Exabeam Security Investigation
Exabeam Security Investigation provides use-case driven threat detection, investigation, and response automation, across events from multiple security stacks and data repositories.
Advanced correlation capabilities
Exabeam Security Investigation adds content, workflows, and automation to provide outcome-focused threat detection, investigation, and response (TDIR) capabilities to ineffective products. To help standardize around TDIR best practices, Exabeam Security Investigation includes prescribed workflows for ransomware, phishing, malware, compromised insiders, and malicious insiders, and pre-built content, focusing on specific threat types and techniques.
Flexible integration to augment your security investments
Exabeam Security Investigation runs on top of a legacy SIEM or data lake to upgrade an organization’s defenses and contend with sophisticated and credential-based attacks. This enhances your existing investments and data repository.
- 200+ on-premises connectors
- 60+ cloud-delivered security product connectors
- 10+ SaaS productivity product connectors
- 20+ cloud infrastructure product connectors
- 9,500+ pre-built parsers
- 65 SOAR integrations
- 576 SOAR response actions
Uplevel your security team confidence, speed, and performance while getting more out of your existing cloud and on-premises infrastructure investments, as you unify them into a single control plane for monitoring and operations.
Understand normal behavior
The majority of today’s attacks involve compromised credentials1, and most security products can’t help. To understand normal behavior and detect anomalies, even as normal keeps changing, all user and device activities get baselined and assigned a risk score. 1,800 rules, including cloud infrastructure security, and over 750 behavioral model histograms power Smart Timelines™ to convey the complete history of an incident, showing complete event flows, like lateral movement and credential use, visualizing the risk score associated with each event. The result: find and stop the threats others tools miss, and uplevel your security team speed and performance to stay ahead of your adversaries.
1 2022 Verizon DBIR
Detect and prioritize anomalies
Exabeam UEBA capabilities include over 1,800 fact-based correlation rules and over 750 behavioral model histograms. Smart Timelines™ visualize the complete history of an incident and highlight the risk associated with each event. Anomaly Search in Exabeam Security Investigation provides a simplified search experience with fast query results. A single interface allows analysts to search for Exabeam-triggered events across their data repository, pairing behavior-based TTP detection with known IoCs to enhance an analyst’s threat hunting capabilities.
Automated investigation and response
Exabeam Security Investigation automates the manual, time consuming steps of performing detection, triage, and investigation while guiding the analyst through response. Machine learning-informed Smart Timelines automatically gather evidence, apply risk scoring, and assemble it into a cohesive story that can be used to perform an initial investigation. Turnkey Playbooks apply use case-centric workflow actions to guide investigations with tailored checklists that prescribe steps for resolution. Actions and response playbooks perform automated phishing, malware, and IoC lookups, and integrate with leading security and IT products, providing nearly 600 response actions to help automate the resolution of those steps.
How it works
Exabeam Security Investigation ingests, parses, and stores logs, and uses a new common information model (CIM), data enrichment using threat intelligence, and other context, to help create security events. To standardize around best practices, Exabeam Security Investigation includes prescriptive use case content that focuses on specific threat types (e.g. ransomware, phishing, malware, compromised credentials). With Exabeam Security Investigation, analysts are able to run their end-to-end TDIR workflows from a single Threat Center that performs automation of highly manual tasks such as alert triage, detailed incident investigation, and incident response with Automation Management. To provide a better understanding of your security posture, the Security Investigation Outcomes Navigator analyzes your use case coverage and offers data source and parsing configuration changes to close any gaps.
response actions
Available to semi- or fully-automate workflows, so analysts can employ repeatable actions to reduce response time and improve efficiency.
orchestrations
Exabeam SIEM offers over 190 pre-built correlation rules matching some of the most common use cases of malware and compromised credentials.
MITRE ATT&CK® categories
Coverage for all ATT&CK categories, including 199 techniques and 379 sub-techniques.
Exabeam Security Investigation features
Exabeam Security Investigation provides use-case driven threat detection, investigation, and response automation, across events from multiple security stacks and data repositories.
Collectors
Collect data from on-premises or cloud data sources from 22 product categories, 292 different vendors, and 549 different products with over 9,500 pre-built log parsers.
Log Stream
Rapid log ingestion processing over 2M events per second using a new CIM and parsing at ingest. A central console enables you to visualize, create, deploy, and monitor parsers within a unified ingestion pipeline for all Exabeam functions.
Common Information Model (CIM)
Exabeam built a Common Information Model (CIM) that provides a schema to simplify the normalization, categorization, and transformation of raw log data into actionable events in support of security use cases.
Search
A simplified search experience with faster natural-language query and instant results over petabyte scale and/or years of data.
