Products
Product Portfolio

Cribl puts your IT and Security data at the center of your data management strategy and provides a one-stop shop for analyzing, collecting, processing, and routing it all at any scale. Try the Cribl suite of products and start building your data engine today!
Learn more ›

Evolving demands placed on IT and Security teams are driving a new architecture for how observability data is captured, curated, and queried. This new architecture provides flexibility and control while managing the costs of increasing data volumes.
Read white paper ›

Cribl Stream

Cribl Stream is a vendor-agnostic observability pipeline that gives you the flexibility to collect, reduce, enrich, normalize, and route data from any source to any destination within your existing data infrastructure.
Learn more ›

Vodafone Case Study

Vodafone Dials up Business Insights with Cribl Stream
Read Case Study ›

Cribl Edge

Cribl Edge provides an intelligent, highly scalable edge-based data collection system for logs, metrics, and application data.
Learn more ›

SpyCloud Edge Story

Listen to how SpyCloud uses Cribl Edge at scale.
Watch Video ›

Cribl Search

Cribl Search turns the traditional search process on its head, allowing users to search data in place without having to collect/store first.
Learn more ›

Happy 1st Birthday Cribl Search!
Read Blog ›

Cribl Lake

Cribl Lake is a turnkey data lake solution that takes just minutes to get up and running — no data expertise needed. Leverage open formats, unified security with rich access controls, and centralize access to all IT and security data.
Learn more ›

Navigating the future of IT and Security Data management white paper
Read white paper ›

Cribl.Cloud

The Cribl.Cloud platform gets you up and running fast without the hassle of running infrastructure.
Learn more ›

Cribl.Cloud Solution Brief

The fastest and easiest way to realize the value of an observability ecosystem.
Read Solution Brief ›

AppScope

AppScope gives operators the visibility they need into application behavior, metrics and events with no configuration and no agent required.
Learn more ›

Sandbox

Launch an AppScope Sandbox today!
Launch Now ›
Solutions
Use Cases

Explore Cribl’s Solutions by Use Cases:

Supercharge Security Insights ›

Accelerate Cloud Migration ›

Avoid Vendor Lock-in ›

Free Up Space for High-Value Data ›

Route From Any Source To Any Destination ›

Replay Data from Low-Cost Storage ›

Reduce Log Volume & Pay Less for Infrastructure ›
Integration

Explore Cribl’s Solutions by Integrations:

Amazon ›

Google ›

CrowdStrike ›

Microsoft ›

Elastic ›

Splunk ›

Exabeam ›

View All Integrations ›

Seamless Integrations for Your Observability Data
Learn More ›
Industries

Explore Cribl’s Solutions by Industry:

AIOps ›

Financial Services ›

Healthcare ›

Managed Security Services ›

Manufacturing and Logistics ›

Communications and Media ›

Public Sector ›

Retail ›
Resources
Resources

Resource Library ›

Documentation ›

Guides ›

AppScope Docs ›

Blog ›

Glossary ›

Podcasts ›

Telemetry 101

Understanding the Basics of Telemetry and Its Benefits
Learn More ›
Events & Webinars

Events ›

Webinars ›

CriblCon24
Las Vegas // June 10, 2024
Register Now ›

Watch On-Demand

3 ways to fast-track your data lake strategy without being a data expert
Watch On-Demand ›
Learning

Try the Sandboxes ›

Self Guided Trials ›

Cribl University ›

Cribl Community ›

Cribl Curious Forum ›

What is Observability? ›

Try Your Own Cribl Sandbox

Experience a full version of Cribl Stream and Cribl Edge in the cloud.
Launch Now ›
Tools & Pricing

Download Library ›

Past Releases ›

Pricing Plans ›

Stream ROI Calculator ›

Download Library

Download Cribl’s suite of products for free to get started.
Download ›
Customers
Customer Stories

Get inspired by how our customers are innovating IT, security and observability. They inspire us daily!
Read Customer Stories ›

Sally Beauty Holdings

Sally Beauty Swaps LogStash and Syslog-ng with Cribl.Cloud for a Resilient Security and Observability Pipeline
Read Case Study ›
Customer Experience

Support & Success ›

Professional Services ›

Service Delivery Partners ›

Documentation ›

AppScope Docs ›

Professional Services

Check out our new Professional Services offering.
Learn More ›
Learning

Try the Sandboxes ›

Self Guided Trials ›

Cribl University ›

Cribl Community ›

Cribl Curious Forum ›

Try Your Own Cribl Sandbox

Experience a full version of Cribl Stream and Cribl Edge in the cloud.
Launch Now ›
Company
About Cribl

Transform data management with Cribl, the Data Engine for IT and Security
Learn More ›

Cribl Corporate Overview

Cribl makes open observability a reality, giving you the freedom and flexibility to make choices instead of compromises.
Get the Guide ›

