New to observability? Find out everything you need to know.
Cribl Stream is a vendor-agnostic observability pipeline that gives you the flexibility to collect, reduce, enrich, normalize, and route data from any source to any destination within your existing data infrastructure.
Learn More >Cribl Edge provides an intelligent, highly scalable edge-based data collection system for logs, metrics, and application data.
Learn More >Cribl Search turns the traditional search process on its head, allowing users to search data in place without having to collect/store first.
Learn More >The Cribl.Cloud platform gets you up and running fast without the hassle of running infrastructure.
Learn More >Cribl.Cloud Solution Brief
The fastest and easiest way to realize the value of an observability ecosystem.
Read Solution Brief >AppScope gives operators the visibility they need into application behavior, metrics and events with no configuration and no agent required.
Learn More >Explore Cribl’s Solutions by Integrations:
Explore Cribl’s Solutions by Industry:
Get this Gartner® report and learn why telemetry pipeline solutions represent a robust and largely untapped source of business insight beyond event and incident response.
Download Report >Escaping Data Lock-In Amidst Industry Takeovers
Learn how IT & Security engineers increase resilience & provide more options for analysis to make decisions faster with better data.
Watch On-Demand >Try Your Own Cribl Sandbox
Experience a full version of Cribl Stream and Cribl Edge in the cloud.
Launch Now >Get inspired by how our customers are innovating IT, security and observability. They inspire us daily!
Read Customer Stories >Sally Beauty Holdings
Sally Beauty Swaps LogStash and Syslog-ng with Cribl.Cloud for a Resilient Security and Observability Pipeline
Read Case Study >Experience a full version of Cribl Stream and Cribl Edge in the cloud.
Launch Now >Take Control of Your Observability Data with Cribl
Learn More >Cribl Corporate Overview
Cribl makes open observability a reality, giving you the freedom and flexibility to make choices instead of compromises.
Get the Guide >Stay up to date on all things Cribl and observability.
Visit the Newsroom >Cribl’s leadership team has built and launched category-defining products for some of the most innovative companies in the technology sector, and is supported by the world’s most elite investors.
Meet our Leaders >Join the Cribl herd! The smartest, funniest, most passionate goats you’ll ever meet.
Learn More >Want to learn more about Cribl from our sales experts? Send us your contact information and we’ll be in touch.
Talk to an Expert >Cribl values customer trust above all else. We are committed to keeping customer data safe and secure, and have built all Cribl products and services from the ground up with security, compliance, and user privacy as top priorities. We want to be transparent with how we’re following industry compliance standards and data protection laws and regulations, and hope this page gives our customers peace of mind when choosing and using Crib’s suite of products. So please, peruse this information to your heart’s content, and if you have any additional questions around privacy and security, please contact us.
At Cribl, we strive for security by design. With the security approaches Cribl takes, including access management, risk management, and security governance, our customers are able to gain more control, more flexibility, and more confidence when using Cribl products and services.
Our product security program aligns with best practices from the National Institute of Standards and Technology (NIST). Cribl provides developers with training that reinforces secure development and architecture practices, to promote pragmatic security in the development process.
Cribl has dedicated engineers focused on product security. They apply a secure development lifecycle that includes:
Cribl information security professionals receive continuous training and certifications from reputable organizations such as Information Systems Security Certification Consortium, Inc. (ISC2), and Offensive Security. Additionally, our practitioners maintain relationships with security interest groups such as the Open Web Application Security Project (OWASP) and Information System Security Association (ISSA).
Please contact security@cribl.io to get in touch with our product security group.
We align our compliance with continuous risk management to better secure our operational environment, products, services, and — by extension — you and your data. Cribl is currently expanding, and will always expand, our portfolio of Security and Compliance Reports as our customers request them. Reports are available to all customers and prospects under NDA.
Cribl complies with SOC 2 requirements for its Cloud Products and related organizational controls. Cribl received its first SOC 2 Type II attestation report in April 2022 for its initial observation period ending December 31, 2021, and is continuing with annual audits. SOC 2 ensures compliance with worldwide industry standards for data security, and instills confidence in enterprises using Cribl in their observability and cybersecurity environments.
