Skip to main content

CollectorsCloud Collectors Release Notes

Table of Contents

Cloud Collectors Features Introduced in 2024

November 2024

The following features were introduced in Cloud Collectors during November 2024:

Feature

Description

Wiz API Cloud Collector

The Wiz API Cloud Collector is now available as part of Cloud Collectors to facilitate ingestion of audit logs.

SentinelOne Cloud Collector

The SentinelOne Cloud Collector is now available as part of Cloud Collectors to facilitate ingestion of Threats, Alerts, Exclusions, Activities, and Device Control Events related logs from resources monitored by SentinelOne.

October 2024

The following features were introduced in Cloud Collectors during October 2024:

Feature

Description

Abnormal Security Cloud Collector

The Abnormal Security Cloud Collector is now available as part of Cloud Collectors to facilitate ingestion of events from Abnormal Security data sources: cases and threats.

Box Cloud Collector (Early Access)

The Box Cloud Collector is now available as part of Cloud Collectors Early Access program to facilitate ingestion of user events and enterprise events from Box.

The early access program offers you an opportunity to gain access to the latest cloud collectors before their official release. To participate, see Sign Up for the Early Access Program.

Cato Networks Collector

The Cato Networks Cloud Collector is now available as part of Cloud Collectors to facilitate ingestion of security, connectivity, routing, detection and response events from Cato Networks.

Recorded Future Cloud Collector (Early Access)

The Recorded Future Cloud Collector is now available as part of Cloud Collectors Early Access program to facilitate ingestion of API Alerts using Generic API Framework.

The early access program offers you an opportunity to gain access to the latest cloud collectors before their official release. To participate, see Sign Up for the Early Access Program.

Regex Filtering for Cloud Collectors (Early Access)

You can now add filter conditions for the CrowdStrike Falcon (via FDR) Cloud Collector, AWS S3 Cloud Collector, SentinelOne CloudFunnel Cloud Collector, and Cisco Umbrella Cloud Collector in addition to the Azure Event Hub Cloud Collector, using regex syntax to include and exempt logs to be sent to the Exabeam Security Operations Platform. The cloud collector processes logs based on the conditions that you specify using the regex pattern.

This feature is available as a part of the early access program. To participate, see Sign Up for the Early Access Program.

Sales Cloud Collector

The new Salesforce Cloud Collector is now available as part of Cloud Collectors to facilitate ingestion of events from the data sources: LoginHistory, SetupAuditTrail, content-version-track-creation-time, content-version-history, content-library-created from Salesforce cloud in all supported regions.

SentinelOne Cloud Collector (Early Access)

The SentinelOne Cloud Collector is now available as part of Cloud Collectors Early Access program to facilitate ingestion of security alerts and threats related logs from resources monitored by SentinelOne.

The early access program offers you an opportunity to gain access to the latest cloud collectors before their official release. To participate, see Sign Up for the Early Access Program.

Wiz API Cloud Collector (Early Access)

The Wiz API Cloud Collector is now available as part of Cloud Collectors Early Access program to facilitate ingestion of audit logs.

The early access program offers you an opportunity to gain access to the latest cloud collectors before their official release. To participate, see Sign Up for the Early Access Program.

Wiz Issues Cloud Collector

The Wiz Issues Cloud Collector is now available as part of Cloud Collectors to facilitate ingestion of issues from Wiz, which represent active risks or threats in your cloud environment.

September 2024

The following features were introduced in Cloud Collectors during September 2024:

Feature

Description

Abnormal Security Collector (EA)

The Abnormal Security Cloud Collector is now available as part of Cloud Collectors Early Access program to facilitate ingestion of events from Abnormal Security data sources: cases and threats.

The early access program offers you an opportunity to gain access to the latest cloud collectors before their official release. To participate, see Sign Up for the Early Access Program.

Cato Networks Collector (EA)

The Cato Networks Cloud Collector is now available as part of Cloud Collectors Early Access program to facilitate ingestion of security, connectivity, routing, detection and response events from Cato Networks.

The early access program offers you an opportunity to gain access to the latest cloud collectors before their official release. To participate, see Sign Up for the Early Access Program.

August 2024

The following features were introduced in Cloud Collectors during August 2024:

Feature

Description

AWS CloudWatch Cloud Collector

The new AWS CloudWatch Cloud Collector is now available as part of Cloud Collectors to facilitate ingestion of events from the data sources CloudTrail, CloudWatch Logs, and Lambda logs of AWS services in all supported regions.

