We have updated our Terms of Service, Code of Conduct, and Addendum.

Can we ingest data off the wire into Cribl?

Options
Abdullah Zubair
Abdullah Zubair Posts: 4
in General Discussions

Is it possible to use Cribl to analyse network traffic in a similar way to Splunk Stream App? Can we ingest data off the wire into Cribl?

Answers

  • pdugas
    pdugas Posts: 14 mod
    edited October 2023
    Options

    We don't have a sniffer like this

  • Jon Rust
    Jon Rust Posts: 439 mod
    Options

    but you can send the result of a sniffer into Cribl. For example: Splunk Stream -> Cribl -> destination

  • Abdullah Zubair
    Abdullah Zubair Posts: 4
    edited October 2023
    Options

    Thanks for clarifying

  • pdugas
    pdugas Posts: 14 mod
    Options

    `tcpdump` in Exec :stuck_out_tongue:

  • Brendan Dalpe
    Brendan Dalpe Posts: 201 mod
    Options

    Some other products that might be interesting and can integrate with Cribl: » https://www.elastic.co/beats/packetbeat|PacketBeat » https://www.elastiflow.com/|ElastiFlow

  • lstropole
    lstropole Posts: 18 admin
    Options

    If you can get the sniffer output into cribl, you could make some aggregations from that stream. Send the aggregations to one of your tools, and save the stream to cheap, quickly rotating storage. Depends on what you're looking for.

  • Clint Sharp
    Clint Sharp Posts: 27 mod
    edited October 2023
    Options

    What wire data specifically are you interested in? There's not much on the wire anymore that isn't encrypted.

    DNS over HTTPS is going to be standard on most browsers in the next year or two which will start to minimize even that dataset which was probably the last bastion of unencrypted wire data

  • lstropole
    lstropole Posts: 18 admin
    edited October 2023
    Options

    We get a fair amount of value from just raw flows (not that a sniffer is the best way to get those).

Categories