The easiest route - we'll conduct a 15 minute phone interview and write up the review for you.
Use our online form to submit your review. It's quick and you can post anonymously.
Entire logs from my organization go through Cribl and get routed to Splunk and various other destinations. I use it on a large scale in my organization. Cribl Stream is one of my favorite parts. I use Cribl to route the logs to various destinations. It helped us to completely remove the monopoly on Splunk. Not only firewall logs, but also cloud trail logs and many other logs were processed through Cribl.
It helped us to completely remove the monopoly on Splunk, as we previously couldn't have any control over logs and how to optimize them. When we had Cribl in place, it provided a vision and a platform for us to control what we send and how we send it in terms of data passing, data enrichment, and many more things, with massaging the data. It also helped us to open up to many tools where we could send the data to various destinations, as it is vendor-agnostic.
Cribl Stream is good, but I feel they could develop more products apart from Cribl Stream for my use case. I know Search is coming and Data Lake is there, but there can be more innovations in Cribl. They had one good product, which is Cribl Stream, which appears to be the primary revenue source for the company, but there may be many other use cases. They could explore OTel and how to connect with DynaTrace. They are looking specifically for logging, but expanding into metrics and APM would also help.
I have been using Cribl for the past three to four years.
On-premises deployment is something which customers take care of themselves. Earlier versions had quite a few issues, but there are more stable versions now, so it is a good time to start using Cribl.
They are very scalable and good.
They are very good in terms of solving issues. Regarding availability over other time zones, since it is mostly focused on Europe and US, they are starting to build up in New Zealand and other places.
I tried a few other alternatives as POCs, but none of them worked out as effectively as Cribl.
We worked on it for six months. Our infrastructure is complex, so it took almost six months, a couple of quarters.
If you have a good architect and a couple of Cribl staff members to assist, three persons can handle the implementation.
It is feasible and doable. Compared to Splunk, Cribl is cheaper.
Pricing is feasible and doable. Compared to Splunk, Cribl is cheaper.
I tried a few other alternatives as POCs, but none of them worked out as effectively as Cribl.
It has been able to perform to the best of its capabilities. They are able to handle everything with their non-shared architecture. On a scale of 1-10, I would rate Cribl a solid nine.
The main use cases for Anvilogic are around detections and detection engineering, trying to accomplish everything from identifying, prioritizing threats, baselining current capabilities, and, based on the threat prioritization, identifying the gaps and recommended use cases that we will have to deploy to bridge those gaps. These are the use cases that we have deployed.
We enjoy a good partnership with the Anvilogic product and engineering teams. We could put many features that were not available in their pipeline, and they are quick to deliver key features for us. Deploying Anvilogic required training our team to adopt it, but during the evaluation, we planned our success criteria, which included training. The Anvilogic team has been with us since the beginning of the evaluation until now, maintaining the same cadence of meetings to review progress and areas for improvement, which is very helpful as a customer because we know they are not just after the next sale.
We were one of the first customers of Anvilogic, so many of its features were still under development when we began our journey with them. During the first 90 days, our primary focus was on migrating our detection content from the previous platform to Anvilogic. We concentrated on ensuring that this migration was done correctly. As we got more familiar with the platform, we discovered that Anvilogic has a highly robust detection library, with over 3,000 detections available. Their research team plays a crucial role in building these detections. Initially, we only deployed our custom detections that we had migrated, but over time, we began utilizing the detections from the library as well.
With each new feature that was released, we found our experience improved significantly. For instance, we appreciated the option to automatically deploy recommended detections. The insights capability was particularly impactful for us, as it automatically identified recommendations for tuning our use cases and fixing issues that needed attention. It also helped us discover areas we weren't actively monitoring. These differentiating features made a significant difference in our operations. Although it took us nearly a year to fully adopt Anvilogic, we are now at a point where all key stakeholders on the security operations team love the product and the user experience. Most importantly, we value the level of support we receive from Anvilogic.
From a maturity perspective, it has been very easy to measure our detection maturity over time. By using this detection engineering platform, we can manage the entire detection engineering lifecycle. Therefore, it’s simple to show executives our progress: where we started, where we currently are, and what remains to be done. We can also demonstrate how our maturity is evolving as new threats are identified and how we respond to them. All of this information is easy to justify thanks to the maturity dashboards available within the platform.
