- Advanced Analytics
- Understand the Basics of Advanced Analytics
- Configure Log Management
- Set Up Admin Operations
- Set Up Authentication and Access Control
- Additional Configurations
- Configure Rules
- Exabeam Threat Intelligence Service
- Threat Intelligence Service Prerequisites
- View Threat Intelligence Feeds
- Threat Intelligence Context Tables
- View Threat Intelligence Context Tables
- Assign a Threat Intelligence Feed to a New Context Table
- Create a New Context Table from a Threat Intelligence Feed
- Check ExaCloud Connector Service Health Status
- Exabeam Cloud Telemetry Service
- Manage Security Content in Advanced Analytics
- Health Status Page
Audit Logs
Audit logs represent user, object, or setting events in your organization. Specific events related to all Exabeam users are logged, including activities within the user interface as well as configuration activities.
Advanced Analytics audit logs are stored. The entire auditing history is stored and you cannot purge audit logs or set retention limits.
To access the activity data, you can forward audit logs via Syslog to an existing SIEM, to Data Lake, or to Search. Exabeam sends the Advanced Analytics activity data every five minutes. To access audit logs via Syslog, follow the notification setup procedure in Set Up Notifications to a Log Repository, Ticketing System, or SIEM.
Note
Advanced Analytics activity log data is not masked or obfuscated when sent via Syslog. It is your responsibility to upload the data to a dedicated index which is available only to users with appropriate privileges.
The following events are logged:
|
|
An additional type of audit logging is available for applications in the Exabeam Security Operations Platform. Access to these stored audit logs is available in Search. For ease of use, an Audit Logs tab is accessible in the Search query builder. For information about using the Audit Logs tab, see Basic Search in the Search Feature Guide.
Events from the following Exabeam Security Operations Platform applications are logged:
Authentication
Threat Center
Correlation Rules
Search
Settings, including
Users
Roles
Single sign-on
API keys