Security Data Pipeline Modernization

Logging everything to SIEM is a bad approach. It’s noisy and expensive. SRA’s Security Data Pipeline reduces log size and intelligently routes events to the security data lake or SIEM. We enable you to capture everything you need, reduce ingestion cost, and gain the flexibility to change your detection platforms when you want.

Modernized Pipeline


Log sources send events to Cribl logging middleware


Cribl Stream cleanses logs by removing unnecessary fields


Events intelligently route to SIEM or Data Lake


Result: Cost savings, optimization and SIEM noise reduction using SRA’s solution for log cleansing and routing

Cost Comparison

With SRA Security Data Pipeline, ~300GB of inbound logs can be reduced down to ~100GB without fidelity loss (size reduction rate depends on log source).


100 GB/Day

  • Leading SIEM: $88k/year (90 day storage)
  • Azure Data Explorer $11k/year (365 day storage)

Services & Timing

Planning & Design Workshop

SRA will review your architecture, identify log sources, and develop a strategic roadmap for deploying Cribl and socializing pipeline modernization.
Timing: 3 weeks

Implementation Support & Validation

SRA will deploy and configure Cribl Stream and Azure Data Explorer, establish documentation to govern and maintain new pipeline, and validate detection capabilities with Purple Team testing.
Timing: 12 weeks

Partnership with Cribl

Cribl Stream is a vendor-agnostic observability pipeline that gives you the flexibility to collect, reduce, enrich, normalize, and route data from any source to any destination within your existing data infrastructure.

Security Risk Advisors is an authorized reseller of Cribl and will guide you through the process of licensing, deploying, and configuring Cribl Stream.

Get Started!

Let us know if you would like us to provide Security Data Pipeline Modernization services for you by completing the contact form.