An Easier Navigating Experience for Smart Timelines™
It's easier than ever to investigate an event using Smart Timelines, even when you have thousands of events, with an improved navigation experience.
Never lose track of which session you're looking at. The session summary information is now always visible at the top of the page. Refer to it to immediately know which session an event belongs to.
There's a faster way to jump to the end of a Smart Timeline. Previously, clicking the down arrow loaded more events in the same session; to reach the end of the Smart Timeline, you clicked the arrow repeatedly or scrolled endlessly. Now when you click the down arrow while you're on the latest session, you're sent straight to the end of the Smart Timeline.
For asset Smart Timelines, you can now navigate to a sequence on a specific date. Use the calendar to view high risk days at a glance, then jump to the session on that day.
Protect Log Ingestion and Messaging Engine (LIME) when Ingesting with Syslog
If you use Syslog to ingest logs, a new watchdog utility keeps Log Ingestion and Messaging Engine (LIME) running when it's overwhelmed.
If LIME accumulates a backlog of data that's too large to process, it may run out of disk space and stop working correctly. A new watchdog utility ensures that your disk doesn't get full and actively monitors how much disk space you're using.
When the disk has 25 percent capacity remaining, a health alert notifies you that you're running low on disk space. In the rare case that your disk has 15 percent capacity remaining, the utility deletes files, starting with the largest one, as a last resort to keep your system running. Expect this to happen rarely, if at all.
To avoid this situation, consider tuning your system so it ingests less logs or ingests logs more slowly. If you ingest logs from Data Lake, consider setting a lower log forwarding rate.
Exabeam Documentation: Configure Log Forwarding Rate
Exabeam Documentation: System Health Alerts for Low Disk Space
Better Storage, Better Models
We optimized how we stored data so your models work better than ever.
With access to more asset data, your models more accurately detect anomalies and aggregate event statistics. This doesn't affect other aspects of your system.