Yesterday, our founder & CEO, Andrew Morris, got to join Ed Bailey from Cribl for a live stream conversation discussing how to help SOC analysts overcome common struggles and improve security detections. Over the years, we’ve built a great relationship with Cribl and truly believe in our “Better Together” message. The Cribl + GreyNoise integration is available now, so if you want to learn more about it, let us know.
Check out the full live stream below:
GreyNoise Released the Triple Threat
During the conversation, Andrew mentions our new product features. We put out a series of blogs and a press release last week if you want to learn more.
Why SOC Analysts Are Struggling
You can feel Andrew’s excitement when Ed poses this question. Here is how Andrew broke it down:
- The internet is extremely noisy.
- The SOC is being asked to "do more with less."
- False positives are wasting their time
In addition, Ed explains that 30% of your detections are things that just don’t matter. With better data & context (like GreyNoise) you can finally ignore the noise. This prevents wasting hours and hours analyzing alerts and events that don’t matter.
All Logs Are NOT Created Equal
Some security teams are left with a problem of determining which logs matter. Or that storing logs or processing data is all or nothing. Those with years of experience in the SOC know this isn’t true. Not only do different event types have different analytical value, but also logs from certain places matter more than others. So, how do you scale this knowledge?
Stop Chasing Ghosts
So what does GreyNoise do? We help our customers understand the alerts and events that DON’T matter. It’s kind of the opposite of a typical threat intel feed. By eliminating the noise you can focus on what really matters.
Cribl + GreyNoise Are “Better Together”
- GreyNoise solves the problem of what log content matters and what is noise
- Cribl allows you to use that GreyNoise insight to funnel and store your logs in a way that optimizes for better detections, lower bills and faster decisions that result in a more secure organization.
Big thanks to Ed Bailey and the Cribl team for letting us join. Hopefully you found this information interesting and insightful. If you want to learn more about our Cribl integration, contact us.