- What's New
- Exabeam Hardening for CSRF and CORS
- Search Interface Refresh with Filtered Searches and Export Options
- Audit Log Management
- Parser Management UI
- Data Input from External Kafka Source
- Support for Generic SAML SSO
- Platform Deployment Efficiency Improvement
- Exabeam Advanced Analytics as Site Collector Destination
- CentOS 8 and RedHat 8 Support for Data Lake Collector Agents
- Fixed Issues in Data Lake SMP 2020.3 DL-i35 GA
- Known Issues in Data Lake SMP 2020.3 DL-i35 GA
This release of Data Lake arrives with some very powerful and handy use cases for the Security Analyst in addition to other system stability and maintainability improvements.
Data Lake I35 features include:
Exabeam Hardening for CSRF and CORS
Security enhancements have been added to Data Lake i34.6 and i35. If you have i33 or earlier, we recommend either manually completing the hardening steps given in Exabeam Operational Hardening or upgrade to Data Lake i34.6 or later.
The Exabeam Security Management Platform (SMP) has additional security configurations that can be enabled for stricter controls and data protection. Exabeam has enabled protections to specific releases against Cross-Site Request Forgery (CSRF) and Cross-Origin Resource Sharing (CORS) by default.
This improves the default security of the environment for all Exabeam services. These protections may affect API calls to the Exabeam SMP. Please follow instructions given in Exabeam Operational Hardening if you have affected scripts.
For Exabeam SaaS deployments that use Exabeam Advanced Analytics as your Exabeam Cloud Connector identity provider (IdP). Exabeam will automatically update your Cloud Connector to v.2.5.86 or later to ensure compatibility with the security configuration.
No manual configuration is needed for deployments with the following versions or later:
Exabeam Advanced Analytics i53.6
Exabeam Data Lake i34.6
For more information, please see Exabeam Operational Hardening.
Search Interface Refresh with Filtered Searches and Export Options
Exabeam has refreshed its Search interface to improve your query experience.
In addition to using time constraints to narrow the amount of data to search, you can apply filters using context tables to optimize your queries. Filtered searches are now available in all Data Lake features for running custom queries, offering the ability to search against IOCs list and enable reporting granularity. Click Context table under the Search field to create filters.
When you have pinpointed logs of interest, you can now readily export individual raw logs to distribute among team analysts. Each log in raw and enhanced view offers exports of log text, hyperlink, or as a separate web browser tab.
In Data Lake I35, you will find:
Category specific fields first
Raw messages always visible
More clear fonts and colors
Metadata and less important fields placed at the end
Audit Log Management
Exabeam user audit logs can now be stored and searched within Data Lake . User actions like searches, operating system level activities, and dashboard creation, are tracked. Audit event logs can handled like typical Data Lake logs so you can create log trails after every:
For more information, see Audit Log Management in Data Lake in the Data Lake Administration Guide.
Parser Management UI
In Data Lake i35, you can select the parsing policy that determines whether the system prioritizes accurate parsing of all ingested raw logs, events per second throughput, or a balance of both. Learn more about parser policies. For more information, see Parser Management in the Parser Troubleshooting Guide.
Data Input from External Kafka Source
Data Lake can now ingest event logs from your own Kafka sources outside. Data is sent from the external Kafka source directly to the Exabeam Site Collector. For more information, see Exabeam Site Collector Guide.
Support for Generic SAML SSO
Exabeam has enabled a generic authentication option to support SAML 2.0 SSO. You can use your preferred single sign-on (SSO) tool of choice. API information is available in the Exabeam Community. For more information, see Configuring Single Sign-on and Multifactor Authentication in the Data Lake Administration Guide.
Platform Deployment Efficiency Improvement
With improvements the Exabeam Data Services and other system components, expect faster node deployments.
Exabeam Advanced Analytics as Site Collector Destination
Exabeam Site Collector can now be configured to forward logs to Exabeam Advanced Analytics destinations deployed on appliances and cloud platforms. For more information about Site Collector, please see Exabeam Site Collector.
CentOS 8 and RedHat 8 Support for Data Lake Collector Agents
Data Lake log ingestion options now include Exabeam log collector agents that run on CentOS 8 and Redhat 8.