- Get Started with Threat Center
- Group Detections
- Work on Cases
- Triage Alerts in Threat Center
- Edit and Collaborate in Threat Center
- Find Cases or Alerts
- Build a Search in Threat Center
- Enter a Search Using Exabeam Query Language in Threat Center
- Enter a Search Using Natural Language in Threat Center
- Run a Recent Search in Threat Center
- Create a New Saved Search in Threat Center
- Run a Saved Search in Threat Center
- Edit a Saved Search in Threat Center
- Delete a Saved Search in Threat Center
- Sort Cases or Alerts
- View Case and Alert Metrics
- Get Notified About Threat Center
Threat Center
Manage your entire triage and response with Threat Center.
Threat Center is the hub on Exabeam Security Operations Platform for Threat Detection, Investigation, and Response (TDIR). It centralizes all detections, alerts, and cases so you efficiently triage and respond to potential threats with a streamlined workflow.
Detections are created when events trigger correlation rules or Advanced Analytics rules. Threat Center collects detections and groups them under alerts using detection grouping rules. In an alert, Threat Center summarizes all core information from related detections so you can assess the alert's risk. If you decide to respond to the alert, create a case directly in Threat Center.
You can create a case automatically based on conditions you define using Automation Management playbooks or manually. As you respond to the case, you assign the case to team members, add notes, and track the stages of your response.
By default, you can access 365 days of Threat Center data, including case and alert attributes, detections and related events, case notes, attachments, and case and alert history.
Threat Center is currently available for certain licenses only. Threat Center always comes with Automation Management. Permissions determine what you're permitted to see and do in Threat Center.