Route data to multiple destinations
Enrich data events with business or service context
Search and analyze data directly at its source, an S3 bucket, or Cribl Lake
Reduce the size of data
Shape data to optimize its value
Store data in S3 buckets or Cribl Lake
Replay data from low-cost storage
Collect logs and metrics from host devices
Redact or mask sensitive data
Optimize data for better threat detection and response
Streamline infrastructure to reduce complexity and cost
Simplify Kubernetes data collection
Optimize logs for value
Control how telemetry is stored
Easily handle new cloud telemetry
Ensure freedom in your tech stack
Accelerate the value of AIOps
Effortlessly search, collect, process, route and store telemetry from every corner of your infrastructure—in the cloud, on-premises, or both—with Cribl. Try the Cribl Suite of products today.
Learn moreGet started quickly without managing infrastructure
Get telemetry data from anywhere to anywhere
Streamline collection with a scalable, vendor-neutral agent
Easily access and explore telemetry from anywhere, anytime
Store, access, and replay telemetry. Point. Click. Done.
AI-powered tools designed to maximize productivity
Instrument, collect, observe
Get hands-on support from Cribl experts to quickly deploy and optimize Cribl solutions for your unique data environment.
Work with certified partners to get up and running fast. Access expert-level support and get guidance on your data strategy.
Get inspired by how our customers are innovating IT, security, and observability. They inspire us daily!
Read customer storiesFREE training and certs for data pros
Log in or sign up to start learning
Step-by-step guidance and best practices
Tutorials for Sandboxes & Cribl.Cloud
Ask questions and share user experiences
Troubleshooting tips, and Q&A archive
The latest software features and updates
Get older versions of Cribl software
For registered licensed customers
Advice throughout your Cribl journey
Connect with Cribl partners to transform your data and drive real results.
Join the Cribl Partner Program for resources to boost success.
Log in to the Cribl Partner Portal for the latest resources, tools, and updates.
Case Study
Best Practices for Reduction with Cribl Packs
Follow the step by step process to configure and customize your Cribl Packs.
“STREAM WAS A NO-BRAINER. IT WAS EXTREMELY EASY TO USE AND ADOPT. AFTER EACH CALL WE WOULD JOKINGLY INCREASE OUR DESIRED OUTCOME BECAUSE WE KNEW THE TOOL COULD BLOW IT OUT OF THE WATER.”
Director of Cyber Security Operations,
“A LARGE PART OF OUR STRATEGY WAS TO SEPARATE OUR HIGH-VALUE DATA INTO OUR PRIMARY SIEM AND OUR HIGH-VOLUME DAT INTO A SECONDARY, MORE COST-EFFECTIVE SIEM, CROWDSTRIKE LOGSCALE. WE NEEDED CRIBL TO WORK SEAMLESSLY WITH BOTH OF THESE SOLUTIONS.”
Director of Cyber Security Operations,
Share:
When the travel company expaneded, so did the responsibilities for their corporate security team. They needed to unify and secure their global footprint to maintain their security posture. Upgrading to Crowdstrike Falcon Data Replicator (FDR) met all of their requirements by furthering their Security Operation Center (SOC) with actionable insights from their Endpoint Detection and Response Solution (EDR).
However, after implementation, they found themselves facing an unexpectedly high volume of logs that exceeded the available license space and infrastructure capacity in their Security Information and Event Management (SIEM) tool, Splunk. This put them in the difficult position to prioritize which data they could onboard to drive detection content in their SIEM.
While searching for ways to manage their logging capacity and extract value from Crowdstrike endpoint telemetry data, their Director of Cyber Security Operations, was introduced to Cribl Stream.
“We worked with Cribl to optimize our FDR logs, and we really liked what we saw. We were able to solve our immediate issue with Crowdstrike FDR, by reducing our log volumes to the expected footprint without losing the context we needed for detection. This would allow us to remain within the licensing constraints for our SIEM.”
Director of Cyber Security Operations
The Affordable Way to Desired Destinations
During the evaluation, the SOC team saw an immediate reduction in log volume, simply by leveraging the free Cribl Crowdstrike Pack. Cribl Packs, which can be found in the Cribl Pack Dispensary, are a set of readily available configurations designed to enable Cribl Stream administrators and developers to quickly reduce, optimize and enhance their Crowdstrike data.
“Using Cribl Packs we were able to achieve an immediate 50% reduction in the logs. From there we had team brainstorming sessions on how to reduce the volume of data without impacting the value. It was tricky, and it took us maybe 5-6 sessions, but we were able to achieve a 72% reduction, while still getting the context we needed for investigations.”
Director of Cyber Security Operations
Making Data Travel Woes a Thing of the Past
After getting their logging volume under control, the team set their sights on the future: optimizing their security stack with Cribl Stream.
“A large part of our strategy is to separate data we would need for alerting purposes into Splunk, while data for retention and compliance purposes was directed towards affordable log retention, Crowdstrike LogScale. We needed Cribl to work seamlessly with both of these solutions.”
Director of Cyber Security Operations
It’s important to note that there is no loss of data due to this segmentation. Instead of sending all FDR data directly to Splunk, Cribl is used to easily manage the data pipeline. Reduced, high-fidelity logs helpful for alerting are sent to Splunk, while voluminous raw logs, and logs for longterm compliance are directed to LogScale.
Although the strategy for SIEM Optimization sounds straightforward, the execution of sending the same data to disparate destinations usually requires leveraging each tool’s proprietary ingestion process. Cribl Stream acts as a unified pipeline, allowing several data sources to be modified and redirected, or even enriched with IOC or GeoIP data in flight. The SOC team discovered firsthand just how easy it was to leverage Cribl as part of the optimization process.
New Perspectives for Security
The combination of Cribl Stream’s routing and reduction functions gives the team the flexibility to spend less time managing data onboarding, configurations, normalization and licensing limitations. This provides them more time to focus on their jobs as security practitioners.
“With Cribl Stream, we reconfigured the data in one place, with a user-friendly GUI. You can make the changes in a matter of minutes and instantly see results–versus taking hours or days to understand the impact of your changes.”
Director of Cyber Security Operations
“Stream was a no-brainer. It was extremely easy to use and adopt. After each call we would jokingly increase our desired outcome because we knew the tool could blow it out of the water,”
Director of Cyber Security Operations
Classic choice. Sadly, our website is designed for all modern supported browsers like Edge, Chrome, Firefox, and Safari
Got one of those handy?