Data Sheet Exabeam Security Management Platform Integrations Inbound Data Sources for Log Ingestion and Service Integrations for Incident Response
The more data sources you have in your security and enriches them with contextual information to incident and event management (SIEM), the better provide security analysts with the information they equipped you are to detect attacks. And the more need to detect and investigate incidents. incident response (SOAR) connections you have between your SIEM and your IT and security systems Behavioral Analytics Extended to the Cloud the quicker you can respond. Exabeam Cloud Connectors are pre-built connectors Exabeam Security Management Platform (SMP) has that enable security teams to easily collect logs from over 500 integrations with IT and security products to over 40 popular cloud services such as AWS, GitHub, help your analysts work smarter –providing myriad of Google, Microsoft, Salesforce and others. They allow inbound of data sources from many vendors including enterprises to detect threats using behavior analytics cloud applications; and response integrations in their cloud applications. They also extend any with 3rd party vendors to help you automate and compliance-based security requirements to orchestrate your security response. the cloud.
Extensive Data Sources Centralized Security Automation and Orchestration with 3rd Party Integrations Exabeam ingests data from over 500 different IT and security products to provide security analysts Exabeam Incident Responder integrates with with the full scope of events. Exabeam Data Lake, approximately 85 third party IT and security products. Exabeam Advanced Analytics and Exabeam Entity These integrations help your analysts to gather Analytics ingest logs from various sources, including evidence and attach them as artifacts to incidents or VPN, endpoint, network, web, database, CASB, and quarantine affected users and assets until incidents cloud solutions. are mitigated. After ingesting the raw logs, Exabeam then parses Data Sheet Exabeam Security Management Platform Integrations
Inbound Data Sources for Log Ingestion
List of Integrations as of February 2021
Ś Authentication and Access Management Ś IoT/OT Security Ś Applications Security and Monitoring Ś Network Access, Analysis and Monitoring Ś Cloud Access Security Broker (CASB) Ś Physical Access and Monitoring Ś Cloud Security and Infrastructure Ś Privileged Access Management (PAM) Ś Data Loss Prevention (DLP) Ś Security Analytics Ś Database Activity Monitoring (DAM) Ś Security Information and Event Management (SIEM) Ś Email Security and Management Ś Threat Intelligence Platform Ś Endpoint Security (EPP/EDR) Ś Utilities/Others Ś Firewalls Ś VPN Servers Ś Forensics and Malware Analysis Ś Vulnerability Management (VM) Ś Information Technology Service Management (ITSM) Ś Web Security and Monitoring
Type of Log Data Sources
