The Content Library
The Content Library is an online collection of information about all of the security content supported by Exabeam. The library is programmatically generated from the Exabeam content repository. As the threat landscape changes and new security content is added to the Exabeam repository, the Content Library is automatically updated.
The library contains documentation about parsers, events types, models, rules, and MITRE techniques, and shows how these tools map to one and other. The library is constructed so that it can be browsed via multiple navigation paths. Depending on how you want to drill into the information, you can:
Search by data source – Select a vendor and a product that are the source of the data. View the event types, parsers, and the number of rules and models Exabeam employs to cover this data source. Drill down further to view the parser syntax or the names of the rules and models.
Search by use case – Select a specific use case. Exabeam supports use cases in the following categories: compromised insiders, malicious insiders, and external threats. View tables for each vendor and product that the use case supports. Each table shows the relevant event types and the number of supported rules and models. Drill down further to view the names of the rules and models.
View by MITRE ATT&CK® framework – View the Exabeam coverage map that shows which attack techniques Exabeam covers with its rules and models.
The Content Library is available at the following URL: https://github.com/ExabeamLabs/Content-Library-CIM1