Cloud Collectors Features Introduced in 2023

November 2023

The following features were introduced in Cloud Collectors during November 2023:

Feature	Description
Microsoft Entra ID Context Cloud Collector (formerly Azure Active Directory Context Collector)	The new Microsoft Entra ID Context Cloud Collector formerly known as Azure Active Directory Context Collector is now available in all supported regions as part of the Cloud Collectors service to facilitate ingestion of user context data from your Azure Active Directory service.
Cribl (via Exabeam GCS) Collector	The new Cribl Cloud Collector is now available in all supported regions as part of the Cloud Collectors service to facilitate ingestion of logs from events from your Cribl Stream pipeline.
Enhancement to File Processing for the AWS S3 Cloud Collector	The AWS S3 Cloud Collector now supports a JSON format in which a JSON array has multiple JSON objects, each with a JSON array of events.
Enhancement to Splunk Cloud Collector Metadata Fetch	The Splunk Cloud Collector now fetches the Splunk metadata fields: `_time`, `sourcetype`, and `host`, in addition to the `_raw` field.
Microsoft Defender XDR Cloud Collector	The new Microsoft Defender XDR (via Event Hub) Cloud Collector is now available in all supported regions as part of the Cloud Collectors service to facilitate ingestion of security events from Microsoft Defender XDR, formerly known as Microsoft Cloud App Security (MCAS) events via Azure workspace.
New Customization Fields: Timezone and Site Name	You can now set the time zone and specify a site name while configuring a cloud collector. Timezone – You can now select a time zone applicable to you for accurate detections and event monitoring. By entering a time zone, you override the default log time zone. Sitename – You can enter a site name to ensure efficient management of environments with overlapping IP addresses.

October 2023

The following features were introduced in Cloud Collectors during October 2023:

Feature	Description
Microsoft 365 Exchange Admin Reports Cloud Collector	The new Microsoft 365 Exchange Admin Reports Cloud Collector is now available as part of the Cloud Collectors service to facilitate ingestion of logs from data sources: MessageTrace, MailDetailDlpPolicy, SpoofMailReports, and MailDetailATP. The collector also provides automatic auto-scaling and an improved user experience that includes self-service troubleshooting tools. This collector is supported in all supported regions. If you previously set up a cloud connector for this log source in the Cloud Connectors platform, to migrate to the new cloud collector, refer to the migration guidelines for this collector.
Microsoft Security Alerts Cloud Collector	The new Microsoft Security Alerts Cloud Collector is now available as part of the Cloud Collectors service to facilitate ingestion of security alert logs across the Microsoft platform. The collector also provides automatic auto-scaling and an improved user experience that includes self-service troubleshooting tools. This collector is supported in all supported regions. If you previously set up a cloud connector for this log source in the Cloud Connectors platform, to migrate to the new cloud collector, refer to the migration guidelines for this collector.
Okta Context Cloud Collector	The new Okta Context Cloud Collector is now available as part of the Cloud Collectors service to facilitate ingestion of data related to users from Okta. The collector also provides automatic auto-scaling and an improved user experience that includes self-service troubleshooting tools. This collector is supported in all supported regions.

September 2023

The following features were introduced in Cloud Collectors during September 2023:

Feature	Description
Palo Alto Networks Cortex Data Lake Cloud Collector	The new Palo Alto Networks Cortex Data Lake Cloud Collector is now available as part of the Cloud Collectors service to facilitate ingestion of data from Palo Alto Networks Cortex Data Lake. The collector also provides automatic auto-scaling and an improved user experience that includes self-service troubleshooting tools. This collector is supported in all supported regions.
Symantec Endpoint Security Cloud Collector	The new Symantec Endpoint Security Cloud Collector is now available as part of the Cloud Collectors service to facilitate ingestion of events from Symantec Endpoint Detection and Response (EDR). The collector also provides automatic auto-scaling and an improved user experience that includes self-service troubleshooting tools. This collector is supported in all supported regions.
AWS CloudTrail Collector Improvement	AWS CloudTrail Collectors now monitor SQS queue message size in addition to other performance metrics and show healthy state through auto-scaling. To ensure optimum performance of the collector, and to resolve user interface unresponsiveness caused due to high number of database calls to a single table, database tables are segregated.

