- Cloud Collectors Overview
- Administration
- Administrative Access
- Shareable Service Accounts
- Add Accounts for AWS Cloud Collectors
- Add Accounts for Cisco Duo Cloud Collector
- Add Accounts for Google Cloud Collectors
- Add Accounts for Microsoft Cloud Collectors
- Add Accounts for Okta Cloud Collectors
- Add Accounts for Salesforce Cloud Collectors
- Add Accounts for Splunk Cloud Collectors
- Add Accounts for Trend Micro Cloud Collectors
- Define a Unique Site Name
- Sign Up for the Early Access Program
- Onboard Cloud Collectors
- AWS CloudTrail Cloud Collectors
- AWS CloudWatch Cloud Collector
- AWS S3 Cloud Collector
- AWS SQS Cloud Collector
- Azure Activity Logs Cloud Collector
- Azure Log Analytics Cloud Collector
- Azure Event Hub Cloud Collector
- Azure Storage Analytics Cloud Collector
- Cisco Duo Cloud Collector
- Cisco Umbrella Cloud Collector
- Cribl Cloud Collector
- CrowdStrike Cloud Collectors
- GCP Pub/Sub Cloud Collector
- Microsoft Defender XDR (via Azure Event Hub) Cloud Collector
- Microsoft Entra ID Context Cloud Collector
- Microsoft Entra ID Logs Cloud Collector
- Microsoft 365 Exchange Admin Reports Cloud Collector
- Supported Sources from Microsoft 365 Exchange Admin Reports
- Migrate to the Microsoft 365 Exchange Admin Reports Cloud Collector
- Prerequisites to Configure the Microsoft 365 Exchange Admin Reports Cloud Collector
- Configure the Microsoft 365 Exchange Admin Reports Cloud Collector
- Troubleshooting the Microsoft 365 Exchange Admin Reports Cloud Collector
- Microsoft 365 Management Activity Cloud Collector
- Microsoft Security Alerts Cloud Collector
- Microsoft Sentinel (via Event Hub) Cloud Collector
- Netskope Alerts Cloud Collector
- Netskope Events Cloud Collector
- Okta Cloud Collector
- Okta Context Cloud Collector
- Palo Alto Networks Cortex Data Lake Cloud Collector
- Proofpoint On-Demand Cloud Collector
- Proofpoint Targeted Attack Protection Cloud Collector
- Salesforce Cloud Collector
- SentinelOne Alerts Cloud Collector
- SentinelOne Cloud Funnel Cloud Collector
- SentinelOne Threats Cloud Collector
- Splunk Cloud Collector
- Symantec Endpoint Security Cloud Collector
- Trend Vision One Cloud Collector
- Zscaler ZIA Cloud Collector
- Webhook Cloud Collectors
- Troubleshooting Cloud Collectors
Define a Unique Site Name
Create unique site names in Exabeam Security Operations Platform to restrict access and manage multiple sites with distinct security data.
To effectively manage and monitor multiple sites within the Exabeam Security Operations Platform, you can define unique site names. This allows you to restrict access to security data based on site tags by tagging a collector instance along with the associated events and alerts. By defining unique site names, you can implement the following SIEM and TDIR capabilities across the entire organization, including independent IT infrastructures or sites:
Associate logs with the respective site or IT infrastructure by tagging all log sources with the site name during log collection.
Utilize Search, Dashboard, and Correlation Rules within or across the entire organization, even when multiple sites have overlapping IP addresses.
Use the metadata fields m_sitename and m_siteid to search, correlate, and visualize security data for any defined site.
To create a new site:
Log in to the Exabeam Security Operations Platform with your registered credentials as an administrator or security engineer.
Note
Ensure that you have the appropriate permissions to define the site. For more information, see site management permissions.
Navigate to Settings > Site > Site Management.
Click Add a New Site.
After specifying a unique site name, a unique Site ID is assigned to it. You can then associate collectors with the site to ensure that security data collected by both cloud collectors and site collectors is appropriately tagged. The m_sitename and m_siteid metadata fields are automatically added to all events ingested via the cloud collector associated with this site.
Note
You can create a new site while configuring a cloud collector and updating a site collector instance.
Enter a site name, and click Add Site.
A new site with a unique ID is added to cloud collectors to tag data with the site information, making it available for downstream applications such as Search. The Site ID is automatically generated and cannot be changed.
If needed, you can later edit the Site Name by clicking the more actions (
) icon in the row for the site. Note
For all cloud collectors that use Webhooks, expect a delay of up to five minutes before logs reflect the updated site name tags.