Cribl has acquired CardinalOps, adding automated detection engineering to its telemetry platform as the company expands further into security operations. The deal brings tools for assessing threat coverage, identifying gaps in detection rules, and improving how security teams use data across their existing environments.CardinalOps uses AI to map security controls against known adversary techniques and continuously test whether detections are working as intended. Its technology can flag broken or noisy rules, expose areas where threats may go undetected, and help SOC teams improve coverage without manually reviewing each control. Cribl plans to combine those capabilities with its tools for collecting, routing, storing, and searching telemetry.The acquisition also supports Cribl’s push to give customers more control over how security data is managed. Organizations will be able to analyze telemetry across different platforms and locations while applying CardinalOps’ detection capabilities to the same data. Cribl is positioning the combined platform as a way for enterprises to modernize SIEM environments, reduce data costs, and keep using existing security tools during that process.Cribl will also open an office in Tel Aviv following the acquisition, giving the company access to CardinalOps’ team and Israel’s cybersecurity talent base. The deal gives Cribl a larger role inside the SOC and creates a foundation for additional security products built around shared telemetry, detection coverage, and more flexible security architectures.




