The Exabeam Security Management Platform provides end-to-end detection, User Event Behavioral Analytics, and SOAR.
Exabeam Advanced Analytics
- Details
- Content
- Dependencies
- Version History
The Exabeam Security Management Platform provides end-to-end detection, User Event Behavioral Analytics, and SOAR.
Classifiers
| Name | Description |
|---|---|
Exabeam Classifier | |
Exabeam mapping |
Incident Fields
| Name | Description |
|---|---|
Exabeam Id | |
Exabeam Past Scores | |
Exabeam Highest Session Number Of Asset | |
Exabeam Average Risk Score | |
Exabeam Session IDs | |
Exabeam Highest Session Login Host | |
Exabeam Last Activity Time | |
Exabeam Queue | |
Exabeam Last Activity Type | |
Exabeam Highest Session Number Of Reasons |
Incident Types
| Name | Description |
|---|---|
Exabeam Notable User | |
Exabeam Incident |
Integrations
| Name | Description |
|---|---|
| Exabeam Advanced Analytics |
Layouts
| Name | Description |
|---|---|
Exabeam Incident | |
Exabeam Notable User |
Classifiers
| Name | Description |
|---|---|
Exabeam Classifier | |
Exabeam mapping |
Incident Fields
| Name | Description |
|---|---|
Exabeam Last Activity Time | |
Exabeam Highest Session Number Of Reasons | |
Exabeam Highest Session Login Host | |
Exabeam Past Scores | |
Exabeam Id | |
Exabeam Average Risk Score | |
Exabeam Last Activity Type | |
Exabeam Session IDs | |
Exabeam Queue | |
Exabeam Highest Session Number Of Asset |
Incident Types
| Name | Description |
|---|---|
Exabeam Notable User | |
Exabeam Incident |
Integrations
| Name | Description |
|---|---|
| Exabeam Advanced Analytics | The Exabeam Security Management Platform provides end-to-end detection, User Event Behavioral Analytics, and SOAR. |
Layouts
| Name | Description |
|---|---|
Exabeam Incident | |
Exabeam Notable User |
Required Content Packs (1)
| Pack Name | Pack By |
|---|---|
| Base | By: Cortex XSOAR |
Optional Content Packs (5)
| Pack Name | Pack By |
|---|---|
| Common Types | By: Cortex XSOAR |
| Malware Core | By: Cortex XSOAR |
| PAN-OS by Palo Alto Networks | By: Cortex XSOAR |
| ServiceNow | By: Cortex XSOAR |
| SpyCloud Enterprise Protection | By: SpyCloud |
All level dependencies (1)
| Pack Name | Pack By |
|---|---|
| Base | By: Cortex XSOAR |
2.4.0 - 1175817 (July 14, 2024)
- 34900
Download
Classifiers
New: Exabeam Classifier
Created a new classifier to classify incidents based on the source of the data.
- If the source is the fetch incidents, the incident type will be Exabeam Incident.
- If the source is the fetch notable users the incident type will be Exabeam Notable User.
Incident Fields
New: Exabeam Average Risk Score
Added a new incident field to store the average risk score of a user.New: Exabeam Highest Session Login Host
Added a new incident field to store the highest session login host of a user.New: Exabeam Highest Session Number Of Asset
Added a new incident field to store the number of assets in the highest risk session.New: Exabeam Highest Session Number Of Reasons
Added a new incident field to store the number of reasons in the highest risk session.New: Exabeam Last Activity Time
Added a new incident field to store the last activity time of a user.New: Exabeam Last Activity Type
Added a new incident field to store the type of the last activity of a user.New: Exabeam Past Scores
Added a new incident field to store past risk scores of a user.New: Exabeam Session IDs
Added a new incident field to store the session IDs of a user.
Incident Types
New: Exabeam Notable User
New: Created a new incident type for notable users fetched.Exabeam Incident
Added a new layout.
Integrations
Exabeam Advanced Analytics
- Updated the integration to support fetch notable users.
- Added the following new parameters:
- Fetch Type.
- Max Users Per Fetch.
- Notable Users Fetch Interval.
- Notable Users First Fetch Timestamp.
- Minimum Risk Score To Fetch Users.
- Updated the integration display Name from Exabeam to Exabeam Advanced Analytics.
- Updated the Docker image to: demisto/python3:3.11.9.101916.
Layouts
New: Exabeam Incident
Created a new layout for the incident type: Exabeam Incident.New: Exabeam Notable User
New: Created a new layout for the incident type: Exabeam Notable User.
Mappers
Exabeam mapping
Added a mapping for the new incident type: Exabeam Notable User.
- 34900
Download
2.3.0 - 6808171 (November 6, 2023)
- 30655
- 30625
Download
Integrations
Exabeam
- Fixed an issue where this integration caused "NameError: name 'TOKEN_INPUT_IDENTIFIER' is not defined" errors in other integrations/automations which reused the same container.
- Updated the Docker image to: demisto/python3:3.10.13.78960.
- 30655
- 30625
Download
2.4.0 - 1175817 (July 14, 2024)
- 34900
Download
Classifiers
New: Exabeam Classifier
Created a new classifier to classify incidents based on the source of the data.
- If the source is the fetch incidents, the incident type will be Exabeam Incident.
- If the source is the fetch notable users the incident type will be Exabeam Notable User.
Incident Fields
New: Exabeam Average Risk Score
Added a new incident field to store the average risk score of a user.New: Exabeam Highest Session Login Host
Added a new incident field to store the highest session login host of a user.New: Exabeam Highest Session Number Of Asset
Added a new incident field to store the number of assets in the highest risk session.New: Exabeam Highest Session Number Of Reasons
Added a new incident field to store the number of reasons in the highest risk session.New: Exabeam Last Activity Time
Added a new incident field to store the last activity time of a user.New: Exabeam Last Activity Type
Added a new incident field to store the type of the last activity of a user.New: Exabeam Past Scores
Added a new incident field to store past risk scores of a user.New: Exabeam Session IDs
Added a new incident field to store the session IDs of a user.
Incident Types
New: Exabeam Notable User
New: Created a new incident type for notable users fetched.Exabeam Incident
Added a new layout.
Integrations
Exabeam Advanced Analytics
- Updated the integration to support fetch notable users.
- Added the following new parameters:
- Fetch Type.
- Max Users Per Fetch.
- Notable Users Fetch Interval.
- Notable Users First Fetch Timestamp.
- Minimum Risk Score To Fetch Users.
- Updated the integration display Name from Exabeam to Exabeam Advanced Analytics.
- Updated the Docker image to: demisto/python3:3.11.9.101916.
Layouts
New: Exabeam Incident
Created a new layout for the incident type: Exabeam Incident.New: Exabeam Notable User
New: Created a new layout for the incident type: Exabeam Notable User.
Mappers
Exabeam mapping
Added a mapping for the new incident type: Exabeam Notable User.
- 34900
Download
2.3.0 - 6808171 (November 6, 2023)
- 30655
- 30625
Download
Integrations
Exabeam
- Fixed an issue where this integration caused "NameError: name 'TOKEN_INPUT_IDENTIFIER' is not defined" errors in other integrations/automations which reused the same container.
- Updated the Docker image to: demisto/python3:3.10.13.78960.
- 30655
- 30625
Download
PUBLISHER
PLATFORMS
Cortex XSOARCortex XSIAM
INFO
| Certification | Certified | Read more |
| Supported By | Cortex | |
| Created | December 22, 2020 | |
| Last Release | November 28, 2024 |
WORKS WITH THE FOLLOWING INTEGRATIONS:
