Cribl puts your IT and Security data at the center of your data management strategy and provides a one-stop shop for analyzing, collecting, processing, and routing it all at any scale. Try the Cribl suite of products and start building your data engine today!
Learn more ›Evolving demands placed on IT and Security teams are driving a new architecture for how observability data is captured, curated, and queried. This new architecture provides flexibility and control while managing the costs of increasing data volumes.
Read white paper ›Cribl Stream is a vendor-agnostic observability pipeline that gives you the flexibility to collect, reduce, enrich, normalize, and route data from any source to any destination within your existing data infrastructure.
Learn more ›Cribl Edge provides an intelligent, highly scalable edge-based data collection system for logs, metrics, and application data.
Learn more ›Cribl Search turns the traditional search process on its head, allowing users to search data in place without having to collect/store first.
Learn more ›Cribl Lake is a turnkey data lake solution that takes just minutes to get up and running — no data expertise needed. Leverage open formats, unified security with rich access controls, and central access to all IT and security data.
Learn more ›The Cribl.Cloud platform gets you up and running fast without the hassle of running infrastructure.
Learn more ›Cribl.Cloud Solution Brief
The fastest and easiest way to realize the value of an observability ecosystem.
Read Solution Brief ›Cribl Copilot gets your deployments up and running in minutes, not weeks or months.
Learn more ›AppScope gives operators the visibility they need into application behavior, metrics and events with no configuration and no agent required.
Learn more ›Explore Cribl’s Solutions by Use Cases:
Explore Cribl’s Solutions by Integrations:
Explore Cribl’s Solutions by Industry:
September 25 | 10am PT / 1pm ET
Hold my beer: lessons from one team’s data pipeline journey
Register ›Try Your Own Cribl Sandbox
Experience a full version of Cribl Stream and Cribl Edge in the cloud.
Launch Now ›Get inspired by how our customers are innovating IT, security and observability. They inspire us daily!
Read Customer Stories ›Sally Beauty Holdings
Sally Beauty Swaps LogStash and Syslog-ng with Cribl.Cloud for a Resilient Security and Observability Pipeline
Read Case Study ›Experience a full version of Cribl Stream and Cribl Edge in the cloud.
Launch Now ›Transform data management with Cribl, the Data Engine for IT and Security
Learn More ›Cribl Corporate Overview
Cribl makes open observability a reality, giving you the freedom and flexibility to make choices instead of compromises.
Get the Guide ›Stay up to date on all things Cribl and observability.
Visit the Newsroom ›Cribl’s leadership team has built and launched category-defining products for some of the most innovative companies in the technology sector, and is supported by the world’s most elite investors.
Meet our Leaders ›Join the Cribl herd! The smartest, funniest, most passionate goats you’ll ever meet.
Learn More ›Whether you’re just getting started or scaling up, the Cribl for Startups program gives you the tools and resources your company needs to be successful at every stage.
Learn More ›Want to learn more about Cribl from our sales experts? Send us your contact information and we’ll be in touch.
Talk to an Expert ›Case Study
“SINCE WE’VE ADOPTED CRIBL STREAM, WE’RE NO LONGER HELD HOSTAGE TO OUR SIEM TA’S — WE CAN ONBOARD SYSTEMS MUCH FASTER NOW.”
ERIC JEANMAIRE, CEO
“CRIBL STREAM’S IMMEDIATE VALUE PROPOSITIONS WERE THAT IT ALIGNED WELL WITH OUR ARCHITECTURE, AND IT PROVIDED SIGNIFICANT DATA REDUCTION THAT ALLOWED US TO USE OUR SIEM LICENSING ELSEWHERE.”
ERIC JEANMAIRE, CEO
“CRIBL HAD IMMEDIATE VALUE TO US AND OUR CUSTOMERS — WE KNOW THERE’S EVEN MORE SAVINGS COMING.”
ERIC JEANMAIRE, CEO
Share:
One of Finality’s most common challenges is navigating federal agencies’ license limits with their SIEM (security and information event management) providers. As data volumes increase alongside stagnant budgets, this problem becomes more prevalent and difficult to manage.
Eric Jeanmaire, Finality’s CEO, was in search of an innovation to address this problem when he was introduced to Cribl Stream in October 2020 — less than a year before the Executive Order on Improving the Nation’s Cybersecurity and subsequent memorandum M-21-31 were issued. Significantly greater log collection, retention, and analysis requirements, coupled with the urgency of business imperatives, compelled the Finality team to implement Cribl Stream within the Department of Homeland Security just one month later.
