What’s New in Exabeam Product Development — October 2023
In October, we introduced more than 30 feature and product improvements to enhance your experience with the Exabeam Security Operations platform. Our goal is to make it easier to ingest a broad set of third-party data sources, while adding advanced capabilities to our service offerings.
Join us on Nov. 14 at 8 a.m. PT for our October New-Scale Release Webinar, where we’ll dive into each key feature with detailed explanations and live demonstrations.
In this article:
- Microsoft 365 Exchange admin reports and Microsoft security alerts collector
- Enhancements to roles and permissions
- Risk scoring in Alert and Case Management
- Granular suppression for rules and entities
- New-Scale Okta Context Management
Microsoft 365 Exchange admin reports and Microsoft security alerts collector
These reports and the alerts collector have been integrated into the Exabeam Security Operations Platform. With the Microsoft security alerts collector, you can ingest critical alerts from other Microsoft services, such as Microsoft Defender, Azure Security Center, and Azure Active Directory Identity Protection. These new cloud collectors make it easier to configure and separate endpoints from the old Office 365 cloud connector into separate, log-specific cloud collectors.
Enhancements to roles and permissions
We’ve simplified and targeted access control workflows for the Exabeam Security Operations Platform. We’ve expanded the number of prepackaged roles in settings from three to seven, helping align security operations organizations of any size. Permissions have clear names and descriptions, allowing administrators to define access control efficiently for every role, including custom roles.
Risk scoring in Alert and Case Management
Our risk scoring now escalates the highest-risk alerts and cases for analyst review, indicating the likelihood of business impact. These risk scores inform system-generated priority levels, which can be manually adjusted by the analyst. Prioritizing security alerts and cases offers clear direction on where to focus efforts for faster detection and assessment of potential incidents, a key aspect in threat mitigation. You can filter alerts and cases by priority, risk scores, or age (the length of time since the alert or case was first created).
Granular suppression for rules and entities
This feature has been enhanced to allow users to suppress a correlation rule for a specific group or host. When using a Common Information Model (CIM) 2.0 field, a correlation rule is suppressed only by that value for the assigned suppression threshold. Using suppression to address “noisy” ports or hosts ensures you can manage alert fatigue and not miss important detections. The ability to suppress a value appears as the last step of the CR creation wizard, making it easy to apply as part of the regular workflow.
New-Scale Okta Context Management
We now support one of the most widely adopted identity provider (IdP) solutions, Okta, for access and authentication. Okta context tables can be included in custom filtered tables, which are then used in Search, Correlation Rules, and Dashboards to boost functionality.
For a complete list of Exabeam release features organized by month, visit our page to discover additional October features not covered in this blog post.
Stay up to date with Exabeam Community
Revolutionizing SOC Efficiency: Cribl Observability Pipelines in Cloud-Native SIEM
Enhancing the Exabeam Customer Experience: Top Five Updates for Fall 2023
Exabeam IRAP Assessment Completion Creates New Opportunities for Partners in Australia
Exabeam Completes Information Security Registered Assessors Program (IRAP) Assessment at the PROTECTED Level
Subscribe today and we'll send our latest blog posts right to your inbox, so you can stay ahead of the cybercriminals and defend your organization.
See a world-class SIEM solution in action
Most reported breaches involved lost or stolen credentials. How can you keep pace?
Exabeam delivers SOC teams industry-leading analytics, patented anomaly detection, and Smart Timelines to help teams pinpoint the actions that lead to exploits.
Whether you need a SIEM replacement, a legacy SIEM modernization with XDR, Exabeam offers advanced, modular, and cloud-delivered TDIR.
Get a demo today!