Cribl Stream Solution for Microsoft Sentinel

Solution: Cribl

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Attribute	Value
Publisher	Cribl
Support Tier	Partner
Support Link	https://www.cribl.io/support/
Categories	domains
Version	3.0.0
Author	Cribl - tap@cribl.io
First Published	2024-08-01
Last Updated	2024-09-05
Solution Folder	Cribl
Marketplace	Azure Marketplace · Popularity: 🔵 Medium (57%)

Cribl is a vendor neutral, purpose-built processing engine for data security and IT operations focused on centralized parsing and processing of event data.

Data Connectors
Tables Used
Content Items

Data Connectors

This solution provides 1 data connector(s):

Cribl 🔶

🔶 CLv1: This connector ingests into a table that uses the legacy Custom Log V1 schema format with type-suffixed column names (e.g. _s, _d, _b, _t, _g). Note: identification is based on column name suffixes which are also permitted in CLv2, so this classification may not always be accurate.

Tables Used

This solution uses 4 table(s):

Table	Used By Connectors	Used By Content
`CriblAccess_CL` 🔶	Cribl	-
`CriblAudit_CL` 🔶	Cribl	-
`CriblInternal_CL` 🔶	Cribl	-
`CriblUIAccess_CL` 🔶	Cribl	-

🔶 CLv1: This table uses the legacy Custom Log V1 schema format with type-suffixed column names (e.g. _s, _d, _b, _t, _g). Note: identification is based on column name suffixes which are also permitted in CLv2, so this classification may not always be accurate.

Content Items

This solution includes 4 content item(s):

Content Type	Count
Parsers	4

Parsers

Name	Description	Tables Used
CriblAccess	-	`CriblAccess_CL` (read)
CriblAudit	-	`CriblAudit_CL` (read)
CriblInternal	-	`CriblInternal_CL` (read)
CriblUIAccess	-	`CriblUIAccess_CL` (read)

Release Notes

Version	Date Modified (DD-MM-YYY)	Change History
3.0.1	08-08-2025	Corrected Query in Parsers to display correct columns.
3.0.0	19-08-2024	Initial Solution Release.