Cribl connector for Microsoft Sentinel
The Cribl connector allows you to easily connect your Cribl (Cribl Enterprise Edition - Standalone) logs with Microsoft Sentinel. This gives you more security insight into your organization's data pipelines.
This is autogenerated content. For changes, contact the solution provider.
Connector attributes
Connector attribute | Description |
---|---|
Log Analytics table(s) | CriblAccess_CL CriblAudit_CL CriblUIAccess_CL CriblInternal_CL |
Data collection rules support | Not currently supported |
Supported by | Cribl |
Query samples
Cribl Internal Logs
CriblInternal_CL
| sort by TimeGenerated
Cribl Audit Logs
CriblAudit_CL
| sort by TimeGenerated
Cribl Access Logs
CriblAccess_CL
| sort by TimeGenerated
Cribl UI Access Logs
CriblUIAccess_CL
| sort by TimeGenerated
Vendor installation instructions
Installation and setup instructions for Cribl Stream for Microsoft Sentinel
Use the documentation from this GitHub repository and configure Cribl Stream using
https://docs.cribl.io/stream/usecase-azure-workspace/
Next steps
For more information, go to the related solution in the Azure Marketplace.