- Site Collector Features
- Site Collector Features Introduced in 2024
- Site Collectors 2.3 (October 2024)
- Site Collectors 2.2 (September 2024)
- Site Collectors 2.1 (August 2024)
- Site Collectors 2.0 (July 2024)
- Site Collectors 1.20.0 (June 2024)
- Site Collectors 1.19.0 (May 2024)
- Site Collectors 1.18.0 (April 2024)
- Site Collectors 1.17.0 (March 2024)
- Site Collectors 1.16.0 (February 2024)
- Site Collectors 1.15.0 (January 2024)
- Site Collector Features Introduced in 2023
- Site Collectors 1.14.0 (November 2023)
- Site Collectors 1.13.0 (October 2023)
- Site Collectors 1.12.0 (September 2023)
- Site Collectors 1.11.0 (August 2023)
- Site Collectors 1.10.0 (July 2023)
- Site Collectors 1.9.4 (June 2023)
- Site Collectors 1.8.0 (May 2023)
- Site Collectors 1.7.0 (April 2023)
- Site Collectors 1.6.0 (March 2023)
- Site Collectors 1.5.0 (January 2023)
- Site Collector Features Introduced in 2022
- Site Collector Features Introduced in 2024
- Site Collector Known Issues
- Addressed Issues in Site Collector
- Site Collector 2.3: Addressed Issues
- Site Collector 2.2: Addressed Issues
- Site Collector 2.1: Addressed Issues
- Site Collector 2.0: Addressed Issues
- Site Collector 1.20: Addressed Issues
- Site Collector 1.19: Addressed Issues
- Site Collector 1.18: Addressed Issues
- Site Collector 1.17: Addressed Issues
- Site Collector 1.16: Addressed Issues
- Site Collector 1.15: Addressed Issues
- Site Collector 1.14: Addressed Issues
- Site Collector 1.13: Issues Addressed in October 2023
- Site Collector 1.11: Issues Addressed in August 2023
- Site Collector 1.9.4: Issues Addressed in June 2023
- Site Collector 1.8: Issues Addressed in May 2023
- Site Collector 1.6: Issues Addressed in March 2023
- Site Collector 1.5: Issues Addressed in January 2023
- Site Collector Issues Addressed in December 2022
- Vulnerability Remediation Policy
Site Collector Features Introduced in 2024
See the following topics for features introduced by month:
Site Collectors 2.3 (October 2024)
Feature | Description |
|---|---|
SSL connection Support for Oracle Collector | Site Collector now offers an option for establishing a secure connection between the Oracle Server (RDBMS) and the Site Collector Core, while configuring or updating the Oracle collector instance. |
Historical Data Support for Linux File Collector and Windows File Collector | For the Linux File Collector and Windows File Collector, you can now enable or disable the Fetch Historical Data option for the collector to fetch log files that were created prior to the creation of the collector. The flexibility to disable historical fetch option enhances the initial performance and stability. |
Increased Limit for Log Filter Conditions | For the Linux File Collector and Windows File Collector, you can now add up to 300 allow and deny conditions for filtering logs, for all categories, while creating templates during collector configuration. |
Windows 2016 Support by Windows File and Archive Collector | The Windows File Collector and Windows Archive Collector now support the Windows 2016 core operating system. |
Specifications Upgrade | You can now upgrade the common specifications to enterprise specifications for your VM to scale up the log collection. |
Automatic Renewal of Security Certificates | You can now start an automated process to refresh the security certificate via user interface, when the certificate is within two weeks of its expiration. |
Site Collectors 2.2 (September 2024)
Feature | Description |
|---|---|
Estreamer Collector | You can now configure the EStreamer Collector to collect event data from your eStreamer server and push the logs to the Exabeam Security Operations Platform. |
Extended External API Support | External API support is extended for the collectors: Fortinet, File Windows, File Linux, Archive Windows, Kafka, QRadar, and EStreamer. |
IBM Security QRadar Collector | You can now configure the IBM Security QRadar collector to retrieve logs from your IBM Security QRadar server. |
Deletion of Multiple Templates | The Template Manager now enables you to delete multiple templates that are not assigned to any collector instance, in one go. |
Windows 2016 Support by Windows File and Archive Collector | The Windows File Collector and Windows Archive Collector now support the Windows 2016 and Windows Server 2016 core operating system. |
Early Access Collectors | |
