The logs you need, just how you need them.
Regardless of collection method, Exabeam Data Lake treats data the same. Data Lake collects data from anywhere, whether local, remote, or in the cloud; and provides a prepackaged, file-based collector and Windows event collector. Data Lake also collects data from devices communicating via the Cisco eStreamer protocol, database logs, cloud application logs (PaaS, IaaS, and SaaS), and from external Kafka sources. In addition, Data Lake accepts Syslogs that are sent to the Log Ingestor from third-party SIEMs and from hundreds of third-party security applications.
Context-aware log parsing and presentation
Never comb through a sea of raw logs again. Data Lake provides thousands of log parsers that add context to logs as they are ingested. If a prepackaged parser is not available, security engineers can use the Exabeam Auto Parser Generator to create their own parsers simply and quickly. The enhanced log view in Data Lake highlights the relevant security information including the associated user and source IPs from VPN logs. A guided search feature assists analysts by auto-completing search requests, while the filtered search feature optimizes queries and exports granular log data to dashboards and reports.
Natural language-based rule builder
In modern security management solutions, threat detection is often performed through a combination of correlation rules and behavioral analysis. High-value correlation rules are useful for certain tasks, like detecting policy non-compliance. Data Lake leverages a rule building wizard, capable of converting natural language syntax into effective correlation rules, enabling even the most junior analyst to craft complex and effective rules.
Centralized collector and health management
Data lakes are only as effective as the data they collect. Gathering data from many sources often means thousands of log collectors must be managed—a very time-consuming task. To save engineers time, Data Lake allows them to centrally manage log collectors by configuring, updating, starting, and stopping collectors in bulk through templates. Engineers can easily monitor the health of their entire deployment and be confident analysts have the data they need to identify security threats.
Pre-built compliance reports
Pre-packaged security content helps ensure that required security controls are implemented and operating as expected. Data Lake provides prebuilt reports for compliance regulations—including PCI-DSS, Sarbanes-Oxley, GDPR, NERC CIP, and others—to help you demonstrate compliance to auditors with peace of mind.
Always accessible long-term log storage in the cloud
Instead of ‘freezing’ old logs into a NAS device or cloud storage buckets, resulting in inconvenient data restore processes, using Exabeam Cloud Archive, your log data is offloaded and securely stored while retaining full search and export functionality. Cloud Archive leverages the inherent elasticity of the cloud to support and quickly ingest all types of log files, then make them available for search and storage.