Exabeam recently released an update to its Content Library, our content documentation located in a GitHub repository (“repo”). In this post, you will learn about Exabeam out-of-the-box (OOTB) security content, why documentation is important, and how Content Library can help.
What is Content?
Security content or “content” is the brain behind a SIEM. This refers to the configuration used by the various engines along our data processing pipeline, like parsers, event builders, enrichers, rules, and models that help ingest, transform, model and analyze data. Exabeam content is what allows our SIEM to analyze log data to populate detail in timelines, enrich data, populate threat detection models, and trigger detection rules.
Content at Exabeam
Exabeam recognizes top-notch content is key to making the most out of your SIEM. According to Gartner, “SIEM deployments without the required resources to produce and maintain detection content such as rules and algorithms often fall back to a centralized log management role. This leads to a significant waste of resources.” To help our customers extend and maintain the value of their Exabeam deployment, we’ve increased our content development efforts to release packages every two weeks.
Why create a Content Library?
As we increased the velocity of our content package releases, we realized users needed a centralized place to learn about the content we offer. Specifically, we tried to answer:
- What content exists
- What use cases we support
- How content maps to different data sources
- How content maps to MITRE
- What vendors we support, including rules and models
- What are the latest parsers available?
- When content was last updated
Introducing: Content Library
Content Library provides a comprehensive listing of vendors and products we support, as well as use cases enabled by each data source.
Figure 1: Vendor documentation includes activity types, event types, MITRE TTPs and the number of rules and models available OOTB
Figure 2: Use case documentation contains a comprehensive listing of all vendors that support each use case, along with detail for each vendor.
Content Library is automatically updated every time new content is released, showing you what is currently available in the latest release of our platform, as well as upcoming content currently in development. With Content Library, security engineers and architects are able to quickly understand what content Exabeam offers and if it supports their current goals (e.g., enabling use cases like Data Exfiltration), as well as build a roadmap for how to ingest different data sources over time for long-range planning.
Want to learn more?
Check out the Content Library on our GitHub.