SOC 2 standards are established by the American Institute of Certified Public Accountants (AICPA), and address security controls such as organization and management, monitoring of controls, communications, risk management, and more. The Type II evaluation is a rigorous security verification process focused on systems related to security, availability, processing integrity, confidentiality, and privacy of data. This means that brand manufacturers using Cribl’s suite of products to collect, enrich, distribute, and search their observability and cybersecurity data can feel confident in the secure design and operating effectiveness of Cribl.
We require a mutual non-disclosure agreement (MNDA) before sharing access to our SOC 2 Report and our most recent Penetration Test. Customers may request the MNDA or our security documentation by emailing certifications@cribl.io.
Cribl is committed to the privacy of all our users. Cribl’s Privacy Policy is a plain-language source of information that explains what we collect from users through our interactions with them, as well as why and how we collect this information.
Our Privacy Policy explains Cribl’s commitments under laws and regulations that protect Personal Data, including the European Union’s General Data Protection Regulation (“GDPR”), the California Consumer Privacy Act (“CCPA”), the California Privacy Rights Act (“CPRA”), Canada’s Personal Information Protection and Electronic Documents Act (“PIPEDA”), and other applicable laws and regulations.
For our Canadian subsidiary, our Privacy Officer is the fabulous and limitless Chell Mendiola, who can be contacted at privacy@cribl.io.
Subject to applicable law and regulations, individuals may have rights involving their own Personal Data. Any User may exercise their rights by contacting Cribl’s Privacy Team at privacy@cribl.io.
Cribl gives customers choice with how they want to deploy Cribl Products—Cloud, Hybrid, and On-Premises. Our customers’ specific industry requirements often drive which product(s) they should select. To help you decide, we’ve put together this quick explanation of what it means to work with Cribl.
Where Oh Where Does My Data Go
Cribl offers two main deployment options to our customers:
Cribl products include:
On-Premises Deployment
With an on-premises deployment of Cribl Stream or Edge, the customer remains in complete control over their data. The customer not only controls who has access to the product, internally and externally, but also all of their data from end to end, ingest to output. At our Enterprise and Standard license levels, customers with on-premises deployments are able to turn off anonymized telemetry data from being sent back to Cribl. That telemetry data provides us information on the Product’s functioning, but does not transmit any customer data processed there.
Cribl is able to support customers in healthcare, financial services, and government fields when Cribl Products are deployed on premises because such products are considered Commercial Off The Shelf (COTS) products that allow customers to use internal controls required in those heavily regulated data infrastructures. Indeed, a customer with an on-premises deployment would need to affirmatively send us sensitive information to cause a disclosure.
Cloud and Hybrid Deployments
For our subscription Cribl.Cloud deployments, Cribl.Cloud offers a cloud-based service for dedicated Stream, Edge, and Search environments, so customers can get up and running quickly. Cribl takes care of the infrastructure management and scaling, making this the fastest and easiest way to realize the value of Cribl Products.
Cribl.Cloud is hosted in AWS, meaning there are AWS safeguards and certifications in place; details here. Every Cribl.Cloud account is provisioned in a standalone AWS account, providing full isolation of data and control. This architecture ensures that no sensitive data can be accessed without the correct access controls.
Cribl.Cloud is also SOC 2 Type II certified, and we follow best practices as part of our operations. Cribl’s compliance with SOC 2 security standards, along with the penetration testing and other security activities that Cribl performs, provide assurances that information stored or processed in Cribl.Cloud is secure.
Cribl Site Reliability Engineers (SRE) have access to the Leaders and to Cribl-managed Cloud Workers for management purposes. All SRE activities are audited. Engineers do not have access to hybrid workers, to Edge Fleet nodes, or to customer data as it gets processed through Workers (nor to the S3 buckets that customers use as part of Cribl Search).
When you use Cribl.Cloud in a hybrid deployment, Cribl still offers a Leader node in the Cloud, but some or all of your Worker nodes can be on-premises, on physical or cloud infrastructure that you provide. Because our product features “preview” options on the Leader node to enhance product functionality, data could be viewed from the Leader node by customers. Additionally, when you use Cribl Search, the persistent queuing function could cause information to be viewed from the Leader node. In a full Cloud deployment, some data may be viewable by Cribl customer support through Cribl.Cloud’s processing technologies, with consent from the customer.
