- Site Collector Overview
- Get Started with Site Collectors
- Install Site Collector
- Set Up Collectors
- Sign Up for the Early Access Program: Site Collectors
- Choose the Right Collector based on Data Sources
- Set Up Archive Windows Collector
- Set Up Archive Linux Collector
- Set Up EStreamer Collector
- Set Up Fortinet Collector
- Set Up IBM Security QRadar Collector
- Set Up Kafka Collector
- Set Up Splunk Collector
- Set Up Linux File Collector
- Set Up Microsoft SQL Collector
- Set Up MySQL Collector
- Set Up Oracle Collector
- Set Up Syslog Collector
- Set Up Windows Active Directory Collector
- Set Up Windows Event Log Collector
- Set Up Windows File Collector
- Manage Site Collectors
- Apply Antivirus Exclusions
- Migrate to the New-Scale Site Collectors Service
- Modify Collector Configuration
- Modify a Site Collector Instance
- Manage Templates
- Monitor Log Sources
- Add Filters to Set Egress Log Filtering Conditions
- New Site Collector Management Service NGSCD
- Regenerate Certificates for Collectors
- Upgrade the Site Collector
- Upgrade the Site Collector Specifications
- Vulnerability Remediation Policy
- Site Collector Monitoring
- Troubleshoot the Site Collector
- Pre-checks failed during Site Collector installation and upgrade
- Site Collector UI shows the status INSTALLATION_ERROR
- Download Support Packages for Troubleshooting
- How to reboot the Virtual Machine (VM) successfully to apply security updates?
- What information must be added while creating a support ticket to resolve an issue?
- Site Collector UI is not displaying the heartbeats
- Splunk Collector can't be set up
- Splunk Collector is set up however, logs are not reaching DL/AA
- Only a few of the installed Splunk Collectors are processing logs or EPS has dropped by 50% as compared to last hour
- The Windows Active Directory Collector (formerly known as LDAP Collector) is set up, however, the context data is not reaching DL/AA
- The Windows Active Directory Collector (formerly known as LDAP Collector) is stuck in the ‘Update’ mode after deployment
- Installation is initiated; however, the collector shows the status as ‘Setting Up’ for some time
- Data Lake and Advanced Analytics Does Not Show Context Data
- Context Data from Windows Active Directory Collector is Segmented
- Minifi Permission Denied - Logback.xml File Missing and Config File Update - Failed Error Occurred while Installing the Windows Event Log Collector
- Where should I upload proxy certificates if I am running proxy with TLS interception?
- How to upgrade Linux collector instance?
Vulnerability Remediation Policy
This policy describes Exabeam’s approach to addressing Common Vulnerabilities and Exposures (CVEs) in Site Collector.
The Site Collector Core application consists of three containers: nifi, minifi, and toolkit. Each container has an OS layer, a JVM layer, and Linux utilities that are installed. A fixable CVE is defined as any CVE that has been fixed by the respective open source software community, as of the day the new Exabeam release gets ratified by engineering. Such CVE will be remediated in that release for the OS layer, JVM layer, and Linux utilities that are installed in each container.
Each container also contains software from the Apache NiFi community. NiFi is a critical operational component for the site collector and updating it requires extensive regression testing. Exabeam will update NiFi software (minor or major version as determined feasible by engineering) every quarter, and then any CVEs remediated by the Apache NiFi community as of that time will get remediated.
The CVEs that are remediated in a specific release are listed in the addressed issues section of the release notes. Any Critical CVEs that remain unresolved despite the above mentioned steps are listed in the known issues section of the release notes along with the impact.
Refer to the Known Issues and Resolved Issues section for Site Collectors in the New-Scale Security Operations Platform Release Notes.