- Search Overview
- Search Home Page
- Performing Searches
- Basic Search
- Advanced Search
- Advanced Search Building Blocks
- Running an Advanced Search Query
- Query Syntax
- Query by Subject
- Query by Vendor and Product
- Query by Field and Value
- Query by Context Table
- Query Using Regex
- Free Text Search
- Query Using Advanced Query Language Operators
- Query Using Aggregation Functions
- Query Using Structured Fields
- Dynamic Field Extraction
- Natural Language Search
- Anomaly Search
- Refine a Search
- Context Tables in Search
- Search Best Practices
- Search Results
- Dashboard Visualizations
Anomaly Search
Anomaly Search enriches events that have been identified as anomalous in Advanced Analytics. With Anomaly Search, Advanced Analytics becomes a log source that highlights potential threats and adds valuable context, providing an expanded array of search dimensions, such as MITRE ATT&CK TTPs, use cases, and rule reasons. To facilitate investigations, anomaly events include a link to view them in their Advanced Analytics timelines.
Note
Anomaly Search is available to customers with Exabeam Security Operations Platform licenses and in a limited capacity to customers with Security Investigation and Security Analytics licenses.
Anomaly fields include the following:
user | src_host | asset_labels |
mitre_labels | rule_usecases | log_time |
event_id | event_time | trigger_entity |
original_risk_score | trigger_type | event_category |
session_id | domain | rule_description |
rule_id | rule | src_ip |
rule_reason | url | incident_creation_time |
dest_ip | container_id | |
base_risk_score | dest_host |