Cloud-delivered Data LakeData Lake Administration Guide

Cluster Operations

Hardware and Virtual Deployments Only

Configuring Exabeam Directory Services Data Retention in Exabeam Data Lake

Hardware and Virtual Deployments Only


To configure this feature, please contact your Exabeam technical representative.

By default, the retention policy for Exabeam Directory Services (EDS) data is 30 days. Therefore, LDIF (LDAP Data Interchange Format) files collected daily from the LDAP (Lightweight Directory Access Protocol) server(s) are retained for 30 days.

In general, the 30-day default period is suitable for the average customer and does not affect product behavior performance. However, some customers may need to reprocess older events, which may include events related to users or assets that are no longer active, and won’t be found in the current context tables. In this specific case, the events will be reprocessed but might not be able to leverage the historical contextual information.

To configure the EDS data retention period:

  1. Access the EDS custom application.conf file: /opt/exabeam/config/common/eds/custom/application.conf

  2. Add the value here, where N is the total number of retention days:

    EDS.Defaults.RetentionPeriod = N days
  3. Stop, and then start EDS again:


Display a Custom Login Message

You can create and display a custom login message for your users. The message is displayed to all users before they can proceed to login.

To display a custom login message:

  1. On a web browser, log in to your Exabeam web console using an account with administrator privileges.

  2. Navigate to Settings > Admin Operations > Login Message.

    Login Message in Admin Operations to set the custom login message.
  3. Click EDIT.

    Admin Operations settings, under the Login Message tab, with the Edit button highlighted with a red circle.
  4. Enter a login message in Message Content.


    The message content has no character limit and must follow UTF-8 format. It supports empty lines between text. However, it does not support special print types, links, or images.

    Admin Operation settings, under the Login Message tab, with the Message Content header highlighted with a red circle.

    A common type of message is a warning message. The following example is a sample message:

    Usage Warning

    This computer system is for authorized use only. Users have no explicit or implicit expectation of privacy.

    Any or all uses of this system and all files on this system may be intercepted, monitored, recorded, copied, audited, inspected, and disclosed to an authorized site. By using this system, the user consents to such interception, monitoring, recording, copying, auditing, inspection, and disclosure at the discretion of the authorized site.

    Unauthorized or improper use of this system may result in administrative disciplinary action and civil and criminal penalties. By continuing to use this system you indicate your awareness of and consent to these terms and conditions of use. LOG OFF IMMEDIATELY if you do not agree to the conditions stated in this warning.


    This sample warning message is intended to be used only as an example. Do not use this message in your deployment.

  5. Click SAVE.

    Admin Operations settings, under the Login Message tab, with the Save button highlighted with a red circle.
  6. Click the Display Login Message toggle to enable the message.


    You can hide your message at any time without deleting it by disabling the message content.

    Display Login Message tab switched off.

Your custom login message is now shared with all users before they proceed to the login screen.


Exabeam Cluster Authentication Token

The cluster authentication token is used to verify identities between clusters that have been deployed in phases as well as HTTP-based log collectors. Each peer cluster in a query pool must have its own token. You can set expiration dates during token creation or manually revoke tokens at any time.

To generate a token:

  1. Go to Settings > Core > Admin Operations > Cluster Authentication Token.

    admin operations cluster authentication token selection

    The Cluster Authorization Token page appears.

  2. Click A blue circle with a white plus sign..

    The Setup Token dialog box appears.

  3. Enter a Token Name, and then select an Expiry Date.


    Token names can contain only letters, numbers, and spaces.

  4. Select the Default Roles for the token.

  5. Click Add Token.

    Use this generated file to allow your API(s) to authenticate by token. Ensure that your API uses ExaAuthToken in its requests. For curl clients, the request structure resembles the following:

    curl -H "ExaAuthToken:<generated_token>" https://<external_host>:<api_port>/<api_request_path>