Data Sheet Exabeam Security Management Platform Integrations Inbound Data Sources for Log Ingestion and Service Integrations for Incident Response

The more data sources you have in your security and enriches them with contextual information to incident and event management (SIEM), the better provide security analysts with the information they equipped you are to detect attacks. And the more need to detect and investigate incidents. incident response (SOAR) connections you have between your SIEM and your IT and security systems Behavioral Analytics Extended to the the quicker you can respond. Exabeam Cloud Connectors are pre-built connectors Exabeam Security Management Platform (SMP) has that enable security teams to easily collect logs from over 500 integrations with IT and security products to over 40 popular cloud services such as AWS, GitHub, help your analysts work smarter –providing myriad of , , and others. They allow inbound of data sources from many vendors including enterprises to detect threats using behavior analytics cloud applications; and response integrations in their cloud applications. They also extend any with 3rd party vendors to help you automate and compliance-based security requirements to orchestrate your security response. the cloud.

Extensive Data Sources Centralized Security Automation and Orchestration with 3rd Party Integrations Exabeam ingests data from over 500 different IT and security products to provide security analysts Exabeam Incident Responder integrates with with the full scope of events. Exabeam Data Lake, approximately 85 third party IT and security products. Exabeam Advanced Analytics and Exabeam Entity These integrations help your analysts to gather Analytics ingest logs from various sources, including evidence and attach them as artifacts to incidents or VPN, endpoint, network, web, database, CASB, and quarantine affected users and assets until incidents cloud solutions. are mitigated. After ingesting the raw logs, Exabeam then parses Data Sheet Exabeam Security Management Platform Integrations

Inbound Data Sources for Log Ingestion

List of Integrations as of February 2021

Ś Authentication and Access Management Ś IoT/OT Security Ś Applications Security and Monitoring Ś Network Access, Analysis and Monitoring Ś Cloud Access Security Broker (CASB) Ś Physical Access and Monitoring Ś Cloud Security and Infrastructure Ś Privileged Access Management (PAM) Ś Data Loss Prevention (DLP) Ś Security Analytics Ś Database Activity Monitoring (DAM) Ś Security Information and Event Management (SIEM) Ś Email Security and Management Ś Threat Intelligence Platform Ś Endpoint Security (EPP/EDR) Ś Utilities/Others Ś Firewalls Ś VPN Servers Ś Forensics and Malware Analysis Ś Vulnerability Management (VM) Ś Information Technology Service Management (ITSM) Ś Web Security and Monitoring

Type of Log Data Sources

Authentication and Ś Adaxes Ś NetIQ Access Management Ś Brivo Ś Novell eDirectory Ś Centrify Ś Okta Ś Cisco Identity Service Engine (ISE) Ś OneLogin Ś Dell EMC RSA Authentication Ś OneSpan Ś Manager Ś OpenDJ LDAP Ś Dell Quest TPAM Ś Oracle Access Manager Ś Dell RSA Authentication Manager Ś Ping Identity Ś Duo Security (Cisco) Ś Sailpoint IdentityNow Ś Entrust IdentityGuard Ś Sailpoint SecurityIQ Ś Fortinet FortiAuthenticator Ś Secure Computing Ś Gemalto MFA Ś Secure Envoy Ś HelpSystems BoKs Ś SecureAuth Ś IBM Lotus Mobile Connect Ś Shibboleth IDP Ś IBM RACF Ś SiteMinder Ś ManageEngine ADManager Ś Specops Ś Microsoft Active Directory Ś StealthBits Ś AD Ś SunOne LDAP Ś Microsoft Azure MFA Ś Symantec VIP Ś Namespace rDirectory Ś VMWare Horizon

Application Security Ś Atlassian BitBucket Ś Microsoft OneDrive and Monitoring Ś Citrix ShareFile Ś Onapsis Ś Citrix XenApp Ś PowerSentry Ś GitHub Ś Silverfort Ś Ś Swivel Ś Juniper OWA Ś VMware VCenter Ś LEAP Ś Zlock Ś Microsoft AppLocker

