What’s New in Exabeam Product Development — August 2023

Are you, like me, an admirer of August? As football makes its triumphant return, the school corridors echo with the footsteps of children, and the crisp autumn air begins to creep in. The mercury may be dipping, but something is still sizzling: the unrelenting dynamism of the Exabeam product development squad. In August, our engineers ushered forth a plethora of exciting new features that pack extra value for our customers.

In this article:

• Highlights of the month
• Advanced Analytics retention policy
• Site Collectors: unprecedented control and flexibility
• Cloud Collectors: expanding cloud-native capabilities
• Context Management: evolving for better insights
• Log Stream: refining parser management
• Search: unleashing powerful search capabilities
• Dashboard: new powerful visualizations
• Correlation Rules: empowering rule management
• Service Health and Consumption: greater insights
• Settings: fine-tuning notifications

Highlights of the month

In a hurry? Here are the top three features you won’t want to miss:

1. Enhanced long-term Search: Seamlessly integrated Reporting and Dashboards now accompany long-term Search, providing analysts with a comprehensive set of SIEM capabilities for log data. Improve visibility, reporting, and overall use cases within your security operations center (SOC).
2. Extended Exabeam Security Investigation: With full search capabilities for the last seven days, customers can now experience the power of Exabeam Fusion with Search and SIEM functionality.
3. Dynamic dashboard creation: Build visualizations dynamically from Search queries, effortlessly toggling between Search and Dashboard applications. 

Advanced Analytics retention policy

For an understanding of our Advanced Analytics retention policy, kindly refer to our latest documentation, which clarifies our existing terms.

Site Collectors: unprecedented control and flexibility

Custom installation, audit logs, and management enhancements now cater to tailored Site Collector setups:

• Egress filtering at Site Collector: Gain control over outbound traffic by implementing egress filtering at the Site Collector level, optimizing storage capacity.
• Custom installation folder: Flexibility expands with the option to select a custom folder for Site Collector installation, ensuring seamless integration into your existing infrastructure.
• Auditing Site Collector changes: Track configuration changes effectively through audit logs, enhancing security and compliance.
• Collector-specific time zone definition: Achieve precision by defining time zones for specific collectors, ensuring event time synchronization.
• Efficient batch changes: Simultaneously apply changes to multiple collectors, streamlining management processes.

Read the release notes.

Cloud Collectors: expanding cloud-native capabilities

Introducing new Cloud Collectors and improved time zone management for heightened cloud-native security:

• Azure AD and Microsoft 365 ingestion: Seamlessly ingest logs from Azure AD and Microsoft 365 into the Exabeam Security Operations Platform, enhancing user profiling and machine learning.

• Time zone management for cloud collectors: Precise time alignment facilitated through time zone definition for specific cloud collectors, enhancing security analysis accuracy.

Read the release notes.

Context Management: evolving for better insights

Formerly Context Collectors, now known as Context Management, this feature encompasses:

• Health Metrics Integration: Context health metrics now available in Service Health and Consumption, providing insight into your security environment’s wellbeing.

Read the release notes.

Log Stream: refining parser management

Effective event parsing is crucial for understanding security events, and the August release enriches parser management for a more seamless experience:

• Multiple parser conditions: Specify multiple parser conditions when creating event builder rules for better control over event parsing logic.
• Better parser troubleshooting: Troubleshoot parsers more efficiently with improved error messages, expediting problem solving.

Read the release notes.

Search: unleashing powerful search capabilities

Search is the backbone of security investigation, and this release offers several improvements to search capabilities, including:

• Seven days of Search: Exabeam Security Investigation license holders can use full Search capabilities for the last seven days of data, accelerating investigations and uncovering concealed threats and vulnerabilities.
• Extended dashboards: Up to three months of long-term search data, enhancing visualization.
• Insightful visualization creation: Develop insightful visualizations from search results, enriching data analysis.
• IPv6 address search: Effortlessly search for IPv6-formatted IP addresses for broader network insights.

Read the release notes.

Dashboard: new powerful visualizations

Effective data visualization is key to understanding complex security scenarios, and the August release introduces improved dashboard capabilities to achieve comprehensive data visualization:

• Streamlined navigation: Integrate Search with Dashboards for effortless navigation to events tied to visualizations.
• Dynamic dashboard creation: Create dynamic dashboards directly from Search queries, simplifying data presentation.
• Long-term data visualization: Visualize long-term search data spanning three months, unveiling trends and patterns.
• Expanded custom dashboard capabilities: Tailor insights with up to 100 custom dashboards, accommodating 20 visualizations each.
• Pre-built dashboards: Instant insights with four new pre-built dashboards, diving into crucial application metrics.

Read the release notes.

Correlation Rules: empowering rule management

Effective correlation rules drive proactive security measures. The August update streamlines rule management through API enhancements, event attachments, and invalid rule notifications:

• Enhanced API – programmatic rule definition: Define conditions programmatically as a correlation rule trigger, offering more flexible rule creation.
• Simplified rule retrieval: Programmatically retrieve rule definitions using a rule ID, simplifying rule management through automation.
• Event attachment for email outcome: Attach the top 1,000 events associated with a rule trigger to an email outcome, facilitating better incident response.
• Invalid rule notification: Stay informed about disabled correlation rules upholding rule-based security measure integrity.
• New correlation rules templates: Ten new templates for faster and broader threat coverage.

Read the release notes.

Service Health and Consumption: greater insights

 The August release introduces the following enhancements for better environment monitoring:

• Volume change alerts: Alerts for significant collector ingestion volume changes, ensuring proactive issue mitigation.
• Context health metrics: Access context health metrics within Service Health and Consumption for comprehensive environment insights.

Read the release notes.

Settings: fine-tuning notifications

Notification enhancements for focused insights:

• Detailed and actionable notifications: Receive detailed and actionable notifications for quicker, more informed decision-making.
• Selective notification reception: Choose which notifications to receive,focusing on the most relevant alerts.
•  Custom email notification configuration: Configure email notifications aligned with your communication preferences.

Read the release notes.

Conclusion

This August feature release highlights the dedication of Exabeam to empower security teams with advanced capabilities. These improvements reflect our commitment to providing a comprehensive and powerful platform that adapts to evolving threats. Stay tuned for even more innovations as the Exabeam Security Operations Platform continues to advance. 

For a comprehensive rundown, be sure to check out the official Release Notes.

To learn more about all these updates, visit the Exabeam Community to read documentation, and sign up for webinars to keep track of all the latest announcements.