SearchExabeam Search Guide

Table of Contents

Exabeam Search Overview

The Exabeam Search provides an intuitive interface that enables you to quickly find logs and events in Cloud Archive. The Search provides limitless EPS processing that enables you to search across multiple years-worth of logs and detect threats in seconds.

Searches in Exabeam products provide visual and contextual options for filtering, extracting, and honing your data analysis. Timeline, default filters, and detailed queries are available.

One of the primary activities of a SOC is searching the log repository for specific events. For example, searching for the activities of a specific user in a given time frame. Searching is the first step of any investigation. It is where you access all your logs and filter through them, looking for events that match your criteria.

You can interactively explore your Cloud Archive data from Exabeam Search. You have access to every event that matches the search query within the selected date and time range. You can submit search queries, filter the search results, and view event data. You can also see the number of events that match the search query and get field value statistics. The distribution of events over time is displayed in a histogram at the top of your search results.

The following image illustrates where Exabeam Search is integrated into the overall schema of the Exabeam Security Operations Platform:

SearchHighLevelArchitecture.png

Features of Exabeam Search

This table gives a short overview of the various features in Exabeam Search. Subsequent chapters will describe these features, and how to use them, in more detail.

Feature

Description

Query Builder

The Query Builder feature allows you to select from prebuilt lists of subjects, vendors, products, and fields to build a query.

Advanced Search

The Advanced Search feature allows you to construct your own query,

Saving Searches

Exabeam Search allows you to save and reuse your searches, enabling you to reload query results quickly.

Search Results

When a search has completed, the results of your search are displayed directly below the Search Bar, including a timeline view of events, and an events list.

Exporting Search Results

The export search results feature allows you to download the search results to your local computer.