Muokkaa

Jaa


Cribl connector for Microsoft Sentinel

The Cribl connector allows you to easily connect your Cribl (Cribl Enterprise Edition - Standalone) logs with Microsoft Sentinel. This gives you more security insight into your organization's data pipelines.

This is autogenerated content. For changes, contact the solution provider.

Connector attributes

Connector attribute Description
Log Analytics table(s) CriblAccess_CL
CriblAudit_CL
CriblUIAccess_CL
CriblInternal_CL
Data collection rules support Not currently supported
Supported by Cribl

Query samples

Cribl Internal Logs

CriblInternal_CL 
| sort by TimeGenerated

Cribl Audit Logs

CriblAudit_CL 
| sort by TimeGenerated

Cribl Access Logs

CriblAccess_CL 
| sort by TimeGenerated

Cribl UI Access Logs

CriblUIAccess_CL 
| sort by TimeGenerated

Vendor installation instructions

Installation and setup instructions for Cribl Stream for Microsoft Sentinel

Use the documentation from this GitHub repository and configure Cribl Stream using

https://docs.cribl.io/stream/usecase-azure-workspace/

Next steps

For more information, go to the related solution in the Azure Marketplace.