- What's New
- Improved Filters for Smart Timelines™
- Display More Accurate Times for When Rules Triggered on the Smart Timeline™
- More Accurate Geolocation and Internet Service Provider (ISP) Data for Your Events
- More Helpful Technical Support Information
- Updated Navigation to the Exabeam Community and Documentation Portal
- Troubleshoot Your Own Data Ingestion issues
- Support for the Latest Version of IBM® QRadar® Security Information and Event Management (SIEM)
- Known Issues
- Issues Fixed in Advanced Analytics i56.5 (General Availability)
Improved Filters for Smart Timelines™
With new and improved Smart Timeline filters, it's easier to find and navigate to an event based on a specific detail.
You can now navigate to an event that occurred during a specific time. Previously, you used the calendar to jump to a session on a specific date. Now, you can also specify a time in 24-hour notation. Your Smart Timeline jumps to an event that starts on that time, or the next latest event after that time.
In an asset Smart Timeline, use the new Users filter to view events related to a specific user. Search for and select the user, then apply the filter. You can only filter by one user at a time.
Previously, the session summary information disappeared if you filtered out sessions from your Smart Timeline. Now, this information is always visible at the top of the page, even if you're not filtering for sessions.
Display More Accurate Times for When Rules Triggered on the Smart Timeline™
Configure the Smart Timeline to more accurately display when time-based rules trigger.
The Smart Timeline displays the day of the week and 24-hour time notation when an ingested raw log and triggered a time-related rule, like DC23 (Abnormal session start time) or PA-UTi-A (Badge access at abnormal time).
For these time-based rules, the Smart Timeline displays when the event builder created an event from the raw log, which may not accurately represent when a rule triggered. In some cases, like if your SIEM lags when sending raw logs to Advanced Analytics, there may be up to a delay between when the raw log was created and when it's processed to create an event.
Now, you can configure the Smart Timeline so it displays when the raw log was created, which more accurately represents when anomalous behavior happened.
If you have a hardware deployment, configure this feature by editing the rule and model configuration. If you have a cloud-delivered deployment, configure this feature by contacting Exabeam Customer Success.
Exabeam Documentation: Configure Smart Timeline™ to Display More Accurate Times for When Rules Triggered
More Accurate Geolocation and Internet Service Provider (ISP) Data for Your Events
Your events are enriched with the most updated geolocation and ISP data so your rules and models train on more accurate data, and you can better detect potential threats in your environment.
When Advanced Analytics builds events, it associates the event's IP address with a geolocation or ISP, and enriches the event with this data. To ensure the data is as accurate as possible, Advanced Analytics now pulls from an improved database.
Previously, Advanced Analytics pulled geolocation and ISP data from MaxMind's GeoLite2 database. Now, Advanced Analytics pulls this data from the Neustar's UltraGeoPoint database, which is more accurate and is updated more frequently.
Instead of pulling from the database in a CSV format, Advanced Analytics now pulls data in MaxMind DB (MMDB) binary format, which takes less memory and helps your system run more smoothly.
After you upgrade to i56, models that use geolocation or ISP data train will reset and train on the new values, which may trigger more rules.
More Helpful Technical Support Information
Generate technical support information that includes Analytics Engine and Log Ingestion and Messaging Engine (LIME) rotated logs. These logs help Exabeam Customer Success quickly understand and resolve a problem with your system.
Previously, when you generated a support file for Advanced Analytics, certain critical information could be missing. This missing information was usually found in a rotated log from the Analytics Engine or LIME, which was difficult to retrieve. It took Customer Success a long time to get the information necessary to resolve your issue.
Now, from within Advanced Analytics, you can quickly generate a support file that includes the last five rotated logs. After you generate the file, attach it to your case ticket on the Exabeam Community.
Exabeam Documentation: Generate a Support File
Updated Navigation to the Exabeam Community and Documentation Portal
There's a new way to get the help you need in Advanced Analytics.
Previously, the menu listed several options: File a Ticket, Got an Idea, What's new, which lead to the Documentation Portal, and Documentation, which lead to the Exabeam Community knowledge articles. We updated these links so they're easier to understand:
To understand the product and how to use it, select Documentation.
To get support from other Exabeam users in the Exabeam Community, select Community.
To create a support case, select Support.
To provide feedback on new features you'd like to see, select Suggest Ideas.
Troubleshoot Your Own Data Ingestion issues
Introducing a self-service mechanism for hardware and virtual deployments that exposes what's really going on when Advanced Analytics ingests data.
An event may appear incorrectly in Smart Timelines because there was an issue with ingesting data into Advanced Analytics. In previous versions, you contacted Exabeam Customer Success to diagnose and triage these issues. They designed and implemented intensive custom solutions just to see what was happening to data in your system.
Now, if you have a hardware or virtual deployment, you can troubleshoot your own data ingestion issues without waiting for Exabeam Customer Success. Using a new mechanism, you can see the status of your data as it's ingested in real time.
You create JSON file that specifies which logs you're tracking and the problem you're troubleshooting, then run a Python script. As logs are ingested into Advanced Analytics, the script prints messages describing what's happening to the log in real time. You use these messages to identify the problem, then take the appropriate steps to resolve it.
Exabeam Documentation: Troubleshoot Advanced Analytics Data Ingestion Issues
Support for the Latest Version of IBM® QRadar® Security Information and Event Management (SIEM)
You can ingest data from the latest versions of IBM QRadar, version 7.4 and later.
If you configured IBM QRadar as a log source, Advanced Analytics automatically starts ingesting logs after you upgrade. You don't need to re-configure IBM QRadar as a log source in Advanced Analytics settings or restart IBM QRadar.