Authentication and Ś Adaxes Ś NetIQ Access Management Ś Brivo Ś Novell eDirectory Ś Centrify Ś Okta Ś Cisco Identity Service Engine (ISE) Ś OneLogin Ś Dell EMC RSA Authentication Ś OneSpan Ś Manager Ś OpenDJ LDAP Ś Dell Quest TPAM Ś Oracle Access Manager Ś Dell RSA Authentication Manager Ś Ping Identity Ś Duo Security (Cisco) Ś Sailpoint IdentityNow Ś Entrust IdentityGuard Ś Sailpoint SecurityIQ Ś Fortinet FortiAuthenticator Ś Secure Computing Ś Gemalto MFA Ś Secure Envoy Ś HelpSystems BoKs Ś SecureAuth Ś IBM Lotus Mobile Connect Ś Shibboleth IDP Ś IBM RACF Ś SiteMinder Ś ManageEngine ADManager Ś Specops Ś Microsoft Active Directory Ś StealthBits Ś Microsoft Azure AD Ś SunOne LDAP Ś Microsoft Azure MFA Ś Symantec VIP Ś Namespace rDirectory Ś VMWare Horizon
Application Security Ś Atlassian BitBucket Ś Microsoft OneDrive and Monitoring Ś Citrix ShareFile Ś Onapsis Ś Citrix XenApp Ś PowerSentry Ś GitHub Ś Silverfort Ś Google Drive Ś Swivel Ś Juniper OWA Ś VMware VCenter Ś LEAP Ś Zlock Ś Microsoft AppLocker
Cloud Access Security Ś Bitglass Ś Microsoft CAS Broker (CASB) Ś Forcepoint CASB Ś Netskope Ś Imperva Skyfence Ś Palo Alto Networks Prisma SaaS (Aperture) Ś McAfee SkyHigh Security Cloud Ś Symantec CloudSOC
exabeam.com 02 Data Sheet Exabeam Security Management Platform Integrations
Type of Log Data Sources
Cloud Security Ś AWS CloudTrail Ś NetApp and Infrastructure Ś AWS CloudWatch Ś Palo Alto Networks Prisma Ś AWS GuardDuty Ś Pulse Secure Ś AWS Inspector Ś Qualys Ś AWS RedShift Ś Salesforce Sales Cloud Ś AWS Shield Ś SAP Ś Box Ś SkyFormation (Exabeam) Ś Citrix ShareFile Ś Symantec Data Center Security (DCS) Ś Dropbox Business Ś Thales Vormetric Ś Google Cloud Platform (GCP) Ś Verdasys Digital Ś Google G-Suite Ś WorkDay Ś Guardian Ś Xceedium Ś Kemp Ś Zoom Ś Microsoft Azure Ś ZScaler Web Security
Data Loss Ś Accellion Kiteworks Ś Nasuni Prevention (DLP) Ś Cisco CloudLock Ś Palo Alto Networks Aperture Ś Code42 Incydr Ś Pharos Ś Codegreen Ś Postfix Ś Digital Guardian Ś Ricoh Ś Forcepoint Ś RSA DLP Ś Forcepoint DLP Ś Safend Data Protection Suite Ś Fortinet UTM Ś Skysea Ś GTB GTBInspector Ś Symantec Brightmail Ś HP SafeCom Ś Symantec Data Loss Protection Ś iManage Ś Trap-X Ś Imperva Counterbreach Ś Trend Micro OfficeScan Ś IMSS Ś Tripwire Enterprise Ś InfoWatch Ś Varonis Data Security Platform Ś Kaspersky Enterprise Security Ś Websense DLP Ś Lexmark Ś xsuite Ś Lumension Ś Zscaler NSS Ś McAfee Advanced Threat Defense
Database Activity Ś IBM Guardium Ś MySQL Monitoring (DAM) Ś IBM Infosphere Guardium Ś Netwrix Auditor Ś Imperva SecureSphere Ś Oracle DB Ś jSonar SonarG Ś PostgreSQL Ś MariaDB Ś Ranger Audit Ś McAfee MDAM Ś Snowflake Ś Microsoft SQL Server Ś Sybase
Email Security Ś Cisco Ironport ESA Ś Postfix and Management Ś Clearswift SEG Ś Proofpoint Email Protection Ś Codegreen Ś Symantec Email Security Ś FireEye Email Threat Prevention (ETP) Ś Symantec Messaging Gateway Ś Microsoft Exchange Ś Trend Micro Email Inspector Ś Microsoft 365 Ś Trend Micro IMSVA Ś Mimecast Email Security Ś Websense ESG
exabeam.com 03 Data Sheet Exabeam Security Management Platform Integrations
Type of Log Data Sources
Endpoint Security (EPP/EDR) Ś AppSense Application Manager Ś Contrast Security Ś Avecto Defendpoint Ś Crowdstrike Falcon Ś Bit9 Ś Cybereason Ś Bromium Advanced Endpoint Security Ś Cylance Ś BusinessObject Ś Defendpoint Ś CarbonBlack (VMWare) Ś Dtex Systems Ś Cisco AMP for Endpoints Ś Elastic Endgame EDR Ś Cisco Threat Grid Ś Ensilo