Salesforce Cloud Collector (Early Access)

The new Salesforce Cloud Collector is now available as part of Cloud Collectors Early Access program to facilitate ingestion of events from the data sources: LoginHistory, SetupAuditTrail, content-version-track-creation-time, content-version-history, content-library-created from Salesforce cloud in all supported regions.

The early access program offers you an opportunity to gain access to the latest cloud collectors before their official release. To participate, see Sign Up for the Early Access Program.

Regex Filtering for Azure Event Hub Cloud Collector (Early Access)

You can now add filter conditions for the Azure Event Hub Cloud Collector, using regex syntax to include and exempt logs to be sent to the Exabeam Security Operations Platform. The cloud collector processes logs based on the conditions that you specify using the regex pattern.

This feature is available as a part of the early access program. To participate, see Sign Up for the Early Access Program.

July 2024

The following features were introduced in Cloud Collectors during July 2024:

Feature

Description

Netskope Alerts Cloud Collector

The Netskope Alerts Cloud Collector is now available as part of Cloud Collectors to facilitate ingestion of security alerts from Netskope REST API V2 endpoints in all supported regions.

Netskope Events Cloud Collector

The new Netskope Events Cloud Collector is now available as part of Cloud Collectors to facilitate ingestion of security events from Netskope REST API V2 endpoints in all supported regions.

Proofpoint On-Demand Cloud Collector 

The new Proofpoint On-Demand Cloud Collector is now available as part of Cloud Collectors to facilitate ingestion of security events from Proofpoint Endpoints Message, and Maillog in all supported regions.

SentinelOne Alerts Cloud Collector

The new SentinelOne Alerts Cloud Collector is now available as part of Cloud Collectors to facilitate ingestion of logs related to security alerts from resources monitored by SentinelOne in all supported regions.

SentinelOne Threats Cloud Collector

The new SentinelOne Threats Cloud Collector is now available as part of Cloud Collectors to facilitate ingestion of logs related to security threats from resources monitored by SentinelOne in all supported regions.

Extended Region Support for Webhook Cloud Collectors

The Webhook Cloud Collectors now support Cloud Collector deployment in the regions: Canada, Singapore, and Switzerland. For more information, see Supported Regions for Cloud Collectors.

June 2024

The following features were introduced in Cloud Collectors during June 2024:

Feature

Description

Proofpoint Targeted Attack Protection Cloud Collector 

The new Proofpoint Targeted Attack Protection Cloud Collector is now available as part of Cloud Collectors to facilitate ingestion of security events from Proofpoint Endpoints clicksPermitted, clicksBlocked, messagesDelivered, and messagesBlocked in all supported regions.

May 2024

The following features were introduced in Cloud Collectors during May 2024:

Feature

Description

Cisco Umbrella Cloud Collector 

The new Cisco Umbrella Cloud Collector is now available as part of Cloud Collectors to facilitate ingestion of security events from the data sources: DNS, IP Address, and Proxy via S3 bucket managed by your organization or Cisco, in all supported regions.

Renaming of Azure Active Directory Collectors 

The Azure Active Directory Context Cloud Collector is now renamed as Microsoft Entra ID Context Cloud Collector.

The Azure Active Directory Logs Cloud Collector is now renamed as Microsoft Entra ID Logs Cloud Collector.

Self-Service Migration for CrowdStrike 

Using the Migrate functionality on the SaaS Cloud Connectors platform, you can now easily migrate to Cloud Collectors service that provides seamless event ingestion, auto-scaling, and an improved user experience that includes self-service troubleshooting tools on the Exabeam Security Operations Platform.

To use the Migrate functionality, ensure that you have Exabeam Cloud Connectors version 2.5.483 or a later version.

Refer to the following table to migrate the CrowdStrike Cloud Connector based on the legacy endpoints.

Cloud Connector

Legacy Endpoint

New Cloud Collector

Migration Steps

CrowdStrike

streaming-api

CrowdStrike Falcon (via API) Cloud Collector

On the SaaS Cloud Connectors' user interface, click Migrate for the endpoint streaming-api for CrowdStrike.

CrowdStrike

fdr

CrowdStrike Falcon (via FDR) Cloud Collector

On the SaaS Cloud Connectors' user interface, click Migrate for the endpoint fdr for CrowdStrike.

