Exabeam SearchSearch Release Notes

My Downloads Page

You can now view a list of search results you have previously exported, and also download these files. This enables you to easily access the exact data that you want, eliminating the need to first download and review a summary file, and provides you the ability to reuse previously downloaded results.

Asynchronous Export

Asynchronous export has been implemented, eliminating the problem of the system timing out when exporting very large search results.

Time Range Picker Expansion

Search now provides more granular quick filter options in the time range picker.

Search Audit Logs

Query Builder has been enhanced by adding Exabeam Audit Log, under Vendors & Products, allowing you to search for Exabeam Audit Logs.

The Exabeam audit logs are activity logs for user and asset activity in your organization. Specific activities related to Exabeam product administrators and users are logged, including activities within the user interface as well as configuration and server changes. This is especially useful for reviewing activities for audits (for example GDPR).

Wildcard Queries Changes

You can now query unconditionally against all logs for a defined time period, with an empty query string.

In addition, the wildcard symbol, "*" is no longer permitted in search queries, except as part of a like statement or a REGEX expression.

Histogram Improvements

The Histogram performance and user experience has been improved. By limiting the timeline to the last 2 weeks, the time to produce results has been shortened, and you will no longer see failures due to large log data volumes.

Search Results Fields Summary

The Search results have been enhanced to provide a high-level field summary of all parsed fields belonging to the selected subject and a count of unique values for each field. You can leverage these insights to narrow down your search or pivot to another search query.

Anomaly Search

To detect a specific threat or indicators of an attack, you can now search across a variety of different objects such as sessions, rules, users, assets, and cases.

Query Support for IP Address Ranges

Search now supports the ability to query using IP ranges (IPv4 only).

Time Range Picker Expansion

Search now provides additional quick filter options in the time range picker.

New Metadata Fields in Query Builder

You can now select indicators of compromise (IOC), fields that are not part of CIM, from the Common event fields list in Query Builder. This allows you to leverage TIS enrichment.

Threat Intelligence Enrichment

Threat intelligence data is available to Search from the Context Management service. The Context Management service injects indicators of compromise (IOC) tags into event logs. Fields are added to events to hold tags that mark a record as having specific characteristics that are evidence of a security breach.

Non-CIM Fields and Custom Fields for Query Builder

The Query Builder is now enhanced to enable you to select from both custom fields and non-CIM conforming fields from the Custom fields list.

Advanced Search with Regex Values

The Advanced Search feature has been enhanced to allow you to enter Regex values.

Advanced Search Field Suggestions

The Advanced Search feature has been enhanced to allow you to select from a list of suggestions for field names and operators as you type.

Introducing Search!

Exabeam introduces a powerful new Search to enable you to quickly find logs and events in the Exabeam Security Operations Platform. The Search provides limitless EPS processing that enables search across multiple years-worth of data and threat detection in seconds. Included with Search is a query builder that guides you to enter search terms based on the available log fields. This eliminates the guesswork to identify your subjects, vendors, and products when constructing a query. The new Search also provides export capabilities for you to save and download the results of your search queries.

For more information, see the Search Guide