What is Security Content?
Security content encompasses all of the detection logic that enables Exabeam products to process security events. This content includes parsers, event builders, enrichers, rules, and models. Security content is stored in configuration files (.conf) for use by both Advanced Analytics and Data Lake.
Exabeam provides out-of-the-box security content that supports integrations with multiple third-party vendors. As the threat landscape changes, Exabeam security content is supplemented with content packages that are released on a regular cadence. Content packages are delivered as zipped files and can be installed without the need to upgrade your Advanced Analytics or Data Lake applications. Depending on which version of each product you are using, content packages can be deployed in one of two ways:
Content Installer – Using the content installer script requires manipulating content package files in a command line environment. It also requires a manual restart of the relevant internal engines. For more information, see Content Installer.
Content over Cloud – Using the content over cloud process allows content packages to be deployed directly from the cloud. This process is available for both cloud and on-prem versions of Exabeam software, beginning with Advanced Analytics i54 and Data Lake i36. For more information, see Manage Security Content in Advanced Analytics or Manage Security Content in Data Lake.