Endpoint Security Ś ESET Endpoint Security Ś MobileIron EMM (EPP/EDR) - CON’T Ś F-Secure Ś ProtectWise Ś Fidelis XPS Ś Red Canary Ś FireEye Endpoint Security (Helix) Ś RSA ECAT Ś Forcepoint Ś Safend Ś Fortigate Ś Secureworks Ś IBM Endpoint Manager Ś SentinelOne Ś Invincea Ś SkySea ClientView Ś Kaspersky Ś Sophos Ś MalwareBytes Ś Symantec EndPoint Protection Ś McAfee EPO Ś Tanium Ś McAfee MVISION Ś Trend Micro Apex One Ś Microsoft Forefront/SCEP Ś VMWare CB Defense Ś Microsoft Windows Native Logs Ś Ziften
Firewalls Ś Airlock Web Application Firewall Ś Palo Alto Networks Firewall Ś CheckPoint Firewall Ś pfSense Ś Cisco FirePower Ś Sangfor NGAF Ś Forcepoint NGFW Ś Sophos Firewall Ś Fortinet Enterprise Firewall Ś Zscaler Cloud Firewall Ś Huawei Enterprise Network Firewall
Forensics and Ś Attivo BotSink Ś IXIA ThreatArmor Malware Analysis Ś CenturyLink Adaptive Threat Intelligence Ś Symantec Advanced Threat Protection Ś FireEye IPS Ś Wazuh
Information Technology Ś ServiceNow Service Management (ITSM)
IoT/OT Security Ś Armis Ś Nozomi Networks
exabeam.com 04 Data Sheet Exabeam Security Management Platform Integrations
Type of Log Data Sources
Network Access, Analysis Ś AlgoSec Analyzer Ś Infoblox and Monitoring Ś Arbor Ś Lastline Ś Aruba Networks Ś LogMeIn RemotelyAnywhere Ś Attivo Networks Ś McAfee IDPS Ś AWS Bastion Ś Microsoft NPS Ś BCN Ś Morphisec Nokia VitalQIP Ś BlueCat Networks Adonis Ś Ordr SCE Ś CatoNetworks Ś Palo Alto Networks WildFire Ś Cisco Meraki Ś Quest InTrust Ś Cisco Systems Ś Radius Ś Comware Ś RSA Ś Cyphort Ś Ruckus Ś Darktrace Ś Snort Ś ExtraHop Reveal(x) Ś StealthWatch (Cisco) Ś Extreme Networks Ś Symantec Damballa Failsafe Ś F5 Application Security Manager Ś Synology NAS Ś Failsafe Ś Tipping Point Ś FireEye Network Security (NX) Ś TrapX Ś ForeScout Ś Trend Micro TippingPoint NGIPS Ś Forescout CounterACT Ś Tufin SecureTrack Ś Fortinet Enterprise Firewall Ś Vectra Networks Ś Google Virtual Private Cloud (VPC) Ś Websense Secure Gateway Ś IBM Proventia Network IPS Ś Zeek Network Security Monitor (Corelight) Ś IBM QRadar Network Security Ś Zscaler Internet Access (ZIA) Ś Illumio
Physical Access Ś AccessIT Ś Lyrix and Monitoring Ś AMAG Badge Ś OnGuard Ś APC Ś Paxton NET2DOOR Ś Badgepoint Ś PicturePerfect Ś CCURE Ś ProWatch Ś DataWatch Systems Ś RedCloud Ś Galaxy Ś RightCrowd Ś Gallagher Badge Access Ś RS2 Technologies Ś Genetec Ś Sensormatik Ś Honeywell Pro-Watch Ś Siemens Ś ICPAM Ś Swipes Ś Johnson Controls P2000 Ś TimeLox Ś KABA EXOS Ś Vanderbilt Ś Lenel
Privileged Access Ś BeyondTrust Ś Password Manager Pro Management (PAM) Ś CyberArk Ś Securelink Ś Lieberman Enterprise Password Ś Thycotic Ś Manager Ś Vanderbilt Ś Liebsoft Ś Viscount (Identiv) Ś MasterSAM Ś Visma Megaflex Ś Osirium Ś VMWare ID Manager (VIDM)
exabeam.com 05 Data Sheet Exabeam Security Management Platform Integrations
Type of Log Data Sources
Security Analytics Ś Alert Logic Ś Microsoft Graph Ś FireEye Endpoint Security (Helix) Ś ObserveIT (Proofpoint) Ś Malwarebytes Ś Palo Alto Networks Cortex XDR Ś Microsoft Advanced Threat Ś Splunk Stream Ś Analytics (ATA) Ś Suricata IDS
Security Information and Ś ArcSight (Micro Focus) Ś McAfee ESM Event Management (SIEM) Ś Exabeam Ś Nitro Security Ś IBM QRadar Ś RSA Security (Dell) Ś LogRhythm Ś Splunk
