EXABEAM SECURITY MANAGEMENT PLATFORM INTEGRATIONS Inbound Data Sources for Log Ingestion and Service Integrations for Incident Response

The more data sources you have in your security incident and event management (SIEM), the better equipped you are to detect attacks. And the more security orchestration and automation response (SOAR) connections you have between your SIEM and your IT and security systems the quicker LIMITLESS SCALE WITH FLAT, PREDICTABLE PRICING you can respond. Every log and every security event matters. Not retaining your log data can create security blinds spots that prevent Exabeam Security Management Platform (SMP) has compliance or leave your organization vulnerable to attack. approximately 350 integrations with IT and security products Exabeam is designed to scale without penalizing you for the to help your analysts work smarter - providing inbound amount of data you ingest. Our flat pricing model is based integrations with data sources from vendors to easily on the number of users and devices in your environment, allow you to ingest as much data as possible; and SOAR not data volume. integrations with 3rd party vendors to help you automate and orchestrate your security response. CENTRALIZED SECURITY AUTOMATION AND ORCHESTRATION WITH 3RD PARTY INTEGRATIONS EXTENSIVE DATA SOURCES Exabeam Incident Responder integrates with approximately Exabeam ingests data from approximately 300 different 70 third party IT and security products. These integrations IT and security products to provide security analysts with help your analysts to gather evidence and attach them as the full scope of events. Exabeam Data Lake, Exabeam artifacts to incidents or quarantine affected users and assets Advanced Analytics and Exabeam Entity Analytics ingest logs until incidents are mitigated. from various sources, including VPN, endpoint, network, web, database, CASB, and cloud solutions. After ingesting the raw logs, Exabeam then parses and enriches them with contextual information to provide security analysts with the information they need to detect and investigate incidents. List of Integrations as of March 2020 INBOUND DATA SOURCES FOR LOG INGESTION • Authentication and Access Management • Network Access, Analysis and Monitoring • Business Applications Security • Physical Access and Monitoring • Cloud Access Security Broker (CASB) • Priveleged Access Management (PAM) • Cloud Security and Infrastructure • Security Analytics • Data Loss Prevention (DLP) • Security Information and Event Management (SIEM) • Database Activity Monitoring (DAM) • Threat Intelligence Platform • Email Security and Management • Utilities/Others • Endpoint Security (EPP/EDR) • VPN / Zero Trust Network Access • Firewalls • Vulnerability Management (VM) • Forensics and Malware Analysis • Web Security and Monitoring • Information Technology Service Management (ITSM) INBOUND DATA SOURCES FOR LOG INGESTION TYPE OF LOG DATA SOURCES AUTHENTICATION AND ACCESS • Adaxes • Namespace rDirectory MANAGEMENT • Brivo • NetIQ • Centrify • Novell eDirectory • Cisco Identity Service Engine (ISE) • Okta • Dell EMC RSA Authentication • OneLogin Manager • Ping Identity • Dell Quest TPAM • RSA Authentication Manager • Duo Security (Cisco) • Sailpoint SecurityIQ • Fortinet FortiAuthenticator • Secure Computing • Gemalto MFA • SecureAuth • IBM Lotus Mobile Connect • Shibboleth IDP • IBM RACF • SiteMinder • Microsoft Active Directory • SteathBits • Microsoft Azure AD • Symantec VIP • Microsoft Azure MFA • VMWare Horizon BUSINESS APPLICATIONS • Onapsis SECURITY CLOUD ACCESS SECURITY • Bitglass • McAfee SkyHigh Security Cloud BROKER (CASB) • Forcepoint CASB • Netskope • Imperva Skyfence • Symantec CloudSOC CLOUD SECURITY AND • AWS CloudTrail • Kemp INFRASTRUCTURE • AWS CloudWatch • Microsoft Azure • AWS GuardDuty • Palo Alto Networks Prisma • AWS Inspector • Pulse Secure • AWS RedShift • Qualys • AWS Shield • Salesforce Sales Cloud • Box • SkyFormation (Exabeam) • Citrix ShareFile • Symantec Data Center Security (DCS) • Dropbox Business • Thales Vormetric • Google Cloud Platform (GCP) • Verdasys Digital • Google G-Suite • WorkDay • Guardian • Xceedium • ZScaler Web Security

