IT is Calling You

Welcome back! So much has happened since you’ve been gone. The IT department got hold of Stream and started configuring it, following your lead. So far, they have added their Elastic instance as a Destination and connected the firewall you added using a second Data Route and passthru Pipeline.

Having all the firewall logs in Elastic allows IT to analyze them for any issues. However, a recent email from the Director of IT notes:

note

To: REDACTED

Our Elastic instance is billed by the amount of data we store in it. Pouring all of our Palo Alto firewall logs into it is becoming costly. If there is any way you can help cut down on useless data and / or noise that gets sent to Elastic, we would be very grateful.

Sincerely,
Steve Director of IT

Cribl is the Data Engine for IT and Security... What do you know, Cribl Stream can do that! What’s more, you don’t have to do any hard work. Cribl maintains a collection of Functions, Pipelines, and Knowledge that help enrich, reduce, and organize Palo Alto traffic. All you have to do is copy and paste a URL into Stream. It will download the Pack and away we go!

Let’s do this!