Products
Product Portfolio

Cribl puts your IT and Security data at the center of your data management strategy and provides a one-stop shop for analyzing, collecting, processing, and routing it all at any scale. Try the Cribl suite of products and start building your data engine today!
Learn more ›

Evolving demands placed on IT and Security teams are driving a new architecture for how observability data is captured, curated, and queried. This new architecture provides flexibility and control while managing the costs of increasing data volumes.
Read white paper ›

Cribl Stream

Cribl Stream is a vendor-agnostic observability pipeline that gives you the flexibility to collect, reduce, enrich, normalize, and route data from any source to any destination within your existing data infrastructure.
Learn more ›

Vodafone Case Study

Vodafone Dials up Business Insights with Cribl Stream
Read Case Study ›

Cribl Edge

Cribl Edge provides an intelligent, highly scalable edge-based data collection system for logs, metrics, and application data.
Learn more ›

SpyCloud Edge Story

Listen to how SpyCloud uses Cribl Edge at scale.
Watch Video ›

Cribl Search

Cribl Search turns the traditional search process on its head, allowing users to search data in place without having to collect/store first.
Learn more ›

Happy 1st Birthday Cribl Search!
Read Blog ›

Cribl Lake

Cribl Lake is a turnkey data lake solution that takes just minutes to get up and running — no data expertise needed. Leverage open formats, unified security with rich access controls, and centralize access to all IT and security data.
Learn more ›

Navigating the future of IT and Security Data management white paper
Read white paper ›

Cribl.Cloud

The Cribl.Cloud platform gets you up and running fast without the hassle of running infrastructure.
Learn more ›

Cribl.Cloud Solution Brief

The fastest and easiest way to realize the value of an observability ecosystem.
Read Solution Brief ›

AppScope

AppScope gives operators the visibility they need into application behavior, metrics and events with no configuration and no agent required.
Learn more ›

Sandbox

Launch an AppScope Sandbox today!
Launch Now ›
Solutions
Use Cases

Explore Cribl’s Solutions by Use Cases:

Supercharge Security Insights ›

Accelerate Cloud Migration ›

Avoid Vendor Lock-in ›

Free Up Space for High-Value Data ›

Route From Any Source To Any Destination ›

Replay Data from Low-Cost Storage ›

Reduce Log Volume & Pay Less for Infrastructure ›
Integration

Explore Cribl’s Solutions by Integrations:

Amazon ›

Google ›

CrowdStrike ›

Microsoft ›

Elastic ›

Splunk ›

Exabeam ›

View All Integrations ›

Seamless Integrations for Your Observability Data
Learn More ›
Industries

Explore Cribl’s Solutions by Industry:

AIOps ›

Financial Services ›

Healthcare ›

Managed Security Services ›

Manufacturing and Logistics ›

Communications and Media ›

Public Sector ›

Retail ›
Resources
Resources

Resource Library ›

Documentation ›

Guides ›

AppScope Docs ›

Blog ›

Glossary ›

Podcasts ›

Telemetry 101

Understanding the Basics of Telemetry and Its Benefits
Learn More ›
Events & Webinars

Events ›

Webinars ›

CriblCon24
Las Vegas // June 10, 2024
Register Now ›

Watch On-Demand

3 ways to fast-track your data lake strategy without being a data expert
Watch On-Demand ›
Learning

Try the Sandboxes ›

Self Guided Trials ›

Cribl University ›

Cribl Community ›

Cribl Curious Forum ›

What is Observability? ›

Try Your Own Cribl Sandbox

Experience a full version of Cribl Stream and Cribl Edge in the cloud.
Launch Now ›
Tools & Pricing

Download Library ›

Past Releases ›

Pricing Plans ›

Stream ROI Calculator ›

Download Library

Download Cribl’s suite of products for free to get started.
Download ›
Customers
Customer Stories

Get inspired by how our customers are innovating IT, security and observability. They inspire us daily!
Read Customer Stories ›

Sally Beauty Holdings

Sally Beauty Swaps LogStash and Syslog-ng with Cribl.Cloud for a Resilient Security and Observability Pipeline
Read Case Study ›
Customer Experience

Support & Success ›

Professional Services ›

Service Delivery Partners ›

Documentation ›

AppScope Docs ›

Professional Services

Check out our new Professional Services offering.
Learn More ›
Learning

Try the Sandboxes ›

Self Guided Trials ›

Cribl University ›

Cribl Community ›

Cribl Curious Forum ›

Try Your Own Cribl Sandbox

Experience a full version of Cribl Stream and Cribl Edge in the cloud.
Launch Now ›
Company
About Cribl

Transform data management with Cribl, the Data Engine for IT and Security
Learn More ›

Cribl Corporate Overview

Cribl makes open observability a reality, giving you the freedom and flexibility to make choices instead of compromises.
Get the Guide ›

Cribl Newsroom

Stay up to date on all things Cribl and observability.
Visit the Newsroom ›

Press Releases

Read our most recent press releases.
Recent Press Releases ›

Leadership

Cribl’s leadership team has built and launched category-defining products for some of the most innovative companies in the technology sector, and is supported by the world’s most elite investors.
Meet our Leaders ›

Careers

Join the Cribl herd! The smartest, funniest, most passionate goats you’ll ever meet.
Learn More ›

Cribl Named to the Inc. 5000 List of Fastest Growing Private Companies
Learn More ›

Cribl for Startups

Whether you’re just getting started or scaling up, the Cribl for Startups program gives you the tools and resources your company needs to be successful at every stage.
Learn More ›

Contact Us

Want to learn more about Cribl from our sales experts? Send us your contact information and we’ll be in touch.
Talk to an Expert ›

Try Cribl Talk to an expert

Glossary

Our Criblpedia glossary pages provide explanations to technical and industry-specific terms, offering valuable high-level introduction to these concepts.

