New Features in Exabeam Content Library Now Available 

New Features in Exabeam Content Library Now Available 

November 24, 2020

Vicky Ngo-Lam

Exabeam recently released an update to its Content Library, our content documentation located in a GitHub repository (“repo”). In this post, you will learn about Exabeam out-of-the-box (OOTB) security content, why documentation is important, and how Content Library can help.

What is Content?

Security content or “content” is the brain behind a SIEM. This refers to the configuration used by the various engines along our data processing pipeline, like parsers, event builders, enrichers, rules, and models that help ingest, transform, model and analyze data. Exabeam content is what allows our SIEM to analyze log data to populate detail in timelines, enrich data, populate threat detection models, and trigger detection rules. 

Exabeam Content Library

Content at Exabeam

Exabeam recognizes top-notch content is key to making the most out of your SIEM. According to Gartner, “SIEM deployments without the required resources to produce and maintain detection content such as rules and algorithms often fall back to a centralized log management role. This leads to a significant waste of resources.” To help our customers extend and maintain the value of their Exabeam deployment, we’ve increased our content development efforts to release packages every two weeks.

Why create a Content Library?

As we increased the velocity of our content package releases, we realized users needed a centralized place to learn about the content we offer. Specifically, we tried to answer:

  • What content exists
  • What use cases we support
  • How content maps to different data sources
  • How content maps to MITRE
  • What vendors we support, including rules and models
  • What are the latest parsers available?
  • When content was last updated

Introducing: Content Library

Content Library provides a comprehensive listing of vendors and products we support, as well as use cases enabled by each data source.

Drive-by Compromise Technique
Figure 1: Vendor documentation includes activity types, event types, MITRE TTPs and the number of rules and models available OOTB

Drive-by Compromise Technique
Figure 2: Use case documentation contains a comprehensive listing of all vendors that support each use case, along with detail for each vendor.

Content Library is automatically updated every time new content is released, showing you what is currently available in the latest release of our platform, as well as upcoming content currently in development. With Content Library, security engineers and architects are able to quickly understand what content Exabeam offers and if it supports their current goals (e.g., enabling use cases like Data Exfiltration), as well as build a roadmap for how to ingest different data sources over time for long-range planning.

Want to learn more?

Check out the Content Library on our GitHub.

Recent SIEM Articles

Combating Cyber Attacks With SOAR

Read More

Detecting Zerologon CVE-2020-1472 Using Exabeam Data Lake

Read More

Exabeam Leverages the Power of SaaS to Proactively Improve Security Content and User Experience

Read More

Recent Breaches Show Why Federal Agencies Need These 3 Requirements From Modern SIEMs

Read More

Escaping Dante’s SOC Inferno: Greed and the Gimme Mindset 

Read More

Recent Information Security Articles

Introducing the XDR Alliance!

Read More

Dazed and Confused by the XDR Telenovela?

Read More

Calling all SOC Warriors: Announcing The 2021 Exabeam Cybersecurity Excellence Awards!

Read More

Detecting the Exploitation of Pentesting Tools: Gaining Power Over PowerShell

Read More

Helping Retailers Deliver a Secure Omnichannel Experience

Read More