Cloud-delivered Data LakeExabeam Data Lake i40 Release Notes

What's New

These release notes are only available for Exabeam Cloud-delivered offerings. Please contact Exabeam Sales or your account executive for additional information.

What's New in i40.2

Customers on Data Lake i40.2 or later versions can take advantage of the following new features and improvements:

Apache Log4J Security Patch

A critical vulnerability in software using Apache Log4j affected the following Exabeam Products:

  • Elasticsearch in Data Lake

  • Logstash and Datadog Agent in Site Collector

This vulnerability has been patched. Learn more about Exabeam's response to the vulnerability on Exabeam Community.

Display Empty/Null fields in Data Lake visualizations

Added the ability to display any field that is empty or null in Data Lake visualizations. Previously, these fields were ignored.

DL_Display_Empty_Field_in_Visualization.png

Renamed Volume to Index Size in operational stats

On the System Health page, the term Volume has been replaced with Index Size, to remove any confusion as to what is being represented. An explanation of the value has also been added.

DL_Renamed_Volume_to_Index_Size.png

Miscellaneous Improvements and Updates

  • Reduced the size of metadata information, and limited the metadata fields to the most valuable, to optimize the data and minimize the cost to customers.

  • Added support for Ubuntu 20.04 agents.

  • Added support in Site Collector for JSON logs, allowing customers to easily onboard JSON logs, eliminating issues previously experienced when parsing these logs.

What's New in i40.1

Customers on Data Lake i40.1 or later versions can take advantage of the following new features and improvements:

  • The cluster charts provided in Data Lake have been improved to provide more relevant and useful information to customers.

  • Metadata processing in Site Collector and supported collection agents has been optimized to include only fields that provide significant value.

What's New in i40

Customers on Data Lake i40 can take advantage of the following new features and improvements:

An Enhanced Reindexing Experience for Admins

Reindexing operations no longer compete with ongoing ingestion for resources. They now use only available resources, so they can be safely run at any time. You can also track ongoing reindexing jobs and view the history of past jobs.

For more information, see Reindex Operations.Reindex Operations

Get More from Your Data with an Additional Syslog Destination

To leverage event data from Site Collector for additional IT operations, you can now add a secondary Syslog destination in SaaS deployments. The secondary destination can be used for a variety of purposes, such as gaining additional insights from your data in non-security applications, satisfying legal requirements for storing data, easing cloud adoption and migration, and supporting disaster recovery operations. The secondary destination can be located on premises or in a virtual environment.

For more information, see Add a Secondary Syslog Destination.Add a Secondary Syslog Destination

Miscellaneous Improvements and Updates

  • Filtered search results can now be exported to PDF files.

  • Context tables can now be enriched with user attributes from Azure Active Directory. These attributes can in turn be used as search filters. See Azure AD Context Enrichment.Azure AD Context Enrichment

  • You can now delete archived snapshots from the NFS drive. See Delete Snapshots from the Archive.Delete Snapshots from the Archive

  • The Advanced Settings page has been redesigned and streamlined to include only supported settings.

  • Exported query results now include a CSV file that reports any errors that occurred in the query. The addition of the error report provides a clear picture of your results set.

  • To enhance the security of cloud-delivered services, Security-Enhanced Linux (SELinux) is enabled by default in Data Lake.

  • Data Lake now includes a user interface for upgrading site collectors to the latest software. See Upgrade Exabeam Site Collector.Upgrade Exabeam Site Collector

  • The primary Site Collector now supports network ports 1194 and 443 for OpenVPN to simplify the installation process.

  • Orphaned collectors can now be manually removed 15 days after being uninstalled. See Remove an Uninstalled Collector from the Collector Management Page.Remove an Uninstalled Collector from the Collector Management Page

  • eStreamer now uses the eNcore version 3.7.4 library.