These docs are for Cribl Edge 4.8 and are no longer actively maintained.
See the latest version (4.13).
Secure Your Cribl.Cloud Deployment
Cribl.Cloud is SOC 2 Type II–certified and GDPR-compliant, simplifying compliance with industry standards and regulatory requirements. To secure your Cribl.Cloud deployment, consider implementing the following.
Secure Your Cribl.Cloud Account
Create a strong password during your initial setup.
To create a secure password, ensure it is at least 12 characters long and includes a combination of lowercase letters, uppercase letters, numbers, and special characters (!@#$%^&*). Follow the on-screen instructions carefully to meet these requirements.
(For Cribl.Cloud setup instructions, see Initial Cribl.Cloud Setup).
Review Your Network Settings
When you log into your Cribl.Cloud Organization, navigate to the Network Settings link. Here you can check and manage connectivity details – Data Sources, Access Control, and Trust relationships – for your Cribl-managed Cribl.Cloud Workers.
On the Data Sources tab, you can review the available ports and TLS configurations.
Note that TLS encryption is pre-enabled for you on some, but not all Sources. For more information, see TLS in Cribl.Cloud.
Configure TLS Mutual Authentication on Cribl.Cloud
Within Cribl.Cloud, enabling mutual TLS authentication for individual data sources requires a trusted Certificate Authority (CA) certificate chain. This CA certificate verifies the legitimacy of the client certificate presented by the source during connection. For details, see TLS Mutual Authentication in Cribl.Cloud.
Set Up Role-Based Access Control for Members
Cribl.Cloud offers detailed role-based access control (RBAC) to ensure appropriate permissions and security. For details on how to invite and manage the roles for Members of your Organization, see Managing Cribl.Cloud.
Set Up Your Preferred Authentication Method
Cribl.Cloud Enterprise offers a range of secure and convenient login options to fit your organization’s needs. Options include:
- Local Accounts – Create traditional usernames and passwords for direct login. For details, see Local Authentication.
- Federated Authentication (OIDC and SAML): Integrate with existing identity providers (IdPs) like Okta or Entra ID for centralized user management and single sign-on (SSO). For details, see Cribl.Cloud SSO Setup.
Secure Data in Motion
Cribl.Cloud provides built-in encryption for data at rest, ensuring that your information remains secure within its infrastructure. For an extra layer of protection, consider encrypting your data while it travels between Cribl.Cloud and your data Sources and Destinations. For details, see Data Encryption and Data Decryption.
Configure a Key Management Service (KMS)
Cribl.Cloud Enterprise offers a Key Management Service (KMS) that strengthens the security of your data. KMS securely manages the encryption keys used to protect sensitive information on Worker Groups and Nodes within Cribl. For details on how to activate and configure KMS, see KMS Configuration.
(Optional) Segment Your Organization with Workspaces
Segment your organization’s data and user access using Workspaces. This multi-tenancy feature allows you to create isolated instances within your Cribl.Cloud Organization, addressing critical security, compliance, and data isolation requirements tailored for diverse business units.
Each Workspace boasts a dedicated virtual private cloud (VPC). This essentially creates a separate environment within your Organization for each Workspace, ensuring the complete isolation of data and users in different Workspaces.
For details, see Configuring Workspaces.
(Optional) Create Isolated Data Environments Using Stream Projects
Within Cribl Stream, Projects offer a more granular level of isolation allowing teams and users to manage and share data flows without impacting others. Projects enable you to define the data that the Project’s users can consume, where that data can be sent, and who has access to the Project.
Projects are ideal for teams and users who need to share and manage specific data, with accelerated access to relevant data and minimal configuration requirements. Data can be forked into full-fidelity versus redacted views to match the authorzation requirements and needs of different teams or users.
For details, see Configuring Projects.