What’s New in Exabeam Product Development – April 2024

Our April product release introduces three new major features: Investigation Timelines with Search, Threat Center APIs, and custom case queues and stages. Together, these new features help customers speed investigations with timeline visualizations, customizable stages and queues, and enhanced API capabilities within Threat Center for managing alerts and cases.

Please join our webinar to learn about the April release, scheduled for May 14 at 8 a.m. PT and May 15 at 1 p.m. AEST for the APJ region. The session will cover new features, demonstrations, and access to the Exabeam Product Management Team for Q&A.

Investigation Timelines – feature preview

Investigation Timelines provide security analysts and threat hunters with a comprehensive visual timeline of normal and abnormal behavior. Investigation Timelines, within Exabeam search, provide users with unmatched investigation capabilities, combining our existing timeline experience with search for more granular visualizations. Enhanced search and filter options within the timeline interface are able to link detections to the triggering events automatically, reducing manual analysis and research. Within the Search app, users now have the option of event view or timeline view, eliminating the burden of switching between applications during an investigation, improving analyst productivity. Investigation Timelines offer granular visibility and a simplified experience for investigating and grouping the details of a threat.

Benefits of Investigation Timelines include:

• Granular search and filtering capabilities: Advanced search and filter functionality within Investigation Timelines enable precise identification of anomalies and security threats.
• Streamlined investigation workflows: Search across multiple detections, reducing complexity and accelerating the investigation process. Users can view search results and pivot from an Investigation Timeline to an event view. 
• Unified investigation platform: Threat Center and Search work together for a complimentary, cohesive experience for granular investigations and threat hunting. Investigation Timelines allow users to proactively see links between threat detections and security events.
• Rapid incident response: Expedite incident response efforts using Investigation Timelines to quickly assess security incidents, powering proactive measures to control scope, mitigate risks, and minimize the impact of cyberthreats.

Investigation Timelines are schedule for Q2 2024 availability. If you’re an existing Exabeam customer and would like early access to Investigation Timelines, please reach out to your Exabeam account team.

New Cloud Collectors for Duo and Azure Log Analytics

For April, we’ve added two powerful new Cloud Collectors: Cisco Duo and Azure Log Analytics Collector. With Cisco Duo, users can seamlessly ingest authentication and access log data, enriching our platform’s insight into user activities and potential security risks. Meanwhile, our integration with Azure Log Analytics Collector offers enhanced log ingestion capabilities, enabling organizations to leverage Azure’s robust logging features for deeper security insights. These new collectors highlight our commitment to providing customers with comprehensive security solutions tailored to their evolving needs.

Custom case queues and stages

Case queues and stages (New, Investigation, Remediation, Close) are now configurable to match your organizational needs and internal processes.

• Use existing stages or create new ones. Customize case stages to match workflows and roles within the security operations center (SOC).
• Case queues are disconnected from role membership (RBAC), providing granular flexibility for assigning cases across the security team.
• Administrators can add, edit, reorder, and delete case stages for simplified workflow creation. 

For a detailed list and descriptions of the features introduced in the Exabeam April release, please refer to the Exabeam Security Operations Platform Release Notes.

Dig into the new release in the Exabeam Community. Engage in live ExaExpert Q&A sessions every other week, or join technical discussions at your convenience. Your curiosity and questions are always welcome.