Control your Observability, Security and Telemetry Data
Benefit from the vendor-independent Observability pipeline for flexible, simplified collection and routing of your data streams. With Cribl and NetDescribe.
"Control your observability data in real time without any limit.”
Alexander Hauptner, Cribl-Expert at NetDescribe
The Challenge
Organizations are struggling to analyze growing volumes of data without building new infrastructure. Tool complexity and vendor lock-in make it difficult to send data to third-party analytics platforms.
Security teams are swamped with data from multiple sources and formats. This makes it difficult to correlate events to identify and respond to security breaches. Add to this the need to adhere to data protection and compliance guidelines. For companies, this is a major challenge with significant financial implications.
Cribl – the Solution from NetDescribe
Cribl Stream is a vendor-agnostic observability pipeline used to collect, reduce, enrich, normalize and route data from any source to any destination within an existing data infrastructure. It is used to achieve full control of an organization’s data stream.
Machine data can be routed from any source to any destination, transformed as needed, and enriched with additional context. Features for masking and encrypting individual elements are configured via an intuitive user interface.
Cribl is a vendor-agnostic platform that gives customers the flexibility to route, shape, restructure and enrich data from any source to any destination without adding new agents. Cribl progresses data in a flight to help control costs by eliminating noise and, in turn, helps retain more valuable data for a longer time, without blowing out customers’ infrastructure budget. Cribl enables customers to route a full-fidelity copy of raw data to low-cost storage for long term retention for clompliance/audit purposes and “replay” it to analytics tools to answer questions you didn’t predict ahead of time.
The Cribl family offers three products:
Cribl Stream
Cribl Stream helps you process machine data – logs, measurement data, application data, metrics, etc. – in real time and transmits them to the analytics platform of your choice. It enables you to:
- add context to your data by enriching it with information from external data sources,
- protect your data by obscuring, masking or encrypting sensitive fields and
- optimize your data according to your performance and budget requirements.
Cribl Stream is delivered in a single, independent package. It provides an innovative interface for processing and transforming your data. It scales with existing infrastructures and is transparent to applications.
Cribl Edge
Cribl Edge helps you collect and process observability data. You can deliver logs, metrics, application data etc. in real time from your Linux and Windows machines, apps, microservices etc. to Cribl Stream or any supported target.
Cribl Search
With Cribl Search, you can search and analyze machine data – logs, instrumentation data, application data, metrics etc. – search, explore and analyze without first moving it to a dedicated store. This can be done with data residing on Cribl Edge or in a data lake such as Amazon S3.
Cribl Search is offered as a service via Cribl.Cloud. Your data can be located anywhere – in the public or private cloud, on-premise etc.
Cribl Search is designed for administrators, managers and users of Operational/DevOps and Security Intelligence products and services.
Cribl Stream acts as an universal receiver and collector of log and metric data. With Stream, you can retrieve, transform, analyze, and correlate data from any source and send it to any destination or even multiple destinations without the need for additional tools.
Stream can receive push data from sources such as Splunk, HTTP, Elastic Beats, Kinesis, Kafka, TCP JSON and pull data from Kafka, Kinesis Streams, Azure Event Hubs, SQS, S3, Microsoft Office 365 or even external inputs such as weather data, air quality and anything else your organization needs to make better decisions.
Stream data to Splunk, AWS Kinesis Streams, SQS and CloudWatch Logs, Elasticsearch, Honeycomb, TCP JSON, Syslog, Kafka Azure Event Hubs and Monitor Logs, StatsD and StatsD Extended, Graphite, InfluxDB, Wavefront, SignalFx and more, as well as to destinations that support batch or non-streaming output, such as S3-compatible storage, file system/NFS, MinIO, Google Cloud Storage and Azure Blob Storage.
Cribl Stream maximizes the value of observability data by transforming and adding context to data from other sources in real time, increasing the value of your analytics tools.
Collect – Get Data from anywhere to anywhere
Stream is the best way to get multiple data formats into your analytics tools. Use Cribl Stream as your universal receiver to collect from any observability data source – receive data from all your agents and push based sources, schedule batch collection from multiple endpoints and APIs, as well as recall data from low cost storage.
Reduce – Eliminate unnecassary data to control costs
Reduce log volume to control costs and improve system performance. Easily eliminate duplicate fields, null values and any elements that provide little analytical value. Filter and screen events with dynamic sampling or aggregate log data into metrics for massive volume reduction. Reduce without worry: You can keep a full-fidelity copy in a low-cost destination and replay it back if needed.
Shape – Gain actionable insights from your data
Shape all of the data you need to drive decisions about your environment. Translate and transform data from all of your sources to the tools you choose. Get a more complete picture of your data by enriching logs with third-party data. Stream collects data from all of your sources and shapes it into actionable logs and metrics for analysis. Shape data so that it is infinitely usable across all of your observability and security tools.
Route – Direct data where it has the most value
Send the right data to the right destinations like Splunk, Elastic, New Relic, DataDog or offload it to low-cost storage locations like AWS S3 for long-term retention. Route data to the best tool for the job – or all the tools for the job – by translating and formatting data into any tooling schema you need. Let different departments choose different analytics environments without having to deploy new agents or forwarders.
Replay – Save your data for Day X
Not sure if you’ll need a piece of data again? Are you storing everything in expensive analytics tools? Not sure if you really need every event to be indexed and available all the time? Send it to low cost storage and recall as needed for enhancing security, operational outages and service interruptions.
With Cribl Stream, it’s finally possible to send exactly the data your business needs, in the right format, to the optimal place to use it effectively!
With Cribl, you get complete control over all observability data and unprecedented flexibility to use any tool without deploying new agents.
No Agent Overload → prevent loading additional agents
No Data Overload → tame large amounts of data
No Bandwidth Limitations → reduce transmission costs
Long Term Retention → define retention on your terms
Onboarding Unknown Data Sets → Speedy onboarding of new data sources with visual tools
Our UseCases are only available in German. If you are interested in further information, we are happy to assist you personally. Please do not hesitate to contact us directly.
SIEM Migration | Effizientes Event Pipelining beim Umzug in die Cloud
Many companies are struggling to analyze growing amounts of data without having to build a new infrastructure. The complexity of tools and vendor lock-in make it difficult to send data to third-party analytics platforms. Security teams are inundated with data from different sources and formats. This makes it difficult to correlate events and thus identify and respond to security gaps. Added to this is the adherence to data protection and compliance guidelines. The resulting challenge for companies is an ever-increasing consumption of resources, escalating demands on data management and data analysis and a considerable financial outlay. Our customer faced precisely these challenges. Read more in our UseCase SIEM Migration | Effizientes Event Pipelining beim Umzug in die Cloud
NetDescribe is Cribl Certified Services Consultant
Cribl Certified Services Consultant
Wrap-Up CRIBLCON 24
Book your personal appointment right now
Put your IT performance to the test. For which requirement have you always been looking for a solution? NetDescribe will get you there – with independent advice, reliable support and proven use cases.
Blog
Interesting facts from the IT world
NetDescribe and Silverfort Partner Up: Enhancing Security and Transparency in IT Together
NetDescribe and Silverfort enter into a strategic partnership to combine joint strengths and take Unified Identity Security to the next level.
NetDescribe and Xantaro enter into strategic partnership
NetDescribe and Xantaro enter into a strategic partnership. The two companies have signed an agreement to this effect.
“Sommer in der Stadt” – NetDescribe Team Event 22 June in Munich
The "Munich Summer in the City" really proved its mettle last Thursday. With midsummer temperatures climbing to over 35 degrees by the afternoon, we…