What’s New at Exabeam

A strategic overlay for leadership, the Advisor Agent delivers daily reports on security posture, MITRE ATT&CK^® coverage, and outcome alignment. It highlights strengths, uncovers gaps, and recommends targeted improvements—turning posture insights into action.

Lets analysts query security data using natural language, in multiple languages—no need to write in Exabeam Query Language (EQL). Integrated directly into Threat Center, this agent makes complex searches fast and intuitive.

Converts natural language queries into charts and dashboards. From basic metrics to detailed detection trends, this agent helps teams visualize patterns, system performance, and threat activity clearly and quickly.

Identifies the most relevant events using adaptive, behavior-based scoring. It continuously analyzes patterns and context to surface high-priority signals for further investigation, reducing noise and sharpening analyst focus.

Automatically generates case titles, detailed summaries, and deep threat analyses. It classifies threats, identifies key vectors, highlights top detections, and recommends next steps. With AI-driven entity summaries and context from Attack Surface Insights, it delivers a comprehensive, end-to-end view that helps analysts investigate faster and respond more effectively.

A real-time, context-aware chat companion that understands case-specific and general questions. It provides instant, relevant insights, helping analysts work faster without digging through data or documentation.

Accelerate response with streamlined workflows in Threat Center. Analysts can now  group, stage, queue, and assign alerts more easily, keeping teams aligned, cutting through backlogs, and reducing time to action.

Address complex, organization-specific threats with custom behavioral rules. Build, import, and export rules in JSON format, then validate them through reprocessing and training to ensure precise detection and broader use case coverage.

Visual trend lines show rising or declining risk scores over time, helping analysts spot unusual behavior early and reduce investigation time. These insights are easily accessible from the Threat Center UI.

New behavioral detections are now available for New-Scale SIEM, bringing baseline behavioral analytics capabilities to customers who don’t yet use New-Scale Analytics. These detections map to ATT&CK techniques and are delivered as a pre-packaged set of correlation rules, ready to run in your SIEM.

Build real-time watchlists using automation and threat scoring. Easily track high-value users, a such as executives and contractors, and critical hosts with a configurable UI embedded in Threat Center for fast, focused monitoring.

Version 7.21 introduces 14 filterable alarm fields, doubling the previous total. Analysts can now triage faster by filtering alarms by user, IP, hostname, location, VMID, and more. This enables precise threat detection and faster, targeted response.

Expanded alarm filtering now allows analysts to sort alerts by ATT&CK tactics, techniques, and procedures. With AI Engine rules mapped to Common Events, teams can instantly prioritize alarms based on known adversary behaviors—accelerating detection and investigation workflows.

LogRhythm SIEM now offers a “View Logs” option directly within Data Indexer Dashboards, eliminating the need to switch contexts. Analysts can seamlessly pivot from high-level metrics to raw logs in a single click, accelerating threat hunting and forensic analysis.