2 Exabeam Security Management Platform Integrations TYPE OF LOG DATA SOURCES DATA LOSS PREVENTION (DLP) • Accellion • Postfix • Code42 • Ricoh • Codegreen • RSA DLP • Digital Guardian • Safend Data Protection Suite • Forcepoint • Skysea • Forcepoint DLP • Symantec Brightmail • Fortinet UTM • Symantec Data Loss Protection • HP SafeCom • Trap-X • Imperva Counterbreach • Trend Micro OfficeScan • IMSS • Tripwire Enterprise • InfoWatch • Varonis • Lexmark • Websense DLP • Lumension • Websense ESG • Nasuni • xsuite • Palo Alto Networks Aperture • Zscaler Cloud DLP • Pharos

DATABASE ACTIVITY MONITORING • IBM Guardium • Microsoft SQL Server (DAM) • IBM Infosphere Guardium • Oracle • Imperva • Ranger Audit • McAfee MDAM • Sybase EMAIL SECURITY AND • Cisco Ironport ESA • Minecast • Clearswift SEG • Postfix MANAGEMENT • Codegreen • Proofpoint Email Protection • EdgeWave • Symantec Email Security • FireEye Email Threat Prevention • Symantec Messaging Gateway (ETP) • Trend Micro Email Inspector • Microsoft Exchange • Trend Micro IMSVA • Microsoft Office 365 • Websense ESG • Mimecast ENDPOINT SECURITY (EPP/EDR) • AppSense Application Manager • Kaspersky • Avecto • MalwareBytes • Bit9 • McAfee EPO • CarbonBlack (VMWare) • McAfee MVISION • Cisco AMP for Endpoints • Microsoft Forefront/SCEP • Cisco Threat Grid • Microsoft Windows Native Logs • Crowdstrike Falcon • ProtectWise • Cylance • Red Canary • Defendpoint • RSA Ecat • Dtex • Safend • Ensilo • Secureworks • ESET Endpoint Security • SentinelOne • F-Secure • SkySea ClientView • Fidelis XPS • Sophos • FireEye Endpoint Security (Helix) • Symantec EndPoint Protection • Forcepoint • Tanium • Fortigate • Trend Micro Apex One • IBM Trusteer • VMWare CB Defense • Invincea • Ziften FIREWALLS • Airlock Web Application Firewall • Palo Alto Networks Firewall • CheckPoint Firewall • Sangfor NGAF • Cisco FirePower • Zscaler Cloud Firewall FORENSICS AND MALWARE • FireEye IPS • Symantec Advanced Threat Protection ANALYSIS • IXIA ThreatArmor INFORMATION TECHNOLOGY • ServiceNow SERVICE MANAGEMENT (ITSM)

3 Exabeam Security Management Platform Integrations TYPE OF LOG DATA SOURCES NETWORK ACCESS, ANALYSIS • Arbor • IBM QRadar Network Security AND MONITORING • BCN • Infoblox • Cisco Meraki • Lastline • Cisco Systems • McAfee IDPS • Comware • Morphisec Nokia VitalQIP • Corelight Sensors • Palo Alto Networks WildFire • Cyphort • Quest InTrust • Darktrace • Radius • F5 Application Security Manager • RSA • Failsafe • Ruckus • FireEye Network Security (NX) • Snort • ForeScout • StealthWatch (Cisco) • Forescout CounterACT • Symantec Damballa Failsafe • Fortinet Enterprise Firewall • Tipping Point • Google Cloud Platform VPC • Vectra • Zscaler Internet Access (ZIA)

