The Exabeam Security Management Platform provides end-to-end detection, User Event Behavioral Analytics, and SOAR.
Exabeam Advanced Analytics
- Details
- Content
- Dependencies
- Version History
The Exabeam Security Management Platform provides end-to-end detection, User Event Behavioral Analytics, and SOAR.
Name | Description |
---|---|
Exabeam Classifier | |
Exabeam mapping |
Name | Description |
---|---|
Exabeam Id | |
Exabeam Past Scores | |
Exabeam Highest Session Number Of Asset | |
Exabeam Average Risk Score | |
Exabeam Session IDs | |
Exabeam Highest Session Login Host | |
Exabeam Last Activity Time | |
Exabeam Queue | |
Exabeam Last Activity Type | |
Exabeam Highest Session Number Of Reasons |
Name | Description |
---|---|
Exabeam Notable User | |
Exabeam Incident |
Name | Description |
---|---|
Exabeam Advanced Analytics |
Name | Description |
---|---|
Exabeam Incident | |
Exabeam Notable User |
Name | Description |
---|---|
Exabeam Classifier | |
Exabeam mapping |
Name | Description |
---|---|
Exabeam Queue | |
Exabeam Id | |
Exabeam Last Activity Time | |
Exabeam Past Scores | |
Exabeam Last Activity Type | |
Exabeam Highest Session Number Of Asset | |
Exabeam Highest Session Number Of Reasons | |
Exabeam Session IDs | |
Exabeam Highest Session Login Host | |
Exabeam Average Risk Score |
Name | Description |
---|---|
Exabeam Notable User | |
Exabeam Incident |
Name | Description |
---|---|
Exabeam Advanced Analytics | The Exabeam Security Management Platform provides end-to-end detection, User Event Behavioral Analytics, and SOAR. |
Name | Description |
---|---|
Exabeam Notable User | |
Exabeam Incident |
Pack Name | Pack By |
---|---|
Base | By: Cortex XSOAR |
Pack Name | Pack By |
---|---|
Common Types | By: Cortex XSOAR |
Malware Core | By: Cortex XSOAR |
PAN-OS by Palo Alto Networks | By: Cortex XSOAR |
ServiceNow | By: Cortex XSOAR |
SpyCloud Enterprise Protection | By: SpyCloud |
Pack Name | Pack By |
---|---|
Base | By: Cortex XSOAR |
Classifiers
New: Exabeam Classifier
Created a new classifier to classify incidents based on the source of the data.
- If the source is the fetch incidents, the incident type will be Exabeam Incident.
- If the source is the fetch notable users the incident type will be Exabeam Notable User.
Incident Fields
New: Exabeam Average Risk Score
Added a new incident field to store the average risk score of a user.New: Exabeam Highest Session Login Host
Added a new incident field to store the highest session login host of a user.New: Exabeam Highest Session Number Of Asset
Added a new incident field to store the number of assets in the highest risk session.New: Exabeam Highest Session Number Of Reasons
Added a new incident field to store the number of reasons in the highest risk session.New: Exabeam Last Activity Time
Added a new incident field to store the last activity time of a user.New: Exabeam Last Activity Type
Added a new incident field to store the type of the last activity of a user.New: Exabeam Past Scores
Added a new incident field to store past risk scores of a user.New: Exabeam Session IDs
Added a new incident field to store the session IDs of a user.
Incident Types
New: Exabeam Notable User
New: Created a new incident type for notable users fetched.Exabeam Incident
Added a new layout.
Integrations
Exabeam Advanced Analytics
- Updated the integration to support fetch notable users.
- Added the following new parameters:
- Fetch Type.
- Max Users Per Fetch.
- Notable Users Fetch Interval.
- Notable Users First Fetch Timestamp.
- Minimum Risk Score To Fetch Users.
- Updated the integration display Name from Exabeam to Exabeam Advanced Analytics.
- Updated the Docker image to: demisto/python3:3.11.9.101916.
Layouts
New: Exabeam Incident
Created a new layout for the incident type: Exabeam Incident.New: Exabeam Notable User
New: Created a new layout for the incident type: Exabeam Notable User.
Mappers
Exabeam mapping
Added a mapping for the new incident type: Exabeam Notable User.
- 34900
Download
Integrations
Exabeam
- Fixed an issue where this integration caused "NameError: name 'TOKEN_INPUT_IDENTIFIER' is not defined" errors in other integrations/automations which reused the same container.
- Updated the Docker image to: demisto/python3:3.10.13.78960.
- 30655
- 30625
Download
PUBLISHER
PLATFORMS
INFO
Certification | Certified | Read more |
Supported By | Cortex | |
Created | December 22, 2020 | |
Last Release | November 28, 2024 |