- Welcome to the New-Scale Security Operations Platform
- Licenses
- Get Started with the New-Scale Security Operations Platform
- Universal Role-Based Access
- Exabeam Copilot
- Monitoring
- Export Your Exabeam Data
Export Your Exabeam Data
Easily and quickly deliver your Exabeam data to a Google Cloud Storage (GCS) bucket.
You may consider exporting your Exabeam data if you no longer want to store your data with Exabeam; for legal purposes; or if your Exabeam subscription is ending and you want to save your data before your environment is destroyed.
If you have a New-Scale Security Operations portfolio license, Exabeam Security Operations portfolio license, or Fusion license, Exabeam can help you export your Search logs to a Google Cloud Storage (GCS) bucket. Exabeam currently exports Search logs only. This service is available with an additional purchase. If your Exabeam subscription is ending, it's best that you purchase the service 30 days before your subscription ends to ensure a sufficient amount of time to transfer all your data.
For a slower, no-cost method for exporting your Search logs, you can also manually export a Search query result to a comma-separated value (CSV) file. With this method, you're limited to exporting 20 million query results per day.
To notify Exabeam that you would like to export your Exabeam data to a GCS bucket, create a support case in the Exabeam Community. In the case, specify a contiguous time frame of logs you'd like exported; for example, last 30 days or last 16 months.
After you create the support case, you're asked to purchase the PS-DATA-EXPORT-1-TB SKU. If your Exabeam subscription is ending, it's best that you purchase the SKU 30 days before your subscription ends to ensure a sufficient amount of time to transfer all your data.
Create a GCS bucket. Keep in mind:
You can give the bucket any name that meets the requirements; for example, <your organization>-exa-logs.
The GCS bucket location must be the region where your Exabeam environment is deployed. You can infer the region from your Exabeam instance URL:
Exabeam Instance URL
GCS Bucket Location
<instance>.exabeam.cloud
us-west1
<instance>.eu.exabeam.cloud
europe-west3
<instance>.use1.exabeam.cloud
us-east1
<instance>.au.exabeam.cloud
australia-southeast1
<instance>.jp.exabeam.cloud
asia-northeast1
<instance>.ca.exabeam.cloud
northamerica-northeast1
<instance>sg.exabeam.cloud
asia-southeast1
<instance>.euw6.exabeam.cloud
europe-westt6
<instance>.sa.exabeam.cloud
me-central2
<instance>uk.exbeam.cloud
europe-west2
For guidance on which location to select, contact your Exabeam technical support team through the support case you created.
Grant the Exabeam service account for Google Cloud Platform specific permissions to your GCS bucket:
In New principals, enter [email protected], the identifier for the Exabeam service account.
Under Assign roles, grant the Exabeam service account the following roles:
Storage Object User (
roles/storage.objectUser)Storage Object Creator (
roles/storage.objectCreator)
In the support case, provide the name of the GCS bucket you created. After receiving the GCS bucket name, Exabeam begins exporting your data into the GCS bucket. Each week of data is separated into a folder. The folder is named event_<YYYY>_<DD>, where YYYY is the year and DD is the number of the week in that year.
The amount of time the export process takes depends on the amount of data you're exporting. After the export is complete, you're notified in the support case.