Transcription
EXABEAM SECURITY MANAGEMENTPLATFORM INTEGRATIONSInbound Data Sources for Log Ingestion and ServiceIntegrations for Incident ResponseThe more data sources you have in your security incidentand event management (SIEM), the better equipped you areto detect attacks. And the more security orchestration andautomation response (SOAR) connections you have betweenyour SIEM and your IT and security systems the quickerBEHAVIORAL ANALYTICS EXTENDED TO THE CLOUDyou can respond.Exabeam Cloud Connectors are pre-built connectors thatExabeam Security Management Platform (SMP) hasapproximately 500 integrations with IT and security productsto help your analysts work smarter –providing myriad ofinbound of data sources from many vendors including cloudapplications; and SOAR integrations with 3rd party vendorsto help you automate and orchestrate your security response.EXTENSIVE DATA SOURCESExabeam ingests data from over 400 different IT and securityproducts to provide security analysts with the full scope ofevents. Exabeam Data Lake, Exabeam Advanced Analyticsand Exabeam Entity Analytics ingest logs from varioussources, including VPN, endpoint, network, web, database,CASB, and cloud solutions. After ingesting the raw logs,Exabeam then parses and enriches them with contextualinformation to provide security analysts with the informationthey need to detect and investigate incidents.enable security teams to easily collect logs from over 40popular cloud services such as AWS, GitHub, Google,Microsoft, Salesforce and others. They allow enterprisesto detect threats using behavior analytics in their cloudapplications. They also extend any compliance-basedsecurity requirements to the cloud.CENTRALIZED SECURITY AUTOMATION ANDORCHESTRATION WITH 3RD PARTY INTEGRATIONSExabeam Incident Responder integrates with approximately85 third party IT and security products. These integrationshelp your analysts to gather evidence and attach them asartifacts to incidents or quarantine affected users and assetsuntil incidents are mitigated.
List of Integrations as of October 2020INBOUND DATA SOURCES FOR LOG INGESTION Authentication and Access Management IoT/OT Security category Applications Security and Monitoring Network Access, Analysis and Monitoring Cloud Access Security Broker (CASB) Physical Access and Monitoring Cloud Security and Infrastructure Priveleged Access Management (PAM) Data Loss Prevention (DLP) Security Analytics Database Activity Monitoring (DAM) Security Information and Event Management (SIEM) Email Security and Management Threat Intelligence Platform Endpoint Security (EPP/EDR) Utilities/Others Firewalls VPN Servers Forensics and Malware Analysis Vulnerability Management (VM) Information Technology Service Management (ITSM) Web Security and MonitoringINBOUND DATA SOURCES FOR LOG INGESTIONTYPE OF LOGDATA SOURCES AdaxesBrivoCentrifyCisco Identity Service Engine (ISE)Dell EMC RSA AuthenticationManagerDell Quest TPAMDell RSA Authentication ManagerDuo Security (Cisco)Entrust IdentityGuardFortinet FortiAuthenticatorGemalto MFAHelpSystems BoKsIBM Lotus Mobile ConnectIBM RACFManageEngine ADManagerMicrosoft Active DirectoryMicrosoft Azure ADMicrosoft Azure MFANamespace rDirectory NetIQNovell eDirectoryOktaOneLoginOneSpanOpenDJ LDAPOracle Access ManagerPing IdentitySailpoint SecurityIQSecure ComputingSecure EnvoySecureAuthShibboleth IDPSiteMinderSpecopsStealthBitsSunOne LDAPSymantec VIPVMWare HorizonAPPLICATIONS SECURITYAND MONITORING Atlassian BitBucketCitrix ShareFileCitrix XenAppGitHubGoogle DriveJuniper OWALEAPMicrosoft AppLocker Microsoft OneDriveOnapsisPowerSentrySilverfortSwivelVMware VCenterZlockCLOUD ACCESS SECURITYBROKER (CASB) Bitglass Forcepoint CASB Imperva SkyfenceAUTHENTICATION AND ACCESSMANAGEMENT McAfee SkyHigh Security Cloud Netskope Symantec CloudSOCExabeam Security Management Platform Integrations2