Self-Service Migration for Office 365 

Leveraging the Migrate functionality on the SaaS Cloud Connectors platform, you can now easily migrate to Cloud Collectors service that provides seamless event ingestion, auto-scaling, and an improved user experience that includes self-service troubleshooting tools on the Exabeam Security Operations Platform

To use the Migrate functionality, ensure that you have Exabeam Cloud Connectors version 2.5.483 or a later version.

Refer to the following table to migrate the Office 365 Cloud Connector based on the legacy endpoints.

Cloud Connector

Legacy Endpoint

New Data Source

New Collector

Migration Steps

Office 365

management-active-directory

Active Directory

Microsoft Management Activity Cloud Collector

Use the Migrate button on the the SaaS Cloud Connectors user interface to migrate to the Microsoft Management Activity Cloud Collector.

management-general

General

management-sharepoint

Sharepoint

management-exchange

Exchange

management-dlp

DLP

Office 365

GraphDirectory

Audit Logs

Microsoft Entra ID Logs Cloud Collector

Use the Migrate button on the the SaaS Cloud Connectors user interface to migrate to the Microsoft Entra ID Logs Cloud Collector.

GraphSign-In

Sign-In Logs

graph-identity-protection-risk-detection

Identity Protection

Office 365

Microsoft 365 Exchange Admin Reports Cloud Collector

Use the Migrate button on the the SaaS Cloud Connectors user interface to migrate to the Microsoft 365 Exchange Admin Reports Cloud Collector.

exchange-admin-reports-mail-detail-spam

MailDetailSpam

exchange-admin-reports-mail-detail-dlp-policy

MailDetailDlpPolicy

exchange-admin-reports-spoof-mail-report

SpoofMailReport

exchange-admin-reports-mail-detail-atp

MailDetailATP

Office 365

mcas-alert

CloudApp events

Microsoft Defender XDR

Use the migration steps to migrate to the Microsoft Defender XDR Cloud Collector.

mcas-activities

CloudApp events

April 2024

The following features were introduced in Cloud Collectors during April 2024:

Feature

Description

Azure Log Analytics Cloud Collector

The new Azure Log Analytics Cloud Collector is now available as part of Cloud Collectors to facilitate ingestion of security events from your Azure Log Analytics workspace, in all supported regions.

Cisco Duo Cloud Collector

The new Cisco Duo Cloud Collector is now available as part of Cloud Collectors to facilitate ingestion of security events from data sources: Administrator Logs, Authentication Logs, and Telephony Logs, in all supported regions.

Notifications on Collector Errors

To proactively monitor your Cloud Collectors, the Exabeam Security Operations Platform now displays notifications for time sensitive security issues, and platform health issues. Each notification contains clear and actionable insights containing error details with links to access the relevant cloud collector instance to troubleshoot further.

March 2024

The following features were introduced in Cloud Collectors during March 2024:

Feature

Description

Trend Vision One Cloud Collector

The new Trend Vision One Cloud Collector is now available as part of Cloud Collectors to facilitate ingestion of Observed Attack Techniques events and Workbench Alerts, in all supported regions.

Support for API versions for Microsoft Security Alerts Cloud Collector

The Microsoft Security Alerts Cloud Collector now supports API versions Alerts v2 and Legacy Alerts. You can select the API version based on the event types that you want to collect. The collector also provides filter options for you to select services or vendors from which the collector must receive alerts.

February 2024

The following features were introduced in Cloud Collectors during February 2024:

Feature

Description

Microsoft Sentinel (via Event Hub) Cloud Collector

The new Microsoft Sentinel (via Event Hub) Cloud Collector is now available in all supported regions except for Zurich as part of the Cloud Collectors service to facilitate ingestion of security events from Microsoft Sentinel via Azure Workspace.

January 2024

The following features were introduced in Cloud Collectors during January 2024:

Feature

Description

Azure Activity Logs Cloud Collector

The new Azure Activity Logs Cloud Collector is now available in all supported regions as part of the Cloud Collectors service to facilitate ingestion of logs corresponding to activities performed by users or services in the subscription.

Azure Storage Analytics Cloud Collector

The new Azure Storage Analytics Cloud Collector is now available in all supported regions as part of the Cloud Collectors service to facilitate ingestion of storage analytics data including logs for blobs, queues, and tables via Azure workspace.

Site Management Service

To ensure efficient management of environments with overlapping IP addresses, you can now define unique site names with unique site IDs. For restricting access to the security data based on site tags, you can tag a collector instance, and associated events and alerts.