Skip to content

Cribl Guard Cheatsheet

Cribl Guard Cheatsheet

Overview

Cribl Guard is a solution designed to protect your data with AI and human-in-the-loop. It helps you identify and redact sensitive data in real-time, before it is sent to your analytics and monitoring tools.

Key Features

  • AI-Powered Data Redaction: Uses AI to automatically identify and redact sensitive data, such as personally identifiable information (PII) and protected health information (PHI).
  • Human-in-the-Loop: Allows you to review and approve the redaction decisions made by the AI, ensuring that you have full control over your data.
  • Real-Time Data Protection: Protects your data in real-time, as it is being streamed from your sources to your destinations.
  • Flexible Deployment: Can be deployed as a standalone solution or as part of the Cribl Stream platform.

Getting Started

  1. Deploy Cribl Guard: Install and configure Cribl Guard in your environment.
  2. Connect your data sources: Connect your log sources, metrics, and other data sources to Cribl Guard.
  3. Configure your redaction policies: Define the rules and criteria for how Cribl Guard should identify and redact sensitive data.
  4. Review and approve redactions: Use the human-in-the-loop feature to review and approve the redaction decisions made by the AI.
  5. Send your data to your destinations: Send your protected data to your analytics and monitoring tools.

Common Commands

While Cribl Guard is primarily UI-driven, here are some conceptual commands that represent the actions you would take within the platform:

  • cribl guard policy create --name "PII Redaction" --pattern "\\d{3}-\\d{2}-\\d{4}" --action redact: Create a new redaction policy to redact social security numbers.
  • cribl guard review list: View the list of redaction decisions that are pending review.
  • cribl guard review approve --id <decision_id>: Approve a specific redaction decision.
  • cribl guard review reject --id <decision_id>: Reject a specific redaction decision.

Example Use Case

Scenario: A healthcare organization wants to send their application logs to a cloud-based analytics platform, but they need to ensure that all patient data is redacted before it leaves their environment.

  1. Deploy Cribl Guard: They deploy Cribl Guard in their on-premises data center.
  2. Connect Data Sources: They connect their application log sources to Cribl Guard.
  3. Configure Redaction Policies: They create a redaction policy that automatically redacts all patient names, addresses, and other protected health information (PHI).
  4. Review and Approve Redactions: Their compliance team uses the human-in-the-loop feature to review and approve all redaction decisions, ensuring that no patient data is accidentally exposed.
  5. Send Data to Analytics Platform: Once the data has been redacted and approved, it is sent to the cloud-based analytics platform for analysis.

Additional Resources