TYPE OF LOGDATA SOURCESCLOUD SECURITY ANDINFRASTRUCTURE AWS CloudTrailAWS CloudWatchAWS GuardDutyAWS InspectorAWS RedShiftAWS ShieldBoxCitrix ShareFileDropbox BusinessGoogle Cloud Platform (GCP)Google G-SuiteGuardianKempMicrosoft Azure NetAppPalo Alto Networks PrismaPulse SecureQualysSalesforce Sales CloudSAPSkyFormation (Exabeam)Symantec Data Center Security (DCS)Thales VormetricVerdasys DigitalWorkDayXceediumZoomZScaler Web SecurityDATA LOSS PREVENTION (DLP) Accellion KiteworksCisco CloudLockCode42 IncydrCodegreenDigital GuardianForcepointForcepoint DLPFortinet UTMGTB GTBInspectorHP SafeComiManageImperva CounterbreachIMSSInfoWatchKaspersky Enterprise SecurityLexmarkLumensionMcAfee Advanced Threat Defense NasuniPalo Alto Networks AperturePharosPostfixRicohRSA DLPSafend Data Protection SuiteSkyseaSymantec BrightmailSymantec Data Loss ProtectionTrap-XTrend Micro OfficeScanTripwire EnterpriseVaronis Data Security PlatformWebsense DLPxsuiteZscaler NSSDATABASE ACTIVITY MONITORING(DAM) IBM GuardiumIBM Infosphere GuardiumImperva SecureSpherejSonar SonarGMariaDBMcAfee MDAMMicrosoft SQL Server Netwrix AuditorOracle DBPostgreSQLRanger AuditSnowflakeSybaseEMAIL SECURITY ANDMANAGEMENT Cisco Ironport ESAClearswift SEGCodegreenFireEye Email Threat Prevention(ETP) Microsoft Exchange Microsoft 365 Mimecast Email Security PostfixProofpoint Email ProtectionSymantec Email SecuritySymantec Messaging GatewayTrend Micro Email InspectorTrend Micro IMSVAWebsense ESGENDPOINT SECURITY (EPP/EDR) Contrast SecurityCrowdstrike FalconCybereasonCylanceDefendpointDtex SystemsElastic Endgame EDREnsiloAppSense Application ManagerAvecto DefendpointBit9Bromium Advanced Endpoint SecurityBusinessObjectCarbonBlack (VMWare)Cisco AMP for EndpointsCisco Threat GridExabeam Security Management Platform Integrations3
TYPE OF LOGDATA SOURCESENDPOINT SECURITY (EPP/EDR) CON’T ESET Endpoint SecurityF-SecureFidelis XPSFireEye Endpoint Security (Helix)ForcepointFortigateIBM Endpoint ManagerInvinceaKasperskyMalwareBytesMcAfee EPOMcAfee MVISIONMicrosoft Forefront/SCEPMicrosoft Windows Native Logs MobileIron EMMProtectWiseRed CanaryRSA ECATSafendSecureworksSentinelOneSkySea ClientViewSophosSymantec EndPoint ProtectionTaniumTrend Micro Apex OneVMWare CB DefenseZiftenFIREWALLS Airlock Web Application FirewallCheckPoint FirewallCisco FirePowerForcepoint NGFWFortinet Enterprise Firewall Huawei Enterprise Network FirewallPalo Alto Networks FirewallSangfor NGAFSophos FirewallZscaler Cloud FirewallFORENSICS AND MALWAREANALYSIS Attivo BotSink CenturyLink Adaptive Threat Intelligence FireEye IPSINFORMATION TECHNOLOGYSERVICE MANAGEMENT (ITSM) ServiceNowIOT/OT SECURITY Armis Nozomi NetworksNETWORK ACCESS, ANALYSISAND MONITORING AlgoSec AnalyzerArborAruba NetworksAttivo NetworksAWS BastionBCNBlueCat Networks AdonisCatoNetworksCisco MerakiCisco SystemsComwareCyphortDarktraceExtraHop Reveal(x)Extreme NetworksF5 Application Security ManagerFailsafeFireEye Network Security (NX)ForeScoutForescout CounterACTFortinet Enterprise FirewallGoogle Virtual Private Cloud (VPC)IBM Proventia Network IPSIBM QRadar Network SecurityIllumio IXIA ThreatArmor Symantec Advanced Threat Protection WazuhInfobloxLastlineLogMeIn RemotelyAnywhereMcAfee IDPSMicrosoft NPSMorphisec Nokia VitalQIPOrdr SCEPalo Alto Networks WildFireQuest InTrustRadiusRSARuckusSnortStealthWatch (Cisco)Symantec Damballa FailsafeSynology NASTipping PointTrapXTrend Micro TippingPoint NGIPSTufin SecureTrackVectra NetworksWebsense Secure GatewayZeek Network Security Monitor (Corelight)Zscaler Internet Access (ZIA)Exabeam Security Management Platform Integrations4
