New Features in Exabeam Content Library Now Available 

New Features in Exabeam Content Library Now Available 

November 24, 2020


Reading time
3 mins

Exabeam recently released an update to its Content Library, our content documentation located in a GitHub repository (“repo”). In this post, you will learn about Exabeam out-of-the-box (OOTB) security content, why documentation is important, and how Content Library can help.

What is Content?

Security content or “content” is the brain behind a SIEM. This refers to the configuration used by the various engines along our data processing pipeline, like parsers, event builders, enrichers, rules, and models that help ingest, transform, model and analyze data. Exabeam content is what allows our SIEM to analyze log data to populate detail in timelines, enrich data, populate threat detection models, and trigger detection rules. 

Exabeam Content Library

Content at Exabeam

Exabeam recognizes top-notch content is key to making the most out of your SIEM. According to Gartner, “SIEM deployments without the required resources to produce and maintain detection content such as rules and algorithms often fall back to a centralized log management role. This leads to a significant waste of resources.” To help our customers extend and maintain the value of their Exabeam deployment, we’ve increased our content development efforts to release packages every two weeks.

Why create a Content Library?

As we increased the velocity of our content package releases, we realized users needed a centralized place to learn about the content we offer. Specifically, we tried to answer:

  • What content exists
  • What use cases we support
  • How content maps to different data sources
  • How content maps to MITRE
  • What vendors we support, including rules and models
  • What are the latest parsers available?
  • When content was last updated

Introducing: Content Library

Content Library provides a comprehensive listing of vendors and products we support, as well as use cases enabled by each data source.

Drive-by Compromise Technique
Figure 1: Vendor documentation includes activity types, event types, MITRE TTPs and the number of rules and models available OOTB

Drive-by Compromise Technique
Figure 2: Use case documentation contains a comprehensive listing of all vendors that support each use case, along with detail for each vendor.

Content Library is automatically updated every time new content is released, showing you what is currently available in the latest release of our platform, as well as upcoming content currently in development. With Content Library, security engineers and architects are able to quickly understand what content Exabeam offers and if it supports their current goals (e.g., enabling use cases like Data Exfiltration), as well as build a roadmap for how to ingest different data sources over time for long-range planning.

Want to learn more?

Check out the Content Library on our GitHub.

Similar Posts

What’s New in Exabeam Product Development – August 2022

What’s New in Exabeam Product Development – July 2022

What’s New in Exabeam Product Development – June 2022

Recent Posts

Exabeam News Wrap-up – Week of September 19, 2022

Exabeam News Wrap-up – Week of September 12, 2022

The 4 Steps to a Phishing Investigation

See a world-class SIEM solution in action

Most reported breaches involved lost or stolen credentials. How can you keep pace?

Exabeam delivers SOC teams industry-leading analytics, patented anomaly detection, and Smart Timelines to help teams pinpoint the actions that lead to exploits.

Whether you need a SIEM replacement, a legacy SIEM modernization with XDR, Exabeam offers advanced, modular, and cloud-delivered TDIR.

Get a demo today!