Enriching Data in Motion with Ingest-Time Lookups

Adding context with lookups is an awesome way to enrich your operational data. Whether you're running simple searches or reporting on your events the more information they carry, the greater their utility. For example, if proxy or firewall logs indicate that an internal host is communicating with an external address that is known to be compromised, … Continue reading Enriching Data in Motion with Ingest-Time Lookups

Anonymizing Data with Cribl

One of the key problems with creating a centralized repository of logs is it also creates a single place where attackers can get to sensitive information. Whether that's implementation details like network traffic or sensitive information like usernames, API keys or social security numbers. A common requirement, especially in the context of regulations like GDPR, is to minimize … Continue reading Anonymizing Data with Cribl

Sampling for Added Visibility and Efficiency

The need for operational & performance visibility grows at least linearly with your infrastucutre sprawl; The more data your VMs, containers, APIs, apps, services, users, etc. emit, the greater the impact on the performance and the user experience of the analysis system. In theory this problem is easy to solve; simply scale the analysis system … Continue reading Sampling for Added Visibility and Efficiency