Archive Windows Collector | The Archive Windows Collector is now available as part of Site Collectors Early Access program. This collector facilitates the collection of log events from the following types of archived log files: *.gz, *.tar, *.tar.gz, *.gzip, *.rar, *.7z. |
Archive Linux Collector | The Archive Linux Collector is now available as part of Site Collectors Early Access program. This collector facilitates the collection of log events from archived log sources *.7z, *.arj, *.bzip2, *.cab, *.gzip, *.iso, *.lzh, *.rar, *.gz, *.tar, *.tar.gz, *.z, and *.zip. |
Log Source Monitoring | The Log Source Monitoring feature is now available as part of Site Collectors Early Access program. Using the Log Source Monitoring you can easily monitor log sources on Exabeam Security Operations Platform and get notified of any issues, which prevents you from missing out on timely detections and potential attack alerts. |
Kafka Collector | The Kafka Windows Collector is now available as part of Site Collectors Early Access program. This collector facilitates the collection of logs in any text format from your Kafka server. |
Site Collectors 2.1 (August 2024)
Feature | Description |
|---|---|
Windows Template Enhancements | The Windows templates are enhanced with a new log category for greater flexibility. While configuring a Windows Event Log Collector instance, you can now select the Windows log category Microsoft-Windows-Sysmon/Operational in addition to other log categories at the time of creating a new Windows template to filter logs. |
Enhanced Log Filtering for Linux File Collector and Windows File Collector | The Linux File Collector and Windows File Collector now support searching for log files across subdirectories. With this enhanced log filtering, the collector can efficiently gather log data from complex directory hierarchies and provide a more complete view of your log file collection. You can include wildcard characters such as, |
Windows 2016 Support by Windows Event Log Collector | The Windows Event Log Collector now supports the Windows Server 2016 operating system. |
Regex Filtering Optimization | The Egress Log Filtering Conditions functionality is optimized for better performance. It is recommended to not to use wildcard characters at the beginning or end of the regex pattern in the allowed and deny conditions to prevent performance issues. |
Site Collectors 2.0 (July 2024)
Feature | Description |
|---|---|
Security Certificate Expiration Information | The Site Collectors Instances page now displays the certificate expiration column to indicate the validity of the security certificate in days. |
Enhancement to the Syslog Collector | The Syslog collector now enables you to paste the content of your custom certificates that are in key.pem, cert.pem, or ca.pem format into a text box, in addition to uploading the certificates in .tar.gz format while configuring the collector. |
Caution
After you upgrade to Site Collectors 2.0, ensure that you upgrade your existing collector instances, particularly the Windows Event Log Collector, Windows File Collector, Windows Archive collector, Linux File Collector, and Linux Archive Collector instances.
Site Collectors 1.20.0 (June 2024)
The following features were introduced in Site Collectors during June 2024.
Feature | Description |
|---|---|
Linux File Collector | You can now set up the Linux File Collector to retrieve logs natively from your Linux server, from most common text log files *.log, *.txt, and *.csv. |
SSL Interception | Site Collector now supports configuration of SSL interception to enhance network security. Before installing a Site Collector instance, you can configure SSL interception by importing the CA files. |
Support for 500 Windows Event Log Collector Instances | Site Collector now provides support for a single Site Collector instance to run up to 500 Windows Event Log Collector instances on a VM with enterprise specifications. |
Vulnerability Remediation | Exabeam documentation now includes Vulnerability Remediation Policy details that describe Exabeam’s approach to addressing Common Vulnerabilities and Exposures (CVEs) in Site Collector. The remediated CVEs in a specific release are listed in the addressed issues section of the release notes. Any Critical CVEs that remain unresolved are listed in the known issues section of the release notes. |
Site Collectors 1.19.0 (May 2024)
The following features were introduced in Site Collectors during May 2024.
