- Advanced Analytics
- Understand the Basics of Advanced Analytics
- Configure Log Management
- Set Up Admin Operations
- Set Up Authentication and Access Control
- Additional Configurations
- Configure Rules
- Exabeam Threat Intelligence Service
- Threat Intelligence Service Prerequisites
- View Threat Intelligence Feeds
- Threat Intelligence Context Tables
- View Threat Intelligence Context Tables
- Assign a Threat Intelligence Feed to a New Context Table
- Create a New Context Table from a Threat Intelligence Feed
- Check ExaCloud Connector Service Health Status
- Exabeam Cloud Telemetry Service
- Manage Security Content in Advanced Analytics
- Health Status Page
Rule Naming Convention
Exabeam has an internal Rule ID naming convention that is outlined below. This system is used for Exabeam created rules and models only. When a rule is created or cloned by a customer, the system will automatically create a Rule ID for the new rule that consists of customer-created, followed by a random hash. For example, a new rule could be called, customer-created-4Ef3DDYQsQ {.
The Exabeam convention for model and rule names is: ET-SF-A/F-Z
ET: The event types that the model or rule addresses. For example,
RA = remote-access
NKL = NTLM/Kerberos-logon
RL = remote-logon
SF: Scope and Feature of the model. For example,
HU = Scope=Host, Feature=User
OZ = Scope=Organization, Feature=Zone
A/F: For rules only
A = Abnormal
F = First
Z : Additional Information (Optional). For example,
DC: Domain Controller models/rules
CS: Critical Systems