TYPE OF LOGDATA SOURCESPHYSICAL ACCESS ANDMONITORING PRIVELEGED ACCESSMANAGEMENT (PAM) LenelLyrixOnGuardPaxton NET2DOORPicturePerfectProWatchRedCloudRS2 ilt BeyondTrust CyberArk Lieberman Enterprise PasswordManager Liebsoft Osirium Password Manager Pro SecurelinkThycoticVanderbiltViscount (Identiv)Visma MegaflexVMWare ID Manager (VIDM)SECURITY ANALYTICS Alert LogicFireEye Endpoint Security (Helix)MalwarebytesMicrosoft Advanced ThreatAnalytics (ATA) Microsoft GraphObserveIT (Proofpoint)Palo Alto Networks Cortex XDRSplunk StreamSuricata IDSSECURITY INFORMATION ANDEVENT MANAGEMENT (SIEM) ArcSight (Micro Focus)ExabeamIBM QRadarLogRhythm McAfee ESMNitro SecurityRSA Security (Dell)SplunkTHREAT INTELLIGENCE PLATFORM Anomali ThreatStream Cisco Umbrella CenturyLink Adaptive Threat IntelligenceUTILITIES/OTHERS Absolute SIEM ConnectorAccelion KiteworksAssetViewASUPIMAxway SFTPBINDeDocsEgnyteHP Print ServerHP SafeComiManage DMSIPSwitch MOVEit (Progress)IPTablesLastPass EnterpriseLOGBinderMicrosoft RRAMicrosoft Windows PrintService MIPSMorphisec EPTPNexthinkoVirtPerforceRangerAuditRicoh (printer)SafeSendSlack Enterprise GridSSHSudoTitanFTPUnix AuditbeatUnix AuditdUnix dhcpdWebmail OWAVPN / ZERO TRUSTNETWORK ACCESS Avaya VPNCheckpointCisco ASACitrix NetscalerCognitas CrossLinkDellF5 NetworksFortinet VPNJuniper VPN NetMotion WirelessNortel ContivityPalo Alto Prisma AccessPulse SecureSecureNetSonicWall AventailSSL Open VPNZscaler ZPAAccessITAMAG BadgeAPCBadgepointCCUREDataWatch SystemsGalaxyGallagher Badge AccessGenetecHoneywell Pro-WatchICPAMJohnson Controls P2000KABA EXOSExabeam Security Management Platform Integrations5
TYPE OF LOGDATA SOURCESVULNERABILITY MANAGEMENT(VM) Rapid7 InsightVM TenableWEB SECURITY AND MONITORING Akamai CloudApacheAWS SQSBro Network SecurityCisco Ironport WSACloudflareDigital ArtsEdgeWave iPrismForcepoint Web SecurityGoogle GCP Squid ProxyGravityzoneHashiCorp TerraformIBM Security Access ManagerImperva IncapsulaSERVICE INTEGRATIONS FOR INCIDENT RESPONDER Authentication and Access Management Cloud Access Security Broker (CASB) Cloud Security and Infrastructure Email Security and Management Endpoint Security (EPP/EDR) Firewalls Forensics and Malware Analysis InfoWatchMcAfee Web GatewayMicrosoft IISMicrosoft Windows DefenderPalo Alto NetworksSquidSymantec FireglassSymantec Secure Web GatewaySymantec Web Security Service (WSS)Symantec WebFilterTMGTrend Micro InterScan Web SecurityWatchguardZscaler ZIAInformation Technology Service Management (ITSM)Security AnalyticsSecurity Information and Event Management (SIEM)Threat Intelligence PlatformUtilities/OthersWeb Security and MonitoringSERVICE INTEGRATIONS FOR INCIDENT RESPONDERPRODUCT AREAPRODUCTAUTHENTICATION AND ACCESSMANAGEMENTActive DirectoryACTIONS Add User to GroupChange Organizational UnitDisable user accountEnable user accountExpire PasswordGet User InformationList user groupsRemove an user from a group.Reset passwordSet Host AttributeSet New PasswordUnlock User AccountAdd User to GroupChange Organizational UnitDisable user accountEnable user accountExpire PasswordGet User InformationList user groupsRemove User From GroupReset passwordSet Host AttributeSet New PasswordUnlock User AccountExabeam Security Management Platform Integrations6
PRODUCT AREAPRODUCTAUTHENTICATION AND ACCESSMANAGEMENTCisco ISEACTIONS Gets information about a device List Network DevicesCyberArk Disable User Enable User Rotate User CredentialsDuo Disable User AccountEnable User AccountGet User InformationSend 2FA PