The Journey IS the Destination
Cribl loves to offer users choice and control. As such, we are constantly updating our list of natively supported sources and destinations. 4.4.3 sees the advent of three new destinations: Azure Data Explorer Destination, Elastic Cloud Destination, and Exabeam Destination.
Here at Cribl, our mission is To help our customers unlock the value of all their IT and Security data. Ultimately, the Cribl data engine makes it possible to couple ingesting any data source, and even auto-discovering new data sources, and sending data to any destination with the ability use open formats (raw data). And yes, you can technically send to any destination, but it's much nicer to be able to fill out a pre-defined destination configuration rather than tape one together with hope and a dream.
All that is basically to say, we believe in helping make our customers' lives easier. One way we do that is to make commonly used destinations natively supported in Cribl software. With the 4.4.3 release, we have added native integrations for three very commonly used destinations:
To restate the overview a little bit, however, these are not easy to demonstrate in our current sandbox architecture. Therefore, we will just be clicking in to see the destinations and linking to their respective docs pages (a lot).
We are using Cribl Stream to showcase these new Destinations purely because we needed to be in some product to observe the new Destinations. ALL these new Destinations are also available in Cribl Edge (and by association Cribl Search).
Azure Data Explorer
Cribl supports sending data to the Azure Data Explorer (ADX) managed data analytics service; you can then run Kusto queries against the data. This Destination can deliver data to Azure whether Cribl is running on Azure, another cloud platform, or on-prem.
ADX stores log data in databases, which in turn contain one or more of the tables defined in the Azure namespace. You must create a separate Cribl Stream ADX Destination for each table that will store your data.
- In the
CriblUI, clickManagein theStreamsection on the left-hand side - With the
Managetab active, click into theData > Destinationssubtab - Click on the
Azure Data Explorertile
Alternatively, you can just start typing Azure Data Explorer and the search function on the page will automatically filter the Destinations accordingly.
- Click
Add Destinationin the top right - Observe the information required to configure a new
Azure Data ExplorerDestination.
Elastic Cloud
Elastic Cloud is a family of Elasticsearch SaaS offerings — including hosted Elasticsearch, hosted app search, and hosted site search — that make it easy to deploy, operate, and scale Elastic products and solutions in the cloud. Cribl can now send natively to Elastic Cloud!
- At the top of the Destinations list (on the left-hand side of the screen), type in
Elastic - Click the resulting
ElasticDestination listing - Click
Add Destinationat the top right of the screen - Observe the information required to configure a new
Elastic CloudDestination.
Exabeam
Cribl Stream supports sending data to the Exabeam security operations platform or (as some people think of it) SIEM. The Exabeam Destination supersedes and improves upon the "old way" to get data from Cribl Stream to Exabeam using the Cribl Webhook Destination.
When sending to Exabeam, it is imperative to read our exemplary documentation, as Cribl maintains Packs made in partnership with Exabeam to help ease your journey.
- At the top of the Destinations list (on the left-hand side of the screen), type in
Exabeam - Click the resulting
ExabeamDestination listing - Click
Add Destinationat the top right of the screen - Observe the information required to configure a new
ExabeamDestination.
We're excited for you to start using our new Destinations. If you need a place to test them out: checkout Cribl.Cloud (free up to 1TB of ingest per day)!