Exabeam, a global vendor in intelligence and automation that powers security operations, and Cribl, the Data Engine for IT and Security, have announced an evolution of their strategic partnership. Building on their 2023 collaboration, this integration brings together the Exabeam New-Scale Security Operations Platform with Cribl Stream to help organizations ingest and prioritize the right data, optimize long-term storage costs, and retain the ability to search historical data on demand.
“In 2023, Exabeam and Cribl aligned around a shared goal: enable scalable ingestion of high-fidelity security data while controlling costs,” said Craig Patterson, Global Channel Chief at Exabeam. “The collaboration focused on integrating Cribl’s data pipeline with the Exabeam New-Scale SIEM to streamline search, reduce storage overhead, and unlock data value for threat detection. This laid the groundwork for enabling MSSPs and VARs to deliver more efficient, cost-effective security operations, especially for customers struggling with data deluge and escalating SIEM costs.
“The channel value was implicit,” Patterson stated. “Cribl and Exabeam enabled partners to offer smarter ingestion strategies without compromising visibility. This latest expansion makes that value explicit.”
The decision to expand the partnership reflects a recurring theme heard across both organizations’ customer and partner bases. Organizations need more effective threat detection without escalating ingestion and storage costs.
“The integration now goes beyond aligning pipelines,” Patterson stated. “It starts with the Exabeam Outcomes Navigator and Exabeam Nova Advisor Agent determining which telemetry sources are most relevant to specific threat use cases and MITRE ATT&CK coverage. Cribl then executes that logic with high-value logs being streamed into Exabeam, while lower-priority data is moved to cold storage, remaining searchable for future audits or investigations.
“This approach builds on the 2023 foundation but introduces explicit outcome alignment, moving from ingestion-centric to detection-centric pipelines that optimize both performance and cost-efficiency,” Patterson explained.
At the centre of the partnership enhancements are Exabeam Outcomes Navigator and the Exabeam Nova Advisor Agent. They help customers identify the data sources that drive the most impactful security outcomes. Cribl then routes this high-fidelity data into the Exabeam New-Scale Platform where it is transformed into AI-driven detections and threat timelines to power investigations. This partnership ensures that every log ingested supports business critical use-cases and MITRE ATT&CK coverage, eliminating painful trade-offs. At the same time, low-value data can be offloaded to more cost-efficient cold storage while remaining searchable so organizations can control storage costs and retain the ability to replay logs for historical investigations.
“Exabeam Outcomes Navigator and the Exabeam Nova Advisor Agent are core to the Exabeam New-Scale SIEM,” Patterson said. “Together, they help teams align telemetry with specific threat detection use cases and MITRE ATT&CK coverage before data is ingested. This front-loads intelligence into the pipeline, prioritizing context and outcomes over raw data volume.
“Cribl operationalizes this guidance,” Patterson continued. “It routes high-value telemetry to Exabeam and pushes less critical data to budget-friendly storage without losing search or replay capability. The result is a precise, lean, and adaptable detection pipeline.”
Unlike other SIEMs, Exabeam provides the behavioral context needed to detect the threats other tools overlook, such as insider threats. By integrating the advanced threat detection, investigation, and response (TDIR) capabilities of Exabeam with Cribl’s flexible data pipeline management, security teams gain new efficiency and drive strategic outcomes.
“Exabeam isn’t a legacy SIEM, it’s a next-gen TDIR platform designed to build behavioral context around users and entities,” Patterson noted. “By detecting anomalies that traditional systems miss, including agentic insider threats, it turns raw data into actionable timelines with AI-driven precision. Cribl enhances this model by curating the signal path. Together, we break the longstanding cost-visibility tradeoff. You get targeted ingestion, better fidelity, searchable cold storage, and more efficient investigations. In short, it’s better security, faster results, with a lower TCO.”
“One of the differentiated strengths of the New-Scale Platform is the AI we provide powered through the data we ingest,” said Steve Wilson, Chief AI and Product Officer at Exabeam. “Working with Exabeam, Cribl helps our customers achieve two important goals, delivering the data to support strategic security outcomes, and controlling cost. This partnership gives security teams the clarity, control, and confidence to detect real threats faster and outpace adversaries with precision.”
Patterson went through the key benefits of the Exabeam–Cribl partnership.
“From the long list, a few elements clearly rise to the top and they work best as a whole,” he stated. “Targeted ingestion zeroes in on the high value telemetry tied to real use cases and ATT&CK coverage, which sharpens detections and trims waste. Flexible routing lets teams move data across tools without new agents or rip and replace, so the pipeline fits the stack you already run. Cold storage turns from a tax into an asset because you can park logs in cheaper tiers and still search and replay them when an audit or investigation calls for it. Noise filtering cuts low value events, speeds queries, improves SIEM performance, and gives analysts time back. Together these moves keep the visibility you need while cutting cost, which is the core promise here.”
“An effective threat detection, investigation, and response strategy starts with clean, high-value data — because better data leads to better decisions, faster investigations, and stronger defenses,” said Vlad Melnik, Vice President, Global Alliances at Cribl. “By combining Cribl’s flexible data routing and shaping capabilities with behavioral analytics and automation from Exabeam, we’re enabling customers to streamline SIEM data ingestion, and achieve their security goals more efficiently. It’s a smarter, more sustainable path to cyber resilience.”
“What stands out is how the pieces work together to turn data pipelines into security outcomes rather than just cheaper plumbing,” Patterson said. “Exabeam Outcomes Navigator and the Nova Advisor Agent help teams decide which data sources matter for their top use cases and MITRE ATT&CK coverage, so the right signals feed the platform’s analytics and threat timelines. Long term logs can be parked in cheaper cold storage while staying searchable and replayable for audits and investigations which preserves depth without the usual SIEM storage tax. Add targeted ingestion so only strategic high fidelity data is pulled in and you get a cleaner signal path that drives faster investigations and lower cost in one move.”
So, what does all this mean for the channel partners of both companies?
“For partners, the value of the partnership is twofold,” Patterson said. “It gives them a clearer path to help customers lower SIEM costs without reducing visibility. By integrating Exabeam’s Outcomes Navigator and Nova Advisor Agent with Cribl’s data pipeline, partners can deliver targeted ingestion, optimized cold storage, and better performance without forcing rip-and-replace.
“Channel partners can now differentiate by advising customers on what data matters most, how to route it efficiently, and how to preserve forensic depth while cutting waste,” Patterson concluded. “The end result is expanded revenue potential, stronger customer stickiness, and the ability to lead conversations about breaking the cost-visibility tradeoff in modern SOCs.”