- Advanced Analytics
- Understand the Basics of Advanced Analytics
- Configure Log Management
- Set Up Admin Operations
- Set Up Authentication and Access Control
- Additional Configurations
- Configure Rules
- Exabeam Threat Intelligence Service
- Threat Intelligence Service Prerequisites
- View Threat Intelligence Feeds
- Threat Intelligence Context Tables
- View Threat Intelligence Context Tables
- Assign a Threat Intelligence Feed to a New Context Table
- Create a New Context Table from a Threat Intelligence Feed
- Check ExaCloud Connector Service Health Status
- Exabeam Cloud Telemetry Service
- Manage Security Content in Advanced Analytics
- Health Status Page
Notifications
You can configure Advanced Analytics to send notification about system health, notable sessions, anomalies, and other important system information. You can configure notification to be sent in the following formats:
Log repository – Notifications can be sent to a log repository in a structured data format using the Syslog protocol. These notifications are formatted so machines, like your log repository, can easily understand them.
Email – Notifications can be sent to an email account in a format that's more human-readable.
Set Up Notifications to a Log Repository, Ticketing System, or SIEM
To configure notifications to a log repository, log ticketing system, or SIEM using the Syslog protocol:
In the sidebar, click SETTINGS
, then select Core.Under NOTIFICATIONS, select Setup Notifications.
Click add
, then select Syslog Notification.Configure the following notification settings:
IP / Hostname – Enter the IP or hostname of your Syslog server.
Port – Enter the port your Syslog server uses.
Protocol – Select the network protocol your Syslog server uses to send messages: TCP, SSL_TCP, or UDP.
Syslog Security Level – Assign a severity level to the notification:
Informational – Normal operational events, no action needed.
Debug – Useful information for debugging, sent after an error occurs.
Error – An error has occurred and must be resolved.
Warning – Events that will lead to an error if you don't take action.
Emergency – Your system is unavailable and unusable.
Alert – Events that should be corrected immediately.
Notice – An unusual event has occurred.
Critical – Some event, like a hard device error, has occurred and your system is in critical condition.
Notifications by Product – Select the events for which you want to be notified:
Advanced Analytics:
System Health – All system health alerts for Advanced Analytics.
Notable Sessions – A user or asset has reached a risk threshold and become notable. This notification describes which rule was triggered and contains any relevant information.
Anomalies – A rule has been triggered.
AA/CM/OAR Audit – An Exabeam user does something in Advanced Analytics, Case Manager, or Incident Responder that's important to know when auditing their activity history; for example, when someone modifies rule behavior, changes log sources, or changes user roles and permissions.
Job Start – Data processing engines have started processing a log.
Job End – Data processing engines have stopped processing a log.
Job Failure – Data processing engines have failed to process a log.
Click ADD NOTIFICATION.
Restart the Analytics Engine.
Set Up Notifications to Email
You can configure email notifications for both Advanced Analytics and for some Incident Responder actions. The Incident Responder notifications can include:
Notify User By Email Phishing
Phishing Summary Report
Send Email
Send Template Email
Send Indicators via Email
If you configure these settings correctly, Incident Responder uses IRNotificationSMTPService as the service for these actions. If you configure these settings incorrectly, these actions won't work correctly.
To configure human-readable email notifications:
In the sidebar, click SETTINGS
, then select Core.Under NOTIFICATIONS, select Setup Notifications.
Click add
, then select Email Notification.Configure the following notification settings:
IP / Hostname – You must enter
cloudrelay1.connect.exabeam.com.Port – Enter the port number for your outgoing mail server.
SSL – You must select this box.
Username Required – If your mail server requires a username, select the box, then enter the username.
Password Required – If your mail server requires a password, select the box, then enter the password.
Sender Email Address – Enter
<yourinstance>@notify.exabeam.com.Recipients – List the email addresses to receive these email notifications, separated by a comma.
E-mail Signature – Enter text that's automatically added to the end of all email notifications.
Notifications by Product – Select the events for which you want to be notified.
Incident Responder:
System Health – All system health alerts for Case Manager and Incident Responder.
Advanced Analytics:
System Health – All system health alerts for Advanced Analytics.
Notable Sessions – A user or asset has reached a risk threshold and become notable. This notification describes which rule was triggered and contains any relevant information.
Anomalies – A rule has been triggered.
AA/CM/OAR Audit – An Exabeam user does something in Advanced Analytics, Case Manager, or Incident Responder that's important to know when auditing their activity history; for example, when someone modifies rule behavior, changes log sources, or changes user roles and permissions.
Job Start – Data processing engines have started processing a log.
Job End – Data processing engines have stopped processing a log.
Job Failure – Data processing engines have failed to process a log.
Click ADD NOTIFICATION.