Security Data Pipeline Modernization

Logging everything to SIEM is a bad approach. It’s noisy and expensive. SRA’s Security Data Pipeline reduces log size and intelligently routes events to the security data lake or SIEM. We enable you to capture everything you need, reduce ingestion cost, and gain the flexibility to change your detection platforms when you want.

Modernized Pipeline

N

Log sources send events to Cribl logging middleware

C
N

Cribl Stream cleanses logs by removing unnecessary fields

C
N

Events intelligently route to SIEM or Data Lake

C

Result: Cost savings, optimization and SIEM noise reduction using SRA’s solution for log cleansing and routing

Cost Comparison

With SRA Security Data Pipeline, ~300GB of inbound logs can be reduced down to ~100GB without fidelity loss (size reduction rate depends on log source).

 

100 GB/Day

  • Leading SIEM: $88k/year (90 day storage)
  • Azure Data Explorer $11k/year (365 day storage)

Services & Timing

Planning & Design Workshop

SRA will review your architecture, identify log sources, and develop a strategic roadmap for deploying Cribl and socializing pipeline modernization.
Timing: 3 weeks

Implementation Support & Validation

SRA will deploy and configure Cribl Stream and Azure Data Explorer, establish documentation to govern and maintain new pipeline, and validate detection capabilities with Purple Team testing.
Timing: 12 weeks

Get Started!

Let us know if you would like us to provide Security Data Pipeline Modernization services for you by completing the contact form.