Data LakeData Lake User Guide

Table of Contents

About Exabeam Data Lake

Data Lake is Exabeam's Log Management System. It is the data collection, indexing, and visualization engine. The goal of Data Lake is to present log data to the user in a clear and consumable manner. Log data isn't necessarily designed to be easily read by humans and finding what really matters can be time-consuming. That being said, effective log management is essential to both security and compliance. Monitoring, documenting, and analyzing events are a crucial component of an environment's security.

Data Lake allows large scale aggregation and storage of logs and provides access to those logs via a web interface. It enriches log events with contextual information. As data travels from the source Data Lake parses each event, identifies named fields to build structure, and transforms them to converge on a common format for easier, accelerated analysis and business value.

Data Lake is a scalable architecture that can be used as a solitary system or integrated with Exabeam's Advanced Analytics and products.

Features of Data Lake

Below, we give a short overview of the features of the Data Lake UI. They are described in more detail in the corresponding chapters. We recommend reading these in-depth parts in the order they are presented, since they build on each other.

Feature

Description

Indexing

Indexing essentially tokenizes fields within the logs, for example creating key-value pairs so that analysts can search for specific values and find the matching events.

Search

The Search page is where investigations begin and it is the primary way users navigate data in Data Lake. It displays all events in a selected time-span. You can query specific log events, search for specific conditions within a rolling time window, identify patterns in your data, and so on. Searches can be saved for future use, build visualizations, and power dashboard panels.

Visualize

Visualizations also begin with searches. In Data Lake a visualization is a graph, table, or other visual representation of an aspect of your data. On this page you will create or modify your visualizations.

Dashboard

Several Visualizations can be placed on one dashboard, as well as Saved Searches. They are made up of panels that contain modules such as search boxes, fields, charts, tables, and so on. This is typically something that an analyst would create for a business level or operational view.

Reports

Reports for firewall activity, account access, and authentication access attempts are available out-of-the-box. Customers can use the fully customizable reports to create unique views of their environments that can be sent to organizational stakeholders on a regular schedule.

Correlation Rules

Correlation rules are static rules on incoming logs that alert on known bad or non-compliant behaviors when specified conditions are met, such as service outages which have no security repercussions or any configuration changes on the firewall to meet compliance needs.

Settings

This is where you perform administrative actions on the Data Lake. You can add indices to, or remove them from, your Data Lake instance, manage your collectors remotely, and other admin tasks.

Note

If you have installed Exabeam Advanced Analytics, you can now directly access logs of interest in Data Lake. For more information on how to pivot from Advanced Analytics to Data Lake, see View a Data Lake Log from an Advanced Analytics Smart Timelines Event.View a Data Lake Log from an Advanced Analytics Smart Timelines Event