Cloud Access Security Ś Bitglass Ś Microsoft CAS Broker (CASB) Ś Forcepoint CASB Ś Netskope Ś Imperva Skyfence Ś Palo Alto Networks Prisma SaaS (Aperture) Ś McAfee SkyHigh Security Cloud Ś Symantec CloudSOC

exabeam.com 02 Data Sheet Exabeam Security Management Platform Integrations

Type of Log Data Sources

Cloud Security Ś AWS CloudTrail Ś NetApp and Infrastructure Ś AWS CloudWatch Ś Palo Alto Networks Prisma Ś AWS GuardDuty Ś Pulse Secure Ś AWS Inspector Ś Qualys Ś AWS RedShift Ś Salesforce Sales Cloud Ś AWS Shield Ś SAP Ś Ś SkyFormation (Exabeam) Ś Citrix ShareFile Ś Symantec Security (DCS) Ś Business Ś Thales Vormetric Ś (GCP) Ś Verdasys Digital Ś Google G-Suite Ś WorkDay Ś Guardian Ś Xceedium Ś Kemp Ś Zoom Ś Microsoft Azure Ś ZScaler Web Security

Data Loss Ś Accellion Kiteworks Ś Prevention (DLP) Ś Cisco CloudLock Ś Palo Alto Networks Aperture Ś Code42 Incydr Ś Pharos Ś Codegreen Ś Postfix Ś Digital Guardian Ś Ricoh Ś Forcepoint Ś RSA DLP Ś Forcepoint DLP Ś Safend Data Protection Suite Ś Fortinet UTM Ś Skysea Ś GTB GTBInspector Ś Symantec Brightmail Ś HP SafeCom Ś Symantec Data Loss Protection Ś iManage Ś Trap-X Ś Imperva Counterbreach Ś Trend Micro OfficeScan Ś IMSS Ś Tripwire Enterprise Ś InfoWatch Ś Varonis Data Security Platform Ś Kaspersky Enterprise Security Ś Websense DLP Ś Lexmark Ś xsuite Ś Lumension Ś Zscaler NSS Ś McAfee Advanced Threat Defense

Database Activity Ś IBM Guardium Ś MySQL Monitoring (DAM) Ś IBM Infosphere Guardium Ś Netwrix Auditor Ś Imperva SecureSphere Ś Oracle DB Ś jSonar SonarG Ś PostgreSQL Ś MariaDB Ś Ranger Audit Ś McAfee MDAM Ś Snowflake Ś Microsoft SQL Server Ś Sybase

Email Security Ś Cisco Ironport ESA Ś Postfix and Management Ś Clearswift SEG Ś Proofpoint Email Protection Ś Codegreen Ś Symantec Email Security Ś FireEye Email Threat Prevention (ETP) Ś Symantec Messaging Gateway Ś Microsoft Exchange Ś Trend Micro Email Inspector Ś Ś Trend Micro IMSVA Ś Mimecast Email Security Ś Websense ESG

exabeam.com 03 Data Sheet Exabeam Security Management Platform Integrations

Type of Log Data Sources

Endpoint Security (EPP/EDR) Ś AppSense Application Manager Ś Contrast Security Ś Avecto Defendpoint Ś Crowdstrike Falcon Ś Bit9 Ś Cybereason Ś Bromium Advanced Endpoint Security Ś Cylance Ś BusinessObject Ś Defendpoint Ś CarbonBlack (VMWare) Ś Dtex Systems Ś Cisco AMP for Endpoints Ś Elastic Endgame EDR Ś Cisco Threat Grid Ś Ensilo

Endpoint Security Ś ESET Endpoint Security Ś MobileIron EMM (EPP/EDR) - CON’T Ś F-Secure Ś ProtectWise Ś Fidelis XPS Ś Red Canary Ś FireEye Endpoint Security (Helix) Ś RSA ECAT Ś Forcepoint Ś Safend Ś Fortigate Ś Secureworks Ś IBM Endpoint Manager Ś SentinelOne Ś Invincea Ś SkySea ClientView Ś Kaspersky Ś Sophos Ś MalwareBytes Ś Symantec EndPoint Protection Ś McAfee EPO Ś Tanium Ś McAfee MVISION Ś Trend Micro Apex One Ś Microsoft Forefront/SCEP Ś VMWare CB Defense Ś Microsoft Windows Native Logs Ś Ziften