August 2023

The following features were introduced in Cloud Collectors during August 2023:

Feature	Description
Microsoft Entra ID Logs Cloud Collector (formerly Azure Active Directory Cloud Collector)	The new Microsoft Entra ID Logs Cloud Collector (formerly Azure Active Directory Cloud Collector) is now available as part of the Cloud Collectors service to facilitate ingestion of logs from data sources: Audit Logs, Sign-in Logs, and Identity Protection. The collector also provides automatic auto-scaling and an improved user experience that includes self-service troubleshooting tools. This collector is supported in all supported regions. If you previously set up a cloud connector for this log source in the Cloud Connectors platform, to migrate to the new cloud collector, refer to the migration guidelines for this collector.
Microsoft 365 Management Activity Cloud Collector	The new Microsoft 365 Management Activity Cloud Collector is now available as part of the Cloud Collectors service to facilitate ingestion of logs from data sources: active-directory, general, sharepoint, exchange, and dlp. The collector also provides automatic auto-scaling and an improved user experience that includes self-service troubleshooting tools. This collector is supported in all supported regions. If you previously set up a cloud connector for this log source in the Cloud Connectors platform, to migrate to the new cloud collector, refer to the migration guidelines for this collector.

Feature

Description

Microsoft Entra ID Logs Cloud Collector (formerly Azure Active Directory Cloud Collector)

The new Microsoft Entra ID Logs Cloud Collector (formerly Azure Active Directory Cloud Collector) is now available as part of the Cloud Collectors service to facilitate ingestion of logs from data sources: Audit Logs, Sign-in Logs, and Identity Protection. The collector also provides automatic auto-scaling and an improved user experience that includes self-service troubleshooting tools. This collector is supported in all supported regions. If you previously set up a cloud connector for this log source in the Cloud Connectors platform, to migrate to the new cloud collector, refer to the migration guidelines for this collector.

Microsoft 365 Management Activity Cloud Collector

The new Microsoft 365 Management Activity Cloud Collector is now available as part of the Cloud Collectors service to facilitate ingestion of logs from data sources: active-directory, general, sharepoint, exchange, and dlp. The collector also provides automatic auto-scaling and an improved user experience that includes self-service troubleshooting tools. This collector is supported in all supported regions. If you previously set up a cloud connector for this log source in the Cloud Connectors platform, to migrate to the new cloud collector, refer to the migration guidelines for this collector.

July 2023

The following features were introduced in Cloud Collectors during July 2023:

Feature	Description
Audit Log Management	Cloud Collectors now support audit log management in which the configuration changes that users make using the user interface, such as creating, modifying, deleting, enabling, and disabling, and compliance requirements are logged and made searchable.
Early Access Sign-up	To streamline and simplify the Early Access sign-up process, Cloud Collectors now provide a new capability to sign up for the Early Access features through user interface. After you sign up for the early access cloud collectors, the sign-up and onboarding process will be initiated. With the Coming Soon tag, the user interface also displays upcoming features to help you plan future deployments.

Feature

Description

Audit Log Management

Cloud Collectors now support audit log management in which the configuration changes that users make using the user interface, such as creating, modifying, deleting, enabling, and disabling, and compliance requirements are logged and made searchable.

Early Access Sign-up

To streamline and simplify the Early Access sign-up process, Cloud Collectors now provide a new capability to sign up for the Early Access features through user interface. After you sign up for the early access cloud collectors, the sign-up and onboarding process will be initiated. With the Coming Soon tag, the user interface also displays upcoming features to help you plan future deployments.

June 2023

The following feature was introduced in Cloud Collectors during June 2023:

Feature	Description
Okta Cloud Collector	The new Okta Cloud Collector is now available as part of the Cloud Collectors service to facilitate ingestion of logs from Okta. The collector also provides automatic auto-scaling and an improved user experience that includes self-service troubleshooting tools. This collector is supported in all supported regions. If you previously set up a cloud connector for this log source in the Cloud Connectors platform, to migrate to the new cloud collector, refer to the migration guidelines for this collector.

