Cloud Collectors Features Introduced in 2024
October 2024
The following features were introduced in Cloud Collectors during October 2024:
Feature | Description |
|---|---|
Abnormal Security Cloud Collector | The Abnormal Security Cloud Collector is now available as part of Cloud Collectors to facilitate ingestion of events from Abnormal Security data sources: cases and threats. |
Box Cloud Collector (Early Access) | The Box Cloud Collector is now available as part of Cloud Collectors Early Access program to facilitate ingestion of user events and enterprise events from Box. The early access program offers you an opportunity to gain access to the latest cloud collectors before their official release. To participate, see Sign Up for the Early Access Program. |
Cato Networks Collector | The Cato Networks Cloud Collector is now available as part of Cloud Collectors to facilitate ingestion of security, connectivity, routing, detection and response events from Cato Networks. |
Recorded Future Cloud Collector (Early Access) | The Recorded Future Cloud Collector is now available as part of Cloud Collectors Early Access program to facilitate ingestion of API Alerts using Generic API Framework. The early access program offers you an opportunity to gain access to the latest cloud collectors before their official release. To participate, see Sign Up for the Early Access Program. |
Regex Filtering for Cloud Collectors (Early Access) | You can now add filter conditions for the CrowdStrike Falcon (via FDR) Cloud Collector, AWS S3 Cloud Collector, SentinelOne CloudFunnel Cloud Collector, and Cisco Umbrella Cloud Collector in addition to the Azure Event Hub Cloud Collector, using regex syntax to include and exempt logs to be sent to the Exabeam Security Operations Platform. The cloud collector processes logs based on the conditions that you specify using the regex pattern. This feature is available as a part of the early access program. To participate, see Sign Up for the Early Access Program. |
Sales Cloud Collector | The new Salesforce Cloud Collector is now available as part of Cloud Collectors to facilitate ingestion of events from the data sources: LoginHistory, SetupAuditTrail, content-version-track-creation-time, content-version-history, content-library-created from Salesforce cloud in all supported regions. |
SentinelOne Cloud Collector (Early Access) | The SentinelOne Cloud Collector is now available as part of Cloud Collectors Early Access program to facilitate ingestion of security alerts and threats related logs from resources monitored by SentinelOne. The early access program offers you an opportunity to gain access to the latest cloud collectors before their official release. To participate, see Sign Up for the Early Access Program. |
Wiz API Cloud Collector (Early Access) | The Wiz API Cloud Collector is now available as part of Cloud Collectors Early Access program to facilitate ingestion of audit logs. The early access program offers you an opportunity to gain access to the latest cloud collectors before their official release. To participate, see Sign Up for the Early Access Program. |
Wiz Issues Cloud Collector | The Wiz Issues Cloud Collector is now available as part of Cloud Collectors to facilitate ingestion of issues from Wiz, which represent active risks or threats in your cloud environment. |
September 2024
The following features were introduced in Cloud Collectors during September 2024:
Feature | Description |
|---|---|
Abnormal Security Collector (EA) | The Abnormal Security Cloud Collector is now available as part of Cloud Collectors Early Access program to facilitate ingestion of events from Abnormal Security data sources: cases and threats. The early access program offers you an opportunity to gain access to the latest cloud collectors before their official release. To participate, see Sign Up for the Early Access Program. |
Cato Networks Collector (EA) | The Cato Networks Cloud Collector is now available as part of Cloud Collectors Early Access program to facilitate ingestion of security, connectivity, routing, detection and response events from Cato Networks. The early access program offers you an opportunity to gain access to the latest cloud collectors before their official release. To participate, see Sign Up for the Early Access Program. |
August 2024
The following features were introduced in Cloud Collectors during August 2024:
Feature | Description |
|---|---|
AWS CloudWatch Cloud Collector | The new AWS CloudWatch Cloud Collector is now available as part of Cloud Collectors to facilitate ingestion of events from the data sources CloudTrail, CloudWatch Logs, and Lambda logs of AWS services in all supported regions. |
Salesforce Cloud Collector (Early Access) | The new Salesforce Cloud Collector is now available as part of Cloud Collectors Early Access program to facilitate ingestion of events from the data sources: LoginHistory, SetupAuditTrail, content-version-track-creation-time, content-version-history, content-library-created from Salesforce cloud in all supported regions. The early access program offers you an opportunity to gain access to the latest cloud collectors before their official release. To participate, see Sign Up for the Early Access Program. |
Regex Filtering for Azure Event Hub Cloud Collector (Early Access) | You can now add filter conditions for the Azure Event Hub Cloud Collector, using regex syntax to include and exempt logs to be sent to the Exabeam Security Operations Platform. The cloud collector processes logs based on the conditions that you specify using the regex pattern. This feature is available as a part of the early access program. To participate, see Sign Up for the Early Access Program. |
July 2024
The following features were introduced in Cloud Collectors during July 2024:
Feature | Description |
|---|---|
Netskope Alerts Cloud Collector | The Netskope Alerts Cloud Collector is now available as part of Cloud Collectors to facilitate ingestion of security alerts from Netskope REST API V2 endpoints in all supported regions. |
Netskope Events Cloud Collector | The new Netskope Events Cloud Collector is now available as part of Cloud Collectors to facilitate ingestion of security events from Netskope REST API V2 endpoints in all supported regions. |
Proofpoint On-Demand Cloud Collector | The new Proofpoint On-Demand Cloud Collector is now available as part of Cloud Collectors to facilitate ingestion of security events from Proofpoint Endpoints Message, and Maillog in all supported regions. |
