Data LakeExabeam Data Lake Release Notes

What's New

This release of Data Lake arrives with some very powerful and handy use cases for the Security Analyst in addition to other system stability and maintainability improvements.

Data Lake I35 features include:

Exabeam Hardening for CSRF and CORS

Security enhancements have been added to Data Lake i34.6 and i35. If you have i33 or earlier, we recommend either manually completing the hardening steps given in Exabeam Operational Hardening or upgrade to Data Lake i34.6 or later.Exabeam Operational Hardening

The Exabeam Security Management Platform (SMP) has additional security configurations that can be enabled for stricter controls and data protection. Exabeam has enabled protections to specific releases against Cross-Site Request Forgery (CSRF) and Cross-Origin Resource Sharing (CORS) by default.

This improves the default security of the environment for all Exabeam services. These protections may affect API calls to the Exabeam SMP. Please follow instructions given in Exabeam Operational Hardening if you have affected scripts.Exabeam Operational Hardening

For Exabeam SaaS deployments that use Exabeam Advanced Analytics as your Exabeam Cloud Connector identity provider (IdP). Exabeam will automatically update your Cloud Connector to v.2.5.86 or later to ensure compatibility with the security configuration.

No manual configuration is needed for deployments with the following versions or later:

  • Exabeam Advanced Analytics i53.6

  • Exabeam Data Lake i34.6

For more information, please see Exabeam Operational Hardening.Exabeam Operational Hardening

Search Interface Refresh with Filtered Searches and Export Options

Exabeam has refreshed its Search interface to improve your query experience.

DL-Search-EnhancedView-CategoryMatchExpanded-i35.png

In addition to using time constraints to narrow the amount of data to search, you can apply filters using context tables to optimize your queries. Filtered searches are now available in all Data Lake features for running custom queries, offering the ability to search against IOCs list and enable reporting granularity. Click Context table under the Search field to create filters.

filtered search context table menu

When you have pinpointed logs of interest, you can now readily export individual raw logs to distribute among team analysts. Each log in raw and enhanced view offers exports of log text, hyperlink, or as a separate web browser tab.

data lake search raw log export

In Data Lake I35, you will find:

  • Structured view

  • Category specific fields first

  • Raw messages always visible

  • More clear fonts and colors

  • Metadata and less important fields placed at the end

Audit Log Management

Exabeam user audit logs can now be stored and searched within Data Lake . User actions like searches, operating system level activities, and dashboard creation, are tracked. Audit event logs can handled like typical Data Lake logs so you can create log trails after every:

  • search

  • visualizations

  • dashboards

  • report executed

For more information, see Audit Log Management in Data Lake in the Data Lake Administration Guide.Audit Log Management in Data Lake

Parser Management UI

In Data Lake i35, you can select the parsing policy that determines whether the system prioritizes accurate parsing of all ingested raw logs, events per second throughput, or a balance of both. Learn more about parser policies. For more information, see Parser Management in the Parser Troubleshooting Guide.Parser ManagementParser Troubleshooting Guide (for Data Lake i34 and earlier)

Data Input from External Kafka Source

Data Lake can now ingest event logs from your own Kafka sources outside. Data is sent from the external Kafka source directly to the Exabeam Site Collector. For more information, see Exabeam Site Collector Guide.Exabeam Site Collector

Support for Generic SAML SSO

Exabeam has enabled a generic authentication option to support SAML 2.0 SSO. You can use your preferred single sign-on (SSO) tool of choice. API information is available in the Exabeam Community. For more information, see Configuring Single Sign-on and Multifactor Authentication in the Data Lake Administration Guide.Configuring Single Sign-on and Multi-factor Authentication

Platform Deployment Efficiency Improvement

With improvements the Exabeam Data Services and other system components, expect faster node deployments.

Exabeam Advanced Analytics as Site Collector Destination

Exabeam Site Collector can now be configured to forward logs to Exabeam Advanced Analytics destinations deployed on appliances and cloud platforms. For more information about Site Collector, please see Exabeam Site Collector.Exabeam Site Collector

CentOS 8 and RedHat 8 Support for Data Lake Collector Agents

Data Lake log ingestion options now include Exabeam log collector agents that run on CentOS 8 and Redhat 8.