Hope you all had a happy holiday season! The Exabeam product and engineering teams were busy with features and fixes while (hopefully) visions of sugarplums, candles, and happy family gatherings danced in everyone’s head. Here’s a roll-up of all the new releases from the month of December — announcing to you now that our marketing team is back and as alert as our dev and ops teams. 😉
In this article:
- Collectors
- Search
- Event Selection
- Dashboard
- Correlation Rules
- Outcomes Navigator
- Alert and Case Management
- Security Management Platform
- Stay up-to-date with Exabeam Community
Collectors
- Exabeam introduces support for the AWS S3 Cloud Collector on the Exabeam Security Operations Platform. On the legacy SaaS platform, customers ingested AWS S3 logs using Cloud Connector. After December, they will now easily ingest AWS S3 logs via the new Collector application.
- Previously, many Exabeam customers preferred to transmit Syslog data over TCP rather than UDP because they needed reliable, ordered data transmission between networks — even though TCP is slower and costly with more network overhead. Collector for Syslog has been updated to allow UDP transmission, allowing the benefit of faster log collection and reduced transmission overhead.
Search
The team made several UI and process improvements for Search. Users can now:
- Clean and clear the My Downloads page with all recent downloads.
- Improve histogram performance and user experience by building a histogram for the last two weeks by default.
- Select and search for shorter time range options for duration. The previous minimum was 2 hours, now down to narrow ranges of minutes to support troubleshooting and investigation.
Event Selection
Event Selection now includes vendor and product source information for each event selection statement. On the Event Selection home page, the vendor and product information is displayed in a new Event Source column. You can also see the same vendor and product information when you create a new event selection statement. Vendor and product information provides a familiar frame of reference for understanding the source of the activity types contained in each event selection statement. It provides verification that you are seeing the parsed traffic you expect, or if not, can raise awareness so you can modify the relevant event statements. Read more here.
Dashboard
There were two usability improvements for Dashboards in response to customer requests:
- Data dimensions and measures menus are now collapsible to eliminate excessive scrolling and make measure options more visible.
- Users can now reorder the dimensions and measures that they select for visualizations without having to remove and reselect them.
Correlation Rules
You can now see a summary of your rules before publishing, as well as test correlation rules. Rule outcomes can now be disabled to test correlation rules before enabling. Also, when creating a new correlation rule, a summary of the condition and chosen outcomes will be shown in the final Review step of the process. Correlation Rules correlate detections to automate and improve detection of known threats within your environment. The ability to do a final review before saving a new rule, and test a rule before enabling, offers better management and helps eliminate potential errors. Read more here.
Outcomes Navigator
Outcomes Navigator continues to evolve by adding complete support for rules. While the tool already looks at specific outcomes and use cases, this latest release will provide more outcomes and completely cover existing rules. New data includes custom analytics rules, correlation rules, custom correlation rules, and custom dashboards. This support for all custom or pre-built rules will give customers specific insight into how their existing data aligns with their desired outcomes — and what new data sources might strengthen their coverage. Read more here.
Alert and Case Management
You can now assign a case to an existing role by assigning the case to a queue. Exabeam uses roles to manage user permissions. The roles are designed for common user types such as analysts, administrators, and auditors. However, if the default roles do not meet all your needs, you can create your own roles. Assigning a case to a queue, signals which role is responsible for the case. Assign cases to groups of analysts with a specific skill set (aka queue) to better allocate work and share workload. Read more here.
Security Management Platform
For on-premises customers, Exabeam released a new version of Advanced Analytics i56.13. This is largely a maintenance release. Read more here.
Stay up-to-date with Exabeam Community
To learn more about all these updates, visit the Exabeam Community to read documentation, and sign up for webinars to keep track of all the latest announcements.
Similar Posts
What’s New in Exabeam Product Development – March 2024
Take TDIR to a Whole New Level: Achieving Security Operations Excellence
Action, Remediation, and Lessons Learned: Implementing Incident Response
Recent Posts
What’s New in Exabeam Product Development – March 2024
Take TDIR to a Whole New Level: Achieving Security Operations Excellence
Generative AI is Reshaping Cybersecurity. Is Your Organization Prepared?
Stay Informed
Subscribe today and we'll send our latest blog posts right to your inbox, so you can stay ahead of the cybercriminals and defend your organization.
See a world-class SIEM solution in action
Most reported breaches involved lost or stolen credentials. How can you keep pace?
Exabeam delivers SOC teams industry-leading analytics, patented anomaly detection, and Smart Timelines to help teams pinpoint the actions that lead to exploits.
Whether you need a SIEM replacement, a legacy SIEM modernization with XDR, Exabeam offers advanced, modular, and cloud-delivered TDIR.
Get a demo today!