The final section of our video series showcases how to put the data loop to use with a real-world dataset. We utilize the public domain “Boss of the SOC v3” [BOTSv3] dataset, which is readily available on GitHub. First, we employ Cribl Search to sift through and explore the BOTSv3 data that is stored in an S3 bucket to locate some specific data.

Following that, we create a fictitious scenario in which we identify a particular set of data as suspicious (in this instance, we picked mysql data from a set of wire data analysis). We pinpointed the two IP addresses that were involved in the conversation and then expanded our investigation to all events that contained at least one of those two IP addresses. We saved this dataset to the Data Loop, thereby making it accessible in Search.

Finally, we illustrate how to utilize the Data Lake source in Search to search through the subset of data identified in the fictitious scenario in an optimized manner. We also demonstrate the advantage of utilizing the Data Lake source over the original dataset in terms of speed, which amounts to a 5x increase!

## Follow Cribl

LinkedIn: https://www.linkedin.com/company/cribl/
Twitter: https://www.twitter.com/cribl_io
Sign up for a Cribl.Cloud account: https://cribl.cloud/signup/
Learn more about Cribl: https://cribl.io