Exabeam SOC PlatformExabeam SOC Platform Administration Guide

Table of Contents

Welcome to the Exabeam SOC Platform

The Exabeam SOC Platform is a cloud-delivered, comprehensive solution for collecting and analyzing log data to detect security threats and automate incident responses. The Exabeam SOC Platform expedites the provisioning and consumption of new security management applications, tools, and content. It offers single sign-on access to Exabeam products and centralized identity management.

As an alternative to the cloud-delivered Exabeam SOC Platform, Exabeam also offers the on-premises Exabeam Security Management Platform.

Exabeam SOC Platform Architecture

exabeam-soc-platform-architecture.png

The Exabeam SOC Platform ingests logs using Exabeam Cloud Connectors and Site Collectors.

  • Exabeam Site Collectors – Securely and efficiently upload event data from on-premises services such as external servers, systems, data centers, or Exabeam collectors (including Windows, File, and GZip) to Exabeam cloud-delivered services in the Exabeam SOC Platform. For more information, see the Site Collector Guide.

  • Exabeam Cloud Connectors – Provide prebuilt, turnkey connectors for over 30 cloud applications and services. Cloud connectors facilitate log ingestion into Exabeam Data Lake, Exabeam Advanced Analytics, or any other SIEM. To minimize blind spots within your organization, cloud connectors also provide additional custom connectors for services not natively supported.

Depending on your Exabeam Fusion License type, Exabeam can also provide additional XDR and SIEM capabilities for log storage and Threat Detection Investigation and Response (TDIR).

For Exabeam Fusion XDR, these services can include:

  • Exabeam Advanced Analytics – Advanced behavioral analytics platform that automatically links and analyzes user and entity activity to better inform security analysts about threats and remediation options. Advanced Analytics provides a powerful analytics layer on top of existing SIEM and log management technologies, to detect new attacks, prioritize incidents, and guide you to provide a more effective response. For more information, see the Advanced Analytics Administration Guide and the Advanced Analytics User Guide.

  • Alert Triage – A cloud-delivered application that categorizes, aggregates and enriches security alerts that enables you to dismiss or escalate security alerts confidently and efficiently. Alert Triage provides visibility into all of the alerts that security tools trigger through a centralized view, reducing the likelihood of missing a security alert. For more information, see the Alert Triage documentation.

  • Incident Responder – Provides automated, repeatable investigation and response capabilities. To reduce human error and manual investigation effort, Incident Response also provides semi and fully-automated incident investigation and response actions with repeatable pre-built playbooks for common incidents. For more information, see the Incident Responder documentation.

  • Case Manager – Organize, track, and streamline your investigation with Case Manager. Case Manager is a customizable case management solution with ticketing, messaging, and Key Performance Indicator (KPI) dashboards. It organizes and tracks investigations so you are more efficient and productive. For more information, see the Case Manager documentation.

  • Action Editor – Create your own Incident Responder service and actions using Action Editor. This application is included on the Exabeam SOC Platform to all Incident Responder users. It guides you through the process to customize an out-of-the-box service and actions or create your own custom service and actions from scratch. For more information, see the Action Editor documentation.

For Exabeam Fusion SIEM, these services can include:

  • Data Lake – A log management system that provides collection, indexing, search, and visualization across your logs. The goal of Data Lake is to present log data to the user in a clear and consumable manner. For more information, see the Data Lake Administration Guide and the Data Lake User Guide.

  • Cloud Archive – Cloud-based log storage service that provides long-term data retention along with search capabilities. Similar to Exabeam Data Lake, Cloud Archive presents log data in a clear and consumable manner. While Data Lake goes further in providing visualization, dashboards, and other reporting functionalities, Cloud Archive excels in providing an affordable storage cost while preserving search capabilities. For more information, see the Cloud Archive documentation.