Cribl does not yet have specific certifications to demonstrate compliance with security standards for processing certain sensitive data through Cribl.Cloud, including as to sensitive data like personal data, personal health information, payment card information, special categories of personal data protected by applicable laws such as the GDPR, and non-public, personally identifiable consumer financial information.
Customers must only use Cribl Products to process such data only as allowed by applicable law and data protection standards, including the General Data Protection Regulation in the European Union, the California Consumer Privacy Act, the California Privacy Rights Act, Health Insurance Portability and Accountability Act of 1996, the Gramm-Leach-Bliley Act, and the Payment Card Industry Data Security Standards.
Support, Services, Affiliates, and Subprocessors
As a general matter, we have support personnel located globally to provide our subscription services with extended service hours by, taking advantage of our regional presence in each of the time zones. Cribl may provide services through its services personnel or through partners, whichever resource best meets your needs.
Cribl provides support and services remotely and will not generally require access to your physical facilities. Cribl also provides extensive documentation for all of its products. Cribl generally does not perform work-made-for-hire services.
We have agreements in place with all our affiliates, partners, and sub-processors to ensure they provide sufficient protection for your data consistent with applicable privacy and data protection laws. The sub-processors we use are described here.
Do you offer Service Level and Support Commitments?
For our Cloud offerings, we include availability commitments for Cloud Products and response times for support, as we understand and are proud that our products are largely intended for use in your core commercial activities as an organization. These commitments, including our response times and uptime availability targets, are consistent across all customers. We are largely unable to make changes on an individual-customer basis, absent extraordinary circumstances — which are negotiated case by case, and can add length to the contracting process.
Can I request Professional Services?
Absolutely. Cribl can provide work-made-for-hire services, but customized work will be governed by a separately negotiated and executed statement of work (SOW). For more information, read our Services Addendum. In the event you request any professional services, Cribl can work with you to craft a SOW.
Where does my data go in Stream on Cribl.Cloud?
Scenarios:
What about my authentication data in Stream on Cribl.Cloud?
Authentication data – things like secrets and passwords, authentication methods, etc. – are stored on disk in the encrypted Cribl secret store. This data can be removed through Cribl’s UI or over API.
The TL;DR is that Cribl’s cookie settings track user access across our website properties, but we do not track a user once they leave our website. For a more detailed explanation, Cribl may use Personal Data about visitors to the Sites to monitor performance, access, usage, and security of the Sites and the Platform, including as follows:
A cookie is a delicious small sweet food, typically round and flat and has a crisp or chewy texture. Some argue the chocolate chip cookie is the best type of cookie. A cookie is also a tiny element of data that the website can send to your browser, which may then be stored on your computer or mobile device so we can recognize you when you return.
Cookie settings are separated into categories: Strictly Necessary, Functional, Performance, and Targeting. Strictly Necessary cookies are required to use the Cribl’s Platform and Sites and store cookie settings. Users can manage cookie settings for Functional, Performance, and Targeting Cookies. We use cookies for analytics purposes, as well as for certain features of the Sites. You may set your web browser to notify you when you receive a cookie, or to not accept certain cookies. However, if you decide not to accept cookies from the Sites, you may not be able to take advantage of all of the features of our Sites.
Cribl respects consumer privacy. Depending on your state of residence, you may be entitled to certain information regarding the data that Cribl collects.
For California consumers
Under the California Consumer Privacy Act and other laws and regulations, consumers in California have a right to: (1) know about the use, including sharing, of the personal data Cribl collects about them; (2) access the personal data Cribl has collected; (3) request deletion of their personal data, with some exceptions; and (4) the right to opt out of the sale of their personal data. Cribl does not sell the personal data of any users or consumers.
For Virginia consumers
Under the Virginia Consumer Data Protection Act and other laws and regulations, consumers in Virginia have a right to: (1) confirm whether Cribl is processing their personal data; (2) access the personal data that Cribl collects about them, (3) correct inaccuracies in their personal data (considering the nature of that data and purpose of its processing), (4) request deletion of personal data provided by or obtained about the consumer; (5) obtain their personal data in a portable and readily usable format where the processing is carried out by automated means; and (6) opt out of targeted advertising, sale of their personal data, and profiling when that profiling produces significant or legal effects concerning the consumer. Cribl does not sell the personal data of any users or consumers.
