What’s New in Exabeam Product Development – June 2023

In the month of June, the sun reaches its peak and we’re all filled with excitement for summer vacations. At Exabeam, our development team has also been at the peak of their productivity, delivering a long list of new features that bring even more value to our customers. Before you start packing for your summer adventures, take a moment to learn how the Exabeam June release features can empower security operations teams with improved collectors, advanced search capabilities, enriched dashboards, and streamlined settings. In this blog post, we will explore the key highlights of this month’s release, providing an overview of the major updates in each category.

Don’t forget to subscribe to our blog to make sure you’re always in the know about our latest releases, with updates for you every month.

The following changes, new capabilities, functions, and actions are all live as of June 28.

Navigation Center

Navigation Center offers simple persona-based navigation with intuitive access to the applications you need to accomplish your everyday tasks. Navigate your Exabeam applications quickly and easily. With Navigation Center, all your Exabeam applications will be displayed alphabetically and organized into the following categories:

• Collection: Ingest log and context data to glean visibility into attacks.
• Security management: Configure and tune your Exabeam data pipeline and threat detection, investigation, and response (TDIR) workflow.
• TDIR: Find threats and take action on alerts, events, and threats within your organization.
• Platform insights: Gain insight into your organization’s data and health.

The navigation bar, a vertical menu on the left side of the interface, will match the Navigation Center layout. You can pin the navigation bar for fast application switching during your daily routine. An administrator may configure the data pipeline, then pivot to Service Health and Consumption, or a security analyst investigating a threat may hop to Search for a deeper investigation.

Site Collectors

Exabeam Site Collectors now offer better security and ease of use. With new Syslog SSL support, you can ensure secure data ingestion using the syslog protocol. Additionally, support packages can now be directly downloaded within Site Collector, simplifying the maintenance process. The latest TMUX version is included to ensure secure installation and improved performance. We’ve also introduced Total Log Volume Visualization, which enables you to gain insights into the total log volume uploaded by all collectors in the past 24 hours.

Read the Site Collectors release notes.

Cloud Collectors

The new Okta Cloud Collector allows you to ingest Okta logs into the cloud-native Exabeam Security Operations Platform, enabling better visibility into cloud-based activities. Furthermore, the Audit Logs feature enables you to monitor Cloud Collector configuration changes, improving your overall cloud security posture.

Read the Cloud Collectors release notes.

Context Collectors

Context Collectors have been bolstered with the addition of Active Directory (AD) Collector and Custom User Context functionality. Now, you can ingest context from AD, enriching your security analytics with valuable user information. Additionally, you can aggregate multiple context sources into a single custom user context table, streamlining your investigation workflows within the Exabeam Security Operations Platform.

Read the Context Collectors release notes.

Search

Search has been greatly improved with Query Enhancements, which enable you to search user-based context tables for more granular investigations. With Aggregated Search Export, you can export aggregated search results, making it easier to share and collaborate on findings. And Global Log Retention allows you to define a global log retention policy, optimizing search and storage capacity.

Read the Search release notes.

Dashboard

The Dashboards app has been enriched with several valuable additions. Custom Fields empower you to create visualizations tailored to your organization’s unique requirements. CDIR Notation for IP Address Filters allows for more flexible and efficient filtering of IP addresses. With Custom Context Filters, you can now filter visualizations based on user-based custom context tables, providing contextual insights into security incidents. We’ve also introduced 12 new pre-built dashboards, enabling you to quickly visualize application metrics and gain actionable insights with minimal effort.

See instructions and documentation for Dashboards.

Correlation Rules

Correlation rule templates offer the ability to quickly enable or edit correlations for use case coverage. In June, 20 new correlation rule templates were added to cover audit tampering, evasion, malware, and compromised credentials. Accelerate threat detection by quickly creating correlation rules using pre-built templates. These templates offer coverage against audit tampering, evasion, malware and account manipulation.

Read the Correlation Rules release notes.

Service Health and Consumption

For better visibility into your deployment, Exabeam now provides Known Issue Details directly in Service Health and Consumption. This feature enables you to stay informed about any known issues that may affect your platform, allowing for proactive management and resolution.

Read the Service Health and Consumption release notes.

Settings

Settings have been expanded to facilitate better integration and compliance, offering streamlined management and configuration options.The Audit Log Webhook feature enables you to export audit logs to third-party archival systems, ensuring long-term compliance with data retention requirements.

Read the Audit Log release notes.

Advanced Analytics i63.5

Advanced Analytics i63.5 is now GA! This release contains TDIR for Public Cloud and multiple performance enhancements, by customer request.

Highlights: 

• Exabeam extends behavioral analysis capabilities to the three major cloud providers: Amazon Web Services, Google Cloud Platform, and Microsoft Azure
• Multiple incremental performance improvements

Read the Advanced Analytics release notes.

Conclusion

The June feature releases introduce a wide range of enhancements that empower security operations teams to work more effectively and efficiently. From improved collectors ensuring secure data ingestion to advanced search capabilities and enriched dashboards, these updates provide valuable tools for better TDIR. By embracing these new features, organizations can enhance their security posture, streamline their workflows, and gain deeper insights into their digital environments. Stay tuned for more innovative releases! 

What’s next?

• Check out our upcoming schedule for Community events.
• Register for the New-Scale SIEM^TM June Release webinar on July 12. 
• If you missed the June 21 webinar on Data Access Abuse, Data Destruction, and Audit Tampering, watch it on replay.

Get information on the July 19 Community Office Hours.

To learn more about all these updates, visit the Exabeam Community to read documentation, and sign up for webinars to keep track of all the latest announcements.