PHYSICAL ACCESS AND • AMAG Symmetry Access Control • PicturePerfect MONITORING • Badgepoint • ProWatch • CCURE • RedCloud • DataWatch • RS2 Technologies • Galaxy • Sensormatik • Honeywell • Siemens • ICPAM • Swipes • KABA EXOS • TimeLox • Lenel • Vanderbilt • OnGuard • Viscount PRIVELEGED ACCESS • BeyondTrust • Password Manager Pro MANAGEMENT (PAM) • CyberArk • Securelink • Liebsoft • Thycotic • Osirium SECURITY ANALYTICS • Alert Logic • ObserveIT (Proofpoint) • FireEye Endpoint Security (Helix) • Palo Alto Networks Cortex XDR SECURITY INFORMATION AND • ArcSight (Micro Focus) • McAfee ESM EVENT MANAGEMENT (SIEM) • Exabeam • Nitro Security • IBM QRadar • RSA Security (Dell) • LogRhythm • Splunk

THREAT INTELLIGENCE PLATFORM • Anomali ThreatStream • Cisco Umbrella

UTILITIES/OTHERS • Absolute SIEM Connector • oVirt • Accelion Kiteworks • Perforce • BIND • Ricoh (printer) • Egnyte • SafeSend • Github • Slack Enterprise Grid • iManage DMS • SSH • IPSwitch MOVEit (Progress) • Sudo • LastPass Enterprise • TitanFTP • LogBinder • Webmail OWA • Microsoft RRA VPN / • Avaya • Fortinet VPN ZERO TRUST NETWORK • Checkpoint • NetMotion Wireless ACCESS • Cisco ASA • Nortel Contivity • Citrix Netscaler • Palo Alto Prisma Access • Cognitas CrossLink • Pulse Secure • Dell • SecureNet • F5 Networks • SonicWall Aventail • Zscaler ZPA

4 Exabeam Security Management Platform Integrations TYPE OF LOG DATA SOURCES VULNERABILITY MANAGEMENT • Rapid7 InsightVM • Tenable (VM)

WEB SECURITY AND MONITORING • Bro Network Security • Symantec Fireglass • Cisco Ironport WSA • Symantec Secure Web Gateway • Cloudflare • Symantec Secure Web Gateway • Digital Arts (ProxySG) • Forcepoint Web Security • Symantec Web Security Service (WSS) • InfoWatch • Symantec WebFilter • McAfee Web Gateway • TMG • Microsoft Windows • Trend Micro InterScan Web Security Defender • Watchguard • Palo Alto Networks • Zscaler ZIA

SERVICE INTEGRATIONS FOR INCIDENT RESPONDER • Authentication and Access Management • Information Technology Service Management (ITSM) • Cloud Secuirty and Infrastructure • Security Analytics • Email Security and Management • Security Information and Event Management (SIEM) • Endpoint Security (EPP/EDR) • Threat Intelligence Platform • Firewalls • Utilities/Others • Forensics and Malware Analysis • Web Security and Monitoring SERVICE INTEGRATIONS FOR INCIDENT RESPONDER PRODUCT AREA PRODUCT ACTIONS AUTHENTICATION AND ACCESS Active Directory • Disable User Account MANAGEMENT • Enable User Account • Get User Infomation • List User Groups • Reset Password • Set New Password Duo • Disable User Account • Enable User Account • Get User Information • Send 2FA Push Okta • Add User To Group • Get User Information • Remove User From Group • Reset Password • Send 2FA Push • Suspend User • Unsuspend User CLOUD SECUIRTY AND Amazon AWS EC2 • Add Tag for EC2 Instance INFRASTRUCTURE • Remove Tag for EC2 Instance • Get EC2 Instance • AWS EC2 Security Filter Type • Describe Tags EC2 Instance • Disable Account • Enable Account • Monitor EC2 Instance • Start EC2 Instance • Stop EC2 Instance • Terminate EC2 Instance • Unmonitor EC2 Instance

