New Features in Exabeam Content Library Now Available 

New Features in Exabeam Content Library Now Available 

Published
November 24, 2020

Author
Vicky Ngo-Lam

Exabeam recently released an update to its Content Library, our content documentation located in a GitHub repository (“repo”). In this post, you will learn about Exabeam out-of-the-box (OOTB) security content, why documentation is important, and how Content Library can help.

What is Content?

Security content or “content” is the brain behind a SIEM. This refers to the configuration used by the various engines along our data processing pipeline, like parsers, event builders, enrichers, rules, and models that help ingest, transform, model and analyze data. Exabeam content is what allows our SIEM to analyze log data to populate detail in timelines, enrich data, populate threat detection models, and trigger detection rules. 

Exabeam Content Library

Content at Exabeam

Exabeam recognizes top-notch content is key to making the most out of your SIEM. According to Gartner, “SIEM deployments without the required resources to produce and maintain detection content such as rules and algorithms often fall back to a centralized log management role. This leads to a significant waste of resources.” To help our customers extend and maintain the value of their Exabeam deployment, we’ve increased our content development efforts to release packages every two weeks.

Why create a Content Library?

As we increased the velocity of our content package releases, we realized users needed a centralized place to learn about the content we offer. Specifically, we tried to answer:

  • What content exists
  • What use cases we support
  • How content maps to different data sources
  • How content maps to MITRE
  • What vendors we support, including rules and models
  • What are the latest parsers available?
  • When content was last updated

Introducing: Content Library

Content Library provides a comprehensive listing of vendors and products we support, as well as use cases enabled by each data source.


Drive-by Compromise Technique
Figure 1: Vendor documentation includes activity types, event types, MITRE TTPs and the number of rules and models available OOTB
 


Drive-by Compromise Technique
Figure 2: Use case documentation contains a comprehensive listing of all vendors that support each use case, along with detail for each vendor.
 

Content Library is automatically updated every time new content is released, showing you what is currently available in the latest release of our platform, as well as upcoming content currently in development. With Content Library, security engineers and architects are able to quickly understand what content Exabeam offers and if it supports their current goals (e.g., enabling use cases like Data Exfiltration), as well as build a roadmap for how to ingest different data sources over time for long-range planning.

Want to learn more?

Check out the Content Library on our GitHub.

Recent SIEM Articles

Combating Cyber Attacks With SOAR

Read More

Detecting Zerologon CVE-2020-1472 Using Exabeam Data Lake

Read More

Exabeam Leverages the Power of SaaS to Proactively Improve Security Content and User Experience

Read More

Recent Breaches Show Why Federal Agencies Need These 3 Requirements From Modern SIEMs

Read More

Escaping Dante’s SOC Inferno: Greed and the Gimme Mindset 

Read More



Recent Information Security Articles

Ransomware’s Weakness: How to Turn Ransomware’s Achilles’ Heel Into the Defender’s Golden Hour

Read More

Why does the XDR market exist?

Read More

How UEBA Could Have Detected the SolarWinds Breach

Read More

An Exchange Vulnerability in Ransomware

Read More

Introducing Exabeam Alert Triage

Read More

An Outcome-based Approach to Use Cases: Solving for Lateral Movement

Read More