Exabeam Advanced Analytics

Details
Content
Dependencies
Version History

The Exabeam Security Management Platform provides end-to-end detection, User Event Behavioral Analytics, and SOAR.

Classifiers

Name	Description
Exabeam Classifier
Exabeam mapping

Incident Fields

Name	Description
Exabeam Id
Exabeam Highest Session Number Of Asset
Exabeam Last Activity Type
Exabeam Queue
Exabeam Highest Session Login Host
Exabeam Last Activity Time
Exabeam Session IDs
Exabeam Highest Session Number Of Reasons
Exabeam Past Scores
Exabeam Average Risk Score

Incident Types

Name	Description
Exabeam Incident
Exabeam Notable User

Integrations

Name	Description
Exabeam Advanced Analytics	The Exabeam Security Management Platform provides end-to-end detection, User Event Behavioral Analytics, and SOAR.

Layouts

Name	Description
Exabeam Incident
Exabeam Notable User

Classifiers

Name	Description
Exabeam Classifier
Exabeam mapping

Incident Fields

Name	Description
Exabeam Average Risk Score
Exabeam Last Activity Time
Exabeam Highest Session Number Of Reasons
Exabeam Highest Session Number Of Asset
Exabeam Past Scores
Exabeam Queue
Exabeam Highest Session Login Host
Exabeam Last Activity Type
Exabeam Id
Exabeam Session IDs

Incident Types

Name	Description
Exabeam Incident
Exabeam Notable User

Integrations

Name	Description
Exabeam Advanced Analytics	The Exabeam Security Management Platform provides end-to-end detection, User Event Behavioral Analytics, and SOAR.

Layouts

Name	Description
Exabeam Notable User
Exabeam Incident

Required Content Packs (1)

Pack Name	Pack By
Base	By: Cortex XSOAR

Optional Content Packs (5)

Pack Name	Pack By
Common Types	By: Cortex XSOAR
Malware Core	By: Cortex XSOAR
PAN-OS by Palo Alto Networks	By: Cortex XSOAR
ServiceNow	By: Cortex XSOAR
SpyCloud Enterprise Protection	By: SpyCloud

All level dependencies (1)

Pack Name	Pack By
Base	By: Cortex XSOAR

2.4.1 - 1370357 (September 11, 2024)

Layouts

Exabeam Incident
Updated layout with canvas tab.
Exabeam Notable User
Updated layout with canvas tab.

Related pull requests:
- 36021

Download

2.4.0 - 1175817 (July 14, 2024)

Classifiers

New: Exabeam Classifier

Created a new classifier to classify incidents based on the source of the data.

If the source is the fetch incidents, the incident type will be Exabeam Incident.
If the source is the fetch notable users the incident type will be Exabeam Notable User.

Incident Fields

New: Exabeam Average Risk Score
Added a new incident field to store the average risk score of a user.
New: Exabeam Highest Session Login Host
Added a new incident field to store the highest session login host of a user.
New: Exabeam Highest Session Number Of Asset
Added a new incident field to store the number of assets in the highest risk session.
New: Exabeam Highest Session Number Of Reasons
Added a new incident field to store the number of reasons in the highest risk session.
New: Exabeam Last Activity Time
Added a new incident field to store the last activity time of a user.
New: Exabeam Last Activity Type
Added a new incident field to store the type of the last activity of a user.
New: Exabeam Past Scores
Added a new incident field to store past risk scores of a user.
New: Exabeam Session IDs
Added a new incident field to store the session IDs of a user.

Incident Types

New: Exabeam Notable User
New: Created a new incident type for notable users fetched.
Exabeam Incident
Added a new layout.

Integrations

Exabeam Advanced Analytics

Updated the integration to support fetch notable users.
Added the following new parameters:
- Fetch Type.
- Max Users Per Fetch.
- Notable Users Fetch Interval.
- Notable Users First Fetch Timestamp.
- Minimum Risk Score To Fetch Users.
Updated the integration display Name from Exabeam to Exabeam Advanced Analytics.
Updated the Docker image to: demisto/python3:3.11.9.101916.

Layouts

New: Exabeam Incident
Created a new layout for the incident type: Exabeam Incident.
New: Exabeam Notable User
New: Created a new layout for the incident type: Exabeam Notable User.

Mappers

Exabeam mapping

Added a mapping for the new incident type: Exabeam Notable User.

Related pull requests:
- 34900

Download

2.3.1 - 952091 (April 12, 2024)

Integrations

Exabeam

Fixed an issue where this integration caused a "ValueError" exception.
Updated the Docker image to: demisto/python3:3.10.14.91134.

Related pull requests:
- 33915

Download

2.3.0 - 6808171 (November 6, 2023)

Integrations

Exabeam

Fixed an issue where this integration caused "NameError: name 'TOKEN_INPUT_IDENTIFIER' is not defined" errors in other integrations/automations which reused the same container.
Updated the Docker image to: demisto/python3:3.10.13.78960.

Related pull requests:
- 30655
- 30625

Download

2.2.9 - 6674581 (October 22, 2023)

Integrations

Exabeam

Updated the Docker image to: demisto/python3:3.10.13.78623.

Related pull requests:
- 30290

Download

2.2.8 - R6592021 (October 13, 2023)

Integrations

Exabeam

Removed unnecessary logs.
Updated the Docker image to: demisto/python3:3.10.13.73190.

Related pull requests:
- 29472

Download

PUBLISHER

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

Certification	Certified	Read more
Supported By	Cortex
Created	December 22, 2020
Last Release	September 11, 2024

WORKS WITH THE FOLLOWING INTEGRATIONS:

SpyCloud Enterprise Protection Enrichment

DISCLAIMER

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.