Connecting the Data with Tanium and Cribl LogStream
With Tanium Connect and Cribl LogStream you can power virtually any IT or security analytics tool with Tanium endpoint data
IT and security operations generate immense amounts of data from the three major event types used to identify application, infrastructure, and service-level issues in an environment.
The umbrella term for this information is observability data and includes various metrics – like counters, gauges, histograms, etc. – events, logs, and traces (sometimes referred to as MELT), which track the history of a process end to end.
Tanium endpoint data is one variety of observability data, and the number of tools in the marketplace that benefit from Tanium data grows every day.
Many of these tools have very specific data formats. The things you can do with the data are virtually endless, but the number of data formats and destinations Tanium’s Connect supports are not.
Tanium Connect and Cribl LogStream – a perfect match
Cribl LogStream is a next-generation log router that collects and optimizes data streams from existing installed and/or known agent(s), shapes and routes data to analytics systems in real-time. This unique capability, paired with Tanium Connect, allows Cribl LogStream customers to route Connect data to virtually any analytic tool by transforming the Tanium Connect data into the right format while that data is in flight.
Cribl LogStream and Tanium Connect provide the flexibility, control, and simplicity to maximize value from ingest to insight:
1. Route data to virtually any analytics tool: Send data to virtually any destination with LogStream’s universal router, giving you the flexibility to send data to the best tool for the job – or all the tools for the job – by translating and formatting the data into the appropriate tooling schema.
2. Data reduction for faster incident response: Easily eliminate duplicate fields, null values, and any elements that provide little analytical value. In the same interface, you can filter and screen events for dynamic sampling, or aggregate log data into metrics to keep your downstream clean.
3. Enrich Tanium data: Add location (GeoIP), DNS, information and more to endpoint data in flight for improved context and visibility.
4. Reduce Tanium workload: Rather than running multiple Connect jobs, run one Connect job and use Cribl LogStream to send the data everywhere it needs to go, increasing data consistency and reducing overhead.
LogStream can reduce the volume of data you need to govern by as much as 50 percent, controlling costs, easing compliance and improving system performance.
Tanium Connect and Cribl LogStream are a natural fit. They allow Tanium users to send data to a constantly growing list of destinations. LogStream also provides an on-premises and a cloud-based offering that can be used in production workflows. And you can process up to 5 TB of on-prem data per day – or up to 1 TB of cloud data per day – absolutely free.
Watch what you can do with Tanium and Cribl LogStream together in this short demo:
Get started with LogStream for free and join the community to connect with others using LogStream and Tanium Connect.
