- New Search Features
- Known Issues in Search
- Addressed Issues in Search
- Search Issues Addressed in July 2024
- Search Issues Addressed in May 2024
- Search Issues Addressed in March 2024
- Search Issues Addressed in January 2024
- Search Issues Addressed in November 2023
- Search Issues Addressed in September 2023
- Search Issues Addressed in August 2023
- Search Issues Addressed in July 2023
- Search Issues Addressed in June 2023
- Search Issues Addressed in May 2023
- Search Issues Addressed in April 2023
- Search Issues Addressed in February 2023
- Search Issues Addressed in January 2023
Search Features Introduced in 2025
January 2025
Feature | Description |
|---|---|
Support for Device Context Tables | You can now include device context tables in both Basic and Advanced search queries, allowing you to search for information about devices in your environment. Specifically, you can now search for results in the following types of device context tables:
For more information, see Context Tables in Search in the Search Guide. |
Relative Time Range Option | A new Relative time range option is now available when building your Search queries. It provides a more precise and flexible approach to searching within a relative time range. The Quick time range options are still available but with the Relative option, you are not limited to fixed choices. You can specific a relative start and end date, such as 1 to 3 months ago. The relative options are translated into specific dates, which are displayed in the time range selector box, as shown below.  |
Guardrails for Pipe Operator Use | New guardrails have been introduced for the use of the pipe operator in the Advanced search mode. They provide warnings to help prevent overuse or misuse of pipe operators in ways that can be slow and inefficient. When you write a query with a pipe operator that could more effectively be written with an AND operator or a WHERE clause, a warning is displayed below the search bar.  For more information, see the Pipe Operator section of Query Using Advanced Query Language Operators in the Search Guide. |
Timeline View of Search Results | Exabeam introduces a new Timeline view of search results that brings the investigational timeline experience into the Search application. Analysts and threat hunters can use the Timeline view as a starting point for investigating risky or anomalous events while still leveraging the granular filtering capabilities of the Search application. The Timeline view is designed specifically with this task in mind. It's visually organized so that detection events are easy to spot and investigate. You can drill into the detections or the associated events to find detailed information and data insights. For more information, see Timeline View of Search Results in the Search Guide. This feature is currently available only if you have one of the New-Scale licenses. For more information see New-Scale Security Operations Portfolio Licenses. |
Rule Details Panel | A new Rule Details panel is available for viewing detailed rule information when search results return detection events. This new panel facilitates interactions with events that may represent a security threat or anomalous behavior. The panel includes a raw log message, a full list of parsed fields, and an expandable list of any rules associated with the detection event. For more information see Rule Details in the Search Guide. This feature is currently available only if you have one of the New-Scale licenses. For more information see New-Scale Security Operations Portfolio Licenses. |
Data Insights | A new Insights tab is available in the Event Details panel for any search results that include parsed user or device information. The Insights tab provides a quick, easy way to drill into information related to events in your results. It lets you visualize what else is going on around a selected event, within specific time ranges. For example, if an event shows that a user triggered an alert, you can investigate which other assets the user has accessed in the past few days, which countries the user logged in from, or what files the user accessed. For more information, see Data Insights in the Search Guide. This feature is currently available only if you have one of the New-Scale licenses. For more information see New-Scale Security Operations Portfolio Licenses. |
Entity Searching | A new Entities tab has been added to the pre-built search lists in the Basic Search window. From the new tab you can search user and entity accounts using more of the enriched data than is available by searching with common event fields. For more information, see Pre-Built Basic Search Lists in the Search Guide. This feature is currently available only if you have one of the New-Scale licenses. For more information see New-Scale Security Operations Portfolio Licenses. |