Page 6 of 9
Monitor events and staus on Juniper Networks devices and services
Source
Juniper Networks develops and markets networking products, including routers, switches, network management software, network security products, and software-defined networking technology.
This is an integration facilitated by Stream’s Syslog Source.
Configure your Juniper Networks devices and/or services to emit relevant logs via syslog.
Configure Stream to read syslog data via Sources > Syslog.
Specify the address to bind on, UDP or TCP port, and optional parameters.
Stream will start fetching data as it becomes available.
Event streaming platform for processing, storing, and reprocessing streamed data
Source
Apache Kafka is an open-source, distributed event streaming platform widely used for high-performance data pipelines, streaming analytics, metrics collection and monitoring, log aggregation, data integration, and mission-critical applications. As a durable message broker, Kafka enables applications to process, persist, and reprocess streamed data.
This is a built-in integration between Cribl Stream and Kafka.
Kafka as Source and Stream as a destination
Create a Kafka topic, write to it, and export to LogStream via Kafka Connect.
Configure Stream to read data from Kafka via Sources > Kafka.
Specify the Kafka brokers, topics, and optional settings (Confluent Schema Registry, TLS certificate, and SASL authentication parameters).
Stream will start fetching data as KDS streams become available.
Kafka as Destination and LogStream as a source
Configure LogStream to send data to Kafka via Destinations > Kafka.
Specify the Kafka brokers and topic to write to, along with other settings (record data format, compression and backpressure behavior, and optional Confluent Schema Registry, TLS certificate, and SASL authentication parameters).
LogStream will start sending data as it becomes available.
Event streaming platform for processing, storing, and reprocessing streamed data
Destination
Apache Kafka is an open-source, distributed event streaming platform widely used for high-performance data pipelines, streaming analytics, metrics collection and monitoring, log aggregation, data integration, and mission-critical applications. As a durable message broker, Kafka enables applications to process, persist, and reprocess streamed data.
This is a built-in integration between Cribl Stream and Kafka.
Kafka as Destination and LogStream as a source
Configure Stream to send data to Kafka via Destinations > Kafka.
Specify the Kafka brokers and topic to write to, along with other settings (record data format, compression and backpressure behavior, and optional Confluent Schema Registry, TLS certificate, and SASL authentication parameters).
Stream will start sending data as it becomes available.
Automate the deployment, scaling, and management of containerized applications
Source
Kubernetes (or K8s) is an open-source standard for automating deployment, scaling, and managing containerized applications.
This is an integration facilitated by Stream’s Elasticsearch API Source. Fluentd, Fluent Bit, or Filebeat be interposed between Kubernetes and Elasticsearch clusters.
Configure a Kubernetes agent or sidecar to output data to Fluentd, Fluent Bit, or another log collector for Elasticsearch.
Configure Stream to read data from your Elasticsearch cluster via Sources > Elasticsearch API.
Specify the IP address, port, Elasticsearch API endpoint, and optional authentication and TLS parameters.
Stream will start fetching data as it becomes available.
Cost-effective log indexing, aggregation, and storage
Destination
Grafana Loki is a log aggregation system designed for cost-effectiveness. Loki indexes only logs’ metadata (labels) while compressing the full-fidelity log data in chunks for storage in low-cost object stores.
This is a built-in integration between Cribl Stream and Loki.
Install, configure, and launch Loki and Promtail.
Configure Stream to send out events via Destinations > Loki.
Specify the Loki endpoint, backpressure behavior, optional authentication mechanism and credentials, and other optional parameters.
Stream will start sending data as it becomes available.
Cost-effective log indexing, aggregation, and storage
Source
Grafana Loki is a log aggregation system designed for cost-effectiveness. Loki indexes only logs’ metadata (labels) while compressing the full-fidelity log data in chunks for storage in low-cost object stores.
This is a built-in integration between Cribl Stream and Loki.
Configure Loki to start sending messages to LogStream.
Configure Stream to ingest Loki data, via Sources > Loki.
Specify the address, port, API endpoint, optional authentication credentials and TLS settings, and other optional parameters.
Stream will start fetching data as it becomes available.
Collect, reduce, transform, and route high-volume non-Azure-native data into high-fidelity, formatted data via Fabric Eventstream and Cribl integration.
