Skip to main content

Exabeam Security Operations PlatformExabeam Security Operations Platform Administration Guide

Secured Resources

The Secured Resources feature enables you to tailor data visibility to suit the needs of the different Exabeam user roles in your organization. In other words, you can enhance security and enforce data governance policies by allowing users to access only the data that they need to perform their jobs.

Note

Secured Resources works by limiting data access in user roles as opposed to allowing access. As such, user roles with no secured resources assigned to them will have unlimited data access.

When you add a secured resource, you create a query to filter the data that users see. For example, if you want to have a team that focuses only on Cisco and IBM events involving the alert-trigger activity type, you would define the resource as vendor:("Cisco","IBM") AND activity_type:"alert-trigger".

Secured Resources can be added to user roles that are attached to any of the following products: Correlation Rules, Dashboards, and Search.

Secured-Resources-OV-Page.png

Add a Secured Resource

Note

To manage secure resources, you need to be an Administrator with full access to your organization's Exabeam subscription.

  1. Log in to the Exabeam Security Operations Platform.

  2. On the lower-left side of the page, click the settings icon SOC-Platform-Settings-Icon.png, and then click Secured Resources.

    The Secured Resources page opens.

  3. Click the New Resource button.

    SR-New-Resource-Button.png

    The New Secured Resource page opens.

  4. Enter a Name for the resource.

  5. Enter a Description of the resource.

  6. Build a query to define the resource by doing one of the following:

    • To manually enter the query, select the Manual-Search-Icon.png icon and then type the query in the search bar.

    • To use the query builder to define the resource, select the Query-Builder-Icon.png icon, click in the search bar to display the query builder, and then do the following:

      1. Select a data field.

        Tip

        Use the search box to quickly find the field you're seeking.

        SR-Query-Builder-Search.png
      2. Select an operator and enter a field value.

      3. Repeat steps a and b as needed to build the query.

        Note

        For information on building queries, see Query Builder in the Exabeam Search Guide.

  7. (Optional) To verify that the query is yielding the intended results, click the Test button.

    Exabeam Search opens in a new browser tab and displays the query results.

  8. From the Roles drop-down menu, select the user role(s) that you want assigned to this resource.

  9. Click Create.

    SR-New-Secured-Resource-Create.png

    The new resource is added to the list on the Secured Resources page.

    Note

    For users who are logged into one of the affected products (Correlation Rules, Dashboards, or Search), the new data restrictions will not take effect until they clear their cookies or the cookies expire.

Edit or Delete a Secured Resource

Note

To manage secure resources, you need to be an Administrator with full access to your organization's Exabeam subscription.

  1. Log in to the Exabeam Security Operations Platform.

  2. On the lower-left side of the page, click the settings icon SOC-Platform-Settings-Icon.png, and then click Secured Resources.

    The Secured Resources page opens.

  3. Click the more menu icon Vertical-Ellipsis-ECP.png for the resource that you want to edit or delete.

  4. Do one of the following:

    • To delete the resource, click Delete, and then click Delete again to confirm the action.

    • To edit the resource, click Edit to open the Edit Secured Resource page. Edit the resource definitions as needed, and then click Update.