The wildflower superbloom is in full swing. The season is a little hard on allergy sufferers, but great for Product and Engineering’s blooming productivity! We’ve made some leaps and bounds this month, especially in the area of transparency, visualization, and other useful tools that we think your engineering teams will appreciate.
Don’t forget to subscribe to our blog to make sure you’re always in the know about our latest releases, with updates for you every month.
The following changes, new capabilities, functions, and actions are all live as of May 30.
Collectors
There are two new dedicated cloud collectors available within the Collectors app:
- AWS SQS Collector
- Splunk Collector – regional rollouts starting May 30
We have also improved the error handling for Collectors, including user authentication issues like expired credentials or unreachable log destination connecting to the Exabeam Security Operations Platform.
Read the documentation for Collectors in the News section.
Log Stream
The May release for Log Stream offers some new features to speed troubleshooting. Parser errors now provide details behind the error message, so a security administrator or security engineer can attempt to solve the potential parsing issue without support engagement. In the parsers overview page, a security engineer can now view the column “Triggered” to see the timestamp of when a parser was last active. Seeing when a parser was last active allows a security administrator to see if an expected active log source has stopped ingestion and requires further investigation into the health of the log source.
Check out the Log Stream release notes.
Search
May’s Search release introduces query-building enhancements. Within the Search query builder, an analyst can view a definition for the different common information model (CIM) fields and subjects available to understand what a CIM field or subject means when building queries. A security analyst can filter on CIM fields to quickly find any subject, product, or vendor. And, an analyst can now build queries, correlation rules, and dashboards from the following list of fields:
- raw_log_size = size of the raw ingested message
- raw_log_time = time parsed out of a raw message
- raw_log_time_format = timestamp format of the raw_log_time
Read the Search release notes.
Dashboards
We are excited about a bunch of new Dashboards improvements. First of all, we heard your requests and have created the ability to export dashboards to share between instances, while on the backend improving the performance of the landing page and dashboard rendering. And we have 12 new pre-built dashboards for your viewing and report criteria pleasure:
- Access Grant and Revoke Activity
- Data Loss Prevention Activity Summary
- Data Loss Prevention Activity – Host Based
- Data Loss Prevention Activity – User Based
- Default Credential Usage and Change Activity
- Discovered Attacks by Source and Destination
- Insecure Authentication Attempts
- Failed Audit Logs Summary
- Firewall and Router Device Interfaces
- Firewall Activity
- Failed VPN Login Attempts and Remote Session Timeouts
- Failed Host Logon Attempts by Users
See instructions and documentation for Dashboards.
Correlation Rules
Available this month, Correlation Rules offers aggregated value triggers, among other highlights. When an aggregated value triggers a correlation rule, the analyst will see the actual aggregated value within the log, labeled as “rule reasons”. If a rule trigger message fails to be sent to a webhook destination more than 50 times, a notification is generated within the Exabeam Security Operations Platform. In webhook settings, a security engineer can review a list of detailed responses from the past two days to mitigate webhook issues faster. And lastly, when a first match rule type correlation rule triggers, the case created includes the raw log for faster response to rule-triggered events.
Read the Correlation Rules release notes.
What’s next?
- Check out our upcoming schedule for Community events.
- Register for the Exabeam New-Scale API webinar on June 6.
- If you missed the May 11 webinar on the New-Scale releases for April, watch it on replay.
- If you missed the New SOC on the Block Webinar, I Read this Article – Are We Vulnerable? with an emphasis on insider threats, you can catch the replay!
Get information on the June 27 Community Office Hours.
Stay up-to-date with Exabeam Community
To learn more about all these updates, visit the Exabeam Community to read documentation, and sign up for webinars to keep track of all the latest announcements.
Similar Posts
Augmenting Microsoft Sentinel SIEM: The Power of Exabeam for UEBA and TDIR
Exabeam Unveils 2023 Partner of the Year Award Winners
Exabeam IRAP Assessment Completion Creates New Opportunities for Partners in Australia
Recent Posts
What’s New in Exabeam Product Development – March 2024
Take TDIR to a Whole New Level: Achieving Security Operations Excellence
Generative AI is Reshaping Cybersecurity. Is Your Organization Prepared?
Stay Informed
Subscribe today and we'll send our latest blog posts right to your inbox, so you can stay ahead of the cybercriminals and defend your organization.
See a world-class SIEM solution in action
Most reported breaches involved lost or stolen credentials. How can you keep pace?
Exabeam delivers SOC teams industry-leading analytics, patented anomaly detection, and Smart Timelines to help teams pinpoint the actions that lead to exploits.
Whether you need a SIEM replacement, a legacy SIEM modernization with XDR, Exabeam offers advanced, modular, and cloud-delivered TDIR.
Get a demo today!