Cribl, the Data Engine for IT and Security, has announced its role as a launch partner for the new AWS Security Hub, unveiling an enhanced capability within Cribl Stream’s dedicated extension that streamlines how security operators collect, standardize, and retain security findings using the Open Cybersecurity Schema Framework (OCSF), enabling seamless long-term storage in Cribl Lake for improved future incident response and querying, while offering a centralized, real-time view of AWS Security Hub events directly in Cribl Search to reduce tool-switching and accelerate threat correlation across environments including AWS logs like CloudTrail via EventBridge.
Also Read: Xerox Introduces TriShield 360 Cyber Solution for SMBs
“The ultimate goal for every security team is fast, precise incident response. But you can’t get there when your data is spread across multiple tools and does not give you real-time views into these events,” said Abby Strong, Chief Market and Customer Officer at Cribl, “By allowing users to query data stored in Cribl Lake, other object stores, and the Security Hub findings, security professionals can quickly correlate past incidents with real-time events.” The integration supports AWS Security Hub’s mission to centralize and prioritize security operations by enhancing OCSF with AWS details like resource names, tags, and configuration attributes while maintaining compliance, and Cribl’s implementation facilitates aggregated security findings, standardized AWS-context OCSF formatting, accelerated cross-system correlation, and automated workflows with AI-assisted pipeline mapping, with the new capability now available to users seeking to unify and optimize their security data and incident response workflows.