Skip to main content

Auto Parser GeneratorSite Collector Release Notes

Table of Contents

Site Collector Features Introduced in 2024

See the following topics for features introduced by month:

Site Collectors 2.4 (November 2024)

Feature

Description

Windows 10 and Windows 11 Support by Windows Event Log Collector, Windows File, and Windows Archive Collector

The Windows Event Log Collector, Windows File Collector and Windows Archive Collector now support the Windows 10 and Windows 11 operating system.

Enhancements to Log Source Monitoring

The Log Sources section now displays log source details about silent log sources and relevant notifications for data volume drops at log source level every four hours.

Notifications about Site Collector Errors

You can now proactively monitor your Site Collector instances, as the Exabeam Security Operations Platform displays notifications for silent log collector for volume drop at collector level every four hours, and for certificate expiration. Each notification contains clear and actionable insights containing error details with links to access the relevant collector instance to troubleshoot further.

Site Collectors 2.3 (October 2024)

Feature

Description

SSL connection Support for Oracle Collector

Site Collector now offers an option for establishing a secure connection between the Oracle Server (RDBMS) and the Site Collector Core, while configuring or updating the Oracle collector instance.

Historical Data Support for Linux File Collector and Windows File Collector

For the Linux File Collector and Windows File Collector, you can now enable or disable the Fetch Historical Data option for the collector to fetch log files that were created prior to the creation of the collector. The flexibility to disable historical fetch option enhances the initial performance and stability.

Increased Limit for Log Filter Conditions

For the Linux File Collector and Windows File Collector, you can now add up to 300 allow and deny conditions for filtering logs, for all categories, while creating templates during collector configuration.

Windows 2016 Support by Windows File and Archive Collector

The Windows File Collector and Windows Archive Collector now support the Windows 2016 core operating system.

Specifications Upgrade

You can now upgrade the common specifications to enterprise specifications for your VM to scale up the log collection.

Automatic Renewal of Security Certificates

You can now start an automated process to refresh the security certificate via user interface, when the certificate is within two weeks of its expiration.

Site Collectors 2.2 (September 2024)

Feature

Description

Estreamer Collector

You can now configure the EStreamer Collector to collect event data from your eStreamer server and push the logs to the Exabeam Security Operations Platform.

Extended External API Support

External API support is extended for the collectors: Fortinet, File Windows, File Linux, Archive Windows, Kafka, QRadar, and EStreamer.

IBM Security QRadar Collector

You can now configure the IBM Security QRadar collector to retrieve logs from your IBM Security QRadar server.

Deletion of Multiple Templates

The Template Manager now enables you to delete multiple templates that are not assigned to any collector instance, in one go.

Windows 2016 Support by Windows File and Archive Collector

The Windows File Collector and Windows Archive Collector now support the Windows 2016 and Windows Server 2016 core operating system.

Early Access Collectors

Archive Windows Collector

The Archive Windows Collector is now available as part of Site Collectors Early Access program. This collector facilitates the collection of log events from the following types of archived log files: *.gz, *.tar, *.tar.gz, *.gzip, *.rar, *.7z.

Archive Linux Collector

The Archive Linux Collector is now available as part of Site Collectors Early Access program. This collector facilitates the collection of log events from archived log sources *.7z, *.arj, *.bzip2, *.cab, *.gzip, *.iso, *.lzh, *.rar, *.gz, *.tar, *.tar.gz, *.z, and *.zip.

Log Source Monitoring

The Log Source Monitoring feature is now available as part of Site Collectors Early Access program. Using the Log Source Monitoring you can easily monitor log sources on Exabeam Security Operations Platform and get notified of any issues, which prevents you from missing out on timely detections and potential attack alerts.

Kafka Collector

The Kafka Windows Collector is now available as part of Site Collectors Early Access program. This collector facilitates the collection of logs in any text format from your Kafka server.

Site Collectors 2.1 (August 2024)

Feature

Description

Windows Template Enhancements

The Windows templates are enhanced with a new log category for greater flexibility. While configuring a Windows Event Log Collector instance, you can now select the Windows log category Microsoft-Windows-Sysmon/Operational in addition to other log categories at the time of creating a new Windows template to filter logs.

Enhanced Log Filtering for Linux File Collector and Windows File Collector

The Linux File Collector and Windows File Collector now support searching for log files across subdirectories. With this enhanced log filtering, the collector can efficiently gather log data from complex directory hierarchies and provide a more complete view of your log file collection. You can include wildcard characters such as,/var/log/*.log and /opt/exabeam/logs/*.txt in your regex to filter logs.

Windows 2016 Support by Windows Event Log Collector

The Windows Event Log Collector now supports the Windows Server 2016 operating system.

Regex Filtering Optimization

The Egress Log Filtering Conditions functionality is optimized for better performance. It is recommended to not to use wildcard characters at the beginning or end of the regex pattern in the allowed and deny conditions to prevent performance issues.

Site Collectors 2.0 (July 2024)

Feature

Description

Security Certificate Expiration Information

The Site Collectors Instances page now displays the certificate expiration column to indicate the validity of the security certificate in days.

Enhancement to the Syslog Collector

The Syslog collector now enables you to paste the content of your custom certificates that are in key.pem, cert.pem, or ca.pem format into a text box, in addition to uploading the certificates in .tar.gz format while configuring the collector.

Caution

After you upgrade to Site Collectors 2.0, ensure that you upgrade your existing collector instances, particularly the Windows Event Log Collector, Windows File Collector, Windows Archive collector, Linux File Collector, and Linux Archive Collector instances.

Site Collectors 1.20.0 (June 2024)

The following features were introduced in Site Collectors during June 2024.

