The Exabeam Security Operations Platform offers organizations faster and more accurate threat detection, investigation, and response (TDIR). It provides flexible choices for SIEM and threat detection, investigation, and response. The platform features shared capabilities across all products, delivered as apps that operate with any license entitlement, including Collectors, Search, Log Stream, Reporting and Dashboards, Correlation Rule Builder, Outcomes Navigator, Service and Health Monitoring, and a Threat Intelligence Service. Additional capabilities such as UEBA, automation, timelines, and advanced triage can be easily provisioned and entitled for any existing cloud-native platform or new user. The platform's architecture allows you to start with the full offering or try base capabilities and add more over time. It supports a best-of-breed, multi-vendor strategy, integrating with numerous on-premises and cloud-delivered security products, cloud infrastructure products, SaaS productivity apps, and top cloud infrastructure vendors.

Features:

• MODULAR PLATFORM DESIGN: All capabilities delivered as license entitlements or platform apps. The platform architecture provides shared capabilities, apps that operate with any license entitlement. You can start small and grow your capabilities as you need more sophistication.
• CLOUD-SCALE SECURITY LOG MANAGEMENT: Log management built for security use cases. Modern log management forms the foundation and is designed to support security use cases. Ingest, parse, store, and search log data efficiently at scale, with rapid ingestion and high-speed query performance.
• EXPANSIVE DATA COLLECTION: Supports best-of-breed, multi-vendor strategy. An open platform supporting 200+ on-premises products, 34 cloud-delivered security products, and 21 cloud infrastructure products. It also integrates with 11 SaaS productivity apps and the top three cloud infrastructure vendors.
• RAPID DATA INGESTION AND PARSING: Centralized console for parser management. The platform delivers rapid log ingestion processing, sustaining over 2M EPS. Use the Log Stream app’s central console to visualize, create, deploy, and monitor parsers within a unified ingestion pipeline for all Exabeam products and features.
• SECURITY-SPECIFIC COMMON INFORMATION MODEL: Transform raw logs into meaningful events. At the core of the platform’s data ingestion is a security-specific Common Information Model (CIM), providing normalized, actionable logs for faster and easier parsing, storage, management, and search.
• ALIGNED WITH OUTCOMES: Easily support your most strategic use cases. Automatically visualize your use case and MITRE ATT&CK® coverage against data ingested into the platform. Get recommendations for improving coverage and report easily to stakeholders.
• EASILY BUILD NEW CORRELATIONS: Build custom correlations for unique requirements. The platform provides a single interface to write, test, publish, and monitor custom correlation rules for your most critical business entities and assets. Define higher-criticality rules for advanced threats sourced from our Threat Intelligence Service.
• INDUSTRY-LEADING UEBA: Understand normal user and device behavior. The platform offers powerful UEBA capabilities with more than 1,800 rules and 750+ behavioral models. Automatically learn normal behavior of users and devices and establish baselines, enabling the detection, prioritization, and response to anomalies based on risk.
• AUTOMATED TIMELINES: Incident history visualization. An automated timeline organizes all anomaly and correlated security events chronologically, conveying a comprehensive incident history. Each event is risk-scored, reducing the need for analysts to write hundreds of queries.
• AUTOMATE THE TDIR WORKFLOW: Streamline response actions and complex tasks. Automate the TDIR workflow to gain a comprehensive view of a threat, escalate events to cases quickly, reduce manual routines, and simplify complex tasks.
• PRE-BUILT REPORTING AND DASHBOARDS: Build a dashboard in a minute.