Cribl puts your IT and Security data at the center of your data management strategy and provides a one-stop shop for analyzing, collecting, processing, and routing it all at any scale. Try the Cribl suite of products and start building your data engine today!
Learn more ›Evolving demands placed on IT and Security teams are driving a new architecture for how observability data is captured, curated, and queried. This new architecture provides flexibility and control while managing the costs of increasing data volumes.
Read white paper ›Cribl Stream is a vendor-agnostic observability pipeline that gives you the flexibility to collect, reduce, enrich, normalize, and route data from any source to any destination within your existing data infrastructure.
Learn more ›Cribl Edge provides an intelligent, highly scalable edge-based data collection system for logs, metrics, and application data.
Learn more ›Cribl Search turns the traditional search process on its head, allowing users to search data in place without having to collect/store first.
Learn more ›Cribl Lake is a turnkey data lake solution that takes just minutes to get up and running — no data expertise needed. Leverage open formats, unified security with rich access controls, and central access to all IT and security data.
Learn more ›The Cribl.Cloud platform gets you up and running fast without the hassle of running infrastructure.
Learn more ›Cribl.Cloud Solution Brief
The fastest and easiest way to realize the value of an observability ecosystem.
Read Solution Brief ›Cribl Copilot gets your deployments up and running in minutes, not weeks or months.
Learn more ›AppScope gives operators the visibility they need into application behavior, metrics and events with no configuration and no agent required.
Learn more ›Explore Cribl’s Solutions by Use Cases:
Explore Cribl’s Solutions by Integrations:
Explore Cribl’s Solutions by Industry:
Try Your Own Cribl Sandbox
Experience a full version of Cribl Stream and Cribl Edge in the cloud.
Launch Now ›Get inspired by how our customers are innovating IT, security and observability. They inspire us daily!
Read Customer Stories ›Sally Beauty Holdings
Sally Beauty Swaps LogStash and Syslog-ng with Cribl.Cloud for a Resilient Security and Observability Pipeline
Read Case Study ›Experience a full version of Cribl Stream and Cribl Edge in the cloud.
Launch Now ›Transform data management with Cribl, the Data Engine for IT and Security
Learn More ›Cribl Corporate Overview
Cribl makes open observability a reality, giving you the freedom and flexibility to make choices instead of compromises.
Get the Guide ›Stay up to date on all things Cribl and observability.
Visit the Newsroom ›Cribl’s leadership team has built and launched category-defining products for some of the most innovative companies in the technology sector, and is supported by the world’s most elite investors.
Meet our Leaders ›Join the Cribl herd! The smartest, funniest, most passionate goats you’ll ever meet.
Learn More ›Whether you’re just getting started or scaling up, the Cribl for Startups program gives you the tools and resources your company needs to be successful at every stage.
Learn More ›Want to learn more about Cribl from our sales experts? Send us your contact information and we’ll be in touch.
Talk to an Expert ›Case Study
“OUR CLIENTS NO LONGER HAVE TO CHOOSE BETWEEN ACCEPTING THE RISK OF LIMITED VISIBILITY OR ASKING FOR MORE MONEY. THEY CAN ONBOARD ALL OF THEIR SOURCES WITHOUT INCURRING ADDITIONAL COSTS.”
MICHAEL POLISE,
DIRECTOR OF ADVISORY SERVICES
“SOC ANALYSTS WITHIN THE CLIENT’S ENVIRONMENT CAN ACCESS EVERYTHING DIRECTLY FROM SENTINEL AND CAN QUERY AZURE DATA EXPLORER NATIVELY FROM SENTINEL, WHICH IS GREAT FOR EFFICIENCY AND REDUCING THE MEAN TIME TO RESPOND.”
MICHAEL POLISE,
DIRECTOR OF ADVISORY SERVICES
“THE EASY MANAGEABILITY OF CRIBL MAKES IT POSSIBLE TO DELIVER QUICKLY FOR OUR CLIENTS.”
MICHAEL POLISE,
DIRECTOR OF ADVISORY SERVICES
Share:
As part of their new SCALR™ XDR service, SRA designs, configures, and builds out their customers’ security architectures. They perform managed security services, 24/7 monitoring, curated out-of-the-box threat detections, and act as a SOC for critical data sources like cloud alerts, EDR, threat detection alerts, and more.