Firewalls Ś Airlock Web Application Firewall Ś Palo Alto Networks Firewall Ś CheckPoint Firewall Ś pfSense Ś Cisco FirePower Ś Sangfor NGAF Ś Forcepoint NGFW Ś Sophos Firewall Ś Fortinet Enterprise Firewall Ś Zscaler Cloud Firewall Ś Huawei Enterprise Network Firewall

Forensics and Ś Attivo BotSink Ś IXIA ThreatArmor Malware Analysis Ś CenturyLink Adaptive Threat Intelligence Ś Symantec Advanced Threat Protection Ś FireEye IPS Ś Wazuh

Information Technology Ś ServiceNow Service Management (ITSM)

IoT/OT Security Ś Armis Ś Nozomi Networks

exabeam.com 04 Data Sheet Exabeam Security Management Platform Integrations

Type of Log Data Sources

Network Access, Analysis Ś AlgoSec Analyzer Ś Infoblox and Monitoring Ś Arbor Ś Lastline Ś Aruba Networks Ś LogMeIn RemotelyAnywhere Ś Attivo Networks Ś McAfee IDPS Ś AWS Bastion Ś Microsoft NPS Ś BCN Ś Morphisec Nokia VitalQIP Ś BlueCat Networks Adonis Ś Ordr SCE Ś CatoNetworks Ś Palo Alto Networks WildFire Ś Cisco Meraki Ś Quest InTrust Ś Cisco Systems Ś Radius Ś Comware Ś RSA Ś Cyphort Ś Ruckus Ś Darktrace Ś Snort Ś ExtraHop Reveal(x) Ś StealthWatch (Cisco) Ś Extreme Networks Ś Symantec Damballa Failsafe Ś F5 Application Security Manager Ś Synology NAS Ś Failsafe Ś Tipping Point Ś FireEye Network Security (NX) Ś TrapX Ś ForeScout Ś Trend Micro TippingPoint NGIPS Ś Forescout CounterACT Ś Tufin SecureTrack Ś Fortinet Enterprise Firewall Ś Vectra Networks Ś Google (VPC) Ś Websense Secure Gateway Ś IBM Proventia Network IPS Ś Zeek Network Security Monitor (Corelight) Ś IBM QRadar Network Security Ś Zscaler Access (ZIA) Ś Illumio

Physical Access Ś AccessIT Ś Lyrix and Monitoring Ś AMAG Badge Ś OnGuard Ś APC Ś Paxton NET2DOOR Ś Badgepoint Ś PicturePerfect Ś CCURE Ś ProWatch Ś DataWatch Systems Ś RedCloud Ś Galaxy Ś RightCrowd Ś Gallagher Badge Access Ś RS2 Technologies Ś Genetec Ś Sensormatik Ś Honeywell Pro-Watch Ś Siemens Ś ICPAM Ś Swipes Ś Johnson Controls P2000 Ś TimeLox Ś KABA EXOS Ś Vanderbilt Ś Lenel

Privileged Access Ś BeyondTrust Ś Password Manager Pro Management (PAM) Ś CyberArk Ś Securelink Ś Lieberman Enterprise Password Ś Thycotic Ś Manager Ś Vanderbilt Ś Liebsoft Ś Viscount (Identiv) Ś MasterSAM Ś Visma Megaflex Ś Osirium Ś VMWare ID Manager (VIDM)

exabeam.com 05 Data Sheet Exabeam Security Management Platform Integrations

Type of Log Data Sources

Security Analytics Ś Alert Logic Ś Microsoft Graph Ś FireEye Endpoint Security (Helix) Ś ObserveIT (Proofpoint) Ś Malwarebytes Ś Palo Alto Networks Cortex XDR Ś Microsoft Advanced Threat Ś Stream Ś Analytics (ATA) Ś Suricata IDS

Security Information and Ś ArcSight (Micro Focus) Ś McAfee ESM Event Management (SIEM) Ś Exabeam Ś Nitro Security Ś IBM QRadar Ś RSA Security (Dell) Ś LogRhythm Ś Splunk

