Cribl puts your IT and Security data at the center of your data management strategy and provides a one-stop shop for analyzing, collecting, processing, and routing it all at any scale. Try the Cribl suite of products and start building your data engine today!
Learn more ›Evolving demands placed on IT and Security teams are driving a new architecture for how observability data is captured, curated, and queried. This new architecture provides flexibility and control while managing the costs of increasing data volumes.
Read white paper ›Cribl Stream is a vendor-agnostic observability pipeline that gives you the flexibility to collect, reduce, enrich, normalize, and route data from any source to any destination within your existing data infrastructure.
Learn more ›Cribl Edge provides an intelligent, highly scalable edge-based data collection system for logs, metrics, and application data.
Learn more ›Cribl Search turns the traditional search process on its head, allowing users to search data in place without having to collect/store first.
Learn more ›Cribl Lake is a turnkey data lake solution that takes just minutes to get up and running — no data expertise needed. Leverage open formats, unified security with rich access controls, and central access to all IT and security data.
Learn more ›The Cribl.Cloud platform gets you up and running fast without the hassle of running infrastructure.
Learn more ›Cribl.Cloud Solution Brief
The fastest and easiest way to realize the value of an observability ecosystem.
Read Solution Brief ›Cribl Copilot gets your deployments up and running in minutes, not weeks or months.
Learn more ›AppScope gives operators the visibility they need into application behavior, metrics and events with no configuration and no agent required.
Learn more ›Explore Cribl’s Solutions by Use Cases:
Explore Cribl’s Solutions by Integrations:
Explore Cribl’s Solutions by Industry:
September 25 | 10am PT / 1pm ET
Hold my beer: lessons from one team’s data pipeline journey
Register ›Try Your Own Cribl Sandbox
Experience a full version of Cribl Stream and Cribl Edge in the cloud.
Launch Now ›Get inspired by how our customers are innovating IT, security and observability. They inspire us daily!
Read Customer Stories ›Sally Beauty Holdings
Sally Beauty Swaps LogStash and Syslog-ng with Cribl.Cloud for a Resilient Security and Observability Pipeline
Read Case Study ›Experience a full version of Cribl Stream and Cribl Edge in the cloud.
Launch Now ›Transform data management with Cribl, the Data Engine for IT and Security
Learn More ›Cribl Corporate Overview
Cribl makes open observability a reality, giving you the freedom and flexibility to make choices instead of compromises.
Get the Guide ›Stay up to date on all things Cribl and observability.
Visit the Newsroom ›Cribl’s leadership team has built and launched category-defining products for some of the most innovative companies in the technology sector, and is supported by the world’s most elite investors.
Meet our Leaders ›Join the Cribl herd! The smartest, funniest, most passionate goats you’ll ever meet.
Learn More ›Whether you’re just getting started or scaling up, the Cribl for Startups program gives you the tools and resources your company needs to be successful at every stage.
Learn More ›Want to learn more about Cribl from our sales experts? Send us your contact information and we’ll be in touch.
Talk to an Expert ›In a recent user group meeting, guest speaker Marc Luescher from Amazon Web Services (AWS) joined us to give an overview of Amazon Security Lake. We talked about Cribl use cases and how Cribl Stream can bring your non-AWS data into the Security Lake.
Enterprises are dealing with some significant challenges with security data in 2023. Inconsistent, incomplete, poorly-formatted log data is simultaneously scattered across companies and locked up in different silos within the organization.
As if that isn’t enough, security data is growing by about 30% per year, making managing it even more difficult. If your data is exactly where it needs to be, in the format you want it in, and you’re miraculously keeping up with this pace of growth, getting it to a place where you can analyze it requires specialized tools that end up creating duplicates and increasing licensing costs.
Another big problem is the lack of direct control over data, which often gets locked into a SIEM or another tool that makes it hard to get the data out again if needed.
To help address the issues, AWS, Splunk, and a few other organizations announced that the open cybersecurity schema framework (OCSF) would be public domain as of August 2022. OCSF is an open-source project designed to deliver simplified security data.
All that simplified security data is stored in Amazon Security Lake — a centralized location for data from AWS environments, SaaS providers on-prem, and cloud sources across AWS regions. The Security Lake caches, pre-processes, and normalizes security data in the OCSF standard for more efficient storage and query performance — so you can use your vendor of choice to look at and control your data.
It also consolidates the data from VPC, CloudTrail, Route 53, S3, and Lambda — as well as event findings from the AWS Security Hub and connecting services like AWS GuardDuty, Inspector, IAM Access Analyzer, Macie, and more. The Security Lake is stored on an S3 bucket in a management account where you can query it using Amazon Athena, OpenSearch, SageMaker, or your SIEM/XDR tool of choice.
With the Amazon Security Lake, you can integrate data from over 60 sources, normalize AWS logs in OCSF, and store data in an S3 bucket. Security Lake centralizes security-related logs and findings, helping Security Operations teams streamline their process so they can spend more time investigating security issues and less time collecting and normalizing logs. The data lifecycle management capabilities allow you to specify data that’s old enough to be archived, so you don’t have to keep it in Glacier Flexible Retrieval instead of some other more expensive storage. You can still use your analytics tool of choice as long as the vendor supports OCSF.
Cribl Packs allow Cribl Stream customers to build and share configuration models across distributed Cribl Stream deployments. The pre-built pipelines, lookups, data samples, and knowledge objects reduce costs and engineering time by reducing complexity and giving users an isolated, secure space to build, test, and share their work. This enables your team to accelerate data onboarding from any 3rd party source to gain greater visibility across your security and operating environments
Packs are available in the Cribl Packs Dispensary to support bringing data from these sources into your Amazon Security Lake: CrowdStrike, Palo Alto threat and traffic logs, Azure audit logs, GCP audit logs, Zscaler web and firewall logs, Cisco ASA and FTD, and Sentinel One Cloud Funnel. Of course, we make it easy to convert your data into OCSF as you move data into Amazon Security Lake.
You also have the option to build your own pipeline and Cribl Pack to support the conversion of any log file to OCSF/Parquet format and get it to your Amazon Security Lake. This allows you to enrich raw data from any source with a repeatable transformation process that requires minimal effort for modifications.
Here is some information on how to create a Cribl Pack — stay tuned for more detailed instructions for making them compatible specifically with Amazon Security Lake.
Using Cribl Search to search data in Amazon Security Lake is like having a superpower. In one of our previous blogs, we dove deep into the benefits of setting up a data loop with Cribl Search, Cribl Stream, and your own data lake. Using Cribl Search, you can increase the scope of analysis and mine data at rest in OCSF for quicker searches to capture deeper insights.
Learn how Cribl can help you with your AWS use case with a custom demo. Test it out for yourself by leveraging our AWS-validated open-source Cribl Packs and our Amazon Security Lake destination tile with a Free Trial of Cribl Stream on AWS Marketplace.
Cribl, the Data Engine for IT and Security, empowers organizations to transform their data strategy. Customers use Cribl’s suite of products to collect, process, route, and analyze all IT and security data, delivering the flexibility, choice, and control required to adapt to their ever-changing needs.
We offer free training, certifications, and a free tier across our products. Our community Slack features Cribl engineers, partners, and customers who can answer your questions as you get started and continue to build and evolve. We also offer a variety of hands-on Sandboxes for those interested in how companies globally leverage our products for their data challenges.
Experience a full version of Cribl Stream and Cribl Edge in the cloud with pre-made sources and destinations.
Classic choice. Sadly, our website is designed for all modern supported browsers like Edge, Chrome, Firefox, and Safari
Got one of those handy?