Home > Solutions > Cribl > Use Cases > Cribl Stream

Leverage the Power of Cribl Stream

How a State Government entity leveraged the power of Cribl Stream to successfully reduce their SIEM ingest footprint.

Identify the Problem
Customer is responsible for the entire IT infrastructure and security operations for a State Government.
The State Government is split into multiple agencies, business units, and departments.
A State Government agency is responsible for providing firewalls configuration and management for each agency as a shared service offering.
For Security Information and Event Management (SIEM) compliance, storage, utilization and role-based access controls, all data must be properly segmented at or before ingestion into security solution.
Implementation
After deploying and configuring Cribl Stream, Augst Schell’s cleared engineers worked with the application owners to redirect data feeds from the current logging system to Cribl Stream.
Utilizing out-of-the-box Cribl packs, August Schell’s engineers were able to transform data sets instantaneously  and redirect to additional logging applications.
Working with the customer, August Schell’s engineers utilized Cribl Edge to aggerate new data sets that were originally being captured by other third-party applications and not being logged to the customer’s SIEM.
Enrichment
August Schell’s cleared engineers augmented Cribl’s out-of-the-box packs to enrich new data streams with existing information, in which the customer previously could not. This allowed the customer to remove manual processes to take advantage of the existing custom indexing naming schema.
Utilizing Cribl Stream’s Redis function, August Schell’s engineers were able to tag outbound raw events with metadata to allow asset tagging and threat intelligence reporting in line at SIEM index time, reducing MTTR for incidents by having additional context applied to each event.
Validation and Benefits
Customer was the first state agency to stand up a repeatable process to standardize logging across their business unit which can be repeated by other State agencies.  This allows State agencies to continue to utilize any tool or application, while delivering their data to a single fabric.
Due to the processing power of Cribl Stream, network traffic across customer’s WAN was reduced significantly.
Utilizing the Replay functionality, August Schell’s Cleared engineers were able to successfully reduce the SIEM ingest footprint to reduce noisy, and unwanted data, while remaining compliant by sending it to 3rd party object storage.