In October, we introduced more than 30 feature and product improvements to enhance your experience with the Exabeam Security Operations platform. Our goal is to make it easier to ingest a broad set of third-party data sources, while adding advanced capabilities to our service offerings:
- Microsoft 365 Exchange admin reports and Microsoft security alerts collector
- Enhancements to roles and permissions
- Risk scoring in Alert and Case Management
- Granular suppression for rules and entities
- New-Scale Okta Context Management
Microsoft 365 Exchange admin reports and Microsoft security alerts collector
These reports and the alerts collector have been integrated into the Exabeam Security Operations Platform. With the Microsoft security alerts collector, you can ingest critical alerts from other Microsoft services, such as Microsoft Defender, Azure Security Center, and Azure Active Directory Identity Protection. These new cloud collectors make it easier to configure and separate endpoints from the old Office 365 cloud connector into separate, log-specific cloud collectors.
Enhancements to roles and permissions
We’ve simplified and targeted access control workflows for the Exabeam Security Operations Platform. We’ve expanded the number of prepackaged roles in settings from three to seven, helping align security operations organizations of any size. Permissions have clear names and descriptions, allowing administrators to define access control efficiently for every role, including custom roles.
Risk scoring in Alert and Case Management
Our risk scoring now escalates the highest-risk alerts and cases for analyst review, indicating the likelihood of business impact. These risk scores inform system-generated priority levels, which can be manually adjusted by the analyst. Prioritizing security alerts and cases offers clear direction on where to focus efforts for faster detection and assessment of potential incidents, a key aspect in threat mitigation. You can filter alerts and cases by priority, risk scores, or age (the length of time since the alert or case was first created).
Granular suppression for rules and entities
This feature has been enhanced to allow users to suppress a correlation rule for a specific group or host. When using a Common Information Model (CIM) 2.0 field, a correlation rule is suppressed only by that value for the assigned suppression threshold. Using suppression to address “noisy” ports or hosts ensures you can manage alert fatigue and not miss important detections. The ability to suppress a value appears as the last step of the CR creation wizard, making it easy to apply as part of the regular workflow.
New-Scale Okta Context Management
We now support one of the most widely adopted identity provider (IdP) solutions, Okta, for access and authentication. Okta context tables can be included in custom filtered tables, which are then used in Search, Correlation Rules, and Dashboards to boost functionality.
About Exabeam
Exabeam is a global cybersecurity leader that helps organizations detect threats, defend against cyberattacks, and defeat adversaries. Exabeam was the first to put AI and machine learning in its products to deliver behavioral analytics on top of SIEM. Today, our New-Scale SIEMTM includes cloud-scale security log management, powerful behavioral analytics, and automated threat detection, investigation and response (TDIR) to provide an advantage against cyberthreats. Exabeam baselines normal behavior so security operations teams can identify the abnormal and take action — for faster, more complete responses and repeatable security outcomes.
For more information or to order test solutions