- Site Collector Features
- Site Collector Features Introduced in 2024
- Site Collectors 2.3 (October 2024)
- Site Collectors 2.2 (September 2024)
- Site Collectors 2.1 (August 2024)
- Site Collectors 2.0 (July 2024)
- Site Collectors 1.20.0 (June 2024)
- Site Collectors 1.19.0 (May 2024)
- Site Collectors 1.18.0 (April 2024)
- Site Collectors 1.17.0 (March 2024)
- Site Collectors 1.16.0 (February 2024)
- Site Collectors 1.15.0 (January 2024)
- Site Collector Features Introduced in 2023
- Site Collectors 1.14.0 (November 2023)
- Site Collectors 1.13.0 (October 2023)
- Site Collectors 1.12.0 (September 2023)
- Site Collectors 1.11.0 (August 2023)
- Site Collectors 1.10.0 (July 2023)
- Site Collectors 1.9.4 (June 2023)
- Site Collectors 1.8.0 (May 2023)
- Site Collectors 1.7.0 (April 2023)
- Site Collectors 1.6.0 (March 2023)
- Site Collectors 1.5.0 (January 2023)
- Site Collector Features Introduced in 2022
- Site Collector Features Introduced in 2024
- Site Collector Known Issues
- Addressed Issues in Site Collector
- Site Collector 2.3: Addressed Issues
- Site Collector 2.2: Addressed Issues
- Site Collector 2.1: Addressed Issues
- Site Collector 2.0: Addressed Issues
- Site Collector 1.20: Addressed Issues
- Site Collector 1.19: Addressed Issues
- Site Collector 1.18: Addressed Issues
- Site Collector 1.17: Addressed Issues
- Site Collector 1.16: Addressed Issues
- Site Collector 1.15: Addressed Issues
- Site Collector 1.14: Addressed Issues
- Site Collector 1.13: Issues Addressed in October 2023
- Site Collector 1.11: Issues Addressed in August 2023
- Site Collector 1.9.4: Issues Addressed in June 2023
- Site Collector 1.8: Issues Addressed in May 2023
- Site Collector 1.6: Issues Addressed in March 2023
- Site Collector 1.5: Issues Addressed in January 2023
- Site Collector Issues Addressed in December 2022
- Vulnerability Remediation Policy
Site Collector Features Introduced in 2023
See the following topics for features introduced by month:
Site Collectors 1.14.0 (November 2023)
The following features were introduced in Site Collectors during November 2023.
Feature | Description |
|---|---|
UDP Performance Enhancement for the Syslog Collector | Syslog UDP supports maximum 1024 Byte message size because of Syslog UDP RFC, and 10k EPS with minimal less than 1.5% data loss. You can use UDP when the log size is less than 1Kb. |
Fortinet Collector | You can now set up the Fortinet Collector which is designed to fetch log data specifically encoded with Octet Counting framing strategy such as Fortinet in which a transport receiver uses a defined message length to delimit a syslog message. The collector supports only TCP/TLS protocol, hence if you want to ingest Fortinet data via UDP, use the Syslog Collector. This collector is available as part of the Early Access program for select users. |
Windows File Collector | You can now set up the Windows File Collector to retrieve logs natively from your Windows server, from most common text log files *.log, *.txt, and *.csv. This collector is available as part of the Early Access program for select users. |
Site Collectors 1.13.0 (October 2023)
The following features were introduced in Site Collectors during October 2023.
Feature | Description |
|---|---|
Historical Data Fetch: Ingestion of Past Events by Splunk Collector | The Splunk Collector now pulls events from the specified time and date. You can select a date previous to the present date to include events to be ingested from the past. You can select a date which is backdated to maximum 30 days. |
Local Data Retention Support | The content repository partition with size 200GB supports data retention up to 18 hours. If you want to increase the data retention time, scale up the disk size for the content repository partition. |
MySQL Collector | You can now set up the MySQL Collector to pull logs from your RDBM sources. |
Multi-line Event Type Support by Syslog Collector | The Syslog Collector now supports multi-line event type to read ingested logs. |
Support for global catalog ports by Windows Active Directory Collector | While setting up a Windows Active Directory collector instance, you can now select the TCP port number of the Active Directory server. |
User Documentation about Setting Up a Virtual Machine for Site Collector Installation | You can now refer to the user documentation that guides users on how to set up a virtual machine (VM) on your cloud platform for successful Site Collector installation. The instructions include steps to create disk partitions, install operating system and required packages, and more to set up AWS VM, Azure VM, and GCP VM. |
Site Collectors 1.12.0 (September 2023)
The following features were introduced in Site Collectors during September 2023.
