Cribl Sandbox

Cribl Sandbox

    ›Making a Pipeline

    Intro

    • Security Breach Analysis
    • Scenario
    • Adding Lookup Files

    Making a Pipeline

    • Adding a Pipeline
    • Regex Extract Function
    • Lookup - Source
    • Lookup - Destination

    Conclusion

    • Reconfigure the Collector
    • Run the Collector
    • Wrap Up

    Function Junction

    Course Map

    Course Map - Pipelines

    In order to help Ed investigate the breach, we need to create a Pipeline: A series of Functions that transform data.

    important

    Create a pipeline

    1. Select the Processing submenu and click Pipelines
    2. Click + Pipeline then click Create Pipeline
    3. In the ID field, enter breachlookup
    4. In the description enter csv lookup on src and dst ips
    5. Click Save

    Welcome to where the magic (Functions) happens. Some argue that the magic of Stream lies in avoiding vendor lock-in by supporting myriad Sources and Destinations allowing you to connect almost anything to anything. They are also right. But we're here to talk about Functions.

    A Function is code that transforms the data inside an event. It can:

    • Extract (and label) information from a payload for later use
    • Delete erroneous data from an event
    • Add important information to an event
    • Edit data inside an event to help you better understand it
    • Mask sensitive data inside of payloads to ensure no accidental exposure of personal identifiable information (PII) down the line
    • Many more!
    ← Adding Lookup FilesRegex Extract Function →
    Docs
    Cribl Docs
    Community
    SlackCribl Content
    More
    Cribl WebsiteCribl Blog
    Copyright © 2023 Cribl, Inc.