Feature

Description

Linux File Collector

You can now set up the Linux File Collector to retrieve logs natively from your Linux server, from most common text log files *.log, *.txt, and *.csv.

SSL Interception

Site Collector now supports configuration of SSL interception to enhance network security. Before installing a Site Collector instance, you can configure SSL interception by importing the CA files.

Support for 500 Windows Event Log Collector Instances

Site Collector now provides support for a single Site Collector instance to run up to 500 Windows Event Log Collector instances on a VM with enterprise specifications.

Vulnerability Remediation

Exabeam documentation now includes Vulnerability Remediation Policy details that describe Exabeam’s approach to addressing Common Vulnerabilities and Exposures (CVEs) in Site Collector. The remediated CVEs in a specific release are listed in the addressed issues section of the release notes. Any Critical CVEs that remain unresolved are listed in the known issues section of the release notes.

Site Collectors 1.19.0 (May 2024)

The following features were introduced in Site Collectors during May 2024.

Feature

Description

Enhancements for the Splunk Collector

The Splunk collector has been upgraded to support Splunk SDK 1.9.5 with the latest API version for better security and seamless integration with Splunk server.

The Splunk collector now fetches the Splunk metadata fields: time, sourcetype, host, in addition to raw.

Event Exploration on Search via Site Collectors

You now have the capability to launch the Search application in a separate tab with a preconfigured search query showcasing log details associated with the selected Site Collector instance with the new Open in Search option. You can modify the Search query with specific parameters and timeframe to filter logs to see details specific to a Collector instance.

External API Management for Site Collectors Onboarding

You can now use external APIs to programmatically integrate with Site Collectors without using the user interface.

Oracle Collector Support for multiple OJDBC Versions

The Oracle collector now supports multiple OJDBC driver versions to allow log collection from older Oracle server versions and facilitate compatibility with different versions of Oracle servers.

Enablement of Secure Connection for the Microsoft SQL collector

The Microsoft SQL collector now provides with you an option to enable secure connection between the Microsoft SQL collector and your Microsoft SQL server.

Precheck Validation

To ensure a seamless installation or upgrade of Site Collectors, you can now download and execute the binary precheck file to conduct verification of the VM configuration.

Site Collectors 1.18.0 (April 2024)

The following features were introduced in Site Collectors during April 2024.

Feature

Description

Event Exploration on Search via Site Collectors

Now with the Open in Search option, you can open the Search application in a new tab to view a prepopulated Search query that displays details of logs related to the selected Collector instance. Modifying the Search query with parameters and timeframe provides you the flexibility to filter logs to see details specific to a Collector instance.

Site Collectors 1.17.0 (March 2024)

The following features were introduced in Site Collectors during March 2024.

Feature

Description

Enhancements to Splunk Collector

Added the following enhancements to Splunk Collector:

  • The collector now retains the present state if you edit the collector configuration with an updated Splunk query. Based on the new Splunk query, the collector pulls data from the date and time at which the collector previously stopped.

  • For pulling large amount of historical data, you can now see a recommendation on the user interface to create two separate Splunk collector instances: One is for live data pull and the other for historical data pull, to ensure precision.

  • To prevent data loss, you can now see a recommendation on the user interface to use time modifiers such as earliest, now, and latest in your Splunk query with caution as it may cause conflict with collector’s internal clock.

  • You can now update the value for Splunk Fetch Time Stamp field for the Splunk collector to pull historical data.

For more information see, Set Up Splunk Collector.

Site Collectors 1.16.0 (February 2024)

The following features were introduced in Site Collectors during February 2024.

Feature

Description

API Support for Site Collectors Onboarding

You can now use the Exabeam API to programmatically set up Site Collectors without using the user interface. For more information, see the Exabeam Developer Hub.

Availability of User Interface Actions for Site Collector and Collector Instances

You can now delete, upgrade, stop, or restart site collector instances and collector instances with various statuses.

Fortinet Collector

You can now configure the Fortinet Collector to retrieve log data that uses the Octet Counting framing method, such as that from Fortinet devices. This method involves a transport receiver that uses a predetermined message length to delimit syslog messages. The collector is compatible only with the TCP/TLS protocol. If you need to ingest Fortinet data via UDP, use the Syslog Collector instead.

New Enterprise Specifications Support

The Site Collectors service now supports enterprise specifications that include 16CPU + 32GB memory to achieve 30k EPS for multiple collectors and 10k EPS for an individual collector.

Performance Optimization for SQL Collector

Enhanced performance for SQL collectors for pulling large historical data sets.

Windows File Collector

You can now set up the Windows File Collector to retrieve logs that use most common text-based log file formats *.log, *.txt, and *.csv, and other plain text files natively from your Windows server. The Windows File Collector does not support archive formats such as zip, gz, rar, or binary file types, such as video, audio, image, and executable files.

Site Collectors 1.15.0 (January 2024)

The following features were introduced in Site Collectors during January 2024.

Feature

Description

Site Management Service

Using the Site Management feature, you can now create, assign, and mange sites across multiple Site Collector instances to ensure efficient management of environments with overlapping IP addresses while editing a site collector instance.

Support for the Latest Versions of Ubuntu

The Site Collectors service now supports operating system Ubuntu versions 22.04, and 23.04.

Support for CA-signed Custom SSL Certificates for Syslog Collector

To enable secure and encrypted TLS communication between your syslog server and the Syslog Collector, in addition to the default certificate, you can now use custom certificates signed by Certificate Authority (CA) while setting up the Syslog Collector instance.

OVA File Import for Setting up a VM

You can now set up a virtual machine with all the required hardware and software requirements by importing an OVA file into hypervisors VMWare, GCP, and AWS. An OVA file import simplifies and speeds up the VM set up process.