Feature | Description |
|---|---|
Availability of Historical Log Filtering for Windows Event Log Collector: Log Ingestion Start Date | The Windows Event Log Collector now enables you to apply filtering for pulling historical logs. This can be useful if you want the collector to pull current logs or the logs that occur before collector installation time. Using the Log Ingestion Start Date field, you can select the current date or a particular date from the past. |
Bulk Management Actions | For all the Collectors, you can perform management activities such as stopping, deleting, upgrading the collector instances, and assigning templates. Additionally you can perform bulk operations such as selecting multiple Collector instances and performing actions such as bulk API delete, on the user interface. |
Early Access Sign-up | To streamline and simplify the Early Access sign-up process, Site Collectors now provide a new capability to sign up for the Early Access features through user interface. After you sign up for the early access collectors, the sign-up and onboarding process will be initiated. With the Coming Soon tag, the user interface also displays upcoming features to help you plan future deployments. |
Elimination of Request timed out error and Setup error for Windows Log Event Collector | The errors that could occur if you configure a Windows Log Event Collector instance for a Site Collector instance which was created using a hostname can now be eliminated. For the steps to avoid the ‘Setup error’ and 'Request timed out' error that could occur while establishing a communication with the host VM from a Windows VM, see Set Up Windows Event Log Collector. |
Microsoft SQL Collector | You can now set up the Microsoft SQL Collector to pull logs from your Microsoft SQL server sources. |
Oracle Collector | You can now set up the Oracle Collector to retrieve logs from your Oracle RDBM sources. |
Splunk Collector Enhancement | The Splunk Collector now automatically recognizes and pulls logs in various data formats: Plain Text, JSON, and Windows Multiline, without you having to select a specific format of the event type. To use this functionality, upgrade to Site Collectors 1.12.0 or a later release. |
Windows Event Log Collector Enhancement | The Windows Event Log Collector now pulls logs in XML, Event Viewer format (called as Friendly View in Windows Journal), or both from your Windows server and push the logs to Exabeam Security Operations Platform. |
Site Collectors 1.11.0 (August 2023)
The following features were introduced in Site Collectors during August 2023.
Feature | Description |
|---|---|
Audit Log Management | Site Collectors now support audit log management in which the configuration changes that users make such as creating, modifying, deleting, enabling, and disabling Site Collector instances and Collector instances are audited. Audit logs are available in Search. Additionally, compliance requirements, the support package generation requests, egress filter modifications, and other management activities are logged and made searchable. |
Custom Installation Folder | You can now specify alternate paths for the default download (/tmp) and installation (/opt) directories while installing a Site Collector instance. Customizing the paths helps you to speed up VM preparation and maintenance activities, and eventually Site Collector installation. |
Egress Filtering | Site Collectors now support Egress filtering to facilitate flexible log onboarding. While configuring a Site Collector instance, you can filter and manage logs before excessive logs reach Exabeam Security Operations Platform. This features enables you to ensure that only the most relevant logs are ingested into Exabeam Security Operations Platform. |
New Customization Fields for Timezone and Site Name | You can now set the time zone and specify a site name while editing an installed Site Collector instance. The default time zone is UTC. The time zone that you set is used for converting the timestamps on the logs which enables you to search logs in your own time zone. |
Site Collectors 1.10.0 (July 2023)
The following features were introduced in Site Collectors during July 2023.
