What's New

What's New in i60

Optimized Ingestion Performance

With Advanced Analytics i60, Exabeam has further optimized the process of ingesting and parsing logs. You can confidently ingest more data from across your organization to increase detection coverage without impacting processing performance.

Faster and More Efficient Parsing

Exabeam has improved domain name recognition within parsers for faster and higher fidelity threat detection.

The main navigation menu, previously located on the top-right side of the user interface, has been redesigned into a vertical menu on the upper-left side of the interface. This redesign is part of a move towards unifying the navigation experience across the different Exabeam environments.

The Licenses page has been updated to support new Exabeam licensing options. See Types of Exabeam Product Licenses in the Advanced Analytics Administration Guide.

What's New in i59

View any raw log from multiple Data Lake log sources in Smart Timelines.

After you upgrade to Advanced Analytics i59, configure additional Data Lake clusters as a log source. After you restart the Analytics Engine, you can click View Logs in Smart Timelines to access raw logs across any Data Lake cluster.

Advanced Analytics can ingest more logs, faster than ever.

Advanced Analytics can ingest a larger volume and wider variety of logs from multiple sources. If there's a spike in logs your system ingests, your system can handle the spike and keeps running. If you restart your system, Advanced Analytics can more quickly recover from the lapse and resume ingesting and processing logs in real time.

Improved Security

Improved login security for LDAP authentication.

What's New in i58

A Better Experience Commenting in Smart Timelines™

We refined your experience around commenting in Smart Timeline sessions so it's smoother and easier.

It's easier to navigate long comment threads. Previously, you couldn't conveniently view all the comments for a given session: comments automatically closed when you scrolled between sessions, sessions wouldn't load, and you could only see the two latest comments. Now, we improved the behavior of the session summary information so that comments remain open when you scroll between sessions. Instead of clicking LOAD MORE, you can view and scroll through all comments for a given session.

Smart Timelines now display the correct number of comments in the session summary or Daily Summary information. Previously, when you deleted or added a comment, the number of comments in the session summary or Daily Summary information didn't change. Now, this issue is resolved and you can trust that you're seeing the correct number of comments.

Optimized Numerical Histograms

To make it less likely that your system runs out of memory, we minimized how much memory numerical histograms consume.

Previously, histograms used up to half of the Analytics Engine's long-term memory. Of the memory histograms used, two-thirds was attributed to its data structure. We tuned the data structure for numerical histograms so they use even less memory.

Other Improvements

• Audit logging now includes SAML events, added/edited secured resources, and API cluster authorizations.

• Context Tables now include a Created Time field to log when the context data was imported. Since context data may change over time, this field tells you when the data was valid.

What's New in i57

Stuck and Failed Parser Detection

To keep Log Ingestion and Messaging Engine (LIME) running, your system detects stuck and failed parsers early and pauses them.

Parsers use regular expressions to extract data from logs. If these regular expressions are incorrect, parsers can enter an infinite loop and get stuck, or fail with a non-timeout exception. Sometimes, parsers can also get stuck when it can't parse incorrect input data. When parsers fail or get stuck, LIME stops working because it can't move forward until the previous parser is done processing.

Now, if a parser takes too long to process, a mechanism pauses those parsers to keep your system running. If the parser exceeds a configured time limit, your system fails the parser with a timeout exception, logs the error at a DEBUG security level, and notes the parser in internal error statistics. Your system periodically checks the error statistics to identify any parsers that have accumulated more than a certain number of errors, then pauses them.

After your system pauses a stuck or failed parser, you can view the parser in the list of paused parsers under System Health. You do not receive a system health alert when a stuck or failed parsers is paused, but you will continue to receive a system health alert when a slow parser is paused.

Exabeam Documentation: Paused Parsers

Exabeam Documentation: View Paused Parsers

Histograms Optimized for Better Stability

To stabilize your system and keep it running, histograms now consume less memory.

Previously, histograms used up to half of the Analytics Engine's long-term memory. Of the memory histograms used, two-thirds was attributed to its data structure. To free memory on your system and keep important services running, histograms now use a data structure that consumes less memory. With this new data structure, your system uses less heap space in Java and runs out of memory less frequently.

Health Checks Refined for Cloud-Delivered Deployments

In System Health, you only see the relevant health checks for cloud-delivered deployments. You no longer see health checks that apply only to hardware or virtual deployments.