Cribl Newsroom

Stay up to date on all things Cribl and observability.
Visit the Newsroom ›

Press Releases

Read our most recent press releases.
Recent Press Releases ›

Leadership

Cribl’s leadership team has built and launched category-defining products for some of the most innovative companies in the technology sector, and is supported by the world’s most elite investors.
Meet our Leaders ›

Careers

Join the Cribl herd! The smartest, funniest, most passionate goats you’ll ever meet.
Learn More ›

Cribl Named to the Inc. 5000 List of Fastest Growing Private Companies
Learn More ›

Cribl for Startups

Whether you’re just getting started or scaling up, the Cribl for Startups program gives you the tools and resources your company needs to be successful at every stage.
Learn More ›

Contact Us

Want to learn more about Cribl from our sales experts? Send us your contact information and we’ll be in touch.
Talk to an Expert ›

Try Cribl Talk to an expert

Case Study

Transforming Cybersecurity Operations with SCALR™ XDR: A Solution Powered by Cribl Stream

“OUR CLIENTS NO LONGER HAVE TO CHOOSE BETWEEN ACCEPTING THE RISK OF LIMITED VISIBILITY OR ASKING FOR MORE MONEY. THEY CAN ONBOARD ALL OF THEIR SOURCES WITHOUT INCURRING ADDITIONAL COSTS.”

MICHAEL POLISE,
DIRECTOR OF ADVISORY

“SOC ANALYSTS WITHIN THE CLIENT’S ENVIRONMENT CAN ACCESS EVERYTHING DIRECTLY FROM SENTINEL AND CAN QUERY AZURE DATA EXPLORER NATIVELY FROM SENTINEL, WHICH IS GREAT FOR EFFICIENCY AND REDUCING THE MEAN TIME TO RESPOND.”

MICHAEL POLISE,
DIRECTOR OF ADVISORY

“THE EASY MANAGEABILITY OF CRIBL MAKES IT POSSIBLE TO DELIVER QUICKLY FOR OUR CLIENTS.”

MICHAEL POLISE,
DIRECTOR OF ADVISORY

Security Risk Advisors (SRA) is a highly specialized consulting firm that continually develops solutions to cybersecurity’s emerging problems. SCALR™ XDR is their turn-key CyberSOC solution that provides a combined SIEM, SOAR, and Data Lake — fully integrating with any EDR. SCALR™ combines Cribl Stream with Microsoft Sentinel and Azure Data Explorer to reduce licensing costs and provide threat hunting services, complete with purple team exercises.

As part of their new SCALR™ XDR service, SRA designs, configures, and builds out their customers’ security architectures. They perform managed security services, 24/7 monitoring, curated out-of-the-box threat detections, and act as a SOC for critical data sources like cloud alerts, EDR, threat detection alerts, and more.

A turn-key solution like this wasn’t possible until SRA decided to implement Cribl Stream.

“We looked at a few open-source alternatives, but none of them had the enterprise level scalability, capabilities, and features that our clients need for something this critical in their data pipeline. Cribl Stream and Cribl’s overall portfolio and innovative direction also just continues to get better.”

Michael Polise
Director of Advisory

Giving Customers Full Control Over Their Data

SRA’s proprietary XDR solution is deployed and co-managed within the client’s environment, which allows the client to keep complete control over their data at all times. Data sources get routed to Cribl Stream — all data that are used for generating alerts, correlating events, or otherwise actioned on by a SOC analyst gets forwarded to Microsoft Sentinel.

Data used for investigations, IOC sweeps, threat hunts, long-term retention, or regulatory purposes goes to Azure Data Explorer (ADX). In many cases, ADX serves as an organization’s very first security data lake, instantly elevating its security maturity level. A solution that could not have been made possible without the unified data processing engine, Cribl.

“Everything is provisioned in the client’s environment, so they have full access to everything. They can create their own alerts for themselves and funnel data to their teams internally.”

Michael Polise
Director of Advisory

Reduced Windows Event Logs by 60%

With the help of Cribl Stream, SRA’s latest offering enables customers to easily collect data from the right sources, develop tailored analytics, and efficiently deliver it to its destination. Stream’s reduction capabilities help them to significantly reduce their overall ingest across all types of data.

“We get pretty aggressive with Windows event log reduction and often get a 60% reduction or more for those data sources without losing any of the context we need for triggering detection content. Reduction of other sources might be less than that, but we can typically cut out the junk to reduce data volumes by half.”

Michael Polise
Director of Advisory

Cut SIEM Costs up to 80%

Because of that reduction — and the redirection of some sources to a data lake instead of a SIEM — organizations have the freedom to onboard any sources that may have been waiting on the sidelines. Companies that couldn’t afford to store everything in their previous SIEM can now retain all the data they need and only spend a fraction of what they normally would on a similar solution.

“In general, we see 70-80% license cost savings in the tech stack compared to a client’s existing SIEM platform. A recent client had a $900K per year Splunk license that was reduced to $200K after using Cribl Stream to migrate to Sentinel and Azure Data Explorer.”

