The focus for the January release is improved threat detection accuracy, streamlined onboarding for on-premises Site Collectors, enhanced visualizations for security operations, and expanded support for Microsoft log ingestion.
Highlights from the release include:
- Improved threat detection accuracy with unordered event detection
- Improved security visualization with new, pre-built SOC Overview Dashboard
- Faster onboarding with OVA VM kickstarter
- Expanded Azure log collection capabilities
Improved threat detection accuracy with unordered event detection
Cybersecurity rule chaining supports detections that are based on an ordered series of events that occur in a specific sequence. Detection engineers often build detections to match a sequence of events that mimic attack behavior. For example, “Trigger an alert if John Doe does X, then does Y, then does Z.” The Exabeam Security Operations platform now supports rule chaining in any order. This means that security engineers can now define sequences to look for events and specify that the order does not matter. Unordered rule chaining provides users with greater flexibility for creating correlation rules where certain chains of events are of interest, but the order is irrelevant. It also saves time, eliminating the need to create multiple ordered rules to cover various combinations of events.
Improved security visualization with new, pre-built SOC Overview Dashboard
This pre-built dashboard provides security operations center (SOC) administrators and security leaders with an overview of the entire security posture of their organization. It includes visualizations that allow users to quickly assess the overall status of SOC operations and identify areas that need attention. The dashboard includes charts that depict various aspects of incidents, anomalies, and correlation rules. This out-of-the-box persona-based dashboard provides quick insights and actionable information relevant to SOC managers and administrators.
Faster onboarding with OVA VM kickstarter
An OVA file is an Open Virtual Appliance (OVA) that contains a compressed, “installable” version of a virtual machine (VM). Exabeam now supports OVA VM kickstarter to rapidly provision a fully compatible VM with all the Site Collector prerequisites, including support for VMWare, Google Cloud Platform (GCP), and AWS. Customers can prepare VMs using a compressed OVA image file to speed up POVs and log onboarding.
Expanded Azure log collection capabilities
Two new Cloud Collectors are now available for the Exabeam Security Operations platform. Azure Activity Log Cloud Collector and Azure Storage Analytics Cloud Collector allow customers to ingest logs via EventHub instead of API. This is the recommended ingestion method by Microsoft, and this updated collector provides better scalability, reliability, and E2E support, including content.
About Exabeam
Exabeam is a global cybersecurity leader that delivers AI-driven security operations. The company was the first to put AI and machine learning in its products to deliver behavioral analytics on top of security information and event management (SIEM). Today, the Exabeam Security Operations Platform includes cloud-scale security log management and SIEM, powerful behavioral analytics, and automated threat detection, investigation and response (TDIR). Its cloud-native product portfolio helps organizations detect threats, defend against cyberattacks, and defeat adversaries. Exabeam learns normal behavior and automatically detects risky or suspicious activity so security teams can take action for faster, more complete response and repeatable security outcomes.
For more information or to order test solutions