Name: Enrichment: Better Data In, Better Response Times Out
Start: 2023-08-03T20:40:00Z
End: 2023-08-03T20:40:13.000Z
Location: BrightTALK

Cribl, the Data Engine for IT and Security, empowers organizations to transform their data strategy. Customers use Cribl to analyze, collect, process, and route all IT and security data, delivering the choice, control, and flexibility required to adapt to their ever-changing needs. 

Interested in seeing first-hand how Cribl can support your use case? Sign up for Cribl.Cloud and process up to 1TB/day, for free! https://cribl.io/cribl-cloud/try-cribl-cloud/


In 2026, IT, Security, and Observability leaders face a pivotal moment: Modernize architectures to handle AI-scale data efficiently — or face spiraling costs, blind spots, and systemic fragility as agents become a core part of enterprise operations.

In this on-demand webinar, we’ll walk you through the trends and predictions that reveal how AI will reshape the economics, security, and architecture of data in the coming years, and what leaders must do now to prepare. 

This session explores:
-The hidden danger of data saturation in observability: Why too much data is breaking observability budgets and how to regain control through smarter filtering, routing, and storage strategies
-Data security and resilience in an AI world: How AI-driven observability pipelines become attack surfaces if left unmanaged, and what practices can keep AI scaling safe
-Why most 2026 AI rollouts will fail: Why legacy data platforms are ill-equipped for an agentic future
-Why AI-drive vendor consolidation will upend procurement: How growing lock-in risks limit choice and how open pipelines keep you flexible
-How financial pressures will slow AI growth: How credit constraints will limit data-center build-out and force leaner AI strategies.

Get ahead of AI-driven change. Watch now to learn how to future-proof your stack and stay ahead of accelerating AI demands.

Architecting for the Future: How AI Will Reshape Data, Security, and Observability in 2026

We’d like to share how the strategic partnership between Optiv and Cribl has fundamentally transformed our MDR offering by offering enhanced data collection methods and log storage capabilities. This collaboration has allowed us to innovate faster, enhance data security, and deliver greater value to our clients leveraging Optiv MDR today. By leveraging Cribl’s Stream, Lake, and Search products, we’ve been able to build a more valuable solution for our clients that have resulted in simplified and quicker deployments, greater security visibility, and significant cost reduction.

Scaling Managed Security Services: How Cribl Accelerated Our MDR Transformation

Under Armour had a few problems to solve with data ingest, routing, and other compliance needs. Does going full Cribl get us 60%, 80%, or 100% of our needs. Well, we are happy so far, but know our journey is just beginning. Join us to see how we went all in on Cribl to sort out our current needs and what is still in our pipelines to deploy for the next phase. We will share with you our architecture strategy and use cases so you can improve your deployment with the lessons we have learned.

If you’re looking to learn how Cribl functions and looks when a large enterprise’s ingest pipeline is not tied to your SIEM product, this is the session you won’t want to miss.

Under Armour - 0-60 with Cribl: Journey to a Unified Telemetry Architecture

Security teams are dealing with massive data growth, siloed tools, and constant alert fatigue. All of this makes it harder to detect and respond to threats. AI has become a key part of the solution, but its effectiveness depends on having access to complete, high-quality data. In this session, Palo Alto Networks and Deloitte will explore how AI and automation are redefining the modern Security Operations Center (SOC). Learn how leading organizations are leveraging intelligent workflows, automated threat detection, and machine learning to accelerate response times, reduce analyst fatigue, and strengthen overall security posture. Walk away with practical insights on building a more adaptive, efficient, and future-ready SOC.

The Modern SOC: Transforming Security Operations with AI and Automation

Security teams today are overwhelmed with data—but starved for context. In this session, we’ll show how you can turn raw security telemetry into actionable intelligence before it hits your SIEM by enriching it with Threat Intelligence (TI) directly in Cribl Stream.

