Exabeam Security Operations Platform
Exabeam Security Operations Platform Pack.#
This Integration is part of theSupported versions
Supported Cortex XSOAR versions: 6.10.0 and later.
Exabeam Security Operations Platform offers a centralized and scalable platform for log management. This integration was integrated and tested with version v1.0 of ExabeamSecOpsPlatform.
#
Configure Exabeam Security Operations Platform on Cortex XSOARNavigate to Settings > Integrations > Servers & Services.
Search for Exabeam Security Operations Platform.
Click Add instance to create and configure a new integration instance.
Parameter Required Server URL True Client ID True Client Secret True Trust any certificate (not secure) False Use system proxy settings False Click Test to validate the URLs, token, and connection.
#
CommandsYou can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
#
exabeam-platform-event-searchGet events from Exabeam Security Operations Platform.
#
Base Commandexabeam-platform-event-search
#
InputArgument Name | Description | Required |
---|---|---|
start_time | The starting date for the search range. | Required |
end_time | The ending date for the search range. | Required |
query | Query, using Lucene syntax, filters log data for precise analysis. | Optional |
fields | Comma-separated list of fields to be returned from the search. | Optional |
group_by | Comma-separated list of fields by which to group the results. | Optional |
limit | The maximal number of results to return. Maximum value is 3000. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
ExabeamPlatform.Event.id | String | The unique identifier associated with the event. |
ExabeamPlatform.Event.rawLogIds | String | The raw log identifiers associated with the event. |
ExabeamPlatform.Event.tier | String | The tier associated with the event. |
ExabeamPlatform.Event.parsed | String | Whether the event has been parsed. |
ExabeamPlatform.Event.rawLogs | String | The raw logs associated with the event. |
#
Command example!exabeam-platform-event-search end_time="today" start_time="7 days ago" limit=2
#
Context Example#
Human Readable Output#
Logs
Id Is Parsed Raw Log Ids Raw Logs Tier fake false log-fic ANY rawLog Tier 4 fictive-id false rawLogId CONNECT hotmail Tier 4