What’s New in Exabeam Product Development – January 2023
- Feb 01, 2023
- Jeannie Warner
- 3 minutes to read
Table of Contents
January flew by with a haze of New Year’s resolutions for everyone. Whether this is the month of good intentions or best practices, Exabeam’s product management and engineering teams have been forging ahead with meeting customer requests, improving back-end functionality, and innovating on how we play in the security space. Here are some highlights.
Search
Within Search, you can now reference a context table to narrow down search results and conveniently search for indicators of compromise (IoCs). Search for IoCs within context tables and find threats faster.
Dashboards
Access to new, pre-built dashboards helps reduce time spent on customizing or building reports. Exabeam offers five new dashboards covering account management activity, application security event summary, denied web access activity, top attackers, and an overview of Microsoft Windows.
Log Stream
Log Stream offers improved parser management for event definitions, handling, and improvement. Add custom fields and fine tune the data ingestion process to meet your bespoke use cases. Or, reset and remove customizations from default parsers with a single click.
Alert and Case Management
Upload file attachments to alerts and cases
Now, you can upload file attachments (1GB/file) to alerts and cases within Alert and Case Management. Speed investigation and remediation efforts — find security alerts, cases, and related evidence in a single place. If a file needs to be uploaded for investigation and remediation purposes, you can manually attach it to an alert or case. Cases, alerts, and all related evidence can be managed and reviewed by all analysts assigned to the case or alert.
Correlation Rules
Create correlation rules from context search queries
Within Search, you can build queries to find field values that are or are not in a context table. Now, you can build correlation rules from these searches. Building correlation rules that reference context tables improves threat detection. For example, you can build a search query that looks up an IP address in a ransomware context table, and create a correlation rule to trigger if a match is found.
Event Selection
Save, edit, delete or enable policies
Admins can now save a group of event selection statements as an event selection policy. Under event selection in settings, an admin can access saved policies and have the option to view, delete or make a previous event selection policy active. Simply select a previous policy, and you can load the policy. Saving and restoring past policies offers rapid recovery from update mistakes and better visibility of changes performed by other admins in your Exabeam environment.
Outcomes Navigator
Parser calibration score update
Now Outcomes Navigator can present “Parser Calibration Score” to show just how well data is being used, as well as guide you through improving parsing. Parsing can now be improved by data source as well as use case.
Fully documented calculation measurement
Gain greater confidence and understanding of scoring across Outcomes Navigator by understanding exactly how scores are calculated. This clarity allows for identification of out of bounds values and alerts the internal owner about the issue.
Read the documentation for further details.
Exabeam annual penetration test executive summary now available
This month, Exabeam concluded its third-party, annual penetration test. The Executive Summary report is now available for distribution to customers and partners. The assessment evaluates and identifies any application-level security issues in the Exabeam SOC Platform and Exabeam SecOps Platform including Advanced Analytics, Case Manager, Incident Responder, MATIS API, Cloud Connector, and Site Collector. You can request copies of the Summary from your Exabeam Representative.
But wait, there’s more!
These are just a few highlights of what Exabeam has released in January 2023. For more including updates to Site Collectors and Cloud Collectors, along with other security updates, check out the release notes on the Exabeam Documentation Portal.
Don’t forget to check out our new Community Webinar on Standing up a SOC. Whether you’ve got a well-established security operation or just starting to dedicate security personnel to the issue, this series (or recording if you’re so busy you need to watch later at your convenience) is for you.
To learn more about all these updates, visit the Exabeam Community to read documentation, and sign up for webinars to keep track of all the latest announcements.
Jeannie Warner
Director, Product Marketing | Exabeam | Jeannie Warner, CISSP, is the Director of Product Marketing at Exabeam. Jeannie is an information security professional with over twenty years in infrastructure operations/security starting her career in the trenches working in various Unix help desk and network operations centers. She started in Security Operations for IBM MSS and quickly rose through the ranks to technical product and security program manager for a variety of software companies such as Symantec, Fortinet, and Synopsis (formerly WhiteHat) Security. She served as the Global SOC Manager for Dimension Data, building out their multi-SOC “follow the sun” approach to security. Jeannie was trained in computer forensics and practices, and plays a lot of ice hockey.
More posts by Jeannie WarnerLearn More About Exabeam
Learn about the Exabeam platform and expand your knowledge of information security with our collection of white papers, podcasts, webinars, and more.