Threat Intelligence Platform Ś Anomali ThreatStream Ś CenturyLink Adaptive Threat Intelligence Ś Cisco Umbrella
Utilities/Others Ś Absolute SIEM Connector Ś MIPS Ś Accelion Kiteworks Ś Morphisec EPTP Ś AssetView Ś Nexthink Ś ASUPIM Ś oVirt Ś Axway SFTP Ś Perforce Ś BIND Ś Procad Ś eDocs Ś RangerAudit Ś Egnyte Ś Ricoh (printer) Ś HP Print Server Ś SafeSend Ś HP SafeCom Ś Slack Enterprise Grid Ś iManage DMS Ś SSH Ś IPSwitch MOVEit (Progress) Ś Sudo Ś IPTables Ś TitanFTP Ś JH Ś Unix Auditbeat Ś LastPass Enterprise Ś Unix Auditd Ś LOGBinder Ś Unix dhcpd Ś Microsoft RRA Ś Webmail OWA Ś Microsoft Windows PrintService Ś Xerox
VPN / Zero Trust Ś Avaya VPN Ś NetMotion Wireless Network Access Ś Checkpoint Ś Nortel Contivity Ś Cisco ASA Ś Palo Alto Prisma Access Ś Citrix Netscaler Ś Pulse Secure Ś Cognitas CrossLink Ś SecureNet Ś Dell Ś SonicWall Aventail Ś F5 Networks Ś SSL Open VPN Ś Fortinet VPN Ś Zscaler ZPA Ś Juniper VPN
exabeam.com 06 Data Sheet Exabeam Security Management Platform Integrations
Type of Log Data Sources
Vulnerability Management Ś Rapid7 InsightVM Ś Tenable (VM)
Web Security Ś Akamai Cloud Ś InfoWatch and Monitoring Ś Apache Ś McAfee Web Gateway Ś AWS SQS Ś Microsoft IIS Ś Bro Network Security Ś Microsoft Windows Defender Ś Cisco Ironport WSA Ś Palo Alto Networks Ś Cloudflare Ś Squid Ś Digital Arts Ś Symantec Fireglass Ś EdgeWave iPrism Ś Symantec Secure Web Gateway Ś Forcepoint Web Security Ś Symantec Web Security Service (WSS) Ś Google GCP Squid Proxy Ś Symantec WebFilter Ś Gravityzone Ś TMG Ś HashiCorp Terraform Ś Trend Micro InterScan Web Security Ś IBM Security Access Manager Ś Watchguard Ś Imperva Incapsula Ś Zscaler ZIA
Service Integrations for Incident Responder
Ś Authentication and Access Management Ś Information Technology Service Management (ITSM) Ś Cloud Access Security Broker (CASB) Ś Security Analytics Ś Cloud Security and Infrastructure Ś Security Information and Event Management (SIEM) Ś Data Loss Prevention (DLP) Ś Security Management and Orchestration Ś Email Security and Management Ś Threat Intelligence Platform Ś Endpoint Security (EPP/EDR) Ś Utilities/Others Ś Firewalls Ś Vulnerability Management (VM) Ś Forensics and Malware Analysis Ś Web Security and Monitoring Ś Incident Response Services
Product Actions
Authentication and Access Mangement
Active Directory Ś Add User to Group Ś Add User to Group Ś Change Organizational Unit Ś Change Organizational Unit Ś Disable user account Ś Disable user account Ś Enable user account Ś Enable user account Ś Expire Password Ś Expire Password Ś Get User Information Ś Get User Information Ś List user groups Ś List user groups Ś Remove an user from a group. Ś Remove User From Group Ś Reset password Ś Reset password Ś Set Host Attribute Ś Set Host Attribute Ś Set New Password Ś Set New Password Ś Unlock User Account Ś Unlock User Account
Cisco ISE Ś Gets information about a device Ś List Network Devices
exabeam.com 07 Data Sheet Exabeam Security Management Platform Integrations
Product Actions
Authentication and Access Management
CyberArk Ś Disable User Ś Rotate User Credentials Ś Enable User
Duo Ś Disable User Account Ś Get User Information Ś Enable User Account Ś Send 2FA Push