For Colorado consumers
Under the Colorado Privacy Act and other laws and regulations, consumers in Colorado have a right to: (1) confirm whether Cribl is processing their personal data; (2) access the personal data that Cribl collects about them; (3) correct inaccuracies in their personal data (considering the nature of that data and purpose of its processing); (4) request deletion of their personal data; (5) obtain their personal data in a portable and, to the extent technically feasible, readily usable format that allows the consumer to transmit the data to another entity without hindrance; and (6) opt out of targeted advertising, the sale of personal data, and profiling when that profiling produces significant or legal effects concerning the consumer. Cribl does not sell the personal data of any users or consumers.
For Individuals in the UK/EEA
Under the UK and EU General Data Protection Regulation, individuals in those countries have certain rights relating their personal data, subject to local data protection laws. Depending on the applicable laws, these rights include:
Exercising These Rights
For any of the above consumers who wish to exercise their privacy rights, please email us at privacy@Cribl.io and include the following:
Because we respect your privacy, we ask that you not include uploads of government issued photo identification for these purposes, any additional verification will be specifically requested, if needed. Should we be unable to take the action requested, you will be entitled to further information regarding why the requested action could not be taken.
Cribl does not discriminate in response to privacy requests.
Cribl’s legal work is inspired by Cribl’s core value of Customers First, Always, so we work hard to ensure that our customers, partners, and vendors have a best-in-class experience with Cribl. Cribl’s focus on our customers is reflected in our standard terms of service. Using plain language and terms that are fair to both Cribl and our customers, Cribl’s standard terms of service make contracting with Cribl as simple and as fast as possible.
What are Cribl’s standard terms of service?
Our standard terms are specifically tailored to Cribl Products, and they address purchases of all Cribl Products. Cribl Products are offered via term licenses provided on a subscription basis so we do not offer perpetual licenses.
Cribl’s standard terms include a data processing addendum that describes Cribl’s commitment to industry standard data protection and processing standards, a compliance addendum that explains applicable legal and reporting requirements, a services addendum that covers services that we may provide you, and Cribl’s Privacy Policy, which describes how Cribl collects, uses and shares your personal information. Cribl’s standard terms also provide information about pricing, documentation, and support services.
During the purchase process, the vast majority of our customers are presented with a Cribl quote detailing the commercial terms of the subscription, including subscription length and associated fees. The quote generally indicates that the purchase is subject to Cribl’s standard terms, unless a custom agreement is executed between the parties.
Does Cribl accept changes to its standard terms or enter into custom sales agreements?
Cribl will consider changes to its standard terms and enter into custom agreements with customers for contracts greater than $50,000 per year. Cribl is not able to accept changes to its standard terms for contracts below $50,000 per year, including temporary license agreements for proof-of-value demonstrations.
Cribl is committed to being a partner that our customers can trust to do what we say we are going to do. We cannot accept changes to our standard terms or enter into custom agreements with customers who contravene Cribl’s business practices, or who jeopardize our ability to perform under our contracts or to protect our Products. Like most enterprise software companies, we cannot scale our business if we have custom requirements for each of our customers.
Can I buy Cribl products through channel partners?
Yes, you can buy Cribl Products through any of our authorized channel partners. Many of our customers have long-standing relationships with channel partners. As a result, Cribl has been intentional about cultivating and educating established channel partners about our products and offerings. In the event you acquire Cribl Products through an authorized channel partner (i.e., a reseller, distributor, or managed service provider), the channel partner will flow down Cribl’s standard terms to govern the use of Cribl Products, and you may see our standard terms through a clickthrough agreement; however, all payment-related terms will be independently negotiated and set forth in the applicable agreement between you and your channel partner. Any financial agreements you enter into with a channel partner will be between you and the channel partner and shall not be binding upon Cribl except as acknowledged by us in our quote to the reseller or distributor.
Does Cribl offer termination for convenience?
Because of our commitment to your satisfaction and happiness, the answer is Yes. Cribl wants to help our customers with existing subscription levels, enriching their data, and making effective use of their data flows. We are proud to put you first, and if we are not the solution for you, you can terminate your subscription with 30 days’ notice.
Does Cribl offer refunds for early termination?
