Security ContentInstall Security Content

Content Installer

Install security content onto your Advanced Analytics and Data Lake systems using Exabeam Content Installer.

Content Installer installs security content directly onto your Advanced Analytics and Data Lake systems. You can install new security content whenever you need the capability to parse or monitor a new activity. You can access new security content from content packages on the Exabeam Community Content Exchange or from a case ticket.

To deploy Content Installer and install security content, you must use a command line environment to carefully manipulate files in the Exabeam product file directory. If you're not familiar with using the command line, contact Exabeam Customer Success for help.

If you have Advanced Analytics i54 or later, you can install security content directly in Advanced Analytics settings, instead of using Content Installer.Manage Security Content in Advanced Analytics

Content Installer takes in a ZIP file that contains the new security content, then adds the content to the corresponding custom configuration file. For example, it adds new parsers to custom/parsers.conf. The new, updated security content overrides old, existing security content. For example, let's look at two scenarios:

  • Content Installer installs parser p10 in a configuration file that already contains a parser named p10. The Content Installer removes the old p10, then replaces it with the updated p10.

  • Content Installer installs parser p10 in a configuration file that contains parsers p1 to p4. The Content Installer reads the config file from top to bottom, so it places parser p10 above parsers p1 to p4.

To control which security content overrides others, open a case to contact your Technical Account Manager.

There is some security content you can't install using Content Installer, including Advanced Analytics dynamic lookup entries, queries from Advanced Analytics to Data Lake, and Data Lake reports.Import a Report