You’ll learn how to seamlessly integrate TI feeds into your data pipeline to identify threats faster, reduce false positives, and supercharge your incident response. We’ll walk through real-world implementation strategies for consuming multiple TI sources, performing lookups and enrichments at scale, and delivering high-context, high-fidelity data into your SIEM.

But we won’t stop there—we’ll explore how disk-backed lookups in Cribl Stream unlock even greater potential, enabling large-scale enrichment while consolidating infrastructure and cutting down on vendor sprawl.

Key takeaways include:

-How to enrich security data in flight using TI feeds
-Real-world configs for powerful, efficient lookups
-The benefits of moving enrichment upstream—less noise, faster triage, and smarter alerts
-A roadmap to scalable, cost-effective enrichment with disk-backed lookups

If you're looking to boost detection fidelity and arm your analysts with the context they need, this session is your blueprint.

Supercharge Your Insights: Cribl Stream's Enrichment Engine

In this session, we will discuss how the University of Pittsburgh was able to modernize their data processing strategy, migrate to a new SIEM solution, and avoid ballooning SIEM costs all within 68 days from the first install of a Cribl product. We will showcase how we were able to use Cribl's software to easily handle the following scenarios:

-100% agent replacement and consolidation using Cribl Stream Workers and Edge.
-Using connected environments to get logs from an air-gapped server environment.
-Reducing and routing data effectively to the new SIEM: Microsoft Sentinel.

We will also discuss how our partnerships with Cribl, SRA, Microsoft, and Forsyte helped us achieve ambitious goals in such a short time.

SIEM Migration in 68 Days

Sharing is indeed caring, and creating Cribl Workspaces allows other parties to have their own environments and live their best Cribl lives! Administrators will learn how to expand access to your Cribl Cloud Organization to aligned entities who desire their own environment. We’ll talk through why Workspaces might be a great fit for your organization’s goals and the benefits and best practices of using them, such as:

-Designing and creating named workspaces for aligned entities
-Assigning proper permissions to these entities
-Managing organizational owner roles
-Isolating users and data

Playing Well With Others: Sharing Your Cribl.Cloud Organization

REST collector is an excellent tool for pulling in data from a virtually limitless set of sources....once you get it configured. Today that configuration can be painful, requiring navigating to multiple screens and importing multiple configuration files. It is about to get a lot easier. With the recent enhancements to packs, we can now include collector configuration allowing you to install with a click. Come to this session and you'll see the easy way to install and how you can build new packs. You'll leave with renewed love for RC!

Rest Easy with REST Packs: Modern REST Collector Configuration Made Simple

In this session, we’ll examine how Getty Images implemented Cribl Stream to transform telemetry data processing operations. Initially deployed to replay S3 data into Splunk software and manage Syslog and Crowdstrike feeds, this solution evolved into a cornerstone of our observability pipeline. 

We'll discuss how this implementation optimized analytics performance, reduced costs, and created strategic flexibility for future migrations. Key achievements include establishing effective disaster recovery processes through S3 data rehydration, implementing smart data retention policies, developing cost attribution mechanisms, and dramatically reducing operational overhead. 

This case study demonstrates how modern telemetry data architectures can deliver both immediate operational benefits and long-term strategic advantages for Getty Images.

Optimizing Telemetry Data Management: A Case Study in Streamlining Data Processing and Cost Control

Migrating a global enterprise from a legacy SIEM to a modern, cloud-native platform is no small feat— especially when uptime, visibility, and security are non-negotiable. In this session, Merrick Smith and JP Lumsdaine share the behind-the-scenes story of how Johnson Controls successfully transitioned from Splunk to CrowdStrike Next-Gen SIEM, with Cribl Stream as the linchpin of their migration strategy.

You’ll learn:
-Why Cribl Stream was the gamechanger for enabling a smooth, controlled migration.
-How automation and observability were used to move massive data volumes without disrupting operations.
-Lessons learned: what worked, what didn’t, and the unexpected challenges along the way.
-Pro tips for tuning and troubleshooting Cribl Pipelines post-migration, before issues hit your SOC.
-Actionable insights for security and IT leaders planning their own SIEM modernization journey.

