Skip to main content

Pack That Thing Up

Let’s start by adding the Pack from our esteemed colleague, Ed. Notice that this Pack comes from a colleague and not the Dispensary. Stream makes it easy to share your own Packs and even include versioning!

important

Add the custom Pack

  1. Make sure Manage is active in Stream's top nav – select the Processing submenu and click Packs
  2. Click Add Pack
  3. Select Import from URL
  4. Paste in the URL: 
    https://sandbox.cribl.io/assets/packs/palo-alto-pack.crbl
  5. Enter secops-palo-enrich in New Pack ID
  6. Click Import
tip

While you can import from a URL, notice that you can also download the Pack from the URL provided and upload the file itself.

Now that the Pack has been uploaded, let’s see what it contains: One data Route and a complex Pipeline complete with Function groups.

important
  1. Click secops-palo-enrich
  2. Click the firewall_geoip_enrich Pipeline hyperlink from the default Data Route