Cribl

Whoa there!


Just a heads-up: This demo is designed for desktop viewing. Please revisit on a desktop device for your interactive experience.

Cloud Infrastructure Insights

Supercharge your cloud insights with Cribl

Cloud Infrastructure Insights

Welcome to the Cloud Infrastructure Insights demo. Today, we’re showing you how Cribl can help you take control of your AWS environment by transforming complex, overwhelming data into actionable insights. This isn’t just about monitoring; it’s about gaining the visibility and control you need to make smarter, faster decisions.

Here’s what we’ll explore:

  • Open Ports Analysis: Identify and address vulnerabilities to strengthen your security posture.

  • AWS Security Lake: Centralize and make sense of your security event data for faster detection and response.

  • CloudTrail Logs: Trace activity and ensure accountability across your environment.

  • Terraform State Files: Simplify infrastructure management, detect drift, and enhance state files with S3 and search capabilities.

By the end of this demo, you’ll see how Cribl enables you to secure, optimize, and scale your AWS infrastructure; all with the power of data. Let’s get started.

Ready to Explore?

New to Cribl? Click the "Tell me more" button below to learn more about the Cribl suite of products and how they work together to form a powerful Data Engine for IT and Security your data.

Not so new? Or just impatient? Click "Start Demo"!

Home sweet, home

This is the Search Home, your command center for exploring datasets and uncovering insights. Here’s what you can do:

  • Choose a Dataset: Select from the list of available datasets like aws_api, terraform_state, or camp_crystal_security_lake to kick off your search.

  • Leverage Sample Queries: Check out the Sample Searches on the right for inspiration or to get started quickly.

  • Dive into Your History: Access recent queries in the History tab to pick up where you left off.

Once you’re comfortable with the data, let’s head over to Dashboards to see how all these insights come together in a visual, actionable format.

Organize Your Dashboards

Welcome to the Dashboards section! This is where you can:

  • Organize Dashboards: Group your dashboards into collections, like AWS, Google Cloud Platform, or Cribl Search Activity, based on your environment or workflow.

  • Streamline Access: Quickly find and focus on dashboards like AWS Infra Dash or VPC Flow Dash that provide targeted insights for your cloud infrastructure.

  • Customize Your Setup: Create and manage collections to fit your specific use cases, keeping everything structured and easy to navigate.

Let’s Jump Into the AWS Dashboard

Now that you’ve seen how dashboards are organized, let’s dive into the AWS Infra Dashboard that was created by our IT team. This is where we get a high-level view of our AWS environment, with actionable insights on open ports, security logs, and infrastructure performance.

AWS API Global Port Access Donut Chart

Visualize which ports are open in your environment. Each segment highlights a commonly used port, like 22 for SSH or 80 for HTTP, helping you identify potential vulnerabilities.

Who left the door open!

Now, examine the AWS API Global Port Access Table, which provides detailed information about each security group with open ports. Key details include:

  • GroupName and GroupId for easy identification.

  • Open Ports to show potential access points.

  • Region to pinpoint where the group resides.

  • Description for additional context about the rule.

Ops Count Breakdown

Use this visualization to identify the most frequent API operations, like GetObject or DeleteObject, and potential patterns in your security data.

Severity Chart

Quickly assess the severity of security events to prioritize your response efforts.

Event Count by Region

Visualize where security activity is concentrated. Correlate regional activity with specific workloads or deployments.

What’s Happening in Your Environment?

See the distribution of API calls in your environment. Quickly identify which operations, like AssumeRole or GetTable, are most common.

Who’s Accessing Your Environment?

Understand the types of identities interacting with your environment—AWS Accounts, Assumed Roles, or Services. Monitor root access for additional security.

Supercharge your TF backend

Manage resources with clarity. See:

  • Provider: The Terraform module or registry used.

  • Type: Resource categories like aws_security_group or s3_bucket.

  • Count: Number of instances for each type.This table makes it easy to identify high-priority resources or potential misconfigurations. For instance, let’s click on aws_security_group to review its instances and ensure compliance with security best practices.

By powering up your backend Terraform state files with S3 and search capabilities, you gain the ability to centralize state management while uncovering deep insights into operations. This ensures your infrastructure remains scalable, searchable, and easy to troubleshoot

Terraform State table

Now, examine the Terraform State Table, which lists all defined resources in detail. Each row includes:

  • Provider: The Terraform module or registry used for the resource.

  • Type: The resource category, such as aws_security_group or aws_s3_bucket.

  • Count: The number of instances for each resource type.

On Deck: Notifications

Now that we’ve explored the AWS Infra Dashboard and Terraform State Files, it’s time to ensure you stay informed about critical events and updates. Let’s transition to the Notifications section, where you can set up alerts to proactively manage your environment.

Stay Ahead with Alerts

Stay ahead of critical events by setting up a notification target. In this screen, you can configure where your alerts are sent.

Webhook

Send notifications to an arbitrary webhook endpoint.

Slack

Slack: Post alerts directly to a Slack channel for real-time collaboration.

Email

Notify teams or individuals via email.

PagerDuty

Integrate with PagerDuty for incident response.

AWS SNS

AWS SNS: Leverage AWS Simple Notification Service to send notifications to AWS services, mobile push, or text messages.

Notifications Explored!

Now that you’ve seen the types of notifications Cribl supports, you know how flexible your alerting options can be. Whether it’s integrating with Slack, PagerDuty, AWS SNS, or sending an email, Cribl ensures you can stay informed in the ways that best suit your workflow.

With these tools at your fingertips, let’s move to the conclusion and recap how Cribl empowers you to take full control of your AWS environment.

Feeling Super? Feeling Empowered?

Cribl Search is your ultimate toolkit for gaining unparalleled visibility and control over your environment.

In this demo, we explored how combining actionable insights from Open Ports Analysis, AWS Security Lake, CloudTrail, and Terraform State Files can help you:

  • Enhance Security: Quickly identify and remediate open ports, monitor AWS API operations, and stay ahead of threats by tracking security events by severity and region.

  • Optimize Operations: Leverage detailed CloudTrail logs to trace activity, investigate anomalies, and ensure compliance with ease.

  • Streamline Infrastructure Management: Track resources, detect drift, and improve scalability with Terraform state data enhanced by S3-backed state files and advanced search capabilities.

This holistic approach empowers you to proactively secure, optimize, and scale your cloud infrastructure; transforming raw data into actionable intelligence for a more resilient and efficient AWS deployment.

Feel free to shedule a demo or try cribl by clicking on either.

Schedule a demoTry Cribl

See

Cribl

See a custom demo tailored to your tools and data challenges, with one of our team.

Schedule a Demo

Try

Cribl

Get hands-on with a Sandbox or guided Cloud Trial.

Try a Sandbox
Start a Cloud Trial

Free

Cribl

Process up to 1TB/day, no license required.

Cribl.Cloud account
Download