Guides - Curious + Community

Guides

Best Practices for Git and Cribl Stream
With Cribl Stream’s GitOps features, you can manage Cribl Stream configuration with standard version-control systems and CI/CD flow. You can separate development from production configurations, and thus, safely build and continuously deploy your observability pipelines. The production environment will be read-only, and…
Installing Cribl Stream in FIPS Mode on RHEL 9
This guide will walk through configuring Cribl Stream in FIPS mode when running on RHEL9 by leveraging the OpenSSL3 FIPS provider that is included when RHEL9 is running in FIPS mode. As of September 2024, the cryptographic modules of RHEL 9 are not yet FIPS 140-3 certified. *** Prior to performing the below steps, please…
Linux auditd Logging with Cribl Edge
This article covers how to read auditd logs on a Linux machine with Cribl Edge. Prerequisites Needed: Root access to a Linux machine with Edge installed auditd running and configured on the system Access to the UI of the Cribl Leader node What is auditd? Sysadmins use audits to discover security violations and track…
Running Cribl Stream on a Hardened Environment
The below guide will walk through considerations and example configurations when running Cribl Stream on a hardened host. Typically, these configurations are needed when running Cribl on a host that has been configured in compliance with the DISA STIG. Use this guide as a template and modify the configurations as needed to…
Using Cribl Stream in Air-Gapped Networks
This article will explore how Cribl Stream can leverage your existing cross-domain solution (CDS) to easily collect and send your log and metric data between disparate security domains or across air-gapped networks. The goal is to retain as much fidelity of the data as possible, deduplicating processes and simplifying…
Using the Azure API with Cribl Search
In the ever-evolving world of data analysis, the ability to interact directly with live API endpoints is a significant advancement for practitioners. Cribl Search offers this capability, enhancing your data analysis toolkit. This feature allows you to gain broader visibility into the periphery of your infrastructure,…
Video - Monitoring Kubernetes with Edge
In this video, the following is demonstrated: Deploying the Edge agent on Kubernetes Exploring some of the capabilities and related sources Optimizing and routing Kubernetes data Find it here.
Video - Using Lake and Search
In this video, the following is demonstrated: Creating the Stream Lake destination Routing data to it Using Search and the Lake data Find it here.
Video - Using Replay and Search
In this video, the following is demonstrated: Creating the Stream S3 Collector source Running Replay jobs Using Search and the Send operator Find it here.
Zscaler - Setting up mTLS with ZPA LSS
Summary: This article will detail the steps needed to configure mutual TLS (mTLS) when sending Zscaler Private Access (ZPA) logs with Zscaler's Log Streaming Service (LSS) to Cribl Stream. Note: this guide only covers the mTLS portion of the Source setup. Steps: 1. Create a custom root CA with its corresponding private key…