- Security Content Configuration Files
- Content Installer
- Install Security Content Using Content Installer
- Manually Revert a Security Content Configuration File
- Add an Advanced Analytics to Data Lake Query from a Security Content Update
- Install a Dynamic Lookup Entry
Add an Advanced Analytics to Data Lake Query from a Security Content Update
If your new security content includes an Advanced Analytics query in a text file, use it to create a log feed and start ingesting logs from Data Lake.
Ensure that you downloaded security content from the Exabeam Community Content Exchange or your case ticket, saved it to the right location, and navigated to the directory where you downloaded the file.
If you downloaded a
tar.gzfile, untar it:
tar -C /opt/exabeam -xvf <tarfile.tar.gz>
One or more ZIP files are extracted.
In Advanced Analytics, navigate to Settings > Log Management > Log Feeds.
Add a log feed:
If you have version i48 and below, click ADD.
if you have version i50 and above, click + Add New Query.
Enter the information:
Log servers – Select Data Lake.
Log type – Select Custom.
Query short name – Enter a name that identifies the query.
Search query – Copy and paste a query from
Retrieve and process logs from – Select a date from when to start retrieving and processing logs.
To verify if the query works properly, click Test Query, then click NEXT.