Correlation RulesCorrelation Rules Release Notes

Email Notifications for Disabled Rules

Analysts will be notified by email whenever a rule has been disabled by Exabeam.

Condition and Outcome Summary Visibility

When creating a new correlation rule, a summary of the condition and chosen outcomes will be shown in the final Review step of the process, allowing you to do a final review before saving the new rule.

Test Mode

Before enabling a correlation rule, you can now disable outcomes to test the rule. This allows you to fine-tune a rule to your satisfaction before generating unnecessary alerts and emails.

Audit Logs

You can now include Audit Logs in your correlation rule queries.

The Exabeam audit logs are activity logs for user and asset activity in your organization. Specific activities related to Exabeam product administrators and users are logged, including activities within the UI as well as configuration and server changes. This is especially useful for reviewing activities for audits (for example GDPR).

Correlation Rules Pre-built Dashboard

The Correlation Rules Management pre-built dashboard now displays use case activity levels, what rules are being triggered and when, and what rules are triggered the least.

Bulk Correlation Rule Deletion

You can now select and delete multiple correlation rules at one time.

Introducing the Correlation Rules App

The Correlation Rules app is now available on the Exabeam Security Operations Platform.

Correlation Rules is a cloud-native service that provides a single point of entry for creating correlation rules. Correlation Rules provides the ability for an analyst to be on the lookout for events that match a certain logic (conditions/criteria) across a set period and deliver notification, so the analyst is made aware of a "trigger."

Correlation rules provide the ability to:

For more information see the Correlation Rules Guide.