Skip to main content

What Do You See?

Proving the outcome for this demo will happen in the Destinations section. We can see what Ed’s pack is doing by checking the difference between the Live view on itelastic and secopselastic.

important

View live data

  1. Select the Data submenu and click Destinations
  2. Click Elasticsearch
  3. Click Live in the Status column of itelastic

In the previous sandbox, we added a Cribl-curated pack from the Dispensary which was intended to reduce noise from our firewall. As such, it shouldn’t have any of the GeoIP information from this course.

Let’s look at the data being sent to secopselastic.

important

View different live data

  1. Close the Live view
  2. Click Live in the Status column for secopselastic

Alright alright alright. Everything looks to be working! Now Ed and the Security Operations team can search for security breaches using their enriched firewall data. Saving the world, one log at a time.

Next up: Help move our archived data to a new SIEM!

Cribl.Cloud

There's a party and you're invited! We'll bring the Cribl, you bring the data. Sign up for a Cribl.Cloud account to try out what you just did with your own data. Up to 1TB / day of ingest at absolutely no cost! Neat! And no need to use valuable resources or infrastructure getting Cribl up and running. We’ll take care of that. And the updates. And feeding the goats. Just bring your own data (BYOD)!

AWS Quick Start

Got your own AWS infrastructure and want to try Cribl there? No worries, we also have an AWS Quick Start for Cribl Stream!

Complete Sandbox