What’s New in Exabeam Product Development – March 2023

March came in like a lion, and we’re excited to share the latest roars from our product team! No matter your feelings about the seasonal time change, we hope you’ll appreciate these changing times with our new features, improvements, and capabilities. To stay up-to-date on our releases, subscribe to our blog for monthly updates.

The following changes, new capabilities, functions, and actions are all live as of March 28.

Outcomes Navigator

One of our most exciting features, Outcomes Navigator, is now available to even more customers. All new Exabeam customers and existing customers who have migrated to the new platform will have access to this improved level of insight and visibility. The feature analyzes your environment to assess how well it protects against specific use cases. Outcomes Navigator provides security engineers and leaders with an interactive view to compare their current coverage with the available product coverage. This feature helps to identify gaps and provides recommendations for enhancing coverage. This tool provides a more efficient method for gaining visibility into security outcomes and enables users to take action to improve their security posture.

Read the documentation.

Collectors

Exabeam now supports a new SentinelOne Collector for New-Scale SIEM™ — a closer integration with our XDR Alliance partner in EDR. 

The engineering team has improved error messages for Site Collector agents by including additional details in case of operational errors. Users can now view the latest error details within the Exabeam Security Operations Platform, to assist in initial troubleshooting efforts. 

Read the documentation.

Log Stream

In Log Stream, you can add custom vendor and product names when building their unique log parsers. Administrators can track full auditing for all log parser changes or configuration amendments via the audit log function.

Check out the release notes.

Search

Search introduces a new functionality that allows exporting parsed events. When exporting logs, you now have the option to export either the raw event or parsed fields, including subsets of parsed fields.

Additional updates include functionality enhancements such as pinning field summaries and event details. These improvements are designed to support you and provide a more efficient search experience as you scroll through search results or event details.

Read the Search release notes. 

Dashboards

The team has introduced three new pre-built dashboards for customers using Exabeam Security Log Management, Exabeam SIEM, and Exabeam Fusion. These new Dashboards display port usage trends, account logout summaries, and lists of authenticated user accounts on hosts. These Dashboards are valuable for both daily review and compliance documentation purposes. 

There are also new group and subgroup options when building filters. Analysts can select  any logical operator, groups, or sub-groups in two layers when creating filters. This enhancement helps Dashboards emulate the Search conditions when building visualizations.

Users also now have the ability to build Dashboards using context table filters as a key value. This feature enables analysts to build visualizations specifically on Indicators of Compromise (IoCs) or context-specific dashboards.

See the instructions and documentation.

Correlation Rules

You now have the option to assign MITRE ATT&CK^® tactics and techniques when creating a correlation rule. By aligning your correlation rules with the ATT&CK framework, you can more effectively assess your threat coverage against a widely recognized threat classification system.

Read the Correlation Rules release notes.

Alert and Case Management

Exabeam now supports ​rich text formatting in the Description and Note fields of alerts and cases, enabling more effective communication during incident response efforts. Also new in March, you can now export additional fields for alerts and cases to CSV files, including key fields like notes and attachments.​ The exported data can be archived or imported into external applications for further analysis or reporting.

Read the release notes.

Legacy system updates

A new Data Lake i40.6 is now available. This release covered a number of small improvements and bug fixes. 

Read the release notes. 

Resource: Exabeam platform integrations

We recently updated our platform integrations datasheet, which includes details on both log ingestion and incident response. This is an excellent resource for understanding how we work with vendors you may already use or be familiar with. 

What’s up next?

Join our Community Webinars to talk shop with fellow users, products, and support!

If you missed the March 15 webinar on Outcomes Navigator and Log Stream updates, a replay is available here.

To learn more about all these updates, visit the Exabeam Community to read documentation, and sign up for webinars to keep track of all the latest announcements.