Exabeam Security Management Platform Integrations 5 PRODUCT AREA PRODUCT ACTIONS EMAIL SECURITY AND Microsoft Exchange • Delete Emails MANAGEMENT Microsot Office 365 • Delete Emails by Message ID

Message Trace (Microsoft) • Search Emails by Sender

SMTP • Notification • Phishing Summary Report • NotifyUserByEmailPhishing • Send Email • Send Indicator Email • Send Template Email ENDPOINT SECURITY (EPP/EDR) CarbonBlack Defense • Delete Files • Get File • Kill Process • List Files • List Processes on host CarbonBlack Response • Ban Hash from Endpoint • Delete Files • Get Device Info • Get File • Get Endpoint Triage Data from Windows systems • Hunt File • Isolate (Contain) Host • Kill Process • List Alerts • Unblock Hash • Un-quarantine Host Cisco AMP • Get Device Info • Hunt File • Hunt IP • Hunt URL • Find Affected Hosts CrowdStrike Falcon • Get Device Info • Get Domain Reputation • Get File Reputation • Get IP Reputation • Get Process Info • List Processes on host • Hunt File • Hunt URL • Search Device(s) • Upload IOC Cylance PROTECT • Add hash to blacklist • Get Device Info • Get Device Threats • Get File Reputation • Hunt File • Remove Hash From Blacklist • Remove Hash From Whitelist • Add hash to whitelist FireEye HX • Get File • Get Containment State • Get Device Info • Get Endpoint Triage Data from Windows systems • Isolate (contain) Host • Hunt File • Hunt IP • Hunt URL • Hunt User Name McAfee EPO • Add Tag to Host • Remove Tag from Host

6 Exabeam Security Management Platform Integrations PRODUCT AREA PRODUCT ACTIONS ENDPOINT SECURITY (EPP/EDR) SentinelOne • Disable 2FA Push • CON’T Enable 2FA Push • Get Device Info • Get User Information • ListApplications on Host • List Processes on Host • Restart Host • Scan Host Symantec ATP • Quarantine Host • Un-quarantine Host • Delete Files • Get File Reputation Symantec EndPoint Protection (EPP) • Ban Hash from Endpoint • Get Device Info • Quarantine Host • Scan Host • Un-quarantine Host

Symantec Sitereview • Get URL Categories

Tanium • Get Device Info • List Sensors • Run Sensor Windows Management Instrumentation • Get List of Installed Applications • Get Endpoint Process List • Get Recently Opened Files • Get File • Get Recently Run Applications • Get Removable Devices Windows Remote Management • Get Endpoint Process List • Get List of Installed Applications • Get triage Get Endpoint Triage Data from Windows systems • Get File • Get Recently Run Applications • Get Removable Device • Get Recently Opened Files • Get Event Logs FIREWALLS Checkpoint Firewall • Block IP

Fortinet • Block IP • Unblock IP Palo Alto Firewall • Block IP • Block URL/Domain • Unblock IP • Unblock URL FORENSICS AND MALWARE Cuckoo • Detonate file in a sandbox • ANALYSIS FireEye AX Detonate URL in a sandbox Joe Security ThreatGrid • Detonate file QuickSand

Yara • Scan file • Scan text INFORMATION TECHNOLOGY Atlassian JIRA • Comment on Incident • SERVICE MANAGEMENT (ITSM) Change Ticket Status • Create External Ticket • Delete Ticket (External) • Get Ticket (External) • Re-assign Ticket ServiceNow • Create External Ticket • Update Incident (External) • Comment on Incident • Close Incident (External)

