Skip to main content

Integration Guide for Cribl

This guide provides instructions on how to integrate Cribl with AlphaSOC. It covers the transport of telemetry to AlphaSOC and the delivery of findings.

Refer to the Data Origins section for a list of supported data origins. If your preferred data origin is not listed, contact us.

There are two integration methods available:

  • Cribl Stream Direct Integration - Send logs directly from Cribl Stream sources to AlphaSOC using a MinIO (S3-compatible) destination.
  • Cribl Search Integration - Use Cribl Search to query data from any of its supported data sources, then forward results to Cribl Stream via scheduled searches, which then routes the data to AlphaSOC.

Both methods ultimately deliver your logs to AlphaSOC for analysis. Choose the direct integration if your data is already flowing through Cribl Stream, or use the Cribl Search integration to pull data from external sources like Google Cloud Platform, Google Workspace, AWS, Azure, and many others.

To integrate AlphaSOC with your Cribl deployment:

  1. To submit telemetry to AlphaSOC, configure Cribl Stream as a data transport or Cribl Search as a data transport depending on your preferred integration method.
  2. To receive findings from AlphaSOC, configure Cribl Stream as a findings transport.

After completing these steps, your Cribl deployment will be fully configured to send telemetry to AlphaSOC and receive findings from the platform.