Security Data Pipeline Modernization
Logging everything to SIEM is a bad approach. It’s noisy and expensive. SRA’s Security Data Pipeline reduces log size and intelligently routes events to the security data lake or SIEM. We enable you to capture everything you need, reduce ingestion cost, and gain the flexibility to change your detection platforms when you want.
Log sources send events to Cribl logging middleware
Cribl Stream cleanses logs by removing unnecessary fields
Events intelligently route to SIEM or Data Lake
Result: Cost savings, optimization and SIEM noise reduction using SRA’s solution for log cleansing and routing
With SRA Security Data Pipeline, ~300GB of inbound logs can be reduced down to ~100GB without fidelity loss (size reduction rate depends on log source).
- Leading SIEM: $88k/year (90 day storage)
- Azure Data Explorer $11k/year (365 day storage)
Services & Timing
Planning & Design Workshop
SRA will review your architecture, identify log sources, and develop a strategic roadmap for deploying Cribl and socializing pipeline modernization.
Timing: 3 weeks
Implementation Support & Validation
SRA will deploy and configure Cribl Stream and Azure Data Explorer, establish documentation to govern and maintain new pipeline, and validate detection capabilities with Purple Team testing.
Timing: 12 weeks
Let us know if you would like us to provide Security Data Pipeline Modernization services for you by completing the contact form.