Okta Ś Add User To Group Ś Send 2FA Push Ś Get User Information Ś Suspend User Ś Remove User From Group Ś Unsuspend User Ś Reset Password
Cloud Access Security Broker (CASB)
Netskope Ś Update File Hash List Ś Update URL List
Cloud Security and Infrastructure
Amazon AWS EC2 Ś Add Tag for Instance Ś Monitor Instance Ś Describe Tags of Instance Ś Remove Tag for Instance Ś Disable Account Ś Start Instance Ś Enable Account Ś Stop Instance Ś Get Instance Ś Terminate Instance Ś Get Security Groups Ś Unmonitor Instance
Data Loss Prevention (DLP)
Code42 Ś Add User To Legal Hold Ś Deauthorize Device Ś Block Device Ś Reactivate Device Ś Block User Ś Reactivate User Ś Deactivate Device Ś Unblock Device Ś Deactivate User Ś Unblock User
Email Security and Management
Google Gmail Ś Delete Email Ś Move Email To Trash Ś Get Email ById Ś Run Query
Microsoft Exchange Ś Delete Emails Ś Search Emails by Sender Microsoft 365 Ś Delete Emails by Message ID
Message Trace (Microsoft) Ś Search Emails by Sender
exabeam.com 08 Data Sheet Exabeam Security Management Platform Integrations
Product Actions
Email Security and Management
Mimecast Ś Add Group Member Ś List Group Members Ś Block URL Ś List Groups Ś Blocked Sender Policy Ś List Urls Ś Blocks Sender Ś Permit URL Ś Create Group Ś Permits Sender Ś Decode URL Ś Remove Group Member Ś Delete URL Ś Search Email Ś Get Aliases Ś Search File Hash
SMTP Ś Notification Ś Send Email Ś Phishing Summary Report Ś Send Indicator Email Ś Notify User By Email Phishing Ś Send Template Email
Endpoint Security (EPP/EDR)
CarbonBlack Defense Ś Delete Files Ś List Files Ś Get File Ś List Processes on host Ś Kill Process
CarbonBlack Ś Create Report Ś Get Feed Reports Enterprise EDR Ś Delete Single Feed Ś Get All Feeds Ś Delete Report Ś Get File Metadata Ś Download File Ś Search Process Ś Get Single Feed Ś Update Report
CarbonBlack Reponse Ś Ban Hash from Endpoint Ś Isolate (Contain) Host Ś Delete File Ś Kill Process Ś Get Device Info Ś List alerts Ś Get File Ś Unblock Hash Ś Get Triage Data Ś Undo Host Isolation Ś Hunt File
CarbonBlack Ś Delete File Ś Kill Process Live Reponse Ś Delete Registry Key Ś List Files Ś Delete Registry Value Ś List Processes Ś Execute Script Ś Query Registry Value Ś Get File Content Ś Set Registry Value
Cisco AMP Ś Add File to Blacklist Ś Hunt File Ś Find Affected Hosts Ś Hunt IP Ś Get Device Details Ś Hunt URL Ś Get Device ID Ś Hunt Username Ś Get Device Trajectory for Indicator Ś Isolate Host Ś Get Device Trajectory for User Ś Remove Host from Isolation
exabeam.com 09 Data Sheet Exabeam Security Management Platform Integrations
Product Actions
Endpoint Security (EPP/EDR)
CrowdStrike Falcon Ś Contain Device Ś Get Processes Ś Detonate File in Sandbox Ś Get User Info Ś Detonate URL in Sandbox Ś Hunt File Ś Get Device Details Ś Hunt URL Ś Get Device Details Ś Search Device(s) Ś Get Domain Reputation Ś Search Device(s) Ś Get File Reputation Ś Un-quarantine host Ś Get IP Reputation Ś Upload IOC Ś Get Process Info
Cylance OPTICS Ś Get Device Detections Ś Quarantine Device Ś Get File From Host Ś UnQuarantine Device
Cylance PROTECT Ś Add hash to blacklist Ś Hunt File Ś Get Device Info Ś Remove Hash From Blacklist Ś Get Device Threats Ś Remove Hash From Whitelist Ś Get File Reputation Ś Add hash to Whitelist
