What’s New in Exabeam Product Development – May 2023
The wildflower superbloom is in full swing. The season is a little hard on allergy sufferers, but great for Product and Engineering’s blooming productivity! We’ve made some leaps and bounds this month, especially in the area of transparency, visualization, and other useful tools that we think your engineering teams will appreciate.
Don’t forget to subscribe to our blog to make sure you’re always in the know about our latest releases, with updates for you every month.
The following changes, new capabilities, functions, and actions are all live as of May 30.
There are two new dedicated cloud collectors available within the Collectors app:
- AWS SQS Collector
- Splunk Collector – regional rollouts starting May 30
We have also improved the error handling for Collectors, including user authentication issues like expired credentials or unreachable log destination connecting to the Exabeam Security Operations Platform.
Read the documentation for Collectors in the News section.
The May release for Log Stream offers some new features to speed troubleshooting. Parser errors now provide details behind the error message, so a security administrator or security engineer can attempt to solve the potential parsing issue without support engagement. In the parsers overview page, a security engineer can now view the column “Triggered” to see the timestamp of when a parser was last active. Seeing when a parser was last active allows a security administrator to see if an expected active log source has stopped ingestion and requires further investigation into the health of the log source.
May’s Search release introduces query-building enhancements. Within the Search query builder, an analyst can view a definition for the different common information model (CIM) fields and subjects available to understand what a CIM field or subject means when building queries. A security analyst can filter on CIM fields to quickly find any subject, product, or vendor. And, an analyst can now build queries, correlation rules, and dashboards from the following list of fields:
- raw_log_size = size of the raw ingested message
- raw_log_time = time parsed out of a raw message
- raw_log_time_format = timestamp format of the raw_log_time
We are excited about a bunch of new Dashboards improvements. First of all, we heard your requests and have created the ability to export dashboards to share between instances, while on the backend improving the performance of the landing page and dashboard rendering. And we have 12 new pre-built dashboards for your viewing and report criteria pleasure:
- Access Grant and Revoke Activity
- Data Loss Prevention Activity Summary
- Data Loss Prevention Activity – Host Based
- Data Loss Prevention Activity – User Based
- Default Credential Usage and Change Activity
- Discovered Attacks by Source and Destination
- Insecure Authentication Attempts
- Failed Audit Logs Summary
- Firewall and Router Device Interfaces
- Firewall Activity
- Failed VPN Login Attempts and Remote Session Timeouts
- Failed Host Logon Attempts by Users
Available this month, Correlation Rules offers aggregated value triggers, among other highlights. When an aggregated value triggers a correlation rule, the analyst will see the actual aggregated value within the log, labeled as “rule reasons”. If a rule trigger message fails to be sent to a webhook destination more than 50 times, a notification is generated within the Exabeam Security Operations Platform. In webhook settings, a security engineer can review a list of detailed responses from the past two days to mitigate webhook issues faster. And lastly, when a first match rule type correlation rule triggers, the case created includes the raw log for faster response to rule-triggered events.
- Check out our upcoming schedule for Community events.
- Register for the Exabeam New-Scale API webinar on June 6.
- If you missed the May 11 webinar on the New-Scale releases for April, watch it on replay.
- If you missed the New SOC on the Block Webinar, I Read this Article – Are We Vulnerable? with an emphasis on insider threats, you can catch the replay!
Get information on the June 27 Community Office Hours.
Stay up-to-date with Exabeam Community
To learn more about all these updates, visit the Exabeam Community to read documentation, and sign up for webinars to keep track of all the latest announcements.
Exabeam Commences IRAP Assessment Process for New-Scale SIEM™
SIEM License Management — Staying in Control of Ingestion Costs
What’s New in Exabeam Product Development — July 2023
Human Connections in Tech: A Dialogue With Brad Sexton
Generative AI and Top Honors: Highlights from Google Cloud Next ‘23
Defending Against Ransomware: How Exabeam Strengthens Cybersecurity
Subscribe today and we'll send our latest blog posts right to your inbox, so you can stay ahead of the cybercriminals and defend your organization.
See How New-Scale SIEM™ Works
New-Scale SIEM lets you:
• Ingest and monitor data at cloud-scale
• Baseline normal behavior
• Automatically score and profile user activity
• View pre-built incident timelines
• Use playbooks to make the next right decision
Request a demo of the industry’s most powerful platform for threat detection, investigation, and response (TDIR).
Get a demo today!