What’s New in Exabeam Product Development – May 2023 - Exabeam

What’s New in Exabeam Product Development – May 2023

June 05, 2023


Reading time
4 mins

The wildflower superbloom is in full swing. The season is a little hard on allergy sufferers, but great for Product and Engineering’s blooming productivity! We’ve made some leaps and bounds this month, especially in the area of transparency, visualization, and other useful tools that we think your engineering teams will appreciate.

Don’t forget to subscribe to our blog to make sure you’re always in the know about our latest releases, with updates for you every month.

The following changes, new capabilities, functions, and actions are all live as of May 30.


There are two new dedicated cloud collectors available within the Collectors app:

  • AWS SQS Collector
  • Splunk Collector – regional rollouts starting May 30

We have also improved the error handling for Collectors, including user authentication issues like expired credentials or unreachable log destination connecting to the Exabeam Security Operations Platform.

Read the documentation for Collectors in the News section.

Log Stream

The May release for Log Stream offers some new features to speed troubleshooting. Parser errors now provide details behind the error message, so a security administrator or security engineer can attempt to solve the potential parsing issue without support engagement. In the parsers overview page, a security engineer can now view the column “Triggered” to see the timestamp of when a parser was last active. Seeing when a parser was last active allows a security administrator to see if an expected active log source has stopped ingestion and requires further investigation into the health of the log source.

Check out the Log Stream release notes.


May’s Search release introduces query-building enhancements. Within the Search query builder, an analyst can view a definition for the different common information model (CIM) fields and subjects available to understand what a CIM field or subject means when building queries. A security analyst can filter on CIM fields to quickly find any subject, product, or vendor. And, an analyst can now build queries, correlation rules, and dashboards from the following list of fields:

  • raw_log_size = size of the raw ingested message
  • raw_log_time = time parsed out of a raw message
  • raw_log_time_format = timestamp format of the raw_log_time

Read the Search release notes


We are excited about a bunch of new Dashboards improvements. First of all, we heard your requests and have created the ability to export dashboards to share between instances, while on the backend improving the performance of the landing page and dashboard rendering. And we have 12 new pre-built dashboards for your viewing and report criteria pleasure:

  1. Access Grant and Revoke Activity 
  2. Data Loss Prevention Activity Summary
  3. Data Loss Prevention Activity – Host Based
  4. Data Loss Prevention Activity – User Based
  5. Default Credential Usage and Change Activity
  6. Discovered Attacks by Source and Destination
  7. Insecure Authentication Attempts
  8. Failed Audit Logs Summary 
  9. Firewall and Router Device Interfaces
  10. Firewall Activity
  11. Failed VPN Login Attempts and Remote Session Timeouts
  12. Failed Host Logon Attempts by Users

See instructions and documentation for Dashboards.

Correlation Rules

Available this month, Correlation Rules offers aggregated value triggers, among other highlights. When an aggregated value triggers a correlation rule, the analyst will see the actual aggregated value within the log, labeled as “rule reasons”. If a rule trigger message fails to be sent to a webhook destination more than 50 times, a notification is generated within the Exabeam Security Operations Platform. In webhook settings, a security engineer can review a list of detailed responses from the past two days to mitigate webhook issues faster. And lastly, when a first match rule type correlation rule triggers, the case created includes the raw log for faster response to rule-triggered events.

Read the Correlation Rules release notes.

What’s next?

Get information on the June 27 Community Office Hours.

Stay up-to-date with Exabeam Community

To learn more about all these updates, visit the Exabeam Community to read documentation, and sign up for webinars to keep track of all the latest announcements.

Exabeam Community

Similar Posts

Exabeam Commences IRAP Assessment Process for New-Scale SIEM™

SIEM License Management — Staying in Control of Ingestion Costs

What’s New in Exabeam Product Development — July 2023

Recent Posts

Human Connections in Tech: A Dialogue With Brad Sexton

Generative AI and Top Honors: Highlights from Google Cloud Next ‘23

Defending Against Ransomware: How Exabeam Strengthens Cybersecurity

See How New-Scale SIEM™ Works

New-Scale SIEM lets you:
 • Ingest and monitor data at cloud-scale
 • Baseline normal behavior
 • Automatically score and profile user activity
 • View pre-built incident timelines
 • Use playbooks to make the next right decision

Request a demo of the industry’s most powerful platform for threat detection, investigation, and response (TDIR).

Get a demo today!