This Cribl Stream pack processes events from the Push Security platform.
It makes it easy to forward/drop different event categories and drops some metadata fields (e.g. event headers) such that you should see ~50% event size reduction using this pack.
For full documentation of events emitted by the Push Security platform, please visit the Push Security Webhooks documentation. To learn more about Push Security, please visit www.pushsecurity.com.
- Configure a Cribl Stream source to receive data over HTTPS. (The "Raw HTTP" source with TLS configured is suggested. If you don't have your own PKI infrastructure, you can use the built-in
$CRIBL_CLOUD_KEYand$CRIBL_CLOUD_CRTfor the private key path and certificate path values.) - Create a webhook in the Push Security platform that points to your Cribl Stream source.
- Download and install the Push Security pack for Cribl Stream (
cc-push-security) - Inside the pack routes, enable or disable routes to control which event categories are forwarded as needed.
- Create a route that uses a filter to match on your source, set the pipeline to the
cc-push-securitypack, and set your desired output.
Initial release
To contribute to the Pack, please email Push Security using support@pushsecurity.com and outline your proposed contribution.
To contact us please email support@pushsecurity.com.
This Pack uses the following license: Apache 2.0.