FireEye HX Ś Detonate File Ś Isolate (contain) Host Ś Detonate URL Ś Hunt File Ś Get File Ś Hunt IP Ś Get Containment State Ś Hunt URL Ś Get Device Info Ś Hunt User Name Ś Get Triage Data
McAfee EPO Ś Add Tag to Host Ś Remove Tag from Host
Microsoft Windows Ś Add Tag to Host Ś Get Logged On Users Defender ATP Ś Collect Investigation Package Ś Get URL/Domain Information Ś Find Alerts for Device Ś Hunt Domain Ś Find Alerts for Domain Ś Hunt File Ś Find Alerts for File Ś Offboard Machine Ś Find Alerts for IP Ś Quarantine Host Ś Find Alerts for Machine Ś Remove App Restriction Ś Find Alerts for User Ś Remove Tag from Host Ś Find Devices for User Ś Restrict App Execution Ś Get Device Info Ś Scan Host Ś Get File Information Ś Stop and Quarantine File Ś Get Investigation Package SAS URI Ś Un-quarantine host Ś Get IP Information
exabeam.com 10 Data Sheet Exabeam Security Management Platform Integrations
Product Actions
Endpoint Security (EPP/EDR)
SentinelOne Ś Add Hash to Blacklist Ś Hunt File Ś Connect to Network Ś List applications on host Ś Disable 2FA push Ś List Processes Ś Disconnect From Network Ś List reports Ś Enable 2FA push Ś List Threats on Device Ś Find Devices for User Ś Mark as Benign Ś Get Device Info Ś Mark as Resolved Ś Get Device Info Ś Mark as Threat Ś Get File Ś Mark as Unresolved Ś Get File Reputation Ś Mitigate Threat Ś Get Threat Forensics Ś Restart Host Ś Get Threats for File Ś Scan Host Ś Get User Information
Symantec ATP Ś Quarantine Host Ś Delete Files Ś Un-quarantine Host Ś Get File Reputation
Symantec EndPoint Ś Ban Hash from Endpoint Ś Scan Host Protection (EPP) Ś Get Device Info Ś Un-quarantine Host Ś Quarantine Host
Symantec SiteReview Ś Get URL/Domain Category
Tanium Ś Get Device Info Ś Run Sensor Ś List Sensors
Windows Management Ś Get Endpoint Installed Applications Ś Get File Instrumentation (WMI) Ś Get Endpoint Process List Ś Get Recently Run Applications Ś Get Recently Opened Files Ś Get Removable Device Information
Windows Remote Ś Get Endpoint Process List Ś Get Recently Run Applications Management (WinRM) Ś Get List of Installed Applications Ś Get Removable Device Ś Get triage Get Endpoint Triage Data from Ś Get Recently Opened Files Windows systems Ś Get Event Logs Ś Get File
exabeam.com 11 Data Sheet Exabeam Security Management Platform Integrations
Product Actions
Firewalls
Checkpoint Firewall Ś Block IP
Fortinet Ś Block IP Ś Unblock IP
Palo Alto Firewall Ś Block IP Ś Unblock IP Ś Block URL/Domain Ś Unblock URL
Forensics and Malware Analysis
AnyRun Ś Get Analysis History Ś Run New Analysis Ś Get Report
Palo Alto Wildfire Ś Detonate file in a sandbox QuickSand Payload Security VxStream
Cisco Threat Grid Ś Detonate file in a sandbox Cuckoo Ś Detonate URL in a sandbox FireEye AX Joe Security VMRay
Yara Ś Scan file Ś Scan text
Incident Response Services
PagerDuty Ś Create Incident Ś List Incidents
Information Technology Service Management (ITSM)
Atlassian JIRA Ś Comment on Incident Ś Delete Ticket (External) Ś Change Ticket Status Ś Get Ticket (External) Ś Create External Ticket Ś Re-assign Ticket
BMC Remedy Ś Comment on Ticket Ś Set Status Ś Create Ticket Ś Update Ticket
ServiceNow Ś Create External Ticket Ś Comment on Incident Ś Update Incident (External) Ś Close Incident (External)
