What’s New in Exabeam Product Development — September 2023

September was a big month for Exabeam! The month started with a notable achievement at Google Cloud Next ’23, where Exabeam was honored with the 2023 Technology Partner of the Year award from Google Cloud. As the month comes to a close, we’re excited to share an eye-popping list of new features and partner integrations. Our partners include Microsoft, Oracle, Palo Alto Networks, Okta, and Symantec. These new integrations further solidify our commitment to providing an open SOC platform, offering our customers maximum flexibility to choose the products and vendors that best fit their organizational needs.

As the cherry on top, Exabeam has also received two new compliance certifications, reaffirming our position as a leader in cloud-native security services, boasting ISO and SOC2 compliance certifications.

Watch our on demand webinar for the highlights of the monthly release on Oct. 11. Watch now!

In this article:

• Compliance
• Site Collector and Cloud Collector
• Context Management
• Log Stream
• Search
• Correlation Rules
• Service Health and Consumption

Compliance

ISO 27001, 27017, and 27018 Certifications

Our dedication to information security and data protection is clear as we proudly announce the renewal of our ISO 27001, 27017, and 27018 certifications. These globally recognized standards underscore the Exabeam commitment to maintaining and improving cloud-delivered information security management systems. This audit also encompassed ISO 27017, focusing on the secure provisioning of cloud services, and ISO 27018, dedicated to safeguarding personally identifiable information (PII) in the cloud. You can conveniently access our ISO certificates in the Schellman directory.

SOC 2 Type II Certification

Our SOC 2 Type II certification renewal demonstrates our unwavering dedication to securely handling sensitive customer data in the cloud. This certification covers a range of trust services criteria, ensuring the security, availability, and confidentiality of the systems Exabeam employs to process your data. For a copy of the report, don’t hesitate to reach out to your designated sales representative.

Site Collector and Cloud Collector

Site Collector support has received several updates to streamline operations and increase flexibility. These updates include native log collection support for on-premises Oracle database servers, bulk changes to Collectors, the ability to define log formats (plain text or XML) to prevent duplicate messages, improved control over historical events collection, streamlined installation using hostnames, and the introduction of our Early Access (EA) program for Site Collectors integrated into the UI. The EA program not only provides customers an opportunity to try out new features before general availability, but also notifies users of upcoming features.

Cloud Collectors have also seen significant improvements. Palo Alto Networks Cortex DL Collector is new integration available via webhook. Additionally, the Symantec EDR Collector now provides full built-in parsing support for endpoint log security use cases, while AWS CloudTrail enhancements ensure improved stability and system health monitoring. Lastly, Azure Active Directory (AD) Context Management now enables the fetching of data from AD for consumption and normalization by the Context Management app.

Read the Site Collector release notes | Read the Cloud Collector release notes.

Context Management

New Context Management updates include the calculation and locking of the “Email Address” attribute for context tables, improvements in the Threat Intelligence Service quality through new tagging to reduce false positives, and the introduction of a Grafana dashboard for better visibility during technical maintenance. We’ve also integrated Okta User Context for Advanced Analytics.

Read the Context Management release notes.

Log Stream

Log management gains flexibility with the ability to disable individual default parsers, allowing for more customization.

Read the Log Stream release notes.

Search

Search functionality has been enhanced with dynamic field extractions, providing the ability to address ad-hoc search needs without creating new parsers or complex queries. The improved user experience for aggregations now supports multiple aggregation functions and includes time fields.

Read the Search release notes.

Correlation Rules

Correlation Rules have received functional improvements, allowing the creation of rules triggered by calculated values falling within specified ranges. Five new Correlation Rules templates have been added to expedite threat detection, investigation, and response (TDIR):

• Disabling the security log by creating the ”MiniNt” registry key 
• Disable Microsoft Defender firewall in the registry 
• Azure delete event hub 
• Windows logon script added to the registry 
• SilentCleanup UAC bypass by manually activating the SilentCleanup task

We’ve simplified the process of creating correlation rules in Alert and Case Management. Additionally, you can now delete correlation rules via API, providing automation and flexibility in correlation rule management through the Exabeam API framework.

Read the Correlation Rules release notes.

Service Health and Consumption

To provide greater insight into consumption details and facilitate tighter integration across the Exabeam Security Operations Platform, new updates offer a product/vendor trend view, showing historic volume and EPS trends. Furthermore, the correlation rule view on the consumption page summary offers quick visibility into the number of enabled correlation rules and your correlation rule capacity on the license view page.

Read the Service Health and Consumption release notes.

We’ll see you again next month when we announce the October feature releases. In the meantime, enjoy your pumpkin spice!

For further information, support, or assistance, please do not hesitate to contact our support team or your dedicated sales representative.

And remember! All documentation for all releases are available here upon the day of release!

To learn more about all these updates, visit the Exabeam Community to read documentation, and sign up for webinars to keep track of all the latest announcements.