Feature | Description |
|---|---|
Enhancements for the Splunk Collector | The Splunk collector has been upgraded to support Splunk SDK 1.9.5 with the latest API version for better security and seamless integration with Splunk server. The Splunk collector now fetches the Splunk metadata fields: time, sourcetype, host, in addition to raw. |
Event Exploration on Search via Site Collectors | You now have the capability to launch the Search application in a separate tab with a preconfigured search query showcasing log details associated with the selected Site Collector instance with the new Open in Search option. You can modify the Search query with specific parameters and timeframe to filter logs to see details specific to a Collector instance. |
External API Management for Site Collectors Onboarding | You can now use external APIs to programmatically integrate with Site Collectors without using the user interface. |
Oracle Collector Support for multiple OJDBC Versions | The Oracle collector now supports multiple OJDBC driver versions to allow log collection from older Oracle server versions and facilitate compatibility with different versions of Oracle servers. |
Enablement of Secure Connection for the Microsoft SQL collector | The Microsoft SQL collector now provides with you an option to enable secure connection between the Microsoft SQL collector and your Microsoft SQL server. |
Precheck Validation | To ensure a seamless installation or upgrade of Site Collectors, you can now download and execute the binary precheck file to conduct verification of the VM configuration. |
Site Collectors 1.18.0 (April 2024)
The following features were introduced in Site Collectors during April 2024.
Feature | Description |
|---|---|
Event Exploration on Search via Site Collectors | Now with the Open in Search option, you can open the Search application in a new tab to view a prepopulated Search query that displays details of logs related to the selected Collector instance. Modifying the Search query with parameters and timeframe provides you the flexibility to filter logs to see details specific to a Collector instance. |
Site Collectors 1.17.0 (March 2024)
The following features were introduced in Site Collectors during March 2024.
Feature | Description |
|---|---|
Enhancements to Splunk Collector | Added the following enhancements to Splunk Collector:
For more information see, Set Up Splunk Collector. |
Site Collectors 1.16.0 (February 2024)
The following features were introduced in Site Collectors during February 2024.
Feature | Description |
|---|---|
API Support for Site Collectors Onboarding | You can now use the Exabeam API to programmatically set up Site Collectors without using the user interface. For more information, see the Exabeam Developer Hub. |
Availability of User Interface Actions for Site Collector and Collector Instances | You can now delete, upgrade, stop, or restart site collector instances and collector instances with various statuses. |
Fortinet Collector | You can now configure the Fortinet Collector to retrieve log data that uses the Octet Counting framing method, such as that from Fortinet devices. This method involves a transport receiver that uses a predetermined message length to delimit syslog messages. The collector is compatible only with the TCP/TLS protocol. If you need to ingest Fortinet data via UDP, use the Syslog Collector instead. |
New Enterprise Specifications Support | The Site Collectors service now supports enterprise specifications that include 16CPU + 32GB memory to achieve 30k EPS for multiple collectors and 10k EPS for an individual collector. |
Performance Optimization for SQL Collector | Enhanced performance for SQL collectors for pulling large historical data sets. |
Windows File Collector | You can now set up the Windows File Collector to retrieve logs that use most common text-based log file formats *.log, *.txt, and *.csv, and other plain text files natively from your Windows server. The Windows File Collector does not support archive formats such as zip, gz, rar, or binary file types, such as video, audio, image, and executable files. |
Site Collectors 1.15.0 (January 2024)
The following features were introduced in Site Collectors during January 2024.
Feature | Description |
|---|---|
Site Management Service | Using the Site Management feature, you can now create, assign, and mange sites across multiple Site Collector instances to ensure efficient management of environments with overlapping IP addresses while editing a site collector instance. |
Support for the Latest Versions of Ubuntu | The Site Collectors service now supports operating system Ubuntu versions 22.04, and 23.04. |
Support for CA-signed Custom SSL Certificates for Syslog Collector | To enable secure and encrypted TLS communication between your syslog server and the Syslog Collector, in addition to the default certificate, you can now use custom certificates signed by Certificate Authority (CA) while setting up the Syslog Collector instance. |
OVA File Import for Setting up a VM | You can now set up a virtual machine with all the required hardware and software requirements by importing an OVA file into hypervisors VMWare, GCP, and AWS. An OVA file import simplifies and speeds up the VM set up process. |