The features of Anvilogic that I prefer the most include having a holistic approach, from identifying the concept of analyzing maturity, doing it similarly to how we were doing it, looking at data maturity, data timeliness, data availability, and then into our detection maturity, and not only looking at prioritized detections needed for our specific area or domain, which was very important for us. From that point, deploying any recommended content is very simple.
Another important feature is the concept of a multistage threat scenario. After we started subscribing to Anvilogic, in future releases, they built out new features around automated threat detections and insights, such as health insights, hunt insights, and tuning insights, which are all neat features that allow my team to be more efficient.
I believe the future is very exciting, especially regarding the agentic approaches that have gained popularity following the rise of generative AI and large language models. We fully expect that within a year, Anvilogic will incorporate some level of agentic workflow capabilities. We might adopt these features solely within Anvilogic, or we may choose to integrate them with our own homegrown agentic workflows. This is the direction I see for Anvilogic's adoption moving forward.
Anvilogic can be improved by focusing on the agentic way of doing things, similar to what we saw with Monte Copilot, which still needs work. The team is currently doing that work as seen in the roadmap, including having an agent for search, a detection agent, and a hunt agent, making those concepts come to fruition.
We started looking at Anvilogic in late 2021, and then we started evaluating them in early 2022. By late 2022, we were already subscribed to Anvilogic.
Other than scheduled downtimes, I have not experienced any outages.
Anvilogic scales effectively with the growing needs of our organization, and we don't have issues when onboarding our primary stakeholders into the platform. They can use it and receive necessary training and coaching, while the most important part is that we can meet with the Anvilogic customer success team almost weekly to review our adoption and share feedback.
They are top-notch. They are always available. The customer service team is always available to us. The product management and the product engineering team are available to us if we need to review something with them.
Positive
Like many companies in this field, we utilize the MITRE ATT&CK framework to benchmark our current capabilities and build detections. Each year, at the beginning of the year, we download the latest version of the MITRE ATT&CK framework and assess our current detections. We tag and benchmark them, prioritize threats, and identify which use cases require new detection capabilities. Previously, this process took my team about two to three weeks, and we only performed it annually. However, around 2021, MITRE introduced the concept of sub-techniques. Initially, we were analyzing around 300 techniques, but now we have to analyze over 600. This effectively doubled the time that my team needed to complete the analysis. The work became repetitive and monotonous. As a result, I began searching for a solution that could streamline this process.
When Anvilogic reached out, we discussed our detection processes, and they explained the capabilities of their platform. It felt like a meeting of the minds because what we were doing manually, they could automate. We realized this solution could save us a significant amount of time and make us more agile. By automating the processes of prioritization, identifying gaps, and deploying recommended detections, we could conduct threat prioritization exercises whenever necessary. Given that the threat landscape evolves almost daily, completing these exercises only once a year would put us at a disadvantage. When we recognized Anvilogic’s capabilities, we knew we had to consider their solution.
In early to mid-2021, Anvilogic was the only one doing it this way. We were doing it manually while they were building it, and now there are many similar companies emerging, but we are happy with the success we have had with Anvilogic, choosing to partner with them and providing feedback and feature requests they can incorporate into subsequent releases.
Since Anvilogic was a new concept and product, we needed to invest a lot of time in training our team to adopt it. Fortunately, during the evaluation phase, we established clear success criteria, one of which was training on Anvilogic. The Anvilogic team has been with us from the very beginning of this process and continues to support us today.
We have detections in multiple places. Most of our detections are on-prem, but there are some that are in the cloud. We use their integration pipelines to bring all of them together.
It was fair. All of us like to deal with vendors who have a certain level of integrity, and the people who run Anvilogic have the highest level of integrity, which makes those sorts of negotiations much easier.
During our evaluation, we encountered many products making various promises. However, when it came to Anvilogic, they were able to identify key aspects of our processes during the evaluation period, which was impressive. This demonstrated that the Anvilogic product was engineered effectively and was functioning as intended. As a result, we started to trust both the team and the platform more.
Since then, we have enjoyed a strong partnership with the Anvilogic product and engineering teams. There were times when features we needed were not initially available, but we were able to communicate our requests, and they were quick to prioritize and deliver those key features for us.
If Anvilogic were to disappear tomorrow, my heart would break. My advice to Anvilogic is to prioritize my request.
I would rate Anvilogic a nine out of ten.