Feature

Description

Okta Cloud Collector

The new Okta Cloud Collector is now available as part of the Cloud Collectors service to facilitate ingestion of logs from Okta. The collector also provides automatic auto-scaling and an improved user experience that includes self-service troubleshooting tools. This collector is supported in all supported regions. If you previously set up a cloud connector for this log source in the Cloud Connectors platform, to migrate to the new cloud collector, refer to the migration guidelines for this collector.

May 2023

The following features were introduced in Cloud Collectors during May 2023:

Feature	Description
Splunk Cloud Collector	The Splunk Cloud Collector is now available as part of the Cloud Collectors app. The new collector facilitates ingestion of security events from the Splunk Cloud Platform, provides auto-scaling, and improves the user experience with self-service troubleshooting tools. You can easily configure Splunk Cloud Collector instances with different Splunk queries. If you use cloud-delivered Advanced Analytics i63 and later, cloud-delivered Data Lake, or the Exabeam Security Operations Platform, you can benefit from this cloud-native integration as you can ingest logs from the Splunk Cloud Platform without installing or maintaining a Site Collector. This collector is available for the region: US-East.
AWS SQS Cloud Collector	The new AWS SQS Cloud Collector is now available as part of the Cloud Collectors app to facilitate ingestion of logs from an SQS queue. The collector also provides auto-scaling and an improved user experience that includes self-service troubleshooting tools. This collector is available for all supported regions. If you previously set up a cloud connector for this log source in the Cloud Connectors platform, to migrate to the new cloud collector, refer to the migration guidelines.

Feature

Description

Splunk Cloud Collector

The Splunk Cloud Collector is now available as part of the Cloud Collectors app. The new collector facilitates ingestion of security events from the Splunk Cloud Platform, provides auto-scaling, and improves the user experience with self-service troubleshooting tools. You can easily configure Splunk Cloud Collector instances with different Splunk queries.

If you use cloud-delivered Advanced Analytics i63 and later, cloud-delivered Data Lake, or the Exabeam Security Operations Platform, you can benefit from this cloud-native integration as you can ingest logs from the Splunk Cloud Platform without installing or maintaining a Site Collector.

This collector is available for the region: US-East.

AWS SQS Cloud Collector

The new AWS SQS Cloud Collector is now available as part of the Cloud Collectors app to facilitate ingestion of logs from an SQS queue. The collector also provides auto-scaling and an improved user experience that includes self-service troubleshooting tools.

This collector is available for all supported regions. If you previously set up a cloud connector for this log source in the Cloud Connectors platform, to migrate to the new cloud collector, refer to the migration guidelines.

April 2023

The following feature was introduced in Cloud Collectors during April 2023:

Feature	Description
Azure Event Hub Cloud Collector	The new Azure Event Hub Cloud Collector is now available as part of the Cloud Collectors app to facilitate ingestion of security events from Azure workspace. The new architecture of this collector supports unlimited EPS via auto-scaling. In addition to improved user experience including self-service troubleshooting tools, the collector provides historical volume ingestion. This collector is supported in all supported regions. If you previously set up a cloud connector for this log source in the Cloud Connectors platform, to migrate to the new cloud collector, refer to the migration guidelines for this collector.

Feature

Description

Azure Event Hub Cloud Collector

The new Azure Event Hub Cloud Collector is now available as part of the Cloud Collectors app to facilitate ingestion of security events from Azure workspace. The new architecture of this collector supports unlimited EPS via auto-scaling. In addition to improved user experience including self-service troubleshooting tools, the collector provides historical volume ingestion. This collector is supported in all supported regions. If you previously set up a cloud connector for this log source in the Cloud Connectors platform, to migrate to the new cloud collector, refer to the migration guidelines for this collector.

