How to Enable Cross-Origin Resource Sharing Protection

Cross-Origin Resource Sharing (CORS) is a browser standard which allows for the resources or functionality of a web application to be accessed by other web pages originating from a different domain. CORS protection is available for Exabeam Advanced Analytics and Data Lake and enabled by default in Data Lake i34.6 or Advanced Analytics i53.6 and later versions. Older versions of Advanced Analytics and Data Lake may manually harden or upgrade to a hardened supported version (Advanced Analytics i53.6 or later and Data Lake i34.6 or later) to enable the security configuration by default.

For information about enabled versions, see Exabeam Hardening.

To manually enable CORS protection when it is not enabled by default, apply the following:

For all deployments, the /opt/exabeam/config/common/web/custom/application.conf file at each master host needs to be configured to enable CORS protection at service startup. Edit webcommon.service.origins parameter the CONF file to match your Exabeam service domain:
```
webcommon.service.origins = ["https://*.exabeam.<your_organization>.com:<listener_port>", <...additional_origins...>]
```
Here's an example with 2 service origins:
```
webcommon.service.origins = ["https://*.exabeam.org-name.com", "https://*.exabeam.org-name.com:8484"]
```
Restart web-common to enable CORS protection.
```
. /opt/exabeam/bin/shell-environment.bash
web-common-restart
```
Note
Log ingestion will not be interrupted during the restart. web-common can take up to 1 minute to resume services.

Exabeam Security Management PlatformExabeam Operational Hardening

Table of ContentsTable of Contents

How to Enable Cross-Origin Resource Sharing Protection

Note