Skip to main content

Exabeam SearchExabeam Search Guide

Anomaly Search

Anomaly Search enriches events that have been identified as anomalous in Advanced Analytics. With Anomaly Search, Advanced Analytics becomes a log source that highlights potential threats and adds valuable context, providing an expanded array of search dimensions, such as MITRE ATT&CK TTPs, use cases, and rule reasons. To facilitate investigations, anomaly events include a link to view them in their Advanced Analytics timelines.

Note

Anomaly Search is available to customers with Exabeam Security Operations Platform licenses and in a limited capacity to customers with Security Investigation and Security Analytics licenses.

Anomaly fields include the following:

user

src_host

asset_labels

mitre_labels

rule_usecases

log_time

event_id

event_time

trigger_entity

original_risk_score

trigger_type

event_category

session_id

domain

rule_description

rule_id

rule

src_ip

rule_reason

url

incident_creation_time

dest_ip

container_id

base_risk_score

dest_host