July product release introduces three new major features: Proofpoint Targeted Attack Protection (TAP) support, GeoIP field support for visualizations, and correlation rule definitions within Threat Center.
Proofpoint on Demand Collector
Proofpoint on Demand is a cloud-based platform offering security services to protect businesses against threats. This Collector includes email security, threat intelligence, information protection, and compliance solutions. It contains detailed Proofpoint email activity and data exfiltration logs and alerts.
For the July release, a pre-built Proofpoint on Demand Collector is now generally available (GA) on the Exabeam Security Operations Platform. It integrates seamlessly with Exabeam, providing a richer dataset that includes message details, user clicks, and blocking information. This helps Exabeam machine learning-based AI identify suspicious user behavior, improving threat investigations and threat hunting.
SentinelOne Alerts and Threats Collectors
Exabeam ingests threat and incident data directly from SentinelOne to baseline normal behavior. SentinelOne is a next-gen solution that autonomously defends every endpoint against every type of attack at every stage in the threat lifecycle. Joint customers can now ingest threat and incident data directly from SentinelOne into the Exabeam Security Operations Platform to baseline normal behavior. This data, combined with other IT and security solutions, provides security analysts with greater visibility against advanced attacks.
Exabeam has migrated the older SentinelOne Threats Collector to the new infrastructure and released a new SentinelOne Alerts Collector.
Netskope Alerts and Events Collectors
Two new Collectors for Netskope Alerts and Netskope Events are now GA, offering customized data sources and increased URL visibility to improve threat detection. From the previous instance, the Netskope Alerts Collector improves scalability and reliability into the Exabeam platform. The Netskope Events Collector gathers in data from Netskope’s cloud applications monitoring, helping prevent shadow IT activity and allowing analysts to pinpoint and correlate unexpected activity or anomalies against other threat activity across their ecosystem.
Advanced Query Language—Now With Pipe!
Our engineers and product team have been working on this one and testing it all summer, and I’m thrilled to announce that Advanced EQL now includes Pipe (|) options for building complex queries. The pipe function allows analysts and threat hunters to build much more powerful, complex search queries for analyzing log data during investigations.
Webhook Support in Three New Regions
Exabeam now supports Webhook in Singapore, Canada, and Switzerland. Previously, these regions could not support Webhook due to external API Gateway limitations. With the new platform and regional tenant level modification, Webhook support is now available in any Exabeam Security Operations Platform instance, and will be in future instances as we expand our global presence. If Webhook is the best path to ingesting your data into the Exabeam platform, we have you covered.
About Exabeam
Exabeam is a global cybersecurity leader that delivers AI-driven security operations. The company was the first to put AI and machine learning in its products to deliver behavioral analytics on top of security information and event management (SIEM). Today, the Exabeam Security Operations Platform includes cloud-scale security log management and SIEM, powerful behavioral analytics, and automated threat detection, investigation and response (TDIR). Its cloud-native product portfolio helps organizations detect threats, defend against cyberattacks, and defeat adversaries. Exabeam learns normal behavior and automatically detects risky or suspicious activity so security teams can take action for faster, more complete response and repeatable security outcomes.
For more information or to order test solutions