Getting Smart and Practical With Dynamic Sampling

In the past we've written multiple posts about how Cribl helps you maintain visibility in high-volume/low-value scenarios without having to egregiously scale your analytics infrastructure. This problem usually stems from the fact that machine data emitted by your infrastructure is not all created equal. Some events are way less valuable than others but yet they consume … Continue reading Getting Smart and Practical With Dynamic Sampling

Streaming Data Deduplication with Cribl

The Problem It's not uncommon for machine data systems to send and receive duplicate or repeated events. This could be due to a variety of reasons, for example; Misconfiguration (a.k.a layer-8 problems) on the source, intermediary or aggregation systems may cause duplicate data to be sent out. Bugs or software defects may cause a data source to occasionally … Continue reading Streaming Data Deduplication with Cribl

Helping Threat Hunters While Staying Compliant: Categorizing and Scoring AWS CloudTrail Events in Real-Time

AWS CloudTrail is a service that "enables governance, compliance, operational auditing, and risk auditing of your AWS account." It continuously monitors accounts and it is one of the most valuable and probably the best data source for security analysis in AWS. Security and Operations teams love Cloudtrail because of the added visibility into user and resource … Continue reading Helping Threat Hunters While Staying Compliant: Categorizing and Scoring AWS CloudTrail Events in Real-Time

Using Cribl to Analyze DNS Logs in Real-Time – PART 2

In a previous post we showed how to use detect data exfiltration with Cribl in real-time. The analysis focused on checking DNS labels from DNS logs for presence of base64 encoded data. In this post we will look at several other techniques that can help security engineers add dimensions to the data to help improve the fidelity and accuracy … Continue reading Using Cribl to Analyze DNS Logs in Real-Time – PART 2

Encrypting sensitive information in real-time with Cribl

If your machine data does not contain sensitive information, you don't really need to read this - you got it all figured out. Just stop here and go back to surfing the interwebs or...maybe you want to check again?! 🙂 If you're still reading, you know that while your machine data is vital for your operations/security analytics, … Continue reading Encrypting sensitive information in real-time with Cribl

Announcing Cribl LogStream 1.3: Tap Those Pipes

If you've ever worked with a log analysis system before, data on-boarding is one of the most painful parts. Every system expects the data to look a little different, and getting that right generally involves a ton of trial and error. Make a configuration change, restart the cluster, try again. Send the data to a … Continue reading Announcing Cribl LogStream 1.3: Tap Those Pipes

Introducing Cribl LogStream v1.2

Pleased to introduce our v1.2 release focused on expanding ingestion and delivery capabilities. It continues our promise to deliver added intelligence and control over your data in real-time by adding support for new sources and destinations, Windows deployments, new functions including machine learning powered timestamp recognition, and faster lookups. New Sources Apache Kafka This version adds support for picking up data … Continue reading Introducing Cribl LogStream v1.2