March 2023

The following features were introduced in Cloud Collectors during March 2023:

Feature	Description
New SentinelOne Cloud Funnel Cloud Collector	The new SentinelOne Cloud Funnel Cloud Collector is now available from the Cloud Collectors app to facilitate ingestion of logs from AWS S3 buckets. The collector also provides automatic auto-scaling and an improved user experience that includes self-service troubleshooting tools. SentinelOne deprecated Kafka and moved to AWS S3. With the new cloud collector, you can ingest full telemetry logs via AWS S3. If you previously set up a SaaS cloud connector for SentinelOne which uses the Deep Visibility Endpoint and want to set up the new cloud collector, you must first follow the migration guidelines.

Feature

Description

New SentinelOne Cloud Funnel Cloud Collector

The new SentinelOne Cloud Funnel Cloud Collector is now available from the Cloud Collectors app to facilitate ingestion of logs from AWS S3 buckets. The collector also provides automatic auto-scaling and an improved user experience that includes self-service troubleshooting tools. SentinelOne deprecated Kafka and moved to AWS S3. With the new cloud collector, you can ingest full telemetry logs via AWS S3.

If you previously set up a SaaS cloud connector for SentinelOne which uses the Deep Visibility Endpoint and want to set up the new cloud collector, you must first follow the migration guidelines.

February 2023

The following features were introduced in Cloud Collectors during February 2023:

Feature	Description
New GCP Pub/Sub Cloud Collector	The new GCP Pub/Sub Cloud Collector is now available from the Cloud Collectors app to facilitate ingestion of logs from GCP Pub/Sub and provides automatic auto-scaling and improved troubleshooting tools. This enables log management of your object storage logs within the Exabeam Security Operations Platform. The supported regions for GCP Pub/Sub Cloud Collector are US-West, US-East, Canada, Europe, Japan, Australia, and Singapore. If you previously set up a cloud connector for this log source in the Cloud Connectors platform, to migrate to the new cloud collector, refer to the migration guidelines for this collector.
Reusable Service Account for Google Cloud Collectors	To streamline the management of external Google accounts, you can now create a reusable account from the Cloud Collectors app. The account can be reused across one or more Cloud Collectors of the same type and help streamline the onboarding of Cloud Collectors. If credentials change, you can easily update the credentials from a single place and then test the connection for all collectors simultaneously.

Feature

Description

New GCP Pub/Sub Cloud Collector

The new GCP Pub/Sub Cloud Collector is now available from the Cloud Collectors app to facilitate ingestion of logs from GCP Pub/Sub and provides automatic auto-scaling and improved troubleshooting tools. This enables log management of your object storage logs within the Exabeam Security Operations Platform.

The supported regions for GCP Pub/Sub Cloud Collector are US-West, US-East, Canada, Europe, Japan, Australia, and Singapore.

If you previously set up a cloud connector for this log source in the Cloud Connectors platform, to migrate to the new cloud collector, refer to the migration guidelines for this collector.

Reusable Service Account for Google Cloud Collectors

To streamline the management of external Google accounts, you can now create a reusable account from the Cloud Collectors app. The account can be reused across one or more Cloud Collectors of the same type and help streamline the onboarding of Cloud Collectors. If credentials change, you can easily update the credentials from a single place and then test the connection for all collectors simultaneously.

January 2023

The following features were introduced in Cloud Collectors during January 2023:

Feature	Description
Error Messages Visibility	You can now view error messages and troubleshooting steps for each of the Cloud Collectors. The Error Messages section displays Error Type, Error Code, Failed Requests, and Recommended Action sections. Using the suggestions mentioned in the Recommended Action section, you can troubleshoot and remediate external errors that are not related to Exabeam, such as invalid credentials and cloud vendor outages. For more information, see Troubleshooting Cloud Collectors.

Feature

Description

Error Messages Visibility

You can now view error messages and troubleshooting steps for each of the Cloud Collectors. The Error Messages section displays Error Type, Error Code, Failed Requests, and Recommended Action sections. Using the suggestions mentioned in the Recommended Action section, you can troubleshoot and remediate external errors that are not related to Exabeam, such as invalid credentials and cloud vendor outages.

For more information, see Troubleshooting Cloud Collectors.

CollectorsCloud Collectors Release Notes

Table of ContentsTable of Contents