SentinelOne Alerts Cloud Collector | The new SentinelOne Alerts Cloud Collector is now available as part of Cloud Collectors to facilitate ingestion of logs related to security alerts from resources monitored by SentinelOne in all supported regions. |
SentinelOne Threats Cloud Collector | The new SentinelOne Threats Cloud Collector is now available as part of Cloud Collectors to facilitate ingestion of logs related to security threats from resources monitored by SentinelOne in all supported regions. |
Extended Region Support for Webhook Cloud Collectors | The Webhook Cloud Collectors now support Cloud Collector deployment in the regions: Canada, Singapore, and Switzerland. For more information, see Supported Regions for Cloud Collectors. |
June 2024
The following features were introduced in Cloud Collectors during June 2024:
Feature | Description |
|---|---|
Proofpoint Targeted Attack Protection Cloud Collector | The new Proofpoint Targeted Attack Protection Cloud Collector is now available as part of Cloud Collectors to facilitate ingestion of security events from Proofpoint Endpoints clicksPermitted, clicksBlocked, messagesDelivered, and messagesBlocked in all supported regions. |
May 2024
The following features were introduced in Cloud Collectors during May 2024:
Feature | Description | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Cisco Umbrella Cloud Collector | The new Cisco Umbrella Cloud Collector is now available as part of Cloud Collectors to facilitate ingestion of security events from the data sources: DNS, IP Address, and Proxy via S3 bucket managed by your organization or Cisco, in all supported regions. | |||||||||||||||||||||||||||||||||||||||||||||||
Renaming of Azure Active Directory Collectors | The Azure Active Directory Context Cloud Collector is now renamed as Microsoft Entra ID Context Cloud Collector. The Azure Active Directory Logs Cloud Collector is now renamed as Microsoft Entra ID Logs Cloud Collector. | |||||||||||||||||||||||||||||||||||||||||||||||
Self-Service Migration for CrowdStrike | Using the Migrate functionality on the SaaS Cloud Connectors platform, you can now easily migrate to Cloud Collectors service that provides seamless event ingestion, auto-scaling, and an improved user experience that includes self-service troubleshooting tools on the Exabeam Security Operations Platform. To use the Migrate functionality, ensure that you have Exabeam Cloud Connectors version 2.5.483 or a later version. Refer to the following table to migrate the CrowdStrike Cloud Connector based on the legacy endpoints.
| |||||||||||||||||||||||||||||||||||||||||||||||
Self-Service Migration for Office 365 | Leveraging the Migrate functionality on the SaaS Cloud Connectors platform, you can now easily migrate to Cloud Collectors service that provides seamless event ingestion, auto-scaling, and an improved user experience that includes self-service troubleshooting tools on the Exabeam Security Operations Platform. To use the Migrate functionality, ensure that you have Exabeam Cloud Connectors version 2.5.483 or a later version. Refer to the following table to migrate the Office 365 Cloud Connector based on the legacy endpoints.
|
April 2024
The following features were introduced in Cloud Collectors during April 2024:
Feature | Description |
|---|---|
Azure Log Analytics Cloud Collector | The new Azure Log Analytics Cloud Collector is now available as part of Cloud Collectors to facilitate ingestion of security events from your Azure Log Analytics workspace, in all supported regions. |
Cisco Duo Cloud Collector | The new Cisco Duo Cloud Collector is now available as part of Cloud Collectors to facilitate ingestion of security events from data sources: Administrator Logs, Authentication Logs, and Telephony Logs, in all supported regions. |
Notifications on Collector Errors | To proactively monitor your Cloud Collectors, the Exabeam Security Operations Platform now displays notifications for time sensitive security issues, and platform health issues. Each notification contains clear and actionable insights containing error details with links to access the relevant cloud collector instance to troubleshoot further. |
March 2024
The following features were introduced in Cloud Collectors during March 2024:
Feature | Description |
|---|---|
Trend Vision One Cloud Collector | The new Trend Vision One Cloud Collector is now available as part of Cloud Collectors to facilitate ingestion of Observed Attack Techniques events and Workbench Alerts, in all supported regions. |
Support for API versions for Microsoft Security Alerts Cloud Collector | The Microsoft Security Alerts Cloud Collector now supports API versions Alerts v2 and Legacy Alerts. You can select the API version based on the event types that you want to collect. The collector also provides filter options for you to select services or vendors from which the collector must receive alerts. |
February 2024
The following features were introduced in Cloud Collectors during February 2024:
Feature | Description |
|---|---|
Microsoft Sentinel (via Event Hub) Cloud Collector | The new Microsoft Sentinel (via Event Hub) Cloud Collector is now available in all supported regions except for Zurich as part of the Cloud Collectors service to facilitate ingestion of security events from Microsoft Sentinel via Azure Workspace. |
January 2024
The following features were introduced in Cloud Collectors during January 2024:
Feature | Description |
|---|---|
Azure Activity Logs Cloud Collector | The new Azure Activity Logs Cloud Collector is now available in all supported regions as part of the Cloud Collectors service to facilitate ingestion of logs corresponding to activities performed by users or services in the subscription. |
Azure Storage Analytics Cloud Collector | The new Azure Storage Analytics Cloud Collector is now available in all supported regions as part of the Cloud Collectors service to facilitate ingestion of storage analytics data including logs for blobs, queues, and tables via Azure workspace. |
Site Management Service | To ensure efficient management of environments with overlapping IP addresses, you can now define unique site names with unique site IDs. For restricting access to the security data based on site tags, you can tag a collector instance, and associated events and alerts. |