Since deploying Cribl Stream, the Finality team has found it easier to fulfill their commitment to his Federal Customers. Agencies can’t afford to onboard new system data from a financial perspective, but they can’t afford not to from a security perspective — so being able to make room for additional logs was one of the most immediate value propositions.
Cribl Stream allows admins to filter out repetitive or otherwise unnecessary data. Logs can be filtered in their entirety or at the individual field level to remove as much bloat as possible. Eric and his team have seen great results.
“Being able to get a 47% reduction on average in our Windows Events by dropping repetitive fields is huge — because all of that can go into onboarding additional logs that we need from other systems.”
Eric Jeanmaire
CEO
The ease-of-use and scalability of Cribl Stream was a big factor in Finality’s decision to build Stream into the security and compliance stack he delivers for his customers. Because of how easy it is to deploy and scale, Finality has been able to onboard data 10 times faster than before. That increase is representative in accelerating data extractions and making it easier to map data to Splunk’s Common Information Model (CIM), making for better and faster correlations once data hits the SIEM, as well as ensuring data consistency in both the SIEM and in S3 or other cheap storage.
For one of the federal agencies they work with, nothing gets deployed manually — so Stream fits nicely into the automated pipelines of the customer’s environment.
“I like that Cribl Stream leans towards open source but also adopts a lot of modern architecture best practices. We can scale a cluster very easily and replace or upgrade nodes automatically. Everything is version controlled through Git, so it makes for an easy deployment.”
Eric Jeanmaire
CEO
“We’ve shifted CPU-intensive activities-like CMDB and threat enrichment–to Cribl Stream, adding to our SIEM license and infrastructure savings. By doing our data model compliance at the Cribl level, we’re taking away a lot of that compute utilization from our indexers. Savings can still be had, even in the new licensing schema.”
Eric Jeanmaire
CEO
Another benefit of Cribl Stream is the ability to capture and analyze production data without disruption to operations. With Cribl’s innovative ability to see data manipulations and changes visually through the UI as they would appear in Splunk or Elastic beforehand, Cribl eliminates hard cutovers, perfect for SOCs that need to collect data 24/7 and don’t want to suffer any feed outages.
Eric and his team take advantage of this by first using Cribl as a catch-all pipeline that simply forwards the data to its destination. Then, they can cut over single feeds as necessary.
“With Cribl Stream, we can capture feeds as they're flowing through, create samples, work on our pipeline, QA it, and then turn the pipeline on. From there, we can shift to doing field extraction, normalization, and data model compliance right in Stream, without having it flow through our catch-all.”
Eric Jeanmaire
CEO
Instead of burning developer hours updating technical add-ons (TAs), the Finality team leverages Stream as the universal connector to prepare data.
“It’s easy to wean yourself off of TAs that need updating by cutting feeds over to Cribl Stream as you're ready. It doesn't have to be one big upfront effort to rewrite all of them on day one.”
Eric Jeanmaire
CEO
One of the architectural, best-practice decisions that Finalty made is to only develop content off of their data models. Cribl Stream makes it easy to transform raw data to your destination schema of choice, to accelerate identification of important Indicators of Compromise (IOCs).
“It’s easy to get into trouble operating products over time when you have written a lot of content off of raw feeds. You really have to make sure you're sticking to Data Model compliance, and Cribl is a great way to ensure CIM compliance very quickly.”
Eric Jeanmaire
CEO
“With Cribl Stream, we’ve dramatically shortened the content delivery timeline. New source data goes to Stream, and we do field extraction, normalization, and data model compliance all in Stream instead of our SIEM. Then we can start working on detection content and correlation searches much more quickly.”
Eric Jeanmaire
CEO
Partnering with Cribl is a great choice for systems integrators looking to enhance their offerings and deliver value to customers. Cribl complements and enhances already-existing tooling, allowing for repeatable, automated management and configurations. Spend less time onboarding data and working with outdated TAs and spend more time delivering value to your customers.
With free training, reference architectures, and sandboxes, SIs can easily develop certified subject matter experts (SME’s) who can leverage Cribl’s capabilities. Our team is well-staffed with a bench of knowledgeable folks willing to help, and a great Federal team that provides support when needed to meet any and all deadlines.
Classic choice. Sadly, our website is designed for all modern supported browsers like Edge, Chrome, Firefox, and Safari
Got one of those handy?