Reporting and Dashboards
Print, export, or view dashboard data with pre-built compliance reports, customized reports, and dashboards with 14 different chart types.
Correlation Rule Builder
Write, test, publish, and monitor hundreds of custom correlation rules for your most critical business entities and assets, including defining higher criticality via Threat Intelligence Service-sourced activity.
Pre-built Correlation Rules
Over 190 pre-built correlation rules for detections against the most common threat types such as malware and compromised credentials.
Outcomes Navigator
Outcomes Navigator maps the feeds that come into the platform against the most common security use cases and suggests ways to improve coverage.
Service Health and Consumption
Visualize your service health for every Exabeam service and application, as well as data consumption, while monitoring your connections and sources.
Threat Intelligence Service
Available at no additional cost and refreshed every 24 hours, the Exabeam Threat Intelligence Service ingests commercial and open source feeds, then aggregates, scrubs, and ranks them, using machine learning algorithms to produce a highly accurate stream of IoCs.
Advanced Analytics
UEBA with more than 1,800 rules, including cloud infrastructure security, and 750-plus behavioral models to automatically baseline normal behavior of users and devices with histograms to detect, prioritize, and respond to anomalies based on risk.
Threat Center
Simplify security analyst workflows and increase productivity through centralized threat management, pre-built investigative tools, and automation to reduce alert fatigue.
Turnkey Playbooks
Automate repeated workflows for investigation into multiple threat types such as compromised credentials, malware, ransomware and malicious insiders with guided checklists for resolution.
Incident Responder
Available as an optional feature to orchestrate and automate repeated workflows to 65 third-party products with 576 response actions, from semi- to fully-automated activity.
Put Your Security Skills to the Test
Challenge yourself and compete with peers in a formidable game of Exabeam CTF. You’ll get a firsthand view into the power of Exabeam behavioral analytics, threat hunting, and automation and their ability to transform your team’s TDIR capabilities.
“With Exabeam we’re able to go back to the business and say with some intelligence that we are watching what the users are doing. We can see activity across the board, and we have something that’s showing us, based off of what this person normally does, that they could be an outlier, and that we should investigate. We can document our investigations and move on with other operational tasks.”
Joe Horvath
Manager, Enterprise Information Systems Security | Kelsey-Seybold Clinic
Trusted by organizations
around the world
Frequently Asked Questions
Answer: Security Investigation includes prescribed workflows for ransomware, phishing, malware, compromised insiders, and malicious insiders, and pre-built content (e.g., MITRE ATT&CK framework), focusing on specific threat types and techniques to achieve more repeatable and successful TDIR.
Answer: All your data is protected through an end-to-end encryption data flow pipeline. We start by ingesting logs and data from APIs and Exabeam Collectors using secure communication channels (Syslog, agents, Kafka sources using SSL/TLS) in your environment and then upload them through TLS-secured channels onto the cloud-delivered Exabeam Security Operations Platform. In addition, Exabeam encrypts data at rest to ensure the highest level of security for your data.
Exabeam is SOC2 Type II certified. To meet the requirements for certification we have developed and follow strict information security procedures and policies for the security, availability, processing, integrity, confidentiality, and privacy of customer data. This aligns with Exabeam’s ongoing commitment to create and maintain a secure operating environment for our clients’ data.
Explore the many ways Exabeam can work for you
Whether you replace a legacy SIEM, or complement an ineffective SIEM solution by adding UEBA, SOAR, and TDIR content, the modular Exabeam Security Operations Platform can help you achieve security operations success.
- SIEM replacement: Exabeam Fusion
- SIEM augmentation: Exabeam Security Investigation
Learn more about the Exabeam Security Operations Platform
Learn about the Exabeam platform and expand your knowledge of information security with our collection of white papers, podcasts, webinars, and more.
REPORT
Gartner® Report: Hype cycle™ for Security Operations
Security operations personnel require modern security technologies to quickly detect and mitigate threats and reduce exposure. This report shows a graphical depiction of common patterns that arise in security operations with each new technology or innovation.
What else can Exabeam do for you?
At Exabeam, our goal is to help you achieve your business outcomes. Leverage our breadth of experience, resources, and tools to help your security team meet their business goals through deployment and beyond. This goal is our key focus for customers and partners alike.
See the Exabeam Security Operations Platform in action.
Request a demo of the industry’s most powerful platform for threat detection, investigation, and response (TDIR). See how to:
• Ingest and monitor data at cloud-scale
• Determine abnormal user and device behavior
• Automatically score and profile user activity
• View pre-built incident timelines
• Use playbooks to make the next right decision