August Schell Cribl Service Offerings

Deployment and Sustainment

Looking to implement Cribl within your organization?

As Cribl’s preferred vendor in the cleared space, let August Schell work with your organization’s technology professionals to scope and deploy a Cribl solution that is tailored to your specific needs and requirements.

Already have Cribl deployed within your organization?

August Schell’s engineers can assist your organization with new use case development and implementation, integrating with new and existing technologies, expanding visibility across your infrastructure, and meeting any security and/or compliance business needs.

Process Integration and Improvement

Want to integrate Cribl into your organization’s cybersecurity operations?

August Schell will work with your organization to integrate Cribl into your cybersecurity workflow process that is tailored to your organization’s specific needs.

Looking to take your Cribl implementation to the next level?

Have August Schell bring its Cribl certified subject matter experts into your organization and focus on improving your Cribl workflow processes, develop and implement new use cases, and take advantage of all of Cribl’s products and services to include Cribl Stream, Lake* and Edge.

Disaster Planning or Cloud Migration

Need to ensure your data retention policies meet your organizational needs?

August Schell will validate your long-term storage retention capabilities meet your business requirements by validating the functionality of your data lake strategy, and ensuring your data quality meets your compliance requirements.

Looking to move to the Cloud?

August Schell’s engineers can assist you with continuous operations while simultaneously moving to a multi/hybrid cloud stack by ensuring content logging is actionable, functional, and operational during your cloud migration.

CRIBL USE CASE 1

Leveraging the Power of Cribl Stream

Identify the Problem

  • Customer is responsible for the entire IT infrastructure and security operations for a State Government.
  • The State Government is split into multiple agencies, business units, and departments.
  • A State Government agency is responsible for providing firewalls configuration and management for each agency as a shared service offering.
  • For Security Information and Event Management (SIEM) compliance, storage, utilization and role-based access controls, all data must be properly segmented at or before ingestion into security solution.

Implementation

  • After deploying and configuring Cribl Stream, Augst Schell’s cleared engineers worked with the application owners to redirect data feeds from the current logging system to Cribl Stream.
  • Utilizing out-of-the-box Cribl packs, August Schell’s engineers were able to transform data sets instantaneously and redirect to additional logging applications.
  • Working with the customer, August Schell’s engineers utilized Cribl Edge to aggerate new data sets that were originally being captured by other third-party applications and not being logged to the customer’s SIEM.

Enrichment

  • August Schell’s cleared engineers augmented Cribl’s out-of-the-box packs to enrich new data streams with existing information, in which the customer previously could not. This allowed the customer to remove manual processes to take advantage of the existing custom indexing naming schema.
  • Utilizing Cribl Stream’s Redis function, August Schell’s engineers were able to tag outbound raw events with metadata to allow asset tagging and threat intelligence reporting in line at SIEM index time, reducing MTTR for incidents by having additional context applied to each event.

Validation and Benefits

  • Customer was the first state agency to stand up a repeatable process to standardize logging across their business unit which can be repeated by other State agencies. This allows State agencies to continue to utilize any tool or application, while delivering their data to a single fabric.
  • Due to the processing power of Cribl Stream, network traffic across customer’s WAN was reduced significantly.
  • Utilizing the Replay functionality, August Schell’s Cleared engineers were able to successfully reduce the SIEM ingest footprint to reduce noisy, and unwanted data, while remaining compliant by sending it to 3rd party object storage.