- Search Overview
- Search Home Page
- Performing Searches
- Basic Search
- Advanced Search
- Advanced Search Building Blocks
- Running an Advanced Search Query
- Query Syntax
- Query by Subject
- Query by Vendor and Product
- Query by Field and Value
- Query by Context Table
- Query Using Regex
- Free Text Search
- Query Using Advanced Query Language Operators
- Query Using Aggregation Functions
- Query Using Structured Fields
- Dynamic Field Extraction
- Natural Language Search
- Anomaly Search
- Refine a Search
- Context Tables in Search
- Search Best Practices
- Search Results
- Dashboard Visualizations
Anomaly Search
Anomaly Search enriches events that have been identified as anomalous in Advanced Analytics. With Anomaly Search, Advanced Analytics becomes a log source that highlights potential threats and adds valuable context, providing an expanded array of search dimensions, such as MITRE ATT&CK TTPs, use cases, and rule reasons. To facilitate investigations, anomaly events include a link to view them in their Advanced Analytics timelines.
Note
Anomaly Search is available to customers with Exabeam Security Operations Platform licenses and in a limited capacity to customers with Security Investigation and Security Analytics licenses.
Anomaly fields include the following:
asset_labels | base_risk_score | container_id |
dest_host | dest_ip | domain |
domain_user_name | event_category | event_id |
event_time | incident_creation_time | log_time |
mitre_labels | original_risk_score | rule |
rule_description | rule_id | rule_reason |
rule_usecases | session_id | src_host |
src_ip | trigger_entity | trigger_type |
url | user |