Whether you're planning a migration or just curious about what it takes to modernize SecOps at scale, you’ll leave with a practical blueprint, real-world lessons, and a few war stories worth sharing.

No Downtime, No Drama: Inside JCI's SIEMless Shift

Dive deep into the real-world journey of an early Cribl Search adopter! This session with a Fortune 500 entertainment company goes beyond the hype, delving into the technical twists of data partitioning (pre- and post-Cribl Search) and the architectural shifts that optimize your search capabilities. But it's not just about the tech—we'll tackle the human side, sharing battle-tested strategies for onboarding users to a new query language and fostering true proficiency. Discover how to train your team for effective Cribl Search querying and why understanding user needs is your ultimate secret weapon for maximizing value. Get ready for actionable takeaways and practical solutions to fuel your own data exploration success!

You'll leave knowing how to:

-Navigate the complexities of data partitioning with Cribl Search.
-Empower your users with effective query language adoption strategies.
-Train your team to unlock the full potential of Cribl Search.
-Tailor Cribl Search to user needs for maximum impact.

Navigating Cribl Search: How a Fortune 500 Transformed Data Exploration with Cribl Search

Tired of not knowing when there’s a sudden drop in data volume? Or when there’s a change in format? Or when pipelines stop flowing? 

Join this session to learn about how you can get real-time visibility into every part of your Cribl environment. See how to detect changes in data volume, quality, or shape — with visibility beyond just a 24-hour window to more accurately detect anomalies. You’ll also discover how to monitor operations, data processing, user access, and configuration changes across all Cribl products and services, so you can stay ahead of issues before they impact your business.

Introducing Cribl Insights: Monitor Cribl, in Cribl, with Cribl

We will investigate how Cribl Edge and Stream can complement an OpenTelemetry deployment in Kubernetes by providing central management of an OTel collector's instrumentation and additional processing capabilities of the telemetry it collects. Allowing OTel's language-specific Instrumentation Libraries to instrument traces, logs, and metrics directly from widely used Kubernetes services directly to Cribl Stream. Cribl can therefore serve as a unified fleet management platform for both deployments, while also using Edge to collect logs and metrics from the cluster itself.

Managing a Kubernetes OTEL Deployment with Cribl Stream and Edge

Syslog: it's everywhere, it’s ancient, and let’s be honest — it rarely shows up the way the RFC says it should. Before you cut over to Cribl Stream, it pays to understand exactly what you're dealing with and why it matters. In this talk, we’ll demystify the syslog format (yes, the actual RFC 3164 and 5424 stuff), look at what happens when data goes rogue, and explore how Cribl can help bring order to the chaos.

We’ll walk through real-world strategies for getting your environment ready — from setting up syslog for parallel testing to pre-configuring your Cribl routes, pipelines, and parsing logic. If you’ve ever stared at a syslog payload and muttered “what even is this,” this session is for you.

What the RFC?! Making Sense of Syslog Before You Migrate

Join this Fortune 100 company to learn about their journey in completely reworking the "plumbing" of their security monitoring infrastructure with Cribl Stream and Edge. As part of this ambitious project, this organization replaced legacy log collection methods with Cribl Edge, achieving end-to-end visibility and granular control over security logs—from endpoint generation to SIEM ingestion. This transformation has empowered their security team with rapid data onboarding capabilities, dramatically accelerating critical security investigations. In addition, they will share their experience with Cribl Edge and Search, and how they use “search-iniplace” to assist in analysis.

Attendees will:

-Understand the tangible security benefits of Cribl Edge and a modern data "plumbing" approach.
-Learn how Cribl Edge provides security teams with complete visibility and control over their data pipelines.
-Discover how rapid data onboarding with Cribl significantly accelerates security investigations and relieves pressure on business teams.
-Explore the powerful integration between Cribl Edge and Search for efficient "search-in-place" capabilities, enhancing threat hunting and analysis.