A turn-key solution like this wasn’t possible until SRA decided to implement Cribl Stream.
“We looked at a few open-source alternatives, but none of them had the enterprise level scalability, capabilities, and features that our clients need for something this critical in their data pipeline. Cribl Stream and Cribl’s overall portfolio and innovative direction also just continues to get better.”
Michael Polise
Director of Advisory Services
SRA’s proprietary XDR solution is deployed and co-managed within the client’s environment, which allows the client to keep complete control over their data at all times. Data sources get routed to Cribl Stream — all data that are used for generating alerts, correlating events, or otherwise actioned on by a SOC analyst gets forwarded to Microsoft Sentinel.
Data used for investigations, IOC sweeps, threat hunts, long-term retention, or regulatory purposes goes to Azure Data Explorer (ADX). In many cases, ADX serves as an organization’s very first security data lake, instantly elevating its security maturity level. A solution that could not have been made possible without the unified data processing engine, Cribl.
“Everything is provisioned in the client’s environment, so they have full access to everything. They can create their own alerts for themselves and funnel data to their teams internally.”
Michael Polise
Director of Advisory Services
“We get pretty aggressive with Windows Event Log reduction and often get a 60% reduction or more for those data sources without losing any of the context we need for triggering detection content. Reduction of other sources might be less than that, but we can typically cut out the junk to reduce data volumes by half.”
Michael Polise
Director of Advisory Services
“In general, we see 70-80% license cost savings in the tech stack compared to a client’s existing SIEM platform. A recent client had a $900K per year Splunk license that was reduced to $200K after using Cribl Stream to migrate to Sentinel and Azure Data Explorer.”
Michael Polise
Director of Advisory Services
“In our most aggressive migration, a client moving from Splunk to Sentinel went live in two to three weeks. We can’t move everyone over that fast, but as long as the log sources are redirected, we can typically onboard and go live within a 30-60 day window.”
Michael Polise
Director of Advisory Services
Michael and his team started with the out-of-the-box Cribl Packs to facilitate this process, then created custom Packs to accelerate SIEM migrations even further.
“SOC analysts can read queries, and focus on threat data that is important to them, and query data in Azure Data Explorer if they need additional information. Our clients can also use Sentinel to automatically pull pertinent data to the front of the screen for an analyst.”
Michael Polise
Director of Advisory Services
“To validate that our client’s tools are functioning appropriately, we perform threat simulations based on TTPs that threat actors perform on a regular basis. We bring red teams and blue teams to the table to perform some of those simulations, then work with clients to improve the detection logic in Sentinel and their cloud-based EDR.”
Michael Polise
Director of Advisory Services
To improve future offerings, SRA is exploring Cribl Search and Data Lake to expand services and infrastructure beyond SCALR™ XDR. With Cribl’s federated “search-in-place” queries, on data of any format or location, users can conduct precise analysis and forward results effortlessly. Adding platform-agnostic data warehousing, Cribl’s Data Lake delivers unified retention, security, and access control policies across object stores and clouds from one easy management platform. Functionality that will be particularly beneficial for clients using Splunk as a SIEM or for those sending logs to S3, extending SRA’s reach beyond Microsoft products.
Security Risk Advisors (SRA) is a Cribl Partner who provides specialized security services including Cribl Engineering and Enablement, Penetration Testing, Purple Teams, Cloud Security, Resilience, Cyber Physical Systems Security, Engineering, and 24x7x365 Cybersecurity Operations. SRA’s mission is to “Level Up” every day to protect our clients and their customers. SRA delivers security services to Fortune and Global 1000 companies, innovating technology startups, and mission-oriented non-profits across Healthcare, Pharmaceutical, Retail, Financial Services, and Manufacturing industries. SRA is headquartered in Philadelphia, with offices in Rochester, and Kilkenny, Ireland. SRA is an official partner of Cribl (https://sra.io/cribl/).
Classic choice. Sadly, our website is designed for all modern supported browsers like Edge, Chrome, Firefox, and Safari
Got one of those handy?