Threat Intelligence Platform Ś Anomali ThreatStream Ś CenturyLink Adaptive Threat Intelligence Ś Cisco Umbrella

Utilities/Others Ś Absolute SIEM Connector Ś MIPS Ś Accelion Kiteworks Ś Morphisec EPTP Ś AssetView Ś Nexthink Ś ASUPIM Ś oVirt Ś Axway SFTP Ś Perforce Ś BIND Ś Procad Ś eDocs Ś RangerAudit Ś Egnyte Ś Ricoh (printer) Ś HP Print Server Ś SafeSend Ś HP SafeCom Ś Slack Enterprise Grid Ś iManage DMS Ś SSH Ś IPSwitch MOVEit (Progress) Ś Sudo Ś IPTables Ś TitanFTP Ś JH Ś Unix Auditbeat Ś LastPass Enterprise Ś Unix Auditd Ś LOGBinder Ś Unix dhcpd Ś Microsoft RRA Ś Webmail OWA Ś Microsoft Windows PrintService Ś Xerox

VPN / Zero Trust Ś Avaya VPN Ś NetMotion Wireless Network Access Ś Checkpoint Ś Nortel Contivity Ś Cisco ASA Ś Palo Alto Prisma Access Ś Citrix Netscaler Ś Pulse Secure Ś Cognitas CrossLink Ś SecureNet Ś Dell Ś SonicWall Aventail Ś F5 Networks Ś SSL Open VPN Ś Fortinet VPN Ś Zscaler ZPA Ś Juniper VPN

exabeam.com 06 Data Sheet Exabeam Security Management Platform Integrations

Type of Log Data Sources

Vulnerability Management Ś Rapid7 InsightVM Ś Tenable (VM)

Web Security Ś Akamai Cloud Ś InfoWatch and Monitoring Ś Apache Ś McAfee Web Gateway Ś AWS SQS Ś Microsoft IIS Ś Bro Network Security Ś Microsoft Windows Defender Ś Cisco Ironport WSA Ś Palo Alto Networks Ś Cloudflare Ś Squid Ś Digital Arts Ś Symantec Fireglass Ś EdgeWave iPrism Ś Symantec Secure Web Gateway Ś Forcepoint Web Security Ś Symantec Web Security Service (WSS) Ś Google GCP Squid Proxy Ś Symantec WebFilter Ś Gravityzone Ś TMG Ś HashiCorp Terraform Ś Trend Micro InterScan Web Security Ś IBM Security Access Manager Ś Watchguard Ś Imperva Incapsula Ś Zscaler ZIA

Service Integrations for Incident Responder

Ś Authentication and Access Management Ś Information Technology Service Management (ITSM) Ś Cloud Access Security Broker (CASB) Ś Security Analytics Ś Cloud Security and Infrastructure Ś Security Information and Event Management (SIEM) Ś Data Loss Prevention (DLP) Ś Security Management and Orchestration Ś Email Security and Management Ś Threat Intelligence Platform Ś Endpoint Security (EPP/EDR) Ś Utilities/Others Ś Firewalls Ś Vulnerability Management (VM) Ś Forensics and Malware Analysis Ś Web Security and Monitoring Ś Incident Response Services

Product Actions

Authentication and Access Mangement

Active Directory Ś Add User to Group Ś Add User to Group Ś Change Organizational Unit Ś Change Organizational Unit Ś Disable user account Ś Disable user account Ś Enable user account Ś Enable user account Ś Expire Password Ś Expire Password Ś Get User Information Ś Get User Information Ś List user groups Ś List user groups Ś Remove an user from a group. Ś Remove User From Group Ś Reset password Ś Reset password Ś Set Host Attribute Ś Set Host Attribute Ś Set New Password Ś Set New Password Ś Unlock User Account Ś Unlock User Account

Cisco ISE Ś Gets information about a device Ś List Network Devices

exabeam.com 07 Data Sheet Exabeam Security Management Platform Integrations

Product Actions

Authentication and Access Management

CyberArk Ś Disable User Ś Rotate User Credentials Ś Enable User

Duo Ś Disable User Account Ś Get User Information Ś Enable User Account Ś Send 2FA Push

