Product Updates

Search - Analyze Zscaler Logs View Pack

Stream - Collect, parse, and route Vectra AI Stream and Detect telemetry to Elasticsearch, Splunk, and Cribl Lake with no forwarders or add-ons required. View Pack

Stream, Edge - Drop, Extract, Suppress based on certain FTD codes in lookup tables View Pack

Stream - This Pack collects AlphaSOC OCSF Detection Findings from the AlphaSOC API and routes them to Worker Group routes for delivery to your destinations. View Pack

New known issue page(s) added: LAKE-2235 | Deleting a lakehouse engine Dataset fails

New known issue page(s) added: CRIBL-40928 | Teleport and Worker Group size changes fail for Azure Cribl.Cloud Worker Groups with uppercase names

New known issue page(s) added: SEARCH-13091 | V2 searches on BYOS Azure Lake Datasets are limited to one hour

Known issue page(s) updated: CRIBL-41528 | Upgrading Cribl Edge Nodes on Windows fails with files being reported in use

New known issue page(s) added: AI-4044 | Dataset Intelligence is not supported for federated API Dataset Providers

New known issue page(s) added: CRIBL-38175 | Windows `@-style` domain service accounts are not working Known issue page(s) updated: CRIBL-40423 | Unattended Cribl Edge upgrade on Windows can cause the host to reboot CRIBL-41528 | Upgrading Cribl Edge Nodes on Windows fails with files being reported in use

New known issue page(s) added: CRIBL-41494 | Destination Post-Processing Skipped When a Pack Source Uses Worker Group Routes

New known issue page(s) added: CRIBL-40408 | Outpost Listener service does not start when TLS is configured with a passphrase

New known issue page(s) added: CRIBL-41025 | Wiz API Source does not re-ingest Issues when their status changes CRIBL-41026 | Wiz API Source does not re-ingest Configuration Findings when they are updated

Known issue page(s) updated: CRIBL-41528 | Upgrading Cribl Edge Nodes on Windows fails with files being reported in use

Known issue page(s) updated: CRIBL-41528 | Upgrading Cribl Edge Nodes on Windows fails with files being reported in use

New known issue page(s) added: CRIBL-41528 | Upgrading Cribl Edge Nodes on Windows results in an upgrade loop

Search - Analyze Zscaler Logs View Pack

New known issue page(s) added: PLAT-9643 | In Cribl.Cloud, Sources and Destinations with legacy hard-coded `/opt/cribl` paths can fail

New known issue page(s) added: SEARCH-11328 | Saved Search Manage as JSON output is not compatible with the API

New known issue page(s) added: AI-3994 | Some AI features ignore model tiers and fall back to default models

Known issue page(s) updated: CRIBL-41322 | Running Source persistent queue in `Smart` mode alters `__inputId` values

New known issue page(s) added: CRIBL-41322 | Running Source persistent queue in `Smart` mode alters `__inputId` values

Search - Dashboards, saved searches, macros, and datatype for Vectra AI Detect and Vectra Stream data in Cribl Lake. View Pack

New known issue page(s) added: CRIBL-41299 | Syslog LB pending flush timer resets octet-counting state, causing parser failure and connection loss

New release. AI flexibility, a new app platform, and some killer upgradesPlatform• New App Platform (Preview): Build custom apps, focused UIs, and dashboards that match how your teams actually work. Early look, come kick the tires.• Additional BYOM Providers (LiteLLM and OpenAI Retail): More model options without giving up control over your data or infrastructure.Stream• Cribl Guard Model Choice and Agentic Recommendations: Choose the AI model that best fits your data, and get one-click recommendations you can review and act on.• Shared Storage for Persistent Queues: Write backlogged data to NFS or S3 instead of local disk. Better protection during outages, cleaner scaling.Edge• Mac Unified Log Source: macOS logs now flow into the same pipelines as your Windows and Linux data. One less gap in fleet visibility.Search• Notebook Templates: Reusable investigation templates so teams move faster and stop reinventing the same workflows.Lake• Cribl Lake BYOS in Azure: Query data in-place from Azure Blob Storage. No moving it, no duplicating it.Integrations• OpenAI Compliance Source: Pull OpenAI compliance API data into Stream so security teams can monitor usage and audit activity in one place.• ServiceNow Table API Source: Bring incident, change, and CMDB data from ServiceNow into Cribl for correlation and automation.These are just the highlights. Check out the full release notes for Stream, Edge, Search, and Lake.Cribl.Cloud customers: once your Organization is updated, just click Deploy.On-prem customers can download the update now.