- Welcome to Exabeam Security Content
- What is Security Content?
- Common Information Model
- What is the Common Information Model?
- Common Information Model Context Elements
- Common Information Model Interface
- Common Information Model Event-naming Format
- Common Information Model Impact on Downstream Processes
- Using the Common Information Model to Create Custom Content
- Transitioning to the Common Information Model
- Understanding the Log
- Exabeam Parsers
- Exabeam Event Building
- Exabeam Enrichment
- Exabeam Persistence and Templates
- Exabeam Models
- Exabeam Rules
The Content Library
The Content Library is an online collection of information about all of the security content supported by Exabeam. The library is programmatically generated from the Exabeam content repository. As the threat landscape changes and new security content is added to the Exabeam repository, the Content Library is automatically updated.
The library contains documentation about activity types, parsers, models, rules, and MITRE techniques, and shows how these tools map to one and other. The library is constructed so that it can be browsed via multiple navigation paths. Depending on how you want to drill into the information, you can:
Search by data source – Select a vendor and a product that are the source of the data. View the activity types, parsers, and the number of rules and models Exabeam employs to cover this data source. Drill down further to view the parser syntax or the names of the rules and models.
Search by use case – Select a specific use case. Exabeam supports use cases in the following categories: compromised insiders, malicious insiders, and external threats. View tables for each vendor and product that the use case supports. Each table shows the number of supported rules and models. Drill down further to view the names of the rules and models.
Search by product category – View products arranged in categories based on the type of function each category of products provides. Select a specific product to view the activity types, parsers, and the number of rules and models Exabeam employs to cover this data source. Drill down further to view the parser syntax or the names of the rules and models.
View by MITRE ATT&CK® framework – View the Exabeam coverage map that shows which attack techniques Exabeam covers with its rules and models.
The Content Library also includes access to additional types of content information that may be helpful. Links to these resources are available from the landing page of the library. They include:
Correlation rules – A list of prebuilt correlation rules with descriptions and use cases
Platforms and landscapes – A list of product platforms arranged by landscape categories (redirects to the Common Information Model Library)
Field Descriptions – A list of available fields and their descriptions (redirects to the Common Information Model Library)
The Content Library is available at the following URL: https://github.com/ExabeamLabs/Content-Library-CIM2