How Exabeam Can Help Drive Value With APIs
New technology has the ability to radically change existing processes, often improving efficiency or usability. The ability to incorporate new technologies into existing ecosystems isn’t always straightforward, though, resulting in fragmented workflows. APIs can integrate technologies to accelerate innovation and improve overall experience like automatically sending search results from a security information and event management (SIEM) to an external central ticketing system, kicking off review cycles.
As security professionals, you are likely familiar with APIs, whether you are responsible for building the API strategy or responsible for integrating APIs into your existing solutions. In this blog post, we will briefly define APIs and share how you can drive value from APIs with your Exabeam solution.
In this article:
What are APIs?
An Application Programming Interface, API, is a mechanism that enables two software components to communicate with each other. An API defines how a given component can request services from an operating system, an application, or a remote system.
An example of how APIs are used is the stock monitoring app on your cell phone. The stock exchange contains stock market data and your app pulls the data via APIs. When you open the app, what you are seeing is the data sent via API from the stock exchange.
Value of APIs
A developer can use APIs to expand the functionality of existing software by integrating with systems or applications that are already developed. For example, a security engineer may want to consolidate all security incidents into a single ticketing system. To send all of their cases from their SIEM to an IT service management solution, they will likely open an IT request. Once the ticket is open, the developer can begin the process: gathering the information needed to implement, test, and deploy the integration via APIs. With APIs, developers can deploy innovative services faster to your customers.
APIs and Exabeam
With Exabeam, customers can automate their entire threat detection, investigation, and response (TDIR) workflows to accelerate and streamline security operations. Exabeam customers can extend accessible, efficient workflows to other systems or applications via APIs. After authenticating with the Exabeam Security Operations Platform, developers can execute APIs to pull search results or correlation rules to third-party applications.
A developer is attempting to add policy and responses for its security operations team to be proactive about threat detection. Let’s say the security operations team has heard of a new ransomware attack in the news and has found evidence of activity within yesterday’s logs in their environment, which the team has now remediated and contained; however, the team wants to make sure it doesn’t resurface, so they want to identify any new potentially compromised users on a regular, repeating basis. While the security operations team will investigate the incident, they want to be proactive and send a list of potentially compromised users or devices to the IT department daily for follow-up.
With the Search API, a developer can get search results from Exabeam Search, and filter by outbound traffic only, and indicator of compromise (IoC) for known (or specified) Command and Control IPs is True — along with the time stamp. The IT team will be interested in source IP and host names, so the developer will want to include that in the parameters. The results will show where the event occurred. The developer can then automate the workflow to automatically send these results via email, import to another system like governance, risk, and compliance (GRC), or send to a ticketing system for review.
Securing API data
APIs transfer data between applications and systems, so it is important that this data is secured. Exabeam secures APIs through authentication and monitoring. Exabeam uses OAuth 2.0, the modern standard, to securely authenticate with APIs. OAuth 2.0 provides authorization and restricts actions of what can be performed, without sharing credentials. Exabeam also offers permission scoping to help minimize exposure for leaked or stolen API keys.
Developers can manage API keys from settings — search, create, edit, or delete an API key. API keys verify the program or application making the API call. From settings, a developer can understand who created a key and when, as well as when keys were last used. A developer can monitor for unusual activity and rotate compromised keys to reduce exposure, as well as, delete inactive API keys.
More to come
At Exabeam, we understand that APIs help break down silos and enable automated processes between technologies. Interorganizational collaboration enriches the experience of the developers and security operations team, allowing for quicker innovation and better-automated workflows. As the year progresses, we will continue to expand on our existing API offerings. Stay tuned for more developments as our team works with customer requests and industry best practices to bring API functionality to life.
Learn more about the Exabeam APIs.
Visit the Exabeam Documentation Portal
Learn, connect, and get support on the Exabeam Security Operations Platform. Read all the documentation here.
What’s New in Exabeam Product Development – January 2023
4 Requirements for Building a Successful Insider Threat Team
What’s New in Exabeam Product Development – December 2022
Exabeam vs. Splunk: Six Ways to Compare and Evaluate
The New CISO Podcast: Translating Your Military Skills for Security Success
Exabeam vs. QRadar: Four Ways to Compare and Evaluate
Subscribe today and we'll send our latest blog posts right to your inbox, so you can stay ahead of the cybercriminals and defend your organization.
See a world-class SIEM solution in action
Most reported breaches involved lost or stolen credentials. How can you keep pace?
Exabeam delivers SOC teams industry-leading analytics, patented anomaly detection, and Smart Timelines to help teams pinpoint the actions that lead to exploits.
Whether you need a SIEM replacement, a legacy SIEM modernization with XDR, Exabeam offers advanced, modular, and cloud-delivered TDIR.
Get a demo today!