What’s New in Exabeam Product Development — January 2024

Happy (belated) New Year! Over the holidays, the Exabeam product development team was busy delivering features for our January 30 product release. The focus for the January release is improved threat detection accuracy, streamlined onboarding for on-premises Site Collectors, enhanced visualizations for security operations, and expanded support for Microsoft log ingestion.

Please join us on February 13 at 8 a.m. PT for an in-depth webinar that expands on this blog’s content. We’ll explore each key feature, offering detailed insights and live demonstrations. 

Highlights from the release include: 

• Improved threat detection accuracy with unordered event detection
• Improved security visualization with new, pre-built SOC Overview Dashboard
• Faster onboarding with OVA VM kickstarter
• Expanded Azure log collection capabilities

Improved threat detection accuracy with unordered event detection

Cybersecurity rule chaining supports detections that are based on an ordered series of events that occur in a specific sequence. Detection engineers often build detections to match a sequence of events that mimic attack behavior. For example, “Trigger an alert if John Doe does X, then does Y, then does Z.” The Exabeam Security Operations platform now supports rule chaining in any order. This means that security engineers can now define sequences to look for events and specify that the order does not matter. Unordered rule chaining provides users with greater flexibility for creating correlation rules where certain chains of events are of interest, but the order is irrelevant. It also saves time, eliminating the need to create multiple ordered rules to cover various combinations of events.

Improved security visualization with new, pre-built SOC Overview Dashboard

This pre-built dashboard provides security operations center (SOC) administrators and security leaders with an overview of the entire security posture of their organization. It includes visualizations that allow users to quickly assess the overall status of SOC operations and identify areas that need attention. The dashboard includes charts that depict various aspects of incidents, anomalies, and correlation rules. This out-of-the-box persona-based dashboard provides quick insights and actionable information relevant to SOC managers and administrators.

Faster onboarding with OVA VM kickstarter

An OVA file is an Open Virtual Appliance (OVA) that contains a compressed, “installable” version of a virtual machine (VM). Exabeam now supports OVA VM kickstarter to rapidly provision a fully compatible VM with all the Site Collector prerequisites, including support for VMWare, Google Cloud Platform (GCP), and AWS. Customers can prepare VMs using a compressed OVA image file to speed up POVs and log onboarding.

Expanded Azure log collection capabilities

Two new Cloud Collectors are now available for the Exabeam Security Operations platform. Azure Activity Log Cloud Collector and Azure Storage Analytics Cloud Collector allow customers to ingest logs via EventHub instead of API. This is the recommended ingestion method by Microsoft, and this updated collector provides better scalability, reliability, and E2E support, including content.

For a complete list and description of the Exabeam January release features, please visit Exabeam Security Operations Platform Release Notes.

Dig into the new release in the Exabeam Community. Engage in live ExaExpert Q&A sessions every other week, or join technical discussions at your convenience. Your curiosity and questions are always welcome.