Skip to main content

Exabeam SearchExabeam Search Guide

Anomaly Search

Anomaly Search enriches events that have been identified as anomalous in Advanced Analytics. With Anomaly Search, Advanced Analytics becomes a log source that highlights potential threats and adds valuable context, providing an expanded array of search dimensions, such as MITRE ATT&CK TTPs, use cases, and rule reasons. To facilitate investigations, anomaly events include a link to view them in their Advanced Analytics timelines.

Note

Anomaly Search is available to customers with Exabeam Security Operations Platform licenses and in a limited capacity to customers with Security Investigation and Security Analytics licenses.

Anomaly fields include the following:

asset_labels

base_risk_score

container_id

dest_host

dest_ip

domain

domain_user_name

event_category

event_id

event_time

incident_creation_time

log_time

mitre_labels

original_risk_score

rule

rule_description

rule_id

rule_reason

rule_usecases

session_id

src_host

src_ip

trigger_entity

trigger_type

url

user