What’s New in Exabeam Product Development – February 2023
While February may be the shortest month, that doesn’t mean our development teams weren’t actively getting things done! Our themes continue to be improving New-Scale SIEM™ via speed and scale, security efficacy and controls, and platform extensibility. Whether you’re nursing your coffee and turning up the heat in the northern hemisphere, or enjoying a nice barbecue outside in the south, you can check out the newest activity and releases by subscribing to our blogs for monthly updates.
The following changes, new capabilities, functions, and actions are all live as of February 28.
Exabeam continues to prioritize the development of secure controls, with a focus on enabling system administrators to define and configure Secured Resources. This allows them to control or restrict access to log data for specific roles within your organization. Secured Resources can define logs from sensitive applications, sources, or geographies. These controls and restrictions will apply to multiple features, including Search, Dashboards, and Correlation Rules. In addition, there are other February updates, which are categorized by feature.
- You can now ingest logs from GCP Pub/Sub via the new Cloud Collectors management experience, benefiting from the automatic auto-scaling and improved troubleshooting tools.
- Context API for Bulk Uploads: You can automate Context bulk uploads through Exabeam Open APIs, to enable periodic updates from custom Context sources.
Parser calibration tiers, custom vendor names, and auditing
- You can now determine the quality of log parsers over a 24-hour period, visible in Log Stream and Outcomes Navigator, with suggestions for improvement.
The February release of Search introduces the following improvements:
- A public Search functionality letting Users share their crafted searches with other Users within the organization
- Reduction in common event fields offered at search from original 1,000+ fields that exist within Exabeam log parsing options to specific fields parsed at least once in your environment within Log Stream. This will help speed analyst searches as they only need to look for fields that are known to exist within the logs.
- Search for full IP ranges
- Searchers will only view parsed event field header names to choose from — making it that much easier to find the right data
Read the Search release notes.
As mentioned above, administrators can set governing policies by restricting access based on a “Secured Resources” definition, allowing only proper RBAC visibility within Dashboards. This can be a specific way to guarantee that a Tier 1 SOC analyst may or may not see specific information as needed for their duties, continuing the least privilege principle of controls and auditing.
See the instructions and documentation.
Pre-block on vendor or product: Security engineers can now block events being sent to Advanced Analytics by vendor or product to support onboarding.
- Improved visibility into the number of enabled correlation rules: From the Correlation Rules home page, an administrator or security engineer can see the number of correlation rules enabled within the organization and compare the correlation rules against known limits.
- A new optional outcome to use webhooks to integrate the Exabeam Security Operations Platform with external tools like ServiceNow
- A security engineer can build a correlation rule and set the outcome to send a webhook (generic): an example, creating an incident in ServiceNow to complete threat detection, investigation, and response workflows.
Read the Correlation Rules release notes.
Alert and Case Management
Download alert and case data for archiving or importing into third-party applications. By popular request from our customers, your security engineer can now download key fields from alerts and cases into CSV files to improve interoperability of your SOC toolset.
What’s up next?
Join our Community Webinar to talk shop with fellow users, products, and support on March 2!
Stay up-to-date with Exabeam Community
To learn more about all these updates, visit the Exabeam Community to read documentation, and sign up for webinars to keep track of all the latest announcements.
The Games SIEM Vendors Play: Statistics vs. Machine Learning and Malware vs. Compromised Credential Detection
The New CISO Podcast: Translating Your Military Skills for Security Success
Subscribe today and we'll send our latest blog posts right to your inbox, so you can stay ahead of the cybercriminals and defend your organization.
See a world-class SIEM solution in action
Most reported breaches involved lost or stolen credentials. How can you keep pace?
Exabeam delivers SOC teams industry-leading analytics, patented anomaly detection, and Smart Timelines to help teams pinpoint the actions that lead to exploits.
Whether you need a SIEM replacement, a legacy SIEM modernization with XDR, Exabeam offers advanced, modular, and cloud-delivered TDIR.
Get a demo today!