Security Data Pipeline Modernization
Logging everything to SIEM is a bad approach. It’s noisy and expensive. SRA’s Security Data Pipeline reduces log size and intelligently routes events to the security data lake or SIEM. We enable you to capture everything you need, reduce ingestion cost, and gain the flexibility to change your detection platforms when you want.
Modernized Pipeline
Log sources send events to Cribl logging middleware
Cribl Stream cleanses logs by removing unnecessary fields
Events intelligently route to SIEM or Data Lake
Result: Cost savings, optimization and SIEM noise reduction using SRA’s solution for log cleansing and routing
Cost Comparison
With SRA Security Data Pipeline, ~300GB of inbound logs can be reduced down to ~100GB without fidelity loss (size reduction rate depends on log source).
100 GB/Day
- Leading SIEM: $88k/year (90 day storage)
- Azure Data Explorer $11k/year (365 day storage)
Services & Timing
Planning & Design Workshop
SRA will review your architecture, identify log sources, and develop a strategic roadmap for deploying Cribl and socializing pipeline modernization.
Timing: 3 weeks
Implementation Support & Validation
SRA will deploy and configure Cribl Stream and Azure Data Explorer, establish documentation to govern and maintain new pipeline, and validate detection capabilities with Purple Team testing.
Timing: 12 weeks
Partnership with Cribl
Cribl Stream is a vendor-agnostic observability pipeline that gives you the flexibility to collect, reduce, enrich, normalize, and route data from any source to any destination within your existing data infrastructure.
Security Risk Advisors is an authorized reseller of Cribl and will guide you through the process of licensing, deploying, and configuring Cribl Stream.
Get Started!
Let us know if you would like us to provide Security Data Pipeline Modernization services for you by completing the contact form.