Operations | Monitoring | ITSM | DevOps | Cloud

Dynamic Application Security Testing (DAST) is a type of security testing that actively exercises and inspects a web application for security vulnerabilities. A DAST scanner sends an assortment of payloads to the target application, typically through HTTP requests for web applications, then analyzes the responses and behavior to detect vulnerabilities. DAST is language and framework agnostic, allowing for security scans against any web application with careful configuration.

The SIEM market attracts attention for a variety of reasons. First, it is dominated by a number of large players but there are a range of smaller companies vying for market share. It is also a market generally accessible to new entrants. There’s always a new company pitching a different spin on SIEM, whether it’s a new architectural model in the cloud, faster analytics from running on a third-party data warehouse, or leaning into new, undefined terms like a security data fabric.

Integrations are the bread and butter of building vendor-agnostic software here at Cribl. The more connections we provide, the more choice and control customers have over their unique data strategy. Securing these integrations has challenges, but a new class of integrations is creating new challenges and testing existing playbooks: large language models. In this blog, we are going to explore why these integrations matter, investigate an example integration, and build a strategy to secure it.

In modern IT environments, logging has become an integral part of application development and operations. Logs, metrics, and traces allow organizations to alert on events, monitor performance, and troubleshoot issues effectively. However, as applications scale and generate an increasing volume of logs year over year, managing them efficiently becomes a daunting task for engineering teams and budget makers.

Cribl is a customer first company. Building high value, secure-by-design software for security and IT teams has been by far the most gratifying experience of my professional career. As a security professional that deeply believes in Cribl’s product and mission, I share the excitement of changing forever how our customers operate and enabling them to protect their organizations; working at Cribl has been my greatest calling.

Being a Managed Security Service Provider (MSSP) or delivering a Managed Detection and Response (MDR) service is hard. You’re doing the jobs that are so hard that large swaths of organizations turn to you to handle those complex jobs for them. MSSP/MDR tech stacks are dynamic and highly customized, allowing for competitive offerings at competitive prices.

The more customers I talk to, the more I see a trend toward wanting a low-cost vendor-agnostic data lake. Customers want the freedom to store their data long-term and typically look to object stores from AWS, Azure, and Google Cloud. To optimize for data access, users will partition their data into directories to optimize for use cases such as Cribl Replay and Cribl Search. Only relevant files will be accessed for rehydration or search by partitioning data.

The Cribl Syslog source is our most commonly used input type. Cribl Stream can act as your edge and/or central syslog server, giving you more capability while easing management tasks. In this blog post we’ll go over a brief history of syslog. Then we’ll dive into best practices for standing up Cribl Stream as a syslog server, tuning the server, and other tips for running a high performance syslog platform.