What’s New in Exabeam Product Development – March 2024

Our March product release introduces three new major features: Threat Center, Automation Management, and Exabeam Copilot. This release also includes native JSON parsing and advanced Exabeam Query Language (EQL), streamlining threat detection and investigation workflows for security analysts.

Please join our webinar to learn about the March release, scheduled for April 11 at 8 a.m. PT and April 12 at 1 p.m. AEST. The session will cover each feature, offering insights and live demonstrations.

For those interested in advanced Exabeam Query Language (EQL), capabilities, attend our dedicated webinar on March 28 at 8 a.m. PT., featuring Exabeam product leaders. 

Highlights include:

• General availability: Threat Center, Automation Management, Exabeam Copilot
• Native JSON parsing
• Advanced Exabeam Query Language (EQL) with natural language processing (NLP)
• Export PDF reports from Dashboards to email

General availability: Threat Center, Automation Management, Exabeam Copilot

In one of our most significant updates, we introduced early access to Threat Center, Automation Management, and Exabeam Copilot last month. We are now pleased to announce their general availability.

• Threat Center: Powered by the AI-Driven Exabeam Security Operations Platform, Threat Center streamlines security analyst workflows. It centralizes threat management and investigative tools with automation, improving efficiency in threat investigation and response. It prioritizes alerts, automates evidence collection, and generates timelines to provide a consistent view of threats.
• Automation Management: Automation Management integrates security orchestration, automation, and response (SOAR) with pre-built playbooks and a no-code editor. This approach standardizes response efforts, automates repetitive processes, and reduces the time needed to resolve security incidents. With pre-built integrations and easy-to-configure workflows, security teams can focus on detecting, investigating, and responding to threats, minimizing the need for repetitive tasks.
• Exabeam Copilot: Exabeam Copilot is the generative AI feature of the Exabeam Platform. It provides security analysts with powerful productivity and insights, improving efficiency and knowledge in cybersecurity. Exabeam Copilot automates tasks, simplifies complex queries, and delivers insights, supporting better threat detection, investigation, and response (TDIR).

Native JSON parsing

Cybersecurity systems, including security information and event management (SIEM) platforms, rely heavily on parsing data from various sources to detect security threats. JSON plays a crucial role in this process because it structures data into key-value pairs. This structure aids SIEM systems in efficiently parsing and understanding information, compared to unstructured data formats like plain text logs. The March release introduces native JSON parsing for Exabeam users, improving efficiency and security.

Benefits of native JSON parsing include:

• Efficiency: Security environments generate massive amounts of log data. Native parsing allows SIEM systems to process this data more quickly than when using external libraries. This rapid parsing leads to faster threat detection and response times.
• Security: Using external libraries for parsing can introduce vulnerabilities. Native parsing minimizes potential security risks by incorporating the built-in security features of the Exabeam Security Operations Platform.

Advanced Exabeam Query Language (EQL) with natural language processing (NLP)

The Exabeam Security Operations Platform has introduced advancements in EQL, incorporating NLP to facilitate more intuitive searches and queries. This update, effective in March, aims to accelerate threat investigations, offer additional insights, and streamline the onboarding of new analysts.

New advanced functionality for EQLincludes:

• NLP Search: Security analysts can now perform searches using natural language or voice dictation, bypassing the need for extensive EQL knowledge. This capability, part of Exabeam Copilot, simplifies the learning process, enabling analysts to contribute more effectively in the security operations center (SOC). A demonstration is available on YouTube.
• Advanced Query Language Operators: New operators have been introduced for creating complex queries in Search. These queries must contain at least one ​SELECT​ or ​WHERE​​ clause. Additional operators are optional, but must follow a specific order if used.
• Aggregation Functions​: For creating complex queries in Search, functions such as​COUNT​​, ​MAX​​, ​MIN​​, ​SUM​​, and ​AVG are available​​. These must be used in conjunction with a ​SELECT​​ clause to aggregate data.
• Dynamic Parsed Fields​​: Search now supports dynamic extraction of unparsed fields directly from queries, eliminating the need to define a new parser beforehand.
• Geolocation IP Fields​: Search now provides the capability to query geolocation IP data that is ingested by Log Stream in a dot notation format. This data is used to enrich various IP fields to produce new geo-named fields (such as ​geo_src_ip​​). These new fields are available for Search.

For detailed information and query examples, please read the Exabeam Search Guide.

Export PDF reports from Dashboards to email

Users can now directly email PDF reports from Dashboards to a specified email, for additional accessibility and convenience. This update moves away from the previous method of sending a temporary download link via email.

For a detailed list and description of the features introduced in the Exabeam March release, please refer to the Exabeam Security Operations Platform Release Notes.

Dig into the new release in the Exabeam Community. Engage in live ExaExpert Q&A sessions every other week, or join technical discussions at your convenience. Your curiosity and questions are always welcome.