Michael Polise
Director of Advisory

Fast, Seamless SIEM Migrations

The cost and time savings that SRA gives its customers also allow them to migrate from one SIEM to another, in as little as 90 to 180 days.

“In our most aggressive migration, a client moving from Splunk to Sentinel went live in two to three weeks. We can’t move everyone over that fast, but as long as the log sources are redirected, we can typically onboard and go live within a 30-60 day window.”

Michael Polise
Director of Advisory

Michael and his team started with the out-of-the-box Cribl Packs to facilitate this process, then created custom Packs to accelerate SIEM migrations even further.

Improved Threat Detection

SRA’s SCALR™ XDR platform greatly improves the quality of life of SOC analysts. Powered by the flexibility and control of Cribl, SRA’s clients can quickly onboard any data source and reduce the noise, simplifying alert triage and threat detection.

“SOC analysts can read queries, and focus on threat data that is important to them, and query data in Azure Data Explorer if they need additional information. Our clients can also use Sentinel to automatically pull pertinent data to the front of the screen for an analyst.”

Michael Polise
Director of Advisory

Michael and his team have seen the ADX data lake transform from a focal point for data retention into a critical tool for threat hunting. Typical deployments include 90-day retention in the SIEM, but the cost-effective data lake allows for 12 months of storage or longer, providing more historical data available for reference.

Purple Team Validations for Increased Threat Detection Maturity

Leveraging the Cribl Stream-Sentinel-Azure Data Explorer tech stack provides instant SOC Maturity by seamlessly facilitating SRA’s proprietary detection logic based on industry verticals, to detect common and advanced threats. They also provide a purple-teaming service which validates detection and prevention controls, twice a year.

“To validate that our client’s tools are functioning appropriately, we perform threat simulations based on TTPs that threat actors perform on a regular basis. We bring red teams and blue teams to the table to perform some of those simulations, then work with clients to improve the detection logic in Sentinel and their cloud-based EDR.”

Michael Polise
Director of Advisory

Stream makes it easy to send the right data to analyze the most important TTPs— instead of trying to tackle all of the MITRE ATT&CK Framework. Clients get a SOC with out-of-the-box run books and threat hunt criteria without having to devote resources towards hiring or home-growing the expertise, only to be set back if staff turns over.

SOAR automation comes included through Sentinel, so organizations don’t have to worry about buying another six-figure product. SRA also has SOAR playbooks to build out automation for the clients, elevating their maturity even further. Cribl Stream plays a crucial role in this strategy by shaping and normalizing data from key sources, essential to conducting fast, effective analysis and identifying threats.

Using Cribl Search to Improve Offerings for Non-Microsoft Clients

To improve future offerings, SRA is exploring Cribl Search and Data Lake to expand services and infrastructure beyond SCALR™ XDR. With Cribl’s federated “search-in-place” queries, on data of any format or location, users can conduct precise analysis and forward results effortlessly. Adding platform-agnostic data warehousing, Cribl’s Data Lake delivers unified retention, security, and access control policies across object stores and clouds from one easy management platform. Functionality that will be particularly beneficial for clients using Splunk as a SIEM or for those sending logs to S3, extending SRA’s reach beyond Microsoft products.

TL;DR

Combined Cribl Stream, Microsoft Sentinel, and ADX into a turnkey CyberSOC solution
Reduced Windows Event Logs by 60% on average
Cut SIEM costs up to 80%
Accelerated SIEM migration by 4-8 weeks on average
Improved threat detection via additional data source onboarding and noise reduction
Provide first-time data lake and SOAR capabilities for the majority of customers

About Security Risk Advisors

Security Risk Advisors (SRA) is a Cribl Partner who provides specialized security services including Cribl Engineering and Enablement, Penetration Testing, Purple Teams, Cloud Security, Resilience, Cyber Physical Systems Security, Engineering, and 24x7x365 Cybersecurity Operations. SRA’s mission is to “Level Up” every day to protect our clients and their customers. SRA delivers security services to Fortune and Global 1000 companies, innovating technology startups, and mission-oriented non-profits across Healthcare, Pharmaceutical, Retail, Financial Services, and Manufacturing industries. SRA is headquartered in Philadelphia, with offices in Rochester, and Kilkenny, Ireland. SRA is an official partner of Cribl (https://sra.io/cribl/).

About Cribl

Cribl makes open observability a reality for today’s tech professionals. The Cribl product suite defies data gravity with radical levels of choice and control. Wherever the data comes from, wherever it needs to go, Cribl delivers the freedom and flexibility to make choices, not compromises. It’s enterprise software that doesn’t suck, enables tech professionals to do what they need to do, and gives them the ability to say “Yes.” With Cribl, companies have the power to control their data, get more out of existing investments, and shape the observability future. Founded in 2017, Cribl is a remote-first company with an office in San Francisco, CA. For more information, visit www.cribl.io or our LinkedIn, Twitter, or Slack community.

Case Study