Okta Ś Add User To Group Ś Send 2FA Push Ś Get User Information Ś Suspend User Ś Remove User From Group Ś Unsuspend User Ś Reset Password

Cloud Access Security Broker (CASB)

Netskope Ś Update File Hash List Ś Update URL List

Cloud Security and Infrastructure

Amazon AWS EC2 Ś Add Tag for Instance Ś Monitor Instance Ś Describe Tags of Instance Ś Remove Tag for Instance Ś Disable Account Ś Start Instance Ś Enable Account Ś Stop Instance Ś Get Instance Ś Terminate Instance Ś Get Security Groups Ś Unmonitor Instance

Data Loss Prevention (DLP)

Code42 Ś Add User To Legal Hold Ś Deauthorize Device Ś Block Device Ś Reactivate Device Ś Block User Ś Reactivate User Ś Deactivate Device Ś Unblock Device Ś Deactivate User Ś Unblock User

Email Security and Management

Google Gmail Ś Delete Email Ś Move Email To Trash Ś Get Email ById Ś Run Query

Microsoft Exchange Ś Delete Emails Ś Search Emails by Sender Microsoft 365 Ś Delete Emails by Message ID

Message Trace (Microsoft) Ś Search Emails by Sender

exabeam.com 08 Data Sheet Exabeam Security Management Platform Integrations

Product Actions

Email Security and Management

Mimecast Ś Add Group Member Ś List Group Members Ś Block URL Ś List Groups Ś Blocked Sender Policy Ś List Urls Ś Blocks Sender Ś Permit URL Ś Create Group Ś Permits Sender Ś Decode URL Ś Remove Group Member Ś Delete URL Ś Search Email Ś Get Aliases Ś Search File Hash

SMTP Ś Notification Ś Send Email Ś Phishing Summary Report Ś Send Indicator Email Ś Notify User By Email Phishing Ś Send Template Email

Endpoint Security (EPP/EDR)

CarbonBlack Defense Ś Delete Files Ś List Files Ś Get File Ś List Processes on host Ś Kill Process

CarbonBlack Ś Create Report Ś Get Feed Reports Enterprise EDR Ś Delete Single Feed Ś Get All Feeds Ś Delete Report Ś Get File Metadata Ś Download File Ś Search Process Ś Get Single Feed Ś Update Report

CarbonBlack Reponse Ś Ban Hash from Endpoint Ś Isolate (Contain) Host Ś Delete File Ś Kill Process Ś Get Device Info Ś List alerts Ś Get File Ś Unblock Hash Ś Get Triage Data Ś Undo Host Isolation Ś Hunt File

CarbonBlack Ś Delete File Ś Kill Process Live Reponse Ś Delete Registry Key Ś List Files Ś Delete Registry Value Ś List Processes Ś Execute Script Ś Query Registry Value Ś Get File Content Ś Set Registry Value

Cisco AMP Ś Add File to Blacklist Ś Hunt File Ś Find Affected Hosts Ś Hunt IP Ś Get Device Details Ś Hunt URL Ś Get Device ID Ś Hunt Username Ś Get Device Trajectory for Indicator Ś Isolate Host Ś Get Device Trajectory for User Ś Remove Host from Isolation

exabeam.com 09 Data Sheet Exabeam Security Management Platform Integrations

Product Actions

Endpoint Security (EPP/EDR)

CrowdStrike Falcon Ś Contain Device Ś Get Processes Ś Detonate File in Sandbox Ś Get User Info Ś Detonate URL in Sandbox Ś Hunt File Ś Get Device Details Ś Hunt URL Ś Get Device Details Ś Search Device(s) Ś Get Domain Reputation Ś Search Device(s) Ś Get File Reputation Ś Un-quarantine host Ś Get IP Reputation Ś Upload IOC Ś Get Process Info

Cylance OPTICS Ś Get Device Detections Ś Quarantine Device Ś Get File From Host Ś UnQuarantine Device