Destination
Stronger security insights: You can ensure that only high-fidelity, well-structured data from across a virtually unlimited catalog of data sources lands in Fabric Eventstream, improving detection accuracy and accelerating investigations.
Lower operational costs: Filtering and routing only the data that you need helps avoid paying to ingest, store, and analyze redundant or low-value data in Fabric.
Faster analytics and decision-making: With clean, enriched data, teams can build dashboards, run queries, and operationalize insights more quickly.
Read the integration blog post: https://cribl.io/blog/better-together-cribl-and-microsoft-fabric-just-got-radically-simpler/
This is a built-in integration with a dedicated Cribl data source in the Real-Time hub in the Fabric portal.
Select "Cribl" from the list of sources and Fabric will provision everything for you
After provisioning Eventstream in the Fabric portal, configure the Fabric Real-Time Intelligence destination in Cribl Stream
Configure the generic and optional settings
Copy the bootstrap server, topic, and connection string from the Cribl Source you created in the Fabric portal.
The SASL JASS password will go under “Authentication” and will be stored in a secret.
Stream will start sending data as it becomes available
Analyze Office 365 email metadata to detect malicious activity
Source
Microsoft’s MessageTrace REST endpoint provides summary information about the processing of email messages through your organization’s Office 365 system in the last 30 days. You can use this metadata to detect and report on malicious activity including bulk emails, spoofed-domain emails, and data exfiltration.
This is a built-in integration through the Cribl Stream’s Office 365 Message Trace Source.
Configure Stream to receive data from the Office 365 Management Activity API via Sources > Office 365 Message Trace.
Specify the poll interval, your Office 365 credentials, and optional parameters like the date range, log level, and timeout to use.
Stream will start receiving Office 365 Message Trace data as it becomes available.
Collect and analyze security and threat data across the enterprise
Destination
Microsoft Sentinel is a scalable, cloud-native, SIEM (security information event management) and SOAR (security orchestration automated response) platform. Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response.
This integration is facilitated through the Cribl Stream Azure Monitor Logs Destination.
Enable Microsoft Sentinel’s integration with Azure Monitor Logs, ensuring appropriate permissions on the subscription that owns the Microsoft Sentinel workspace.
Configure Stream to send data to Azure Event Hubs via Destinations > Azure Monitor Logs.
Specify the Azure Log Analytics Workspace ID, Workspace Key, Log Type, backpressure behavior, and optional parameters.
Stream will start sending data as it becomes available.
Observability tool for DevOps, SRE, and IT Operations professionals
Destination
Moogsoft ingests metrics and notifications from multiple monitoring sources. It deduplicates, normalizes, and correlates the data into a single list of actionable incidents.
This integration is facilitated through the Cribl Stream/Edge Webhook Destination.
Configure Stream/Edge to send data to Moogsoft via Destinations>Webhook.
Map all required fields in the Moogsoft schema.
Define custom tags for Cribl fields that lack Moogsoft equivalents.
Specify default values for objects sent with missing fields.
Map Cribl fields and values to Moogsoft severities.
Collect, transform, and route cloud security Events and Alerts
Source
Collect threat intelligence Events and Alerts from Netskope’s SSE (Security Service Edge) and SASE (Secure Access Service Edge) products. Shape them and route them to downstream monitoring/dashboard services or storage.
This integration is facilitated through Cribl Stream’s REST/API Collector.
In Netskope, generate an API token with appropriate scopes.
In Cribl Stream, configure a Collector via Sources>Collectors>REST.
Set Discover type to Item List, and enter the Discover items, you want to pull.
Set the Collect URL to your tenant, followed by the base API call you are making, with ${id} at the end.
Set the method to GET.
Set the Collect parameters to operation, `head`.
Set the appropriate Collect headers.
Save, test, and schedule your Collector.
Cribl Stream will start receiving data from the Netskope endpoint as it becomes available.
Instrument everything; analyze, troubleshoot, and optimize your software stack
Destination
New Relic is an observability platform built to help engineers create more perfect software. From monoliths to serverless, you can instrument everything, then analyze, troubleshoot, and optimize your entire software stack. All from one place.
This integration is facilitated through the Cribl Stream New Relic Destination.
Configure Stream to send to New Relic via Destinations > New Relic.
Sending of both logs and metrics is supported.
Supply your configuration settings and keys.
Stream will start sending data as it becomes available.