exabeam.com 12 Data Sheet Exabeam Security Management Platform Integrations
Product Actions
Security Analytics
Exabeam Case Manager Ś Add Comment Ś Expert Rules Ś Add Incident Type Ś Extract Hash From File Ś Add To Incident Ś Extract Links from Text Ś Aggregate Outputs Ś File Investigation Report Ś Base64 Decode Ś Filter Whitelisted URLs Ś Change Incident Assignee Ś Get Domain from URL Ś Change Incident Priority Ś Get HTML Ś Change Incident Status Ś Hunt File Ś Check Empty Fields Ś Hunt Network Item Ś Close Incident Ś IR Action Based Set Operations. Ś Close Incident as False Positive Ś Job Searches Ś Convert Email to URL Ś Keyword Search Ś Create Task Ś Parse Domain From Email Ś Discover Anti-forensic Applications Ś Parse Username from Email Ś Discover Cloud Applications Ś Phishing Expert Rules Ś Discover Departed Employee Application- Ś Search IR Incidents Activity Ś Summary - Departed employee playbook Ś Discover Departed Employee File Activity Ś WHOIS Ś Evaluate Phishing Results
Exabeam Advanced Ś Accept Asset Session Ś Get triggered rules Analytics Ś Accept Rule Ś Get User Information Ś Accept User Session Ś Get User Risk Scores Ś Add Asset to Watchlist Ś Get User Session Info Ś Add Role for User Ś Get Values from Context Table Ś Add User to Watchlist Ś List Assets in Watchlist Ś Clear Context Table Ś List Context Tables Ś Create Context Table Ś List Users in Watchlist Ś Get Asset Information Ś Lookup Value in Context Table Ś Get Asset Risk Scores Ś Remove from Context Table Ś Get Asset Session Info Ś Remove Role for User Ś Get asset triggered rules Ś Replace Context Table Ś Get Event Info Ś Reset Password Ś Get Top Device for User Ś Update Context Table Ś Get Top User for Device
Security Information and Event Management (SIEM)
ArcSight Logger Ś Run Query Ś Search URL in SIEM
Exabeam Data Lake Ś Clear Context Table Ś List Context Tables Ś Get Values from Context Table Ś Lookup Value in Context Table Ś Hunt File Ś Remove from Context Table Ś Hunt IP Ś Replace Context Table Ś Hunt Keyword Ś Run Query Ś Hunt URL/Domain Ś Update Context Table
exabeam.com 13 Data Sheet Exabeam Security Management Platform Integrations
Product Actions
Security Information and Event Management (SIEM)
Elasticsearch Ś Hunt File in SIEM Ś Hunt ULR in SIEM Ś Hunt IP in SIEM Ś Run Query Ś Hunt Keyword in SIEM
IBM QRadar Ś Add Asset to Reference Set Ś Run Query Ś Add Asset to Reference Set Ś Search for network connections Ś Get Values From Lookup Table
Splunk Ś Get Values From Context Table Ś Search for similar security alerts Ś Hunt File in SIEM Ś Search for users who visited a URL Ś Hunt IP in SIEM Ś Splunk Query Ś Hunt URL in SIEM
Security Information and Orchestration
Cisco SecureX Ś Get URL/Domain Reputation Ś Get IP ReputationRun Query
Threat Intelligence Platform
APIVoid Ś Get DNS Records Ś Get Email Reputation Ś Get DNS Reverse Records Ś Get IP Reputation Ś Get Domain Reputation
AlienVault OTX Ś Get URL/Domain Reputation Ś Get File Reputation Ś Get Email Reputation Ś Get IP Reputation
Anomali ThreatStream Ś Get Email Reputation Ś Get URL/Domain Reputation Ś Get File Reputation Ś Upload Hash with approval Ś Get IP Reputation Ś Upload URL with approval
