- Welcome to Exabeam Security Content
- What is Security Content?
- Common Information Model
- What is the Common Information Model?
- Common Information Model Context Elements
- Common Information Model Interface
- Common Information Model Event-naming Format
- Common Information Model Impact on Downstream Processes
- Using the Common Information Model to Create Custom Content
- Transitioning to the Common Information Model
- Understanding the Log
- Exabeam Parsers
- Exabeam Event Building
- Exabeam Enrichment
- Exabeam Persistence and Templates
- Exabeam Models
- Exabeam Rules
Create Rules
Rules can be created in multiple Exabeam applications.
Advanced Analytics– In this on-premises and legacy SaaS application, both fact-based rules and model-based rules can be created. These rules can trigger alerts and can provide scoring so that points are added to session timelines. You can view and configure rules from Advanced Analytics Settings.
In Advanced Analytics, versions i62.4 and i63 and later, rules are created in disabled status by default and require an extra step to enable them. For information about working with rules, see Configure Rules in the Advanced Analytics Administration Guide.
Correlation Rule Builder – In this cloud-native application, fact-based correlation rules can be created. These rules can trigger various alerting outcomes. You can build correlation rules from scratch or convert them from search queries. In the Correlation Rule Builder, you can write, test, publish, and monitor custom rules. For more information, see the Correlation Rules Guide.