Cribl puts your IT and Security data at the center of your data management strategy and provides a one-stop shop for analyzing, collecting, processing, and routing it all at any scale. Try the Cribl suite of products and start building your data engine today!
Learn more ›Evolving demands placed on IT and Security teams are driving a new architecture for how observability data is captured, curated, and queried. This new architecture provides flexibility and control while managing the costs of increasing data volumes.
Read white paper ›Cribl Stream is a vendor-agnostic observability pipeline that gives you the flexibility to collect, reduce, enrich, normalize, and route data from any source to any destination within your existing data infrastructure.
Learn more ›Cribl Edge provides an intelligent, highly scalable edge-based data collection system for logs, metrics, and application data.
Learn more ›Cribl Search turns the traditional search process on its head, allowing users to search data in place without having to collect/store first.
Learn more ›Cribl Lake is a turnkey data lake solution that takes just minutes to get up and running — no data expertise needed. Leverage open formats, unified security with rich access controls, and central access to all IT and security data.
Learn more ›The Cribl.Cloud platform gets you up and running fast without the hassle of running infrastructure.
Learn more ›Cribl.Cloud Solution Brief
The fastest and easiest way to realize the value of an observability ecosystem.
Read Solution Brief ›Cribl Copilot gets your deployments up and running in minutes, not weeks or months.
Learn more ›AppScope gives operators the visibility they need into application behavior, metrics and events with no configuration and no agent required.
Learn more ›Explore Cribl’s Solutions by Use Cases:
Explore Cribl’s Solutions by Integrations:
Explore Cribl’s Solutions by Industry:
September 25 | 10am PT / 1pm ET
Hold my beer: lessons from one team’s data pipeline journey
Register ›Try Your Own Cribl Sandbox
Experience a full version of Cribl Stream and Cribl Edge in the cloud.
Launch Now ›Get inspired by how our customers are innovating IT, security and observability. They inspire us daily!
Read Customer Stories ›Sally Beauty Holdings
Sally Beauty Swaps LogStash and Syslog-ng with Cribl.Cloud for a Resilient Security and Observability Pipeline
Read Case Study ›Experience a full version of Cribl Stream and Cribl Edge in the cloud.
Launch Now ›Transform data management with Cribl, the Data Engine for IT and Security
Learn More ›Cribl Corporate Overview
Cribl makes open observability a reality, giving you the freedom and flexibility to make choices instead of compromises.
Get the Guide ›Stay up to date on all things Cribl and observability.
Visit the Newsroom ›Cribl’s leadership team has built and launched category-defining products for some of the most innovative companies in the technology sector, and is supported by the world’s most elite investors.
Meet our Leaders ›Join the Cribl herd! The smartest, funniest, most passionate goats you’ll ever meet.
Learn More ›Whether you’re just getting started or scaling up, the Cribl for Startups program gives you the tools and resources your company needs to be successful at every stage.
Learn More ›Want to learn more about Cribl from our sales experts? Send us your contact information and we’ll be in touch.
Talk to an Expert ›Igor is a Principal Security Solutions Engineer at Cribl. In the past 20+ years he has be... Read Moreen helping organizations to find the best, and, more importantly, the simplest solutions to their security and IT problems. He also builds tools like InfoSec app for Splunk used by 5000+ security teams. He is very passionate about getting sense out of all kinds of data, and has very strong opinions about vendors using ML and AI just because it is flashy. Read Less
At Cribl, we have the privilege of helping our customers achieve their strategic data goals by giving them visibility and control over all of their observability data. The reality today is that data is commonly stored across many places. Whether intentional (such as using Cribl Stream to create a security data lake) or unintentional (because of silos and tool sprawl), organizations desire the ability to access and analyze all of this information at any time. One such time could be during a security investigation, like when our analytics tool or SIEM has signaled a potential indicator of compromise (IOC). What if we had a way to send that signal to a simple, intuitive workflow engine that could help automatically search our data estate for possible related logs over a period of time? And what if we could get those results and route or store them to our choice of destination(s)? Since it’s #CybersecurityAwarenessMonth, we’d like to give you a jump start on your incident alerting and SOAR processes!
Enter Tines, the platform purpose-built to automate and integrate processes like this security orchestration, automation, and response (SOAR) playbook we need. With Tines and Cribl Search, we can take an IOC from our SIEM and search our data in place to return any relevant results in an automated runbook. There’s no reason to push data around needlessly or query it manually!
Consider the scenario where we have data stored outside of our SIEM that we need to query based on our IOC, a suspicious IP address:
Our SIEM kicks off an alert (1) that is received by Tines and includes a suspicious IP address. Tines help construct a query that will be sent to the Cribl Search API for a configured time range and this IOC (2). Cribl Search executes the query against our data in-place – data that may not have been sent to the SIEM originally, is still on the host, or perhaps has aged out of the SIEM and archived to a data lake. The relevant results are returned by Search to Tines (3), which can parse and format them to be delivered to the desired destination (4).
No one likes starting from scratch (except during the pandemic when baking was all the rage), so Tines has a Library with hundreds of prebuilt workflows to get you going quickly. The Cribl Story is available for you today to get a jump start on your automation and playbooks. It has everything you need to get started, including places to set authentication and the API calls to get the queries going:
And with Cribl Search, organizations are shifting their thinking when it comes to where to keep their data. Previously, we would have had to do something else to get our results. One option would be to send all data to the SIEM and retain it there. This normally results in increased license and storage costs and forces us to put an additional load on the software. Another option could be to use a form of rehydration. This might mean reloading old data index files or re-ingesting large amounts of data. Processing in this way is cumbersome, time-consuming, and usually has high labor and infrastructure costs. Finally, we might leverage a storage provider’s native capability to search the data. While helpful, using these tools usually includes a high learning curve and doesn’t help with data stored in other providers.
Search allows us to store information in cost-effective ways, like with object storage, and gives us control and flexibility over retention and lifecycle policies. Data lakes quickly become even more valuable with the ability to easily search them in place. Having data in multiple places is no longer an obstacle; we can access this across platforms at will. All of this in turn lets us maximize the value we can achieve out of our other analytics tools.
If you haven’t already, you should try out Tines! What will you build with their smart, secure workflow platform? Sign up for free today or talk to their team to learn more. Cribl Search is available with every Cribl Cloud account. Sign-up today for a free account to gain instant access to Cribl Search!
Cribl, the Data Engine for IT and Security, empowers organizations to transform their data strategy. Customers use Cribl’s suite of products to collect, process, route, and analyze all IT and security data, delivering the flexibility, choice, and control required to adapt to their ever-changing needs.
We offer free training, certifications, and a generous free usage plan across our products. Our community Slack features Cribl engineers, partners, and customers who can answer your questions as you get started. We also offer a hands-on Sandbox for those interested in how companies globally leverage our products for their data challenges.
Experience a full version of Cribl Stream and Cribl Edge in the cloud with pre-made sources and destinations.
Classic choice. Sadly, our website is designed for all modern supported browsers like Edge, Chrome, Firefox, and Safari
Got one of those handy?