- Cloud Collectors Overview
- Administration
- Administrative Access
- Shareable Service Accounts
- Add Accounts for AWS Cloud Collectors
- Add Accounts for Cisco Duo Cloud Collector
- Add Accounts for Google Cloud Collectors
- Add Accounts for Microsoft Cloud Collectors
- Add Accounts for Okta Cloud Collectors
- Add Accounts for Salesforce Cloud Collectors
- Add Accounts for Splunk Cloud Collectors
- Add Accounts for Trend Micro Cloud Collectors
- Add Accounts for Wiz
- Define a Unique Site Name
- Sign Up for the Early Access Program
- Onboard Cloud Collectors
- Abnormal Security Cloud Collector
- AWS CloudTrail Cloud Collectors
- AWS CloudWatch Cloud Collector
- AWS S3 Cloud Collector
- AWS SQS Cloud Collector
- Azure Activity Logs Cloud Collector
- Azure Log Analytics Cloud Collector
- Azure Event Hub Cloud Collector
- Azure Storage Analytics Cloud Collector
- Box Cloud Collector
- Cato Networks Cloud Collector
- Cisco Duo Cloud Collector
- Cisco Umbrella Cloud Collector
- Cribl Cloud Collector
- CrowdStrike Cloud Collectors
- GCP Pub/Sub Cloud Collector
- Microsoft Defender XDR (via Azure Event Hub) Cloud Collector
- Microsoft Entra ID Context Cloud Collector
- Microsoft Entra ID Logs Cloud Collector
- Microsoft 365 Exchange Admin Reports Cloud Collector
- Supported Sources from Microsoft 365 Exchange Admin Reports
- Migrate to the Microsoft 365 Exchange Admin Reports Cloud Collector
- Prerequisites to Configure the Microsoft 365 Exchange Admin Reports Cloud Collector
- Configure the Microsoft 365 Exchange Admin Reports Cloud Collector
- Troubleshooting the Microsoft 365 Exchange Admin Reports Cloud Collector
- Microsoft 365 Management Activity Cloud Collector
- Microsoft Security Alerts Cloud Collector
- Microsoft Sentinel (via Event Hub) Cloud Collector
- Netskope Alerts Cloud Collector
- Netskope Events Cloud Collector
- Okta Cloud Collector
- Okta Context Cloud Collector
- Palo Alto Networks Cortex Data Lake Cloud Collector
- Proofpoint On-Demand Cloud Collector
- Proofpoint Targeted Attack Protection Cloud Collector
- Recorded Future Cloud Collector
- Salesforce Cloud Collector
- SentinelOne Alerts Cloud Collector
- SentinelOne Cloud Funnel Cloud Collector
- SentinelOne Threats Cloud Collector
- SentinelOne Cloud Collector
- Splunk Cloud Collector
- Symantec Endpoint Security Cloud Collector
- Trend Vision One Cloud Collector
- Zscaler ZIA Cloud Collector
- Webhook Cloud Collectors
- Wiz Issues Cloud Collector
- Wiz API Cloud Collector
- Troubleshooting Cloud Collectors
Configure the Cribl Cloud Collector
Set up the Cribl Cloud Collector to continuously ingest events from your Cribl Stream pipeline.
Log into the New-Scale Security Operations Platform as an administrator.
Find the Collectors tab and click the Cloud Collectors tile.
Click the Collectors tab.
Click the Cribl tile. A configuration pane opens on the right.
Enter a name for the new Cribl cloud collector as shown in the image below.
Click Install. A connection string is automatically generated and a confirmation message informs you that the new cloud collector is created. The connection string is displayed in a field on the success message and will need to be copied for use in Cribl Stream.
In the success message, click Copy (
) to copy the automatically generated connection string to your clipboard for use in the next step.In your Cribl Stream product (release 4.3.1 or later), create an Exabeam destination and navigate to Configure -> General Settings. Click Autofill with Exabeam Connection String to use the connection string you copied to your clipboard in Step 7. The configuration fields are auto-populated.
When your Exabeam destination in Cribl Stream is fully configured, data collected via Cribl begins to flow into Exabeam Cribl Cloud Collector. To verify that data is being collected successfully, navigate to a downstream Exabeam service, like Search, and ensure that the collected data is available.
Note
If the data you search for is not available, you might need to perform some additional configuration in Cribl Stream. Certain types of Cribl logs require specific configuration to ensure they can be parsed effectively in Exabeam. To determine if you need to complete any special configurations, see Scenarios that Require Specific Configuration.