What’s New in Exabeam Product Development – October 2023

In October, we introduced more than 30 feature and product improvements to enhance your experience with the Exabeam Security Operations platform. Our goal is to make it easier to ingest a broad set of third-party data sources, while adding advanced capabilities to our service offerings.

Join us on Nov. 14 at 8 a.m. PT for our October New-Scale Release Webinar, where we’ll dive into each key feature with detailed explanations and live demonstrations.

Microsoft 365 Exchange admin reports and Microsoft security alerts collector

These reports and the alerts collector have been integrated into the Exabeam Security Operations Platform. With the Microsoft security alerts collector, you can ingest critical alerts from other Microsoft services, such as Microsoft Defender, Azure Security Center, and Azure Active Directory Identity Protection. These new cloud collectors make it easier to configure and separate endpoints from the old Office 365 cloud connector into separate, log-specific cloud collectors. 

Read the Cloud Collector release notes

Enhancements to roles and permissions

We’ve simplified and targeted access control workflows for the Exabeam Security Operations Platform. We’ve expanded the number of prepackaged roles in settings from three to seven, helping align security operations organizations of any size. Permissions have clear names and descriptions, allowing administrators to define access control efficiently for every role, including custom roles.

Read the Exabeam Security Operations Platform release notes.

Risk scoring in Alert and Case Management

Our risk scoring now escalates the highest-risk alerts and cases for analyst review, indicating the likelihood of business impact. These risk scores inform system-generated priority levels, which can be manually adjusted by the analyst. Prioritizing security alerts and cases offers clear direction on where to focus efforts for faster detection and assessment of potential incidents, a key aspect in threat mitigation. You can filter alerts and cases by priority, risk scores, or age (the length of time since the alert or case was first created).

Read the Alert and Case Management release notes.

Granular suppression for rules and entities

This feature has been enhanced to allow users to suppress a correlation rule for a specific group or host. When using a Common Information Model (CIM) 2.0 field, a correlation rule is suppressed only by that value for the assigned suppression threshold. Using suppression to address “noisy” ports or hosts ensures you can manage alert fatigue and not miss important detections. The ability to suppress a value appears as the last step of the CR creation wizard, making it easy to apply as part of the regular workflow.

Read the Correlation Rules release notes.

New-Scale Okta Context Management

We now support one of the most widely adopted identity provider (IdP) solutions, Okta, for access and authentication. Okta context tables can be included in custom filtered tables, which are then used in Search, Correlation Rules, and Dashboards to boost functionality.

Read the Context Management release notes.

For a complete list of Exabeam release features organized by month, visit our page to discover additional October features not covered in this blog post.

Dig into the new release in the Exabeam Community. Engage in live ExaExpert Q&A sessions every other week, or join technical discussions at your convenience. Your curiosity and questions are always welcome.