SAN FRANCISCO, Dec. 02, 2025 (GLOBE NEWSWIRE) -- Cribl, the Data Engine for IT and Security, today announced Cribl is a launch partner for the new AWS Security Hub that prioritizes critical security issues and helps companies respond at scale. Cribl Stream is introducing an enhanced capability in the dedicated extension for AWS Security Hub.This will make it easier for security operators (SecOps) to collect security findings, transform them into Open Cybersecurity Schema Framework (OCSF), and seamlessly send them to Cribl Lake for long-term retention and future incident response and query.
One of the key features of this integration is the ability to view AWS Security Hub events directly within Cribl Search. This means you can leverage Cribl's powerful search and analytics capabilities to analyze Security Hub events alongside all your other security data. This centralized view will significantly reduce the time spent switching between different tools and improve your ability to correlate security incidents across your entire environment. This includes viewing the Security Hub findings using EventBridge. This enables the observation of Security Hub findings and the real-time outcomes of AWS logs, such as CloudTrail events. Additionally, Cribl can receive the AWS Security Hub findings and store them in Cribl Lake or other destinations. Cribl Search enables you to query events for more effective security investigations.
"The ultimate goal for every security team is fast, precise incident response. But you can't get there when your data is spread across multiple tools and does not give you real-time views into these events,"said Abby Strong, Chief Market and Customer Officer at Cribl. "By allowing users to query data stored in Cribl Lake, other object stores, and the Security Hub findings, security professionals can quickly correlate past incidents with real-time events."
The Power of OCSF for Amazon Security Hub
The AWS Security Hub simplifies and unifies security operations through centralized management to protect cloud environments. This enhances the OCSF format by incorporating AWS-specific resource details, including Amazon Resource Names, tags, and configuration attributes, while maintaining universal OCSF compliance. This extensibility mechanism ensures standardized data interchange while accommodating specialized implementation requirements.
By leveraging the OCSF standard, this enhanced capability facilitates:
- Aggregated Security Findings: Security Hub can more readily consume and normalize findings from various services and partner products into a single pane of glass, accelerating prioritization and providing a unified foundation for analysis.
- Standardized Format: Cribl Stream takes this integration a step further by enabling SecOps to convert third-party findings into OCSF version 1.6 with AWS-specific context.
- Accelerated Correlation: By speaking the same language, data from different telemetry systems can be more easily correlated, allowing security teams to resolve incidents faster.
- Automated Workflows: Cribl Copilot Editor uses AI to recommend optimal mappings to the OCSF standard, reducing the manual effort of writing and debugging pipelines.
The added capability in the AWS Security Hub extension in Cribl Stream is available today. For more information, check out the Cribl blog or visit Cribl at AWS re:Invent 2025 at Booth #1647.
About Cribl
Cribl, the Data Engine for IT and Security, empowers organizations to transform their data strategy for the AI era. Customers use Cribl’s vendor-agnostic solutions to analyze, collect, process, and route all IT and security data from any source or to any destination, delivering the choice, control, and flexibility required to adapt to their ever-changing needs. Cribl’s AI-powered product suite, which is used by Fortune 1000 companies globally, is purpose-built for IT and Security, including Cribl Stream, the industry’s leading observability pipeline; Cribl Edge, an intelligent vendor-neutral agent; Cribl Search, the industry’s first search-in-place solution; and, Cribl Lake and Lakehouse, turnkey open format storage solutions designed for telemetry volume and variety. Founded in 2018, Cribl is a remote-first workforce with an office in San Francisco, CA.
Learn more: cribl.io
Try now: Cribl Sandboxes
Join us: Slack community
Follow us: LinkedIn and Twitter
