Welcome to our Cribl self-guided demo! This course, Cribl Stream - Security Breach Analysis, is an interactive introduction to Cribl Stream's user experience. In this course, we build a pipeline for use in re-analyzing data after a security breach. Afterward, we replay our data from an S3 archive into the SecOps SIEM.

This course should take about 12 minutes to complete. At the end of the course, you should check out some of our other How-To's! Alternatively, you can check out the rest of our sandbox course catalog to see what's next. We suggest: Advanced S3 Usage or Advanced Collection and Replay.

This sandbox instance will stay running for 24 hours, after which you can get a new sandbox, but your progress will be lost. To reconnect to the sandbox, just come back to Breach Analysis and re-enter your email address.

Conventions

In this tutorial, the following formatting indicates (respectively) actions we expect you to take; content you can optionally skip; and commands or content you need to paste into the terminal or Stream.

important

Important text shows actions you need to take. For each of these sections, further sections will depend on your having taken these actions in Stream.

note

Notes contain optional steps. You can skip these without breaking the infrastructure we're building.

Preformatted text contains commands to be pasted 
into the terminal, or content to be pasted into 
Stream. There is an easy Copy option available
at these sections' upper-right corner.

Getting Help

If you get stuck during this tutorial feel free to reach out to us on the Cribl Community Slack channel.

Login

Stream should automatically log you in, but if you're idle for too long, or get disconnected, it's possible you'll be prompted for a login. The Username is admin and the Password is cribldemo. You might want to store these to a text file or paper now, just in case.