Yes, if you purchase under our standard terms and you terminate for convenience before the end of your current subscription term, Cribl will provide you a prorated refund of any unused amounts you pre-paid for the current term. However, Cribl cannot refund Cribl Credits, Cribl Product Credits, Service Credits, or other prior payments made related to Cloud Products. This is because (1) we recognize sales revenue in compliance with generally accepted accounting principles (GAAP), and (2) our Cloud Products are provided up front and the discounts offered for those purchases are based on the customer’s purchase at the rates negotiated.
How is liability structured in Cribl’s standard terms?
Cribl is able to offer its competitive pricing based on assurances provided relating to the use of our Products relating to respecting the rights of third parties, adherence to applicable laws, and are limited to the value of the contract. Any changes to our liability exposure may result in the necessity of a proportional change to the pricing model we are able to offer.
Does Cribl provide indemnity for intellectual property infringement claims?
Yes, Cribl offers indemnity for intellectual property infringement claims in its standard terms.
What governing law and venue does Cribl offer?
For U.S. customers, our standard terms are subject to the laws and venue of the State of California, but we may also agree to Delaware and New York. For our international customers, we can agree to the law of England and Wales. We find that the precedent and case law regarding business disputes is ample within these jurisdictions, and the courts are competent to hear sophisticated matters.
What insurance does Cribl carry?
Since Cribl does not provide any on-site services, it maintains adequate insurance coverage as required by law or regulation, with insurance policies that cover Cyber Liability, Worker’s Compensation, and Commercial Crime. Upon written request, Cribl can provide Certificates of Insurance evidencing its insurance coverages.
What are Cribl’s compliance requirements?
Cribl is an American company and is committed to compliance with all applicable export controls and sanctions laws as detailed in our Compliance Addendum which is a part of our standard terms. Additionally, for those we source from, we have certain requirements that we expect our suppliers and vendors to adhere to that are also detailed in that addendum.
Does Cribl sign Business Associate Agreements under HIPAA?
Cribl does not sign Business Associate Agreements (“BAAs”) or other similar contract addenda because Cribl is not a “Business Associate” as that term is defined under the Health Insurance Portability and Accountability Act (“HIPAA”). Cribl Products are not intended for the transmission, storing, or otherwise processing of personal health information (“PHI”). We consider incidental disclosures of PHI as falling outside the scope of HIPAA.
To learn more about legal, visit the Cribl Legal page.
Purpose
Cribl makes open observability a reality for today’s tech professionals. The Cribl product suite defies data gravity with radical levels of choice and control. Wherever the data comes from, wherever it needs to go, Cribl delivers the freedom and flexibility to make choices, not compromises.
The Cribl product security team acknowledges the valuable role that honest, independent security researchers and bug reporters play in the overall security of connected systems. As a result, we encourage the responsible reporting of any vulnerability that may be present in our applications and services. Cribl is committed to working with security researchers to verify and address potential vulnerabilities that are reported to us.
For these reasons, Cribl provides a responsible disclosure program for all of its products and services. The program is governed by the Responsible Disclosure Addendum and these terms. Please review both before you test or report a vulnerability to Cribl. We will provide a safe harbor to security researchers as long as they adhere to program requirements and are acting in good faith.
Reporting
If you have details of a suspected vulnerability, please reach out to the Cribl product security team by sending an email to security@cribl.io. You can use our PGP Key to encrypt the email.
PGP Fingerprint: 93BCCB5500D176D131D06C41892C4E60AA85BA2B
Our public key is available here: https://cribl.io/.well-known/cribl_security_pgp.asc
If you feel your account may have been compromised, do not hesitate to contact the Cribl support team at https://cribl.io/support/.
If you have a fraud, abuse, or misconduct concern you wish to report, you can submit it one of three ways:
Policy
We will investigate all legitimate reports and make every effort to quickly correct any vulnerability. We ask in return that you:
Cribl encourages the responsible and ethical discovery and reporting of vulnerabilities. The following conduct is expressly prohibited:
All parts of our applications and services available to customers are in scope and are our primary interest. Please have a look below for out of scope targets.
Cribl uses a number of third-party providers and services. Our disclosure program does not give you permission to perform security testing on their systems. The following third-party systems are excluded: