GeoIP and Threat Feed Enrichment
Welcome to our tutorial sandbox! This interactive course shows how to enrich your data before ingesting it into your security and / or observability tools. You'll go through an example of enriching firewall log events by adding geographic IP data, and by checking logged IP addresses against reported bad actors. This course should take less than 10 minutes.
This sandbox instance will stay running for 24 hours, after which you can get a new sandbox, but your progress will be lost. To reconnect to the sandbox, just come back to https://sandbox.cribl.io/ and re-enter your email address.
Conventions
In this tutorial, the following formatting indicates (respectively) actions we expect you to take; content you can optionally skip; and commands or content you need to paste into the terminal or Stream.
Important text shows actions you need to take. For each of these sections, further sections will depend on you having taken these actions in Stream or the terminal.
Notes contain optional steps. You can skip these without breaking the infrastructure we're building.
Preformatted text contains commands to be pasted
into the terminal, or content to be pasted into
Stream. There is an easy Copy option available
at these sections' upper-right corner.
Getting Help
If you get stuck during this tutorial feel free to reach out to us on the Cribl Community Slack channel.
Login
Stream should automatically log you in, but if you're idle for too long or get disconnected, it's possible you'll be prompted for a login. The Username is admin and the Password is cribldemo. You might want to store these to a text file or paper now, just in case.
Get Started
Next, let's take a look at the course overview!