Skip to main content

Cloud-delivered Incident ResponderIncident Responder Documentation

Configure the Exabeam Advanced Analytics Service

Configure Advanced Analytics as a service to get information like risk scores and triggered rules, manage context tables, accept sessions, and run other Exabeam Advanced Analytics actions.

Note your Incident Responder server IP address. To find your Incident Responder server IP address, in a command-line interface (CLI), type systemctl status exabeam-soar-python-action-engine | less. Your Incident Responder server IP address is the value of SOAR_SERVER_WEBCOMMON_IP; for example, SOAR_SERVER_WEBCOMMON_IP=1.1.1.1.

  1. In the sidebar, click SETTINGSA grey gear icon, then select Core.

  2. Under SERVICE INTEGRATIONS, select Services.

  3. Select a service:

    • To configure a specific service, hover over a service, then click CONFIGURE. Use the search by vendor or filter by action to find a service.

    • To manually provide the relevant information for a service, click Configure a new serviceA dark blue plus sign..

    • To view all actions for a service, hover over a service, then click the information icon An icon of a grey i inside a grey circle..

  4. Enter information about the service:

    • Service Name – Enter a unique name for the service. By default, the service name is Exabeam Advanced Analytics.

    • (Optional) Description – Describe the service.

    • (Optional) Owner – Enter the email address of the person or group responsible for the service. 

    • API URL – Enter https://<soar-server-ipaddress>:8484/, where soar-server-ipaddress is the IP address of your Incident Responder server; for example, https://1.1.1.1:8484/

    • Username – Enter the username of your Exabeam account.

    • Password – Enter the password to your Exabeam account.

    • Version – Enter the Advanced Analytics version number you use; for example, I56.

  5. To validate the source, select TEST CONNECTIVITY.

  6. Select CREATE SERVICE.