![]() Real-time correlation engines that can run hundreds of active correlation rules on the fly.Active and passive ways to detect and classify assets, assign risk scoring, and track configurations for unauthorized change.Detects anomalous endpoint behavior that may reflect a compromised system or account or user behavior that may signal a negligent or malicious insider.It securely caches and then streams back the telemetry it collects whenever the user is connected, including to cloud-based collectors if desired, and provides a method of monitoring users working remotely. This lightweight, kernel-level agent collects only what is required to profile normal behavior of the endpoint it’s installed on and the users who log in. Returns user information data for the username.FortiSIEM is a full-featured SIEM with an Advanced Agent for UEBA Telemetry add-on. !exabeam-get-peer-groups Human Readable Output # Exabeam Peer Groups: # Name !exabeam-get-watchlists Human Readable Output # Exabeam Watchlists: # WatchlistID There are no input arguments for this command. !exabeam-get-notable-users limit=3 time_period="1 year" Human Readable Output # Exabeam Notable Users: # UserName The time period for which to fetch notable users, such as 3 months, 2 days, 4 hours, 1 year, and so on. Base Command #Įxabeam-get-notable-users Input # Argument Name Returns notable users in a period of time. You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook.Īfter you successfully execute a command, a DBot message appears in the War Room with the command details. Possible values are: closed, closedFalsePositive, inprogress, new, pending, resolved.įirst fetch timestamp (, e.g., 12 hours, 7 days)Ĭlick Test to validate the URLs, token, and connection. Possible values are: low, medium, high, critical. Possible values are: generic, abnormalAuth, accountManipulation, accountTampering, ueba, bruteForce, compromisedCredentials, cryptomining, dataAccessAbuse, dataExfiltration, dlp, departedEmployee, dataDestruction, evasion, lateralMovement, alertTriage, malware, phishing, privilegeAbuse, physicalSecurity, privilegeEscalation, privilegedActivity, ransomware, workforceProtection. Navigate to Settings > Integrations > Servers & Services.Ĭlick Add instance to create and configure a new integration instance. In the Setup Token menu, fill in the Token Name, Expiry Date, and select the Permission Level(s).Ĭlick ADD TOKEN to apply the configuration.įor additional information, refer to Exabeam Administration Guide. Navigate to Settings > Admin Operations > Cluster Authentication Token.Īt the Cluster Authentication Token menu, click the blue + button. Generate a Cluster Authentication Token # This method won’t allow fetching incidents. This method also allows fetching incidents.ĪPI Key entered in the “password” parameter and _token in the username parameter. Basic Authentication - Providing username and password in the corresponding parameters in the configuration.In order to use the “Fetch Incident” functionality in this integration, the username must be provided also in the “Username” parameter. API Token - API token should be entered in the “API Token” parameter.This integration was integrated and tested with version 53.5 of Exabeam. The Exabeam Security Management Platform provides end-to-end detection, User Event Behavioral Analytics and SOAR. This Integration is part of the Exabeam Pack.
0 Comments
Leave a Reply. |