Skip to main content

New-Scale Security Operations PlatformNew-Scale Security Operations Platform Release Notes

March 2025

The New-Scale Security Operations Platform includes the following addressed features and new features for March 2025.

Cloud Collectors

Feature

Description

Mimecast Cloud Collector

The Mimecast Cloud Collector is now available as part of Cloud Collectors to facilitate data collection from the data sources Archive Search Logs, TTP Attachment Protection Logs, TTP Impersonation Protect Logs, TTP URL Logs, SIEM Logs, Archive Message View Logs, and Audit Events.

REST API Cloud Collector

The REST API Cloud Collector is now available as part of Cloud Collectors to facilitate data collection from REST API endpoints from a broad range of vendors and products.

Sophos Cloud Collector

The Sophos Cloud Collector is now available as part of Cloud Collectors to facilitate data collection from the data sources alerts and events.

Event Exploration on Search via Cloud Collectors

Now with the Open in Search option, you can open the Search application in a new tab to view a prepopulated Search query that displays details of logs related to the selected Cloud Collector instance. You can modify the Search query with parameters and timeframe to filter logs to see details specific to a Collector instance.

Early Access Collectors

Cloudflare Cloud Collector

The Cloudflare Cloud Collector is now available as part of Cloud Collectors Early Access program to facilitate data collection from the account based and zone based data sources that include Audit logs, HTTP requests, and Gateway DNS events.

The early access program offers you an opportunity to gain access to the latest cloud collectors before their official release. To participate, see Sign Up for the Early Access Program.

Google Workspace Cloud Collector

The Google Workspace Cloud Collector is now available as part of Cloud Collectors Early Access program to facilitate data collection from the data sources: Admin, Calendar, Drive, Gplus, Groups, Login, Meet, Mobile, Rules, Saml, Token.

The early access program offers you an opportunity to gain access to the latest cloud collectors before their official release. To participate, see Sign Up for the Early Access Program.

LastPass Cloud Collector

The LastPass Cloud Collector is now available as part of Cloud Collectors Early Access program to facilitate data ingestion from LastPass report events.

The early access program offers you an opportunity to gain access to the latest cloud collectors before their official release. To participate, see Sign Up for the Early Access Program.

Vectra Cloud Collector

The Vectra Cloud Collector is now available as part of Cloud Collectors Early Access program to facilitate data ingestion from the data sources Audit Log Events, and Detections.

The early access program offers you an opportunity to gain access to the latest cloud collectors before their official release. To participate, see Sign Up for the Early Access Program.

STIX/TAXII Cloud Collector

The STIX/TAXII Cloud Collector is now available as part of Cloud Collectors Early Access program to facilitate threat intelligence data collection from external sources that support the STIX/TAXII framework. You can opt to collect data about either IP addresses or domains. You can also opt to automatically generate a corresponding context table in the Context Management application that will process the data and map it to a standardized set of attributes. The context table will have the same name as the cloud collector.

The early access program offers you an opportunity to gain access to the latest cloud collectors before their official release. To participate, see Sign Up for the Early Access Program.

Recorded Future Context Cloud Collector

The Recorded Future Context Cloud Collector is now available as part of Cloud Collectors Early Access program to facilitate threat intelligence data collection from a Recorded Future Context source that supports the STIX/TAXII framework. You can opt to collect data about either IP addresses or domains. You can also opt to automatically generate a corresponding STIX/TAXII context table in the Context Management application that will process the data and map it to a standardized set of attributes. The context table will have the same name as the cloud collector.

The early access program offers you an opportunity to gain access to the latest cloud collectors before their official release. To participate, see Sign Up for the Early Access Program.

Context Management

Feature

Description

STIX/TAXII Context Tables

Context Management now supports onboarding STIX/TAXII context tables. These tables process data that is ingested by a corresponding STIX/TAXII cloud collector from an external threat intelligence source that use the STIX/TAXII framework. By default these context tables process a predetermined set of IP or domain attributes from the source collector and maps them to a set of standardized Exabeam target attributes.

The STIX/TAXII context tables are available as part of the Early Access program. During the early access period, STIX/TAXII context tables can be created from either a STIX/TAXII or a Recorded Future Context cloud collector. The early access program offers you an opportunity to gain access to the latest cloud collectors before their official release. To participate, see Sign Up for the Early Access Program, in the Cloud Collectors Administration Guide.

For more information, see STIX/TAXII Context Tables in the Context Management Guide.

Dashboards

Feature

Description

New Scheduled Reports Tab

A new Scheduled Reports tab has been introduced in the Dashboards application. The new tab provides a centralized view of all the dashboard reports you have currently scheduled for delivery via email. From the new Scheduled Reports tab you can see which dashboards are scheduled for delivery, which recipients are scheduled to receive them, and on what schedule they will be delivered. You can also control the scheduled reports, with options to Run Now, Edit, Duplicate, or Delete.