Feature | Description |
|---|---|
Docker-compose to docker compose Migration | Site Collectors now support docker compose (v2) for one node installation on your VM. |
Oracle Collector | You can now set up the Oracle Collector to retrieve logs from your Oracle RDBM sources. This collector is available as part of the Early Access program for select users. |
Raw Message Guardrails | Site Collectors through guardrails, now accept, truncate, and ingest large log files ranging from 1 to 3 MB for performance optimization and error prevention. |
Template Management | Site Collectors now provide you with a Template Manager feature to define templates before configuring the Windows Event Log Collector. You can create and modify templates and apply changes to multiple collectors that use the template. |
User Friendly Error Messages | For a better user assistance, in case of error occurrence, Site Collectors now display user friendly error messages instead of inexplicable error codes, to help users easily identify and fix issues. |
Windows Event Log Collector | The Windows Event Log Collector can now collect logs natively from Windows servers. The collector provides you with a new capability to create reusable templates to filter logs in addition to the native Windows Event log collections support. You can also edit the configuration of a Windows Event Log Collector instance and stop, delete, or restart the collector instance. |
Site Collectors 1.9.4 (June 2023)
The following features were introduced in Site Collectors during June 2023.
Feature | Description |
|---|---|
tmux Upgrade | Site Collectors now provide an optional command for installing and upgrading tmux. While installing a Site Collector instance, you may choose to install or upgrade tmux automatically by executing the curl command or to manage tmux packages manually. |
TLS Security Certificates | For the Syslog Collector, you can now download the Exabeam generated security certificates to facilitate secure and encrypted TLS communication between your syslog server and the Syslog Collector. |
Volume/Count Change | The calculation and label of the |
Support Packages for Troubleshooting | Site Collectors now provide support packages that you can download for a particular Site Collector instance. The support packages contain technical information about Site Collector services that are helpful for troubleshooting and can be used to provide additional details in a support case. |
Site Collectors 1.8.0 (May 2023)
The following enhancements were introduced in Site Collectors during May 2023.
Site Collectors 1.7.0 (April 2023)
The following features were introduced in Site Collectors during April 2023.
Feature | Description |
|---|---|
tmux Availability | To streamline the installation process, and to facilitate compilation of command history and uninterrupted other terminal activities, you can now install and upgrade Site Collector using tmux version 1.9 or later. RHEL deprecated the Screen library required for Site Collector installation. Hence Site Collector now supports the tmux library that provides additional security hardening for any Site Collector deployment including RHEL 7, Ubuntu 18.04, and Ubuntu 20.04. For more information, see Install Exabeam Site Collector and Upgrade Exabeam Site Collector. |
LDAP Collector Renaming | The LDAP Collector is now renamed as Windows Active Directory Collector. In addition to the newly introduced native support for Windows Active Directory context collection, for the Context Collector app, the Active Directory Collector supports SaaS Advanced Analytics and Data Lake as before. |
TLS Version Enforcement | Site Collector now enforces TLS 1.2 for RHEL 7 and TLS 1.3 for RHEL 8/9 and Ubuntu. With this enforcement, Site Collector provides additional security hardening during installation and further communication with cloud. |
Site Collectors 1.6.0 (March 2023)
The following feature was introduced in Site Collectors during March 2023.
Feature | Description |
|---|---|
Error History Visibility | You can now view error details and recommended actions in the Error Messages section for a Collector instance such as Syslog, LDAP, or Splunk instance, or a Site Collector instance whenever an error occurs.  For more information, see View Error History. |
Site Collectors 1.5.0 (January 2023)
The following features were introduced in Site Collectors during January 2023 (release 1.5).
Feature | Description |
|---|---|
SELinux Support | Added SELinux support for Site Collectors. You can now install Site Collector onto a VM with an SE Linux CIS Level 1 security hardening. For more information, see Prerequisites to Install Exabeam Site Collector. |
Precheck Script to Validate Virtual Machine Setup | You can now download the precheck script through the user interface on the New Site Collector Instance page to validate your virtual machine (VM) before you install Site Collector on VM. The precheck script helps you to verify mounts and disks sizes, the local hostname, support for your operating system, RAM size, number of CPU cores, and required packages. For more information, see Prerequisites to Install Exabeam Site Collector.  |