The SIEM market attracts attention for a variety of reasons. First, it is dominated by a number of large players but there are a range of smaller companies vying for market share. It is also a market generally accessible to new entrants. There’s always a new company pitching a different spin on SIEM, whether it’s a new architectural model in the cloud, faster analytics from running on a third-party data warehouse, or leaning into new, undefined terms like a security data fabric.

Integrations are the bread and butter of building vendor-agnostic software here at Cribl. The more connections we provide, the more choice and control customers have over their unique data strategy. Securing these integrations has challenges, but a new class of integrations is creating new challenges and testing existing playbooks: large language models. In this blog, we are going to explore why these integrations matter, investigate an example integration, and build a strategy to secure it.

In modern IT environments, logging has become an integral part of application development and operations. Logs, metrics, and traces allow organizations to alert on events, monitor performance, and troubleshoot issues effectively. However, as applications scale and generate an increasing volume of logs year over year, managing them efficiently becomes a daunting task for engineering teams and budget makers.

Cribl is a customer first company. Building high value, secure-by-design software for security and IT teams has been by far the most gratifying experience of my professional career. As a security professional that deeply believes in Cribl’s product and mission, I share the excitement of changing forever how our customers operate and enabling them to protect their organizations; working at Cribl has been my greatest calling.

Being a Managed Security Service Provider (MSSP) or delivering a Managed Detection and Response (MDR) service is hard. You’re doing the jobs that are so hard that large swaths of organizations turn to you to handle those complex jobs for them. MSSP/MDR tech stacks are dynamic and highly customized, allowing for competitive offerings at competitive prices.

The more customers I talk to, the more I see a trend toward wanting a low-cost vendor-agnostic data lake. Customers want the freedom to store their data long-term and typically look to object stores from AWS, Azure, and Google Cloud. To optimize for data access, users will partition their data into directories to optimize for use cases such as Cribl Replay and Cribl Search. Only relevant files will be accessed for rehydration or search by partitioning data.

The Cribl Syslog source is our most commonly used input type. Cribl Stream can act as your edge and/or central syslog server, giving you more capability while easing management tasks. In this blog post we’ll go over a brief history of syslog. Then we’ll dive into best practices for standing up Cribl Stream as a syslog server, tuning the server, and other tips for running a high performance syslog platform.

In today’s digital era, data has become an integral part of every organization. The exponential growth of data continues to accelerate, with projections indicating a compound annual growth rate of 28% for data creation. While this surge in data presents vast opportunities, it also brings substantial challenges in terms of management and value extraction. This is where the concept of a data engine comes in. It serves as the core of your data infrastructure, functioning like a central nervous system.

Cloud migration has become a crucial strategy for businesses aiming to capitalize on scalability, flexibility, and cost-saving opportunities. As organizations transition from traditional data centers to cloud infrastructure, these companies can access advanced cloud services, enhance operational efficiency, and ensure seamless data and application management. However, cloud migration challenges can be difficult to solve.