Cylance PROTECT Ś Add hash to blacklist Ś Hunt File Ś Get Device Info Ś Remove Hash From Blacklist Ś Get Device Threats Ś Remove Hash From Whitelist Ś Get File Reputation Ś Add hash to Whitelist

FireEye HX Ś Detonate File Ś Isolate (contain) Host Ś Detonate URL Ś Hunt File Ś Get File Ś Hunt IP Ś Get Containment State Ś Hunt URL Ś Get Device Info Ś Hunt User Name Ś Get Triage Data

McAfee EPO Ś Add Tag to Host Ś Remove Tag from Host

Microsoft Windows Ś Add Tag to Host Ś Get Logged On Users Defender ATP Ś Collect Investigation Package Ś Get URL/Domain Information Ś Find Alerts for Device Ś Hunt Domain Ś Find Alerts for Domain Ś Hunt File Ś Find Alerts for File Ś Offboard Machine Ś Find Alerts for IP Ś Quarantine Host Ś Find Alerts for Machine Ś Remove App Restriction Ś Find Alerts for User Ś Remove Tag from Host Ś Find Devices for User Ś Restrict App Execution Ś Get Device Info Ś Scan Host Ś Get File Information Ś Stop and Quarantine File Ś Get Investigation Package SAS URI Ś Un-quarantine host Ś Get IP Information

exabeam.com 10 Data Sheet Exabeam Security Management Platform Integrations

Product Actions

Endpoint Security (EPP/EDR)

SentinelOne Ś Add Hash to Blacklist Ś Hunt File Ś Connect to Network Ś List applications on host Ś Disable 2FA push Ś List Processes Ś Disconnect From Network Ś List reports Ś Enable 2FA push Ś List Threats on Device Ś Find Devices for User Ś Mark as Benign Ś Get Device Info Ś Mark as Resolved Ś Get Device Info Ś Mark as Threat Ś Get File Ś Mark as Unresolved Ś Get File Reputation Ś Mitigate Threat Ś Get Threat Forensics Ś Restart Host Ś Get Threats for File Ś Scan Host Ś Get User Information

Symantec ATP Ś Quarantine Host Ś Delete Files Ś Un-quarantine Host Ś Get File Reputation

Symantec EndPoint Ś Ban Hash from Endpoint Ś Scan Host Protection (EPP) Ś Get Device Info Ś Un-quarantine Host Ś Quarantine Host

Symantec SiteReview Ś Get URL/Domain Category

Tanium Ś Get Device Info Ś Run Sensor Ś List Sensors

Windows Management Ś Get Endpoint Installed Applications Ś Get File Instrumentation (WMI) Ś Get Endpoint Process List Ś Get Recently Run Applications Ś Get Recently Opened Files Ś Get Removable Device Information

Windows Remote Ś Get Endpoint Process List Ś Get Recently Run Applications Management (WinRM) Ś Get List of Installed Applications Ś Get Removable Device Ś Get triage Get Endpoint Triage Data from Ś Get Recently Opened Files Windows systems Ś Get Event Logs Ś Get File

exabeam.com 11 Data Sheet Exabeam Security Management Platform Integrations

Product Actions

Firewalls

Checkpoint Firewall Ś Block IP

Fortinet Ś Block IP Ś Unblock IP

Palo Alto Firewall Ś Block IP Ś Unblock IP Ś Block URL/Domain Ś Unblock URL

Forensics and Malware Analysis

AnyRun Ś Get Analysis History Ś Run New Analysis Ś Get Report

Palo Alto Wildfire Ś Detonate file in a sandbox QuickSand Payload Security VxStream

Cisco Threat Grid Ś Detonate file in a sandbox Cuckoo Ś Detonate URL in a sandbox FireEye AX Joe Security VMRay

Yara Ś Scan file Ś Scan text

Incident Response Services

PagerDuty Ś Create Incident Ś List Incidents

Information Technology Service Management (ITSM)

Atlassian JIRA Ś Comment on Incident Ś Delete Ticket (External) Ś Change Ticket Status Ś Get Ticket (External) Ś Create External Ticket Ś Re-assign Ticket

