What’s New in Exabeam Product Development – April 2023

Those April showers may have left behind a wild garden of greenery in our yards, but it’s not just the weeds that have been thriving — Product and Engineering have been hard at work, too! With longer days and blossoming flowers (or changing leaves, if you’re south of the equator), we’re excited to introduce fresh features, improvements, and capabilities. Don’t forget to subscribe to our blog to make sure you’re always in the know about our latest releases, with updates for you every month.

The following changes, new capabilities, functions, and actions are all live as of April 27.

Collectors

• Site Collectors now use a terminal multiplexer (TMUX) tool for installation and future upgrades, replacing the deprecated screen library from Red Hat Enterprise Linux. 
• The Azure EventHub collector has been migrated to the new Exabeam Security Operations Platform, providing a cloud-native architecture, auto-scaling for unlimited EPS, and an improved user experience with more troubleshooting tools, recommended actions, and volume ingestion stats (up to 3 months).

Read the documentation for Collectors in the News section.

Log Stream

Log Stream introduces these new features to improve parser management and usability: 

• Easily export and distribute parsers for easy distribution across Exabeam environments.
• Search ingested logs when creating custom parsers for extraction previews.
• Directly search for logs using the Live Tail interface when log volume is low.​

Check out the Log Stream release notes.

Search

April’s Search release introduces the following improvements:

• Search aggregations for easy grouping, calculations, and stats (COUNT, SUM, MIN, MAX, AVG, GROUP BY) using a simple query.
• Context tables now contain up to 100,000 entries for query building.
• Search API now supports context searches.
• Use regex within free text queries to search for data that is not in a specific field.

Read the Search release notes. 

Dashboards

• Admins and delegates with permissions can now apply aggregation functions (SUM, AVG, MIN and MAX) on any appropriate dimension to create custom fields for visualizations.
• By popular request, admins can now change the sort order in the explorer view. The table chart type now provides dynamic sorting when viewing a Dashboard.
• Admins can now group dimensions based on conditions and use these groupings as custom fields for creating visualizations.

See instructions and documentation for Dashboards.

Correlation Rules

Better management, reporting and time savings can be expected with the April release. 

• Enable and disable correlation rules in bulk
• Set rule conditions using custom and metadata fields 
• Clone correlation rules and map them to new or existing tags in the “Custom Tags” field.

Read the Correlation Rules release notes.

API

• Introducing a new API Reference Guide for developers to try endpoints with live code. 
• Developers can now perform search aggregations, search for events, and upload new context to their environments.

Read the API release notes.

What’s next?

• Register here for the May 10 Exabeam Office Hours on Community.
• If you missed the April 19 webinar on Search to Correlation and Dashboard building, log into Community and check it out here.

Catch the New SOC on the Bloc webinar on May 30 to share stories and discuss organizational and operational questions with SOC veterans.

To learn more about all these updates, visit the Exabeam Community to read documentation, and sign up for webinars to keep track of all the latest announcements.