Related Terms

Open Cybersecurity Schema Framework (OCSF)

What is the Open Cybersecurity Schema Framework (OCSF)?

In the digital age, data speaks volumes, especially when it comes to keeping systems secure. OCSF is like the Rosetta Stone for security-relevant data. It helps tools and systems understand each other to keep threats at bay. This makes collecting, analyzing, and sharing security information from various sources easier. The quest for uniform data formats in cybersecurity is critical, and the Open Cybersecurity Schema Framework aims to lead the way.

What are the Core Concepts of OCSF?

The Open Cybersecurity Schema Framework revolves around three fundamental core concepts that serve as pillars for building resilient and secure systems. Let’s break them down:

Schema
Think of this as a blueprint that organizes your security data. It ensures everyone is on the same page—or, more accurately, the same data format. A schema in the context of OCSF is a structured data model that defines the organization of cybersecurity information, ensuring consistency across diverse systems and platforms.

Interoperability
This is all about teamwork. With OCSF, different security tools can pass notes in class without getting caught—because they all speak the same language. Interoperability is the capacity of various cybersecurity systems to exchange and use information seamlessly. A goal that OCSF aims to achieve through standardization.

Standardization
The process of establishing a uniform language for cybersecurity data. This allows for more efficient analysis and response across different platforms and tools.

OCSF Key Terms

To fully understand the OCSF Framework, individuals should also grasp some of the key terminology associated with it:

Attributes: The specific characteristics or properties that define and provide context to cybersecurity events and entities.
Events: Significant occurrences within a system that have security implications. They are recorded and analyzed to detect and mitigate potential threats.
Normalization: The process of converting disparate data formats into a unified standard format, as prescribed by OCSF, to facilitate more effective data correlation and analysis.
Data Mapping: The method by which data from one schema is aligned with or translated to another schema—in this case, conforming external data sets to the OCSF standard.

What are the Key Components of OCSF?

Common Information Model (CIM): A conceptual framework that standardizes the representation of security data, which is integral for achieving data interoperability among tools and services.
Data Classes: The logical groupings of data within OCSF that categorize information based on its nature and purpose, such as network events, threats, or user information.
Fields: The specific data points within a data class, like columns in a database, that store the value for each attribute of an event or entity.

How to Implement OCSF?

Adoption: The strategic incorporation of OCSF into your data strategy requires aligning your current security operations with the framework’s standardized model.
Customization: While OCSF provides a comprehensive standard, it also accommodates customization to meet the specific data requirements and security contexts of individual organizations.

How to Implement OCSF?

Threat Hunting: OCSF enables threat hunters to query and analyze standardized data with greater efficiency, uncovering hidden threats with precision.
Incident Response: Streamlines the incident response process by providing a common data format that accelerates the identification and remediation of security incidents.
Compliance Reporting: Simplifies the generation of compliance reports through uniform data structures, ensuring regulatory requirements are met with less effort and complexity.

Data Quality: Prioritize maintaining the integrity and accuracy of data within the OCSF schema to ensure reliable security insights.
Scalability: Consider the future growth of your data and security needs, and ensure that your OCSF implementation can scale accordingly.
Security: Maintain rigorous security practices to protect standardized data, which is critical for operational integrity and data compliance.

Watch our on-demand webinar on Security is a Data Problem.

Resources

Blog

Cribl Search and Common Schema: Faster, More Accurate Detections

Blog

Your Secret Weapon Against Cyber Threats: Enhancing Cyber Resiliency With Cribl

Blog

What are the Benefits of Using Cribl Stream with Amazon Security Lake?

So you're rockin' Internet Explorer!

Classic choice. Sadly, our website is designed for all modern supported browsers like Edge, Chrome, Firefox, and Safari

Got one of those handy?

Product Portfolio

Cribl Stream

Cribl Edge

Cribl Search

Cribl Lake

Cribl.Cloud

AppScope

Use Cases

Integration

Industries

Resources

Events & Webinars

Learning

Tools & Pricing

Download Library

Customer Stories

Customer Experience

Learning

Try Your Own Cribl Sandbox

About Cribl

Cribl Newsroom

Leadership

Careers

Cribl for Startups

Contact Us

Glossary

Table of Contents

Related Terms

Open Cybersecurity Schema Framework (OCSF)

What is the Open Cybersecurity Schema Framework (OCSF)?

What are the Core Concepts of OCSF?

OCSF Key Terms

What are the Key Components of OCSF?

How to Implement OCSF?

How to Implement OCSF?

What are OCSF Best Practices?

Want to learn more?

Resources

Cribl Search and Common Schema: Faster, More Accurate Detections

Your Secret Weapon Against Cyber Threats: Enhancing Cyber Resiliency With Cribl

What are the Benefits of Using Cribl Stream with Amazon Security Lake?

So you're rockin' Internet Explorer!

Give a goat?

You herd right. Take a minute to share your feedback on our website, and you could be one of five people that gives a goat to those in need this month.