Exabeam Security Management Platform Integrations 7 PRODUCT AREA PRODUCT ACTIONS SECURITY ANALYTICS Exabeam Advanced Analytics • Add Role For User • Add User To Watchlist • Get Asset Information • Get User Information • Remove Role For User • Reset Password SECURITY INFORMATION AND ArcSight Logger • Run Query • EVENT MANAGEMENT (SIEM) Search URL in SIEM Exabeam Data Lake • Clear Context Table • List Context Tables • Replace Context Table • Run Query Elasticsearch • Run query IBM QRadar • Add IP To Reference Set • Run Query • Search SIEM for Network Connections Splunk • Search Alert in SIEM • Run Query • Search URL in SIEM THREAT INTELLIGENCE PLATFORM Anomali ThreatStream • Get Email Reputation • Get IP Reputation • Get File Reputation • Get URL/Domain Reputation Cisco Umbrella (Enforcement API) • BlockDomain Cisco Umbrella Investigate • Get Email Reputation • Get URL/Domain Reputation • Get URL/Domain Whois • Get URL/Domain Categories DomainTools • Get Domain Profile • Get Domain Reputation • Get Domain Risk Score • Reverse IP • Reverse Whois • Whois Google Safe Browsing • Get Email Reputation MxToolBox • Get URL/Domain Reputation Urlscan.io Zscaler Zulu URL Analyzer IBM X-force Exchange • Get Email Reputation • Get IP Reputation • Get URL/Domain Reputation PAN AutoFocus • Get File Reputation Proofpoint Emerging Threat Intelligence • Get Domain Analysis • Get IP Analysis • Analyze File Recorded Future • Get File Reputation • Get IP Reputation • Get URL/Domain Reputation

ScreenshotMachine • Get URL Screenshot

ThreatQuotient • Get Email Reputation • Get File Reputation • Get IP Reputation • Get URL/Domain Reputation

8 Exabeam Security Management Platform Integrations PRODUCT AREA PRODUCT ACTIONS

THREAT INTELLIGENCE PLATFORM Have I Been Pwned • Get Email Reputation CON’T ThreatConnect • Get Email Reputation • Get URL/Domain Reputation • Get IP Reputation • Get File Reputation • Get Indicators

ThreatMiner • Get IP Whois • Get URL/Domain Whois • Get File Reputation

URLVoid • Get URL Reputation

VirusTotal (Google Cloud Security) • Detonate File in a sandbox • Download File • Get Email Reputation • Get File Reputation • Get IP Reputation • Get URL/Domain Reputation

UTILITIES/OTHERS IP-API • Get Geolocation IP MaxMind GeoIP2 MaxMind GeoIP3 Jenkins • Copy Job • Create Job • Delete Job • Disable Job • Enable Job • Get Job Details • Get Last Build Info • List Jobs • List Running Builds Shodan • Lookup IP • Lookup URL Slack • Send Message WEB SECURITY AND MONITORING Zscaler • Add Blacklist URLs • Add Whitelist URLs • Get File Reputation • Get Blacklist URLs • Get Whitelist URLs • Remove Blacklist URLs • Remove Whitelist URLs

9 Exabeam Security Management Platform Integrations In addition to the above integrations, the Exabeam Security Management Platform allows analysts to take many more actions directly. If you have questions about TO LEARN MORE ABOUT HOW integrations not mentioned in this document, please send EXABEAM CAN HELP YOU, an inquiry to [email protected]. VISIT EXABEAM.COM TODAY.

ABOUT US

Exabeam is the Smarter SIEM™ company. We help security operations and insider threat teams work smarter, allowing them to detect, investigate and respond to cyberattacks in 51 percent less time. Security organizations no longer have to live with excessive logging fees, missed distributed attacks and unknown threats, or manual investigations and remediation. With the modular Exabeam Security Management Platform, analysts can collect unlimited log data, use behavioral analytics to detect attacks, and automate incident response, both on-premise or in the cloud. Exabeam Smart Timelines, sequences of user and device behavior created using machine learning, further reduce the time and specialization required to detect attacker tactics, techniques and procedures. For more information, visit https://www.exabeam.com