For more information about the new tab, see Navigate the Scheduled Reports Tab in the Dashboards Guide.

Multi-Org Management

Feature

Description

Add Descriptive Child Names in the Multi-Org Console

If you are managing multiple organizations in a Multi-Org console, you can now add descriptive banner names to your child organizations. You can enter user-friendly, identifiable names that help reflect the way you refer to your customers or environments.

For more information, see the Get Started section of the Multi-Org Management Guide.

New-Scale Platform

Feature

Description

Introducing Exabeam Nova

Exabeam Nova, a transformative new agentic AI tool, is now available as part of the New-Scale Security Operations Platform. Exabeam Nova is built directly into the platform and requires no additional cost or extra complexity. Exabeam Nova is designed to augment SOC team efforts by automating routine investigative tasks. It can intelligently process vast amounts of event and alert data to provide targeted insights. And it is flexible enough to generate actionable investigation summaries for analysts of different experience levels.

For more information, see Exabeam Nova in the New-Scale Security Operations Platform Administration Guide.

Outcomes Navigator

Feature

Description

Coverage Summaries

To get a high-level view of your overall security posture, you can now view a summary of your coverage across all MITRE ATT&CK® techniques and use cases.[a]

To quickly understand your security posture at a glance, you can now view an overall Use Case Coverage Score and MITRE ATT&CK Coverage Score. The overall coverage scores represent the average coverage score across all use cases or ATT&CK techniques. It is calculated once per day.

A Good Use Case Coverage Score and bar chart depicting a five percent decline in the use case coverage score over the past three months.
A Good MITRE ATT&CK Coverage Score and bar chart depicting a six percent decline in the MITRE ATT&CK Coverage Score over the past three months.

To identify trends in the overall coverage score, you can view a bar chart depicting the overall coverage score over one month, three months, or six months. You can also view the relative change of the overall coverage score over the given period and the relative change since the last time the score was calculated.

Exabeam Nova Use Case Coverage Summary is an AI-generated summary of your overall use case coverage.

The ​Exabeam Nova Use Case Coverage Summary, an AI-generated summary of your overall use case coverage.

The summary identifies:

  • The three uses cases whose coverage score has increased the most

  • The three uses cases whose coverage score has decreased the most

  • Recommendations for improving your coverage for those use cases whose coverage score has decreased

For ATT&CK techniques, this summary is under development and will be delivered in the coming months.

An AI-generated summary of your overall MITRE ATT&CK coverage is under development and will be delivered in the coming month.

[a] MITRE ATT&CK and ATT&CK are trademarks of The MITRE Corporation ("MITRE"). Exabeam is not affiliated with or sponsored or endorsed by MITRE. Nothing herein is a representation of the views or opinions of MITRE or its personnel.

Search

Feature

Description

Data Insights

Data Insights functionality was previously only available to users with one of the New-Scale licenses. It is now also available to users with any Exabeam Security Operations licenses.

The Insights tab is available in the Event Details panel for any search results that include parsed user or device information. The Insights tab provides a quick, easy way to drill into information related to events in your results. It lets you visualize what else is going on around a selected event, within specific time ranges. For example, if an event shows that a user triggered an alert, you can investigate which other assets the user has accessed in the past few days, which countries the user logged in from, or what files the user accessed.

For more information, see Data Insights in the Search Guide.

Entity Search Enhancements

The Entities tab in the Basic Search mode has been enhanced for more intuitive use and to display an increased level of detail. As part of the Exabeam True Identity functionality, the User Entity search consolidates all of the identifiers associated with a user account in your environment. In this way you can efficiently search across all the user identifiers with a single query. The process has been improved so that you can search by a user's full name or by any username or email address associated with the user account. Tooltips have been added so that you can view all of the associated names and addresses that will be included in the search results.

user-entity-selection-tooltip.png

Options are still available to search by specific user account identifiers, including username or email address. For more information, about user entity searching, see Pre-Built Basic Search Lists in the Search Guide.

This feature is currently available only if you have either the New-Scale Analytics license or the New-Scale Fusion license. For more information about these licenses, see New-Scale Security Operations Portfolio Licenses.

For more information about managing and viewing entities in your environment, see the Attack Surface Insights guide.

Site Collectors 2.7

Feature

Description

Performance Optimization for Windows and Linux File Collector

Implemented performance enhancements for Windows and Linux File Collector to facilitate processing of extra large files exceeding 20GB.

Site Collector Upgrade Options

After you upgrade to the Site Collector 2.7 version, the next releases will show options to upgrade the current Site Collector version to the latest and the most recent stable version.

