Use Advanced Analytics, Case Manager, and Incident Responder in Japanese
We're introducing localized versions of Exabeam products, starting with Japanese.
Advanced Analytics, Case Manager, and Incident Responder is available in Japanese! To switch your product language, head to the Menu > Select Language.
We also introduced a new date format, ISO-slash (YYYY/MM/DD), slightly modified from the existing ISO format (YYYY-MM-DD), so you can display dates exactly how you like. Configure your system to change your dates to any of these formats.
Exabeam Documentation: Change Language in Advanced Analytics, Case Manager, and Incident Responder
Exabeam Documentation: Supported Date and Time Formats
Filter Inputs With Filter Nodes
All the data you want, without the ones you don't — filter nodes have arrived.
You use a filter node to filter out a subset of the input source, based on conditions you specify when you configure the node. The filter node outputs the remaining subset and passes it on to the next node. The next node only evaluates this remaining subset. For example, you can use a filter node to remove:
Normal domains, so the next node evaluates malicious domains only.
Allow listed URLs, so the next node evaluates block listed URLs only.
Email attachments with a risk score below 90, so the next node evaluates attachments with a risk score above 90 only.
IP addresses from other countries, so the next node evaluates IP addresses from a specific country only.
A filter node is different from a decision node because it only evaluates multiple values. You use a decision node to evaluate a single value.
Exabeam Documentation: Add a Filter Node
Exabeam Documentation: Add a Node
Exabeam Documentation: Create a Playbook
Improved Process for Uploading Custom Services
We improved the process to upload a custom service to Incident Responder.
If you created your own service or customized an existing one that comes out of the box, you can upload them to Incident Responder to run custom actions and use them in playbooks.
Now, this process is easier than ever. You upload a ZIP file that contains all the relevant files. We warn you if this affects any playbooks. If the custom service modifies an existing service, the custom service overrides the existing service and becomes the default. If you delete the service, we do the same—we warn you if it affects any playbooks, and the out-of-the-box service returns to being the default.
Exabeam Documentation: Upload a Custom Service
Exabeam Documentation: Delete a Custom Service
Introducing Turnkey Playbooks
It hasn't been easy to get started using playbooks. You had to purchase third-party services to get all the actions you need, then debug various issues when you configured those services. No fear; turnkey playbooks are here.
Turnkey playbooks are pre-configured, out-of-the-box playbooks that are ready for you to run, without having to purchase additional services to get the actions you need.
They are listed along other playbooks you created on the PLAYBOOKS page. Like a playbook you created yourself, you can run them manually or using a playbook trigger.
To modify a turnkey playbook to better suit your needs, you can also use them as a template.
With turnkey playbooks, we also introduce an in-house, free service called Exabeam Actions. It offers basic actions, like getting reputations and detonating files.
We launch turnkey playbooks with the Threat Intelligence Reputation Lookup playbook. It helps you analyze and triage suspicious emails, like potential spam and phishing emails. We will launch additional playbooks in later releases.
Exabeam Documentation: Turnkey Playbooks
Exabeam Documentation: Threat Intelligence Reputation Lookup Turnkey Playbook
Exabeam Documentation: Exabeam Actions Service