Is it possible to use Cribl to analyse network traffic in a similar way to Splunk Stream App? Can we ingest data off the wire into Cribl?
Question
Can we ingest data off the wire into Cribl?
but you can send the result of a sniffer into Cribl. For example: Splunk Stream -> Cribl -> destination
Some other products that might be interesting and can integrate with Cribl:» https://www.elastic.co/beats/packetbeat|PacketBeat» https://www.elastiflow.com/|ElastiFlow
If you can get the sniffer output into cribl, you could make some aggregations from that stream. Send the aggregations to one of your tools, and save the stream to cheap, quickly rotating storage.Depends on what you're looking for.
What wire data specifically are you interested in? There's not much on the wire anymore that isn't encrypted.
DNS over HTTPS is going to be standard on most browsers in the next year or two which will start to minimize even that dataset which was probably the last bastion of unencrypted wire data
We get a fair amount of value from just raw flows (not that a sniffer is the best way to get those).
Sign up
Already have an account? Login
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.