- Advanced Analytics
- Understand the Basics of Advanced Analytics
- Configure Log Management
- Set Up Admin Operations
- Set Up Authentication and Access Control
- Additional Configurations
- Configure Rules
- Exabeam Threat Intelligence Service
- Threat Intelligence Service Prerequisites
- View Threat Intelligence Feeds
- Threat Intelligence Context Tables
- View Threat Intelligence Context Tables
- Assign a Threat Intelligence Feed to a New Context Table
- Create a New Context Table from a Threat Intelligence Feed
- Check ExaCloud Connector Service Health Status
- Exabeam Cloud Telemetry Service
- Manage Security Content in Advanced Analytics
- Health Status Page
Advanced Analytics Overview
Advanced Analytics provides user and entity behavior intelligence on top of existing SIEM and log management data repositories. Advanced Analytics can detect compromised and rogue insiders and can present a complete picture of both the user session and lateral movement use within the attack chain.
Exabeam pulls logs from a variety of data sources and enriches this data with identity information collected from Active Directory (LDAP). This information provides an identity context for credential use. Through behavior modeling and analytics, Advanced Analytics learns normal user credential activities and access characteristics. By automatically comparing incoming data to these normal behaviors, anomalous activity can be exposed.
Advanced Analytics places all user credential activities and characteristics on a timeline with scores assigned to anomalous access behavior. Traditional security alerts are also scored, attributed to identities, and placed on the activity timeline. All systems touched by compromised credentials of insiders are identified to reveal the attacker's path through the IT environment.