Product Updates

Stream - Source Pack to collect and process Microsoft Foundry AI-related data from an Azure Event Hub View Pack

Stream - Collector Pack to collect and process Workday Activity data View Pack

Stream - Source Pack to process data from Amazon Bedrock. View Pack

Stream - Source Pack to process data from Amazon SageMaker. View Pack

Stream - This Cribl Pack is designed to streamline the integration of common Cribl data sources with Google Security Operations (SecOps). View Pack

Stream - Collector Pack for processing Abnormal.ai data View Pack

- Collector Pack to process data from the Wiz API View Pack

Search - This pack is designed handle starlink data. View Pack

Stream - This pack retrieves Slack audit logs. The VisiCore platform handles OAuth token generation. View Pack

- Collector pack to process data from the Crowdstrike Alerts, Devices, and Vulnerabilities REST endpoints. View Pack

Edge - Preserve metadata from Edge nodes when forwarding to Cribl Stream View Pack

- Provide K=V cleanup and (example) filters for Cisco Meraki logs View Pack

Search - This pack is to help display all worker groups, routes, pipelines, and packs in one location View Pack

Stream - Route to DeepTempo S3 to identify malicious behavior in NetFlow via DeepTempo's foundational LogLM View Pack

Stream - This pack retrieves proxied Webex audit logs. These logs must be proxied as Webex tokens are only good for 1 days. The VisiCire platform handles token refreshes and securely proxies events to Cribl. View Pack

Stream, Edge - Clean and parse Infoblox logs View Pack

Search - This pack provides visibility into Windows event logs, system_state, process events and AD logs. It highlights performance and security signals at a glance, helping teams quickly spot anomalies. View Pack

- Collector Pack to process Netskope Alerts and Events View Pack

This release focuses on performance, and usability across the platform. Here’s a quick taste:Stream / Edge• Breadcrumbs added to the Outpost page• Deprecation warnings for Sources and Destinations, with guided migration paths• Pipeline Simple Preview capped at 10 MB for better stability• Cleaner defaults: new Worker Groups, Fleets, and Packs no longer auto-create vars.yml• Cribl HTTP Destination now supports per-worker throttling• Azure Blob Storage now supports Azure Government• Sensitive environment variables are now redacted in Edge system viewsSearch• Faster ipv4_is_private performance• Clear error messages for encrypt/decrypt functions• Improved event details and saved search usability• One-click copy for item names and IDsLake• UI fixes for Dataset sizes and long Storage Location names, plus stability improvementsThese are just the highlights—check out the full release notes for Stream, Edge, Search, and Lake.Cribl.Cloud customers are already upgraded—just click Deploy.On-prem customers can download the update now.

This release is packed with ooey-gooey goodness across the entire product suite. Here’s a taste:Stream /   EdgeNew Cloudflare Source and R2 Destination New Databricks Destination for Unity Catalog volumes Send Cribl Stream/Edge data to Microsoft Fabric Eventstreams C.Decode and C.Encode now support MIME RFC 2047 Syslog Destination can now preserve original source IPSearchSearch Notebooks now GA Selectively decrypt Stream-encrypted fields  The 'export' operator can now write to Lake Datasets in external Storage LocationsLakeKMS bucket-level encryption on an AWS S3 bucketsThese are just the highlights—check out all the updates in the full release notes for Search, Stream, Edge, LakeIf you are using Cribl.Cloud, you have already been upgraded to the latest version. You just need to click "deploy" in your cloud instance.On-prem customers can get the update at this link.

We’ve rolled out updates across the entire Cribl Suite — here’s some hi-lights:Stream /   EdgeFresh unified Cloud home page New IAM Admin role for smoother org & SSO management Added Google Cloud Chronicle destination SearchSmarter, more flexible Notebooks New activity graphs to track workspace usageLakeAdded activity graphs + IAM Admin role Performance and UI polish throughoutYou can check out all the changes in the release notes: Search, Stream, Edge, LakeIf you are using Cribl.Cloud, you have already been upgraded to the latest version. You just need to click "deploy" in your cloud instance.On-prem customers can get the update at this link. (

StreamCribl Guard: Scan and mask sensitive data in real-time to keep compliance off your back.Wiz Webhook Source: Easily pull in Wiz Defend alerts.Expanded I/O Monitoring: Instant clarity on pipeline health.Collector Packs: You can now build Packs that include all collector sources.EdgeOutpost (Preview): Secure relay between Edge nodes and the Leader, no extra proxies needed.macOS Support (Preview): Edge now runs on macOS devices.SearchNotebooks (Preview): Code + charts + history = faster investigations.LakeBring Your Own Storage: Use your own Amazon S3 buckets for Lake Datasets.Direct Access: Ingest data straight into Lake over HTTP.Faster Queries by Default: Lakehouse queries now run directly in Lakehouse for quicker results.PlatformNew Cribl.Cloud regions: Zurich & Singapore.Terraform Provider (Preview): IaC your Cribl resources.You can check out all the changes in the release notes: Search, Stream, Edge, LakeIf you are using Cribl.Cloud, you have already been upgraded to the latest version. You just need to click "deploy" in your cloud instance.On-prem customers can get the update at this link.   

This release resolves critical v4.13.1 issues affecting S3 destinations  (Region detection, Object Lock) and AWS KMS secret decryption.Full details in the release notes 

A few highlights:Search • Move saved searches, macros & lookups between Packs and global context. • Cloned Pack dashboards save where you cloned them from (within Pack or global).StreamSources and Destinations: • Kafka & Confluent: JSON schema support (Avro or JSON) • Grafana & Loki: Structured metadata for logs (trace IDs, etc.) • Loki: Allows dynamic HTTP headers per event • Google Pub/Sub: Monitor with just subscription IDPacks: • New REST Packs: CrowdStrike, Okta, Microsoft O365Edge • Same Kafka, Confluent, Grafana & Loki updates — at the edgeAction Required – AWS SDK v2 End of Support AWS ends support for SDK v2 on Sept 8, 2025. Upgrade to 4.13.1+ for SDK v3 and full compatibility.You can check out all the changes in the release notes: Search, Stream, Edge, LakeIf you are using Cribl.Cloud, you have already been upgraded to the latest version. You just need to click "deploy" in your cloud instance.On-prem customers can get the update at this link. 

Cribl Stream New SentinelOne AI SIEM Destination: Send data directly for faster, flexible ingestion. Better Worker Node Tracking: See connection status, last heartbeat, filter by state, and set retention for disconnected nodes. Drop Dimensions: Cut storage costs and speed up queries by dropping unused metric dimensions. Cribl Edge Bye PowerShell: No more dependency = faster, smoother deployments. Disconnected Edge Node Tracking: Just like Stream—know if your nodes are online, offline, or MIA. Cribl Lake Bigger Lakehouses: Up to 28 TB/day ingest + hydrate old data for faster investigations. Splunk DDSS Now GA: Directly ingest archive data from Splunk Cloud. Cribl Search Skip Event-Time Filtering: Prevent gaps by filtering on partition timestamps. Read Archived S3: Search restored Glacier data without permanent rehydration. Platform New FinOps Center: Track data costs, refunds, and ROI all in one place. Copilot Editor: Now edit existing Pipelines, with more schema support and UX improvements. Check out all the details in the release notes for Search, Stream, Edge, LakeCribl.Cloud users are already on the latest—just click Deploy.On-prem? Grab the update here.