Data LakeExabeam Data Lake Release Notes

Security enhancements have been added to Data Lake i34.6 and i35. If you have i33 or earlier, we recommend either manually completing the hardening steps given in Exabeam Operational Hardening or upgrade to Data Lake i34.6 or later.Exabeam Operational Hardening

The Exabeam Security Management Platform (SMP) has additional security configurations that can be enabled for stricter controls and data protection. Exabeam has enabled protections to specific releases against Cross-Site Request Forgery (CSRF) and Cross-Origin Resource Sharing (CORS) by default.

This improves the default security of the environment for all Exabeam services. These protections may affect API calls to the Exabeam SMP. Please follow instructions given in Exabeam Operational Hardening if you have affected scripts.Exabeam Operational Hardening

For Exabeam SaaS deployments that use Exabeam Advanced Analytics as your Exabeam Cloud Connector identity provider (IdP). Exabeam will automatically update your Cloud Connector to v.2.5.86 or later to ensure compatibility with the security configuration.

No manual configuration is needed for deployments with the following versions or later:

For more information, please see Exabeam Operational Hardening.Exabeam Operational Hardening

Exabeam has refreshed its Search interface to improve your query experience.

In addition to using time constraints to narrow the amount of data to search, you can apply filters using context tables to optimize your queries. Filtered searches are now available in all Data Lake features for running custom queries, offering the ability to search against IOCs list and enable reporting granularity. Click Context table under the Search field to create filters.

When you have pinpointed logs of interest, you can now readily export individual raw logs to distribute among team analysts. Each log in raw and enhanced view offers exports of log text, hyperlink, or as a separate web browser tab.

In Data Lake I35, you will find:

Exabeam user audit logs can now be stored and searched within Data Lake . User actions like searches, operating system level activities, and dashboard creation, are tracked. Audit event logs can handled like typical Data Lake logs so you can create log trails after every:

For more information, see Audit Log Management in Data Lake in the Data Lake Administration Guide.Audit Log Management in Data Lake

In Data Lake i35, you can select the parsing policy that determines whether the system prioritizes accurate parsing of all ingested raw logs, events per second throughput, or a balance of both. Learn more about parser policies. For more information, see Parser Management in the Parser Troubleshooting Guide.Parser ManagementParser Troubleshooting Guide (for Data Lake i34 and earlier)

Data Lake can now ingest event logs from your own Kafka sources outside. Data is sent from the external Kafka source directly to the Exabeam Site Collector. For more information, see Exabeam Site Collector Guide.Exabeam Site Collector

Exabeam has enabled a generic authentication option to support SAML 2.0 SSO. You can use your preferred single sign-on (SSO) tool of choice. API information is available in the Exabeam Community. For more information, see Configuring Single Sign-on and Multifactor Authentication in the Data Lake Administration Guide.Configuring Single Sign-on and Multi-factor Authentication

With improvements the Exabeam Data Services and other system components, expect faster node deployments.

Exabeam Site Collector can now be configured to forward logs to Exabeam Advanced Analytics destinations deployed on appliances and cloud platforms. For more information about Site Collector, please see Exabeam Site Collector.Exabeam Site Collector

Data Lake log ingestion options now include Exabeam log collector agents that run on CentOS 8 and Redhat 8.