If you’re looking to modernize your security logging architecture and put your team in the driver’s seat, don’t miss this deep dive into the value of Cribl Edge for security.

Living on the (Cribl) Edge: How a Fortune 100 Transformed Security Monitoring with Cribl Edge

Amazon Security Lake is a great service that makes the collection and centralization of critical AWS infrastructure logs simple and easy. However, getting the logs out of Amazon Security Lake and into your SIEM can be tricky and potentially very costly.

 In this talk, we will go over our approach to using Cribl Stream to get logs out of Amazon Security Lake for our 800+ AWS accounts, and how we went about configuring the various relevant pipelines to reduce, transform and aggregate events to achieve a 90%+ log reduction. This includes AWS WAF logs, Route53 DNS query logs, VPC flow logs, and CloudTrail S3 data events.

We'll go over some of the technical details on how we achieved this as well as some lessons learned we picked up along the way.

Livin' the Stream with Your Amazon Security Lake

Accelerate Everyday Tasks with AI-Powered Copilot. In this session, we’ll explore how to use Cribl’s suite of AI-powered tools within the Copilot framework to speed up your day-to-day tasks. Learn how to onboard new data effortlessly, transform logs into standardized schemas such as OCSF and ECS, redact sensitive information with precision, and automatically generate search queries and visualizations. Whether you’re streamlining onboarding or enhancing observability, you’ll walk away with practical strategies to save time and boost productivity.

How to Incorporate AI and Cribl Copilot Into Your Workflows

Learn how a Fortune 100 Financial Services and Insurance company transformed its observability strategy in less than a month while moving from a traditional AWS solution to a cloud-native Cribl architecture. See how Cribl Stream acts as the "glue" to intelligently partition data, enabling powerful, performant search at massive scale with Cribl Search. You'll also learn how this same architecture allowed them to effortlessly fork data to other log analytics platforms. This is a must-see for anyone looking to design and implement a modern, scalable observability pipeline.

Enhancing Observability with Log Partitioning

Context is king–that’s why optimizing your data, enriching it in the stream, and having the ability to see it and tweak it before sending it into analytics tools or storage can be a game changer. When you are reviewing or correlating the data to troubleshoot, run investigations and respond, think how much time your team can save by having the right geolocation, asset, timestamp and even threat intel already associated with the log data?

We had a fun time making this work–and you can too. We’ll show how you can set up and use a Redis cache along with Cribl Stream to enhance your data before sending it to its destination. We’ll cover how we imported a 34 million row CSV file into Redis and use the Redis function to match fields to records to add a new field that is used for faster identification of data once it is in Splunk.

Enrichment: Better Data In, Better Response Times Out

Data Enhancement

Data Best Practices

Data Architecture

Data Analysis

Data Cleaning

Records Management

Record Systems

Identification

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

Practicing business intelligence allows your company to transform raw data into sets of insights for targeted business growth. The business intelligence and analytics community on BrightTALK is made up of thousands of data scientists, database administrators, business analysts and other data professionals. Find relevant webinars and videos on business analytics, business intelligence, data analysis and more presented by recognized thought leaders. Join the conversation by participating in live webinars and round table discussions.

Business Intelligence and Analytics

Welcome to the big data and data management community on BrightTALK. Join thousands of data quality engineers, data scientists, database administrators and other professionals to find more information about the hottest topics affecting your data. Subscribe now to learn about efficiently storing, optimizing a complex infrastructure, developing governing policies, ensuring data quality and analyzing data to make better informed decisions. Join the conversation by watching live and on-demand webinars and take the opportunity to interact with top experts and thought leaders in the field.

Big Data and Data Management

Get powerful marketing data and analytics insights from influential experts. Connect with thought leaders and colleagues to get the most up-to-date knowledge on the analytics that quantify your investments.

Data and Analytics

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Enrichment: Better Data In, Better Response Times Out

Presented by

About this talk

Cribl