Exabeam Security Investigation

Exabeam Security Investigation


Leveraging the UEBA capabilities of Exabeam Security Analytics, and the unique ability to run on top of a third-party legacy SIEM or data lake, Exabeam Security Investigation adds content, workflows, and automation to provide outcome-focused TDIR capabilities. To help standardize around TDIR best practices, Security Investigation includes prescribed workflows for ransomware, phishing, malware, compromised insiders, and malicious insiders and pre built content (e.g., MITRE ATT&CK framework) that focus on specific threat types and techniques to achieve more repeatable and successful TDIR. Security Investigation takes in logs, and upon intake normalizes and parses them via CIM with data enrichment and threat intelligence to build events — offering over 1,800 fact-based correlation rules including cloud infrastructure security and over 750 behavioral model histograms that automatically baseline normal behavior of users and devices to detect, prioritize, and respond to anomalies based on risk. With Exabeam Security Investigation, analysts are able to run their end-to-end TDIR workflows from a single control plane that performs automation of highly manual tasks such as alert triage with dynamic alert prioritization, detailed incident investigation, and incident response with options to add on hundreds of SOAR integrations. Turnkey Playbooks allow security operations to accelerate investigations, reduce response times, and ensure consistent, repeatable results.


Key Features:

  • Collectors
  • Log Stream
  • Common Information Model (CIM)
  • Anomaly Search
  • Reporting and Dashboards
  • Correlation Rules
  • Pre-built Correlation Rules
  • Outcomes Navigator
  • Threat Intelligence Service
  • Service Health and Consumption
  • Advanced Analytics
  • Context Enrichment
  • Alert and Case management
  • Turnkey Playbooks
  • Incident Responder
  • Dynamic Alert Prioritization
  • MITRE ATT&CK Coverage

Download Datasheet

See More