Cisco Umbrella Ś BlockDomain (Enforcement API)
Cisco Umbrella Investigate Ś Get Email Reputation Ś Get URL/Domain Whois Ś Get URL/Domain Reputation Ś Get URL/Domain Categories
DomainTools Ś Get Domain Profile Ś Reverse IP Ś Get Domain Reputation Ś Reverse Whois Ś Get Domain Risk Score Ś Whois
Forcepoint Ś Add Api Ś Delete URL/IP from API Ś Add URL/IP to API Ś Get system and transaction status Ś Commit the API transaction Ś List URL/IP in API Ś Delete Api
exabeam.com 14 Data Sheet Exabeam Security Management Platform Integrations
Product Actions
Threat Intelligence Platform
Google Safe Browsing Ś Get Email Reputation MxToolBox Ś Get URL/Domain Reputation Urlscan.io Zscaler Zulu URL Analyzer
Greynoise Ś Get IP Reputation
Have I Been Pwned Service Ś Get Domain Reputation Ś Get Email Reputation
IBM X-force Exchange Ś Get Email Reputation Ś Get URL/Domain Reputation Ś Get IP Reputation
IntSights TIP Ś Get File Reputation Ś Get URL Reputation Ś Get IP Reputation
Palo Alto Networks Ś Get File Reputation Autofocus
Proofpoint Emerging Ś Get Domain Analysis Ś Analyze File Threat Intelligence Ś Get IP Analysis
Recorded Future Ś Get Email Reputation Ś Get IP Reputation Ś Get File Reputation Ś Get URL/Domain Reputation
ReversingLabs Ś Download file Ś Search Files by MD5 Hash Ś Get File Reputation Ś Search Files by Filename Ś Get Related Files Ś Upload File
RiskIQ PassiveTotal Ś Get IP Reputation Ś Get Passive DNS (Unique) Ś Get OSINT Ś Get WHOIS Ś Get Related Samples Reputation Ś Search WHOIS Keyword Ś Get URL/Domain Reputation Ś Search WHOIS by Email
ThreatQuotient Ś Get Email Reputation Ś Get IP Reputation Ś Get File Reputation Ś Get URL/Domain Reputation
ThreatConnect Ś Get Email Reputation Ś Get File Reputation Ś Get URL/Domain Reputation Ś Get Indicators Ś Get IP Reputation
ThreatMiner Ś Get IP Whois Ś Get File Reputation Ś Get URL/Domain Whois
exabeam.com 15 Data Sheet Exabeam Security Management Platform Integrations
Product Actions
Threat Intelligence Platform
URLVoid Ś Get URL Reputation
VirusTotal Ś Detonate File in a sandbox Ś Get File Reputation (Google Cloud Security) Ś Download File Ś Get IP Reputation Ś Get Email Reputation Ś Get URL/Domain Reputation
Utilities / Others
IP-API Ś Get Geolocation IP MaxMind GeoIP2 MaxMind GeoIP3
Jenkins Ś Copy Job Ś Get Job Details Ś Create Job Ś Get Last Build Info Ś Delete Job Ś List Jobs Ś Disable Job Ś List Running Builds Ś Enable Job
Shodan Ś Lookup IP Ś Lookup URL
Screenshot Machine Ś Screenshot Machine
Slack Ś Send Message
SlashNext Ś Download HTML Ś Get IP/Domain reputation Ś Download ScreenShot Ś Get URL reputation Ś Download Text Ś URL scan Ś Get Host Report Ś URL Synchronous Scan
Vulnerability Management (VM)
Rapid7 InsightVM Ś Add Targets to Scan Ś Get Scans for Site Ś Download Scan Report Ś Get Site Info Ś Get Scan Report Ś Scan Site
Web Security and Monitoring
Zscaler Ś Activate Ś Get URL BlackList Ś Add URLs to Blacklist Ś Get URL WhiteList Ś Add URLs to Whitelist Ś Remove URLs from Blacklist Ś Get File Reputation Ś Remove URLs from Whitelist Ś Get Status
exabeam.com 16 Data Sheet Exabeam Security Management Platform Integrations
To learn more about how Exabeam can help you visit exabeam.com today.
EXA_DS_DataIntegrations_rev 2/26/21