Windows Server 2025 and Windows Server 2025 Core Support for Agent Collectors

The Windows Event Log Collector, Windows File Collector and Windows Archive Collector now support the Windows Server 2025 and Windows Server 2025 Core operating system.

Threat Center

Feature

Description

Threat Center Exabeam Nova Enhancement

If you have a license that includes Advanced Analytics, Exabeam Nova Analyst Assistant and Exabeam Nova Threat Summary now have a better understanding of a case or alert, considering the 50 most recently grouped detections when generating a response.[a]

If you have a New-Scale Security Operations portfolio license, you can now get more accurate and trustworthy responses with minimal hallucinations from Exabeam Nova Analyst Assistant and Copilot Threat Summary. Exabeam Nova now has a better understanding of a case or alert, considering associated entity information and all associated detections when generating a response.

Created Column

To ensure you're investigating the right case or alert, you can now view the date and time a case or alert was created and time elapsed since the case or alert was created under the Created column.

A case in the case list with the Created column highlighted with a red rectangle.

Queue and Assignee Columns

To support sorting by queue and assignee, cases now have separate queue and assignee columns.

A case in the case list with the Queue and Assignee columns highlighted with a red rectangle.

Sorting Enhancements

To help you quickly find a case or alert, you can now sort cases and alerts by three additional columns: Grouped By, Stage, Queue, and Assignee.

Filters

To view only certain kinds of cases or alerts, you can now filter cases and alerts.

For cases, you can filter by priority, grouped by value, stage, queue, and assignee.

Filters available for cases.

For alerts, you can filter by priority and grouped by value.

Filters available for alerts.

Increased Notes Character Limit

To ensure you can communicate everything you want with case notes, you can now add up to 4,000 characters in a single note.

Threat Center notes with the character limit highlighted in a red rectangle.

Threat Timeline Rule Name Enhancement

To better discern the type of rule associated with a detection, you can now see the full name of the rule type in the Threat Timeline.

An analytics rule associated with a detection in the Threat Timeline with Analytics Rule highlighted in a red rectangle.
An correlation rule associated with a detection in the Threat Timeline with Correlation Rule highlighted in a red rectangle.
An Advanced Analytics rule associated with a detection in the Threat Timeline with Advanced Analytics highlighted in a red rectangle.

[a] This tool is designed to condense security event data into easy-to-understand language, focusing on important security details. It can also answer follow-up questions and discuss security tech topics, but its accuracy might vary outside these areas. Always double-check responses for crucial decisions. Your queries and data will only be retained temporarily and won't be used for AI training. Exabeam is actively improving this tool and welcomes feedback.

Threat Detection Management

Feature

Description

Incompatible Analytics Rule Disablement

To ensure the analytics engine runs normally, the analytics engine monitors rule training and evaluation processes and prevents you from enabling analytics rules that are incompatible with your data or are highly likely to generate false positive results.

Under the Compatability, column, these analytics rules are marked as Incompatible.

Resolved Issues

Service Health and Consumption Resolved Issues

ID

Description

NGT-1887

The Health Alerts & Thresholds notification section under the App Config tab now continues to display Cribl cloud collector instances even after getting decommissioned either from Exabeam Cloud Collectors page or from Cribl console. The Cribl collector instances listed in the App Config section now have a prefix exa-cribl-logs- before the name of the collector configured from Cribl console. Fixed the associated issue in which the Cribl cloud collector instances were not listed in the Health Alerts & Thresholds notification section.

Site Collectors 2.7 Hot Fixes

Release Number

Hot Fix Description

2.7.3

Fixed an issue for collectors to ensure accurate initialization of collectors in ngscd.

2.7.2

Resolved a monitoring issue triggered by the presence of the invalid nifi components.

2.7.1

Resolved an issue that impacted the successful setup of the eStreamer collector.

Site Collectors 2.7 CVE Remediations

The following table lists the CVEs remediated for the NiFi container and their severity. For information about the Exabeam commitment to remediating vulnerabilities for Site Collectors, see the Vulnerability Remediation Policy.Vulnerability Remediation Policy

Critical

High

Medium

Low

Total: 0

Total: 0

Total: 12

Total: 4

  • CVE-2024-12133

  • CVE-2024-12243

  • CVE-2024-26462

  • CVE-2024-56171

  • CVE-2024-57360

  • CVE-2025-0840

  • CVE-2025-0927

  • CVE-2025-0938

  • CVE-2025-1390

  • CVE-2025-24528

  • CVE-2025-24928

  • CVE-2025-27113

  • CVE-2024-9143

  • CVE-2024-13176

  • CVE-2024-26458

  • CVE-2024-26461