April product release introduces three new major features: Investigation Timelines with Search, Threat Center APIs, and custom case queues and stages
Together, these new features help customers speed investigations with timeline visualizations, customizable stages and queues, and enhanced API capabilities within Threat Center for managing alerts and cases.
Investigation Timelines – feature preview
Investigation Timelines provide security analysts and threat hunters with a comprehensive visual timeline of normal and abnormal behavior. Investigation Timelines, within Exabeam search, provide users with unmatched investigation capabilities, combining our existing timeline experience with search for more granular visualizations. Enhanced search and filter options within the timeline interface are able to link detections to the triggering events automatically, reducing manual analysis and research. Within the Search app, users now have the option of event view or timeline view, eliminating the burden of switching between applications during an investigation, improving analyst productivity. Investigation Timelines offer granular visibility and a simplified experience for investigating and grouping the details of a threat.
Benefits of Investigation Timelines include:
-
Granular search and filtering capabilities: Advanced search and filter functionality within Investigation Timelines enable precise identification of anomalies and security threats.
-
Streamlined investigation workflows: Search across multiple detections, reducing complexity and accelerating the investigation process. Users can view search results and pivot from an Investigation Timeline to an event view.
-
Unified investigation platform: Threat Center and Search work together for a complimentary, cohesive experience for granular investigations and threat hunting. Investigation Timelines allow users to proactively see links between threat detections and security events.
-
Rapid incident response: Expedite incident response efforts using Investigation Timelines to quickly assess security incidents, powering proactive measures to control scope, mitigate risks, and minimize the impact of cyberthreats.
Investigation Timelines are schedule for Q2 2024 availability. If you’re an existing Exabeam customer and would like early access to Investigation Timelines, please reach out to your Exabeam account team.
New Cloud Collectors for Duo and Azure Log Analytics
For April, we’ve added two powerful new Cloud Collectors: Cisco Duo and Azure Log Analytics Collector. With Cisco Duo, users can seamlessly ingest authentication and access log data, enriching our platform’s insight into user activities and potential security risks. Meanwhile, our integration with Azure Log Analytics Collector offers enhanced log ingestion capabilities, enabling organizations to leverage Azure’s robust logging features for deeper security insights. These new collectors highlight our commitment to providing customers with comprehensive security solutions tailored to their evolving needs.
Custom case queues and stages
Case queues and stages (New, Investigation, Remediation, Close) are now configurable to match your organizational needs and internal processes:
-
Use existing stages or create new ones. Customize case stages to match workflows and roles within the security operations center (SOC).
-
Case queues are disconnected from role membership (RBAC), providing granular flexibility for assigning cases across the security team.
-
Administrators can add, edit, reorder, and delete case stages for simplified workflow creation.
About Exabeam
Exabeam is a global cybersecurity leader that delivers AI-driven security operations. The company was the first to put AI and machine learning in its products to deliver behavioral analytics on top of security information and event management (SIEM). Today, the Exabeam Security Operations Platform includes cloud-scale security log management and SIEM, powerful behavioral analytics, and automated threat detection, investigation and response (TDIR). Its cloud-native product portfolio helps organizations detect threats, defend against cyberattacks, and defeat adversaries. Exabeam learns normal behavior and automatically detects risky or suspicious activity so security teams can take action for faster, more complete response and repeatable security outcomes.
For more information or to order test solutions
