitations. This provides them more time to focus on their jobs as security practitioners.
“With Cribl Stream, we reconfigured the data in one place, with a user-friendly GUI. You can make the changes in a matter of minutes and instantly see results–versus taking hours or days to understand the impact of your changes.”
Director of Cyber Security Operations
“Stream was a no-brainer. It was extremely easy to use and adopt. After each call we would jokingly increase our desired outcome because we knew the tool could blow it out of the water,”
Director of Cyber Security Operations
Cribl makes open observability a reality for today’s tech professionals. The Cribl product suite defies data gravity with radical levels of choice and control. Wherever the data comes from, wherever it needs to go, Cribl delivers the freedom and flexibility to make choices, not compromises. It’s enterprise software that doesn’t suck, enables tech professionals to do what they need to do, and gives them the ability to say “Yes.” With Cribl, companies have the power to control their data, get more out of existing investments, and shape the observability future. Founded in 2017, Cribl is a remote-first company with an office in San Francisco, CA. For more information, visit www.cribl.io or our LinkedIn, Twitter, or Slack community.
Classic choice. Sadly, our website is designed for all modern supported browsers like Edge, Chrome, Firefox, and Safari
Got one of those handy?