Hi All,
We are managing Crowdstrike NGSIEM in our network and all the data sources are routed to Cribil and from Cribil , we are forwarding the logs to NGSIEM.
Data source → Cribil → NGSIEM
I understand , we require parsers in NGSIEM to read the relevent logs received from the datasources but I wish to know ,is there any parser concept present in cribil to onboard the logs from the different datasources.
HI there!!
After checking the docs page for the NGSIEM, it’s seems that it needs a parser. He’s excepting the original format of Crowdstrike Falcon.
Although, from what I understand of what you need to do, if you create pipelines to process, drop, enrich or however you need, cribl its the place to do it.
After that, compile everything again in the new _raw to forward to the NGSIEM in the format that he’s expecting.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.