Page 7 of 9
Monitor Office 365 and Azure AD audit and activity logs
Source
The Office 365 Management Activity API is used to retrieve information about user, admin, system, and policy actions and events from Office 365 and Azure AD activity logs. You can use the actions and events from the Office 365 and Microsoft Azure Active Directory audit and activity logs to create solutions that provide monitoring, analysis, and data visualization. These solutions give organizations greater visibility into actions taken on their content. These actions and events are also available in the Office 365 Activity Reports.
This is a built-in integration between Cribl Stream and the Office 365 Management Activity API.
Find the integration in LogStream through Sources > Office 365 Activity.
Supply your Tenant ID, App ID and Client Secret.
Stream will fetch data on the scheduled interval you’ve configured
Retrieve events from Office 365 and Azure AD activity logs
Source
You can use the Microsoft Office 365 Management Activity API to retrieve information about user, admin, system, and policy actions and events from Office 365 and Azure Active Directory audit and activity logs. This information can be fed to monitoring, analysis, and data visualization solutions that offer organizations greater visibility into actions taken on their content.
This is a built-in integration through the Cribl Stream’sOffice 365 Activity Source.
Configure Stream to receive data from the Office 365 Management Activity API via Sources > Office 365 Activity.
Specify the Office 365 Azure Tenant ID, App ID, Client Secret, subscription plan, and content types and poll intervals, along with optional parameters.
Stream will start receiving Office 365 data as it becomes available.
Exchange traces and metrics with OTLP-compliant senders and targets
Destination
The OpenTelemetry Protocol (OTLP) supports instrumenting, generating, and processing telemetry data (metrics and traces) to analyze software’s performance and behavior. The protocol is open-source and vendor-neutral.
Otel as Destination and Stream as a source
Configure Stream to send data to your OTel targets via Destinations > OpenTelemetry.
Specify the endpoint, backpressure behavior, optional TLS and authentication settings, and optional throttling parameters.
Stream will start sending data to the OTel targets as it becomes available.
Exchange traces and metrics with OTLP-compliant senders and targets
Source
The OpenTelemetry Protocol (OTLP) supports instrumenting, generating, and processing telemetry data (metrics and traces) to analyze software’s performance and behavior. The protocol is open-source and vendor-neutral.
This is a built-in integration between Cribl Stream and OTLP-compliant senders and targets.
OTel as Source and LogStream as a destination
Configure Stream to listen for OTel data via Sources > OpenTelemetry.
Specify the address, port, optional authentication and TLS settings, and optional throttling and extraction parameters.
Stream will start fetching data as it becomes available.
Automate and enhance security operations with Cortex XSIAM, using AI to centralize data, improve threat detection, and accelerate incident response across your SOC.
Destination
Cortex XSIAM unifies best-in-class functions, including EDR, XDR, SOAR, ASM, UEBA, TIP, and SIEM. Using a security-specific data model and applying machine learning, XSIAM automates data integration, analysis, and triage to respond to most alerts.
This is a built-in integration through the Cribl Stream XSIAM Destination.
XSIAM as a Destination and Stream as a Source.
Configure Stream to send data to Cortex XSIAM via Destinations > XSIAM.
Specify the output ID, XSIAM endpoint URL, and optional description.
Send events in either CEF, LEEF, Syslog, JSON, or Raw format.
Stream validates and converts these fields into HTTP headers, ensuring compliance with XSIAM requirements.
Stream will start sending data as it becomes available.
Open-source monitoring and alerting for time-series data
Destination
Prometheus is an open-source systems monitoring and alerting toolkit, widely used to collect time-series metrics.
This is a built-in integration between Cribl Stream and Prometheus. Stream’s Prometheus Destination can send metric events to targets and third-party platforms that support Prometheus’ remote_write spec.
Stream as Source and Prometheus targets as destinations
Configure Stream to send data to Prometheus targets via Destinations > Prometheus.
Specify the Remote Write URL, backpressure behavior, authentication type and credentials, and optional parameters.
Stream will start sending out data to the Prometheus targets as it becomes available.
Open-source monitoring and alerting for time-series data
Source
Prometheus is an open-source system monitoring and alerting toolkit. Cribl Stream can ingest streaming time-series metrics from Prometheus instances via the Prometheus remote write protocol.
This is a built-in integration between Cribl Stream and Prometheus.
Configure Stream to read data from Prometheus via Sources > Prometheus > Remote Write.
Specify the address, port, remote write endpoint, authentication mechanism and credentials, optional TLS settings, and other optional parameters.
Poll interval, log level, extra dimensions to include in events, discovery type, and corresponding discovery parameters (including Prometheus targets, for static discovery).
Stream will start fetching Prometheus data as it becomes available.
Open-source monitoring and alerting for time-series data
Source
Prometheus is an open-source systems monitoring and alerting toolkit, widely used to collect time-series metrics.
This is a built-in integration between Cribl Stream and Prometheus. Stream’s Prometheus Destination can send metric events to targets and third-party platforms that support Prometheus’ remote_write spec.
Prometheus as Source and Stream as a destination
Configure Stream to read data from Prometheus via Sources > Prometheus.
Specify the poll interval, log level, extra dimensions to include in events, discovery type, and corresponding discovery parameters (including Prometheus targets, for static discovery).
Stream will start fetching Prometheus data as it becomes available.
Stream as Source and Prometheus targets as destinations
Configure Stream to send data to Prometheus targets via Destinations > Prometheus.
Specify the Remote Write URL, backpressure behavior, authentication type and credentials, and optional parameters.
Stream will start sending out data to the Prometheus targets as it becomes available.
Monitor and observe cloud infrastructure, microservices, applications, functions, and containers
Destination
SignalFx/Splunk Software Infrastructure Monitoring is a real-time monitoring and metrics service for cloud infrastructure, microservices, and applications.
This integration is facilitated through the Cribl Stream SignalFx Destination.
Configure Stream to send to SignalFx via Destinations > SignalFx.
Supply your configuration settings and Auth token.
Route and analyze alert messages from remote SNMP devices
Destination
Simple Network Management Protocol (SNMP) traps are asynchronous alert messages sent from a remote SNMP-enabled device to a central manager.
This is a built-in integration through the Cribl Stream SNMP Trap Source and/or Destination.
SNMP Trap as Destination and Stream as a source
Configure Stream to send data to SNMP outputs via Destinations > SNMP Trap.
Specify the address and port for each SNMP output that should receive traps, along with optional parameters.
Stream will start sending data as it becomes available.
Route and analyze alert messages from remote SNMP devices
Source
Simple Network Management Protocol (SNMP) traps are asynchronous alert messages sent from a remote SNMP-enabled device to a central manager.
This is a built-in integration through the Cribl Stream SNMP Trap Source and/or Destination.
SNMP Trap as Source and Stream as a destination
Configure Stream to listen for SNMP trap data via Sources > SNMP Trap.
Specify the address to bind on, the UDP port to listen on, and optional parameters.
Stream will start fetching data as it becomes available.
Unify data warehouses, lakes, and silos for storage and analysis
Destination
Snowflake is a cloud-based, fully-managed platform that enables data storage and analytic solutions for data warehousing, data lakes, data engineering, data science, data application development, and for securely sharing and consuming shared data.
This integration is facilitated through the Cribl Stream S3 Destination.
Configure Stream to send data to S3 via Destinations > Amazon S3.
Supply your configuration settings. IAM roles and keys are both supported.
Stream will start sending data to S3 for Snowflake to read.