Skip to main content

Exabeam Security Operations Platform

This Integration is part of the Exabeam Security Operations Platform Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.10.0 and later.

Exabeam Security Operations Platform offers a centralized and scalable platform for log management. This integration was integrated and tested with version v1.0 of ExabeamSecOpsPlatform.

Configure Exabeam Security Operations Platform on Cortex XSOAR#

  1. Navigate to Settings > Integrations > Servers & Services.

  2. Search for Exabeam Security Operations Platform.

  3. Click Add instance to create and configure a new integration instance.

    Server URLTrue
    Client IDTrue
    Client SecretTrue
    Trust any certificate (not secure)False
    Use system proxy settingsFalse
  4. Click Test to validate the URLs, token, and connection.


You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.


Get events from Exabeam Security Operations Platform.

Base Command#



Argument NameDescriptionRequired
start_timeThe starting date for the search range.Required
end_timeThe ending date for the search range.Required
queryQuery, using Lucene syntax, filters log data for precise analysis.Optional
fieldsComma-separated list of fields to be returned from the search.Optional
group_byComma-separated list of fields by which to group the results.Optional
limitThe maximal number of results to return. Maximum value is 3000.Optional

Context Output#

ExabeamPlatform.Event.idStringThe unique identifier associated with the event.
ExabeamPlatform.Event.rawLogIdsStringThe raw log identifiers associated with the event.
ExabeamPlatform.Event.tierStringThe tier associated with the event.
ExabeamPlatform.Event.parsedStringWhether the event has been parsed.
ExabeamPlatform.Event.rawLogsStringThe raw logs associated with the event.

Command example#

!exabeam-platform-event-search end_time="today" start_time="7 days ago" limit=2

Context Example#

"ExabeamPlatform": {
"Event": [
"approxLogTime": 1715694190909000,
"collector_timestamp": 1715694190909000,
"customFieldsJSON": "{}",
"id": "fake",
"ingest_time": 1715694222815000,
"metadataFieldsJSON": "{\"m_collector_id\":\"aae1627e-8637-4597-9f43-e49a703a6151\",\"m_collector_name\":\"exa-cribl-logs-sm_exa_ws\",\"m_collector_type\":\"cribl-logs\"}",
"parsed": false,
"rawLogIds": [
"rawLogs": [
"ANY rawLog"
"raw_log_size": 9,
"tier": "Tier 4"
"approxLogTime": 1715694915916000,
"collector_timestamp": 1715694915916000,
"customFieldsJSON": "{}",
"id": "fictive-id",
"ingest_time": 1715694946775000,
"metadataFieldsJSON": "{\"m_collector_id\":\"aae1627e-8637-4597-9f43-e49a703a6151\",\"m_collector_name\":\"exa-cribl-logs-sm_exa_ws\",\"m_collector_type\":\"cribl-logs\"}",
"parsed": false,
"rawLogIds": [
"rawLogs": [
"CONNECT hotmail"
"raw_log_size": 59,
"tier": "Tier 4"

Human Readable Output#


IdIs ParsedRaw Log IdsRaw LogsTier
fakefalselog-ficANY rawLogTier 4
fictive-idfalserawLogIdCONNECT hotmailTier 4