January flew by with a haze of New Year’s resolutions for everyone. Whether this is the month of good intentions or best practices, Exabeam’s product management and engineering teams have been forging ahead with meeting customer requests, improving back-end functionality, and innovating on how we play in the security space. Here are some highlights.
In this article:
- Search
- Dashboard
- Log Stream
- Alert and Case Management
- Correlation Rules
- Event Selection
- Outcomes Navigator
- Exabeam Annual Penetration Test Executive Summary
- More
Search
Within Search, you can now reference a context table to narrow down search results and conveniently search for indicators of compromise (IoCs). Search for IoCs within context tables and find threats faster.
Dashboards
Access to new, pre-built dashboards helps reduce time spent on customizing or building reports. Exabeam offers five new dashboards covering account management activity, application security event summary, denied web access activity, top attackers, and an overview of Microsoft Windows.
Log Stream
Log Stream offers improved parser management for event definitions, handling, and improvement. Add custom fields and fine tune the data ingestion process to meet your bespoke use cases. Or, reset and remove customizations from default parsers with a single click.
Alert and Case Management
Upload file attachments to alerts and cases
Now, you can upload file attachments (1GB/file) to alerts and cases within Alert and Case Management. Speed investigation and remediation efforts — find security alerts, cases, and related evidence in a single place. If a file needs to be uploaded for investigation and remediation purposes, you can manually attach it to an alert or case. Cases, alerts, and all related evidence can be managed and reviewed by all analysts assigned to the case or alert.
Correlation Rules
Create correlation rules from context search queries
Within Search, you can build queries to find field values that are or are not in a context table. Now, you can build correlation rules from these searches. Building correlation rules that reference context tables improves threat detection. For example, you can build a search query that looks up an IP address in a ransomware context table, and create a correlation rule to trigger if a match is found.
Event Selection
Save, edit, delete or enable policies
Admins can now save a group of event selection statements as an event selection policy. Under event selection in settings, an admin can access saved policies and have the option to view, delete or make a previous event selection policy active. Simply select a previous policy, and you can load the policy. Saving and restoring past policies offers rapid recovery from update mistakes and better visibility of changes performed by other admins in your Exabeam environment.
Outcomes Navigator
Parser calibration score update
Now Outcomes Navigator can present “Parser Calibration Score” to show just how well data is being used, as well as guide you through improving parsing. Parsing can now be improved by data source as well as use case.
Fully documented calculation measurement
Gain greater confidence and understanding of scoring across Outcomes Navigator by understanding exactly how scores are calculated. This clarity allows for identification of out of bounds values and alerts the internal owner about the issue.
Read the documentation for further details.
Exabeam annual penetration test executive summary now available
This month, Exabeam concluded its third-party, annual penetration test. The Executive Summary report is now available for distribution to customers and partners. The assessment evaluates and identifies any application-level security issues in the Exabeam SOC Platform and Exabeam SecOps Platform including Advanced Analytics, Case Manager, Incident Responder, MATIS API, Cloud Connector, and Site Collector. You can request copies of the Summary from your Exabeam Representative.
But wait, there’s more!
These are just a few highlights of what Exabeam has released in January 2023. For more including updates to Site Collectors and Cloud Collectors, along with other security updates, check out the release notes on the Exabeam Documentation Portal.
Don’t forget to check out our new Community Webinar on Standing up a SOC. Whether you’ve got a well-established security operation or just starting to dedicate security personnel to the issue, this series (or recording if you’re so busy you need to watch later at your convenience) is for you.
Stay up-to-date with Exabeam Community
To learn more about all these updates, visit the Exabeam Community to read documentation, and sign up for webinars to keep track of all the latest announcements.
Similar Posts
What’s New in Exabeam Product Development – March 2024
Take TDIR to a Whole New Level: Achieving Security Operations Excellence
Action, Remediation, and Lessons Learned: Implementing Incident Response
Recent Posts
What’s New in Exabeam Product Development – March 2024
Take TDIR to a Whole New Level: Achieving Security Operations Excellence
Generative AI is Reshaping Cybersecurity. Is Your Organization Prepared?
Stay Informed
Subscribe today and we'll send our latest blog posts right to your inbox, so you can stay ahead of the cybercriminals and defend your organization.
See a world-class SIEM solution in action
Most reported breaches involved lost or stolen credentials. How can you keep pace?
Exabeam delivers SOC teams industry-leading analytics, patented anomaly detection, and Smart Timelines to help teams pinpoint the actions that lead to exploits.
Whether you need a SIEM replacement, a legacy SIEM modernization with XDR, Exabeam offers advanced, modular, and cloud-delivered TDIR.
Get a demo today!