BMC Remedy Ś Comment on Ticket Ś Set Status Ś Create Ticket Ś Update Ticket

ServiceNow Ś Create External Ticket Ś Comment on Incident Ś Update Incident (External) Ś Close Incident (External)

exabeam.com 12 Data Sheet Exabeam Security Management Platform Integrations

Product Actions

Security Analytics

Exabeam Case Manager Ś Add Comment Ś Expert Rules Ś Add Incident Type Ś Extract Hash From File Ś Add To Incident Ś Extract Links from Text Ś Aggregate Outputs Ś File Investigation Report Ś Base64 Decode Ś Filter Whitelisted URLs Ś Change Incident Assignee Ś Get Domain from URL Ś Change Incident Priority Ś Get HTML Ś Change Incident Status Ś Hunt File Ś Check Empty Fields Ś Hunt Network Item Ś Close Incident Ś IR Action Based Set Operations. Ś Close Incident as False Positive Ś Job Searches Ś Convert Email to URL Ś Keyword Search Ś Create Task Ś Parse Domain From Email Ś Discover Anti-forensic Applications Ś Parse Username from Email Ś Discover Cloud Applications Ś Phishing Expert Rules Ś Discover Departed Employee Application- Ś Search IR Incidents Activity Ś Summary - Departed employee playbook Ś Discover Departed Employee File Activity Ś WHOIS Ś Evaluate Phishing Results

Exabeam Advanced Ś Accept Asset Session Ś Get triggered rules Analytics Ś Accept Rule Ś Get User Information Ś Accept User Session Ś Get User Risk Scores Ś Add Asset to Watchlist Ś Get User Session Info Ś Add Role for User Ś Get Values from Context Table Ś Add User to Watchlist Ś List Assets in Watchlist Ś Clear Context Table Ś List Context Tables Ś Create Context Table Ś List Users in Watchlist Ś Get Asset Information Ś Lookup Value in Context Table Ś Get Asset Risk Scores Ś Remove from Context Table Ś Get Asset Session Info Ś Remove Role for User Ś Get asset triggered rules Ś Replace Context Table Ś Get Event Info Ś Reset Password Ś Get Top Device for User Ś Update Context Table Ś Get Top User for Device

Security Information and Event Management (SIEM)

ArcSight Logger Ś Run Query Ś Search URL in SIEM

Exabeam Data Lake Ś Clear Context Table Ś List Context Tables Ś Get Values from Context Table Ś Lookup Value in Context Table Ś Hunt File Ś Remove from Context Table Ś Hunt IP Ś Replace Context Table Ś Hunt Keyword Ś Run Query Ś Hunt URL/Domain Ś Update Context Table

exabeam.com 13 Data Sheet Exabeam Security Management Platform Integrations

Product Actions

Security Information and Event Management (SIEM)

Elasticsearch Ś Hunt File in SIEM Ś Hunt ULR in SIEM Ś Hunt IP in SIEM Ś Run Query Ś Hunt Keyword in SIEM

IBM QRadar Ś Add Asset to Reference Set Ś Run Query Ś Add Asset to Reference Set Ś Search for network connections Ś Get Values From Lookup Table

Splunk Ś Get Values From Context Table Ś Search for similar security alerts Ś Hunt File in SIEM Ś Search for users who visited a URL Ś Hunt IP in SIEM Ś Splunk Query Ś Hunt URL in SIEM

Security Information and Orchestration

Cisco SecureX Ś Get URL/Domain Reputation Ś Get IP ReputationRun Query

Threat Intelligence Platform

APIVoid Ś Get DNS Records Ś Get Email Reputation Ś Get DNS Reverse Records Ś Get IP Reputation Ś Get Domain Reputation

AlienVault OTX Ś Get URL/Domain Reputation Ś Get File Reputation Ś Get Email Reputation Ś Get IP Reputation

Anomali ThreatStream Ś Get Email Reputation Ś Get URL/Domain Reputation Ś Get File Reputation Ś Upload Hash with approval Ś Get IP Reputation Ś Upload URL with approval

Cisco Umbrella Ś BlockDomain (Enforcement API)

Cisco Umbrella Investigate Ś Get Email Reputation Ś Get URL/Domain Whois Ś Get URL/Domain Reputation Ś Get URL/Domain Categories

DomainTools Ś Get Domain Profile Ś Reverse IP Ś Get Domain Reputation Ś Reverse Whois Ś Get Domain Risk Score Ś Whois

Forcepoint Ś Add Api Ś Delete URL/IP from API Ś Add URL/IP to API Ś Get system and transaction status Ś Commit the API transaction Ś List URL/IP in API Ś Delete Api

exabeam.com 14 Data Sheet Exabeam Security Management Platform Integrations

Product Actions

Threat Intelligence Platform

Google Safe Browsing Ś Get Email Reputation MxToolBox Ś Get URL/Domain Reputation Urlscan.io Zscaler Zulu URL Analyzer

Greynoise Ś Get IP Reputation

Have I Been Pwned Service Ś Get Domain Reputation Ś Get Email Reputation

IBM X-force Exchange Ś Get Email Reputation Ś Get URL/Domain Reputation Ś Get IP Reputation

IntSights TIP Ś Get File Reputation Ś Get URL Reputation Ś Get IP Reputation

Palo Alto Networks Ś Get File Reputation Autofocus

Proofpoint Emerging Ś Get Domain Analysis Ś Analyze File Threat Intelligence Ś Get IP Analysis

Recorded Future Ś Get Email Reputation Ś Get IP Reputation Ś Get File Reputation Ś Get URL/Domain Reputation

ReversingLabs Ś Download file Ś Search Files by MD5 Hash Ś Get File Reputation Ś Search Files by Filename Ś Get Related Files Ś Upload File

RiskIQ PassiveTotal Ś Get IP Reputation Ś Get Passive DNS (Unique) Ś Get OSINT Ś Get WHOIS Ś Get Related Samples Reputation Ś Search WHOIS Keyword Ś Get URL/Domain Reputation Ś Search WHOIS by Email

ThreatQuotient Ś Get Email Reputation Ś Get IP Reputation Ś Get File Reputation Ś Get URL/Domain Reputation

ThreatConnect Ś Get Email Reputation Ś Get File Reputation Ś Get URL/Domain Reputation Ś Get Indicators Ś Get IP Reputation

ThreatMiner Ś Get IP Whois Ś Get File Reputation Ś Get URL/Domain Whois

exabeam.com 15 Data Sheet Exabeam Security Management Platform Integrations

Product Actions

Threat Intelligence Platform

URLVoid Ś Get URL Reputation

VirusTotal Ś Detonate File in a sandbox Ś Get File Reputation (Google Cloud Security) Ś Download File Ś Get IP Reputation Ś Get Email Reputation Ś Get URL/Domain Reputation

Utilities / Others

IP-API Ś Get Geolocation IP MaxMind GeoIP2 MaxMind GeoIP3

Jenkins Ś Copy Job Ś Get Job Details Ś Create Job Ś Get Last Build Info Ś Delete Job Ś List Jobs Ś Disable Job Ś List Running Builds Ś Enable Job

Shodan Ś Lookup IP Ś Lookup URL

Screenshot Machine Ś Screenshot Machine

Slack Ś Send Message

SlashNext Ś Download HTML Ś Get IP/Domain reputation Ś Download ScreenShot Ś Get URL reputation Ś Download Text Ś URL scan Ś Get Host Report Ś URL Synchronous Scan

Vulnerability Management (VM)

Rapid7 InsightVM Ś Add Targets to Scan Ś Get Scans for Site Ś Download Scan Report Ś Get Site Info Ś Get Scan Report Ś Scan Site

Web Security and Monitoring

Zscaler Ś Activate Ś Get URL BlackList Ś Add URLs to Blacklist Ś Get URL WhiteList Ś Add URLs to Whitelist Ś Remove URLs from Blacklist Ś Get File Reputation Ś Remove URLs from Whitelist Ś Get Status

exabeam.com 16 Data Sheet Exabeam Security Management Platform Integrations

To learn more about how Exabeam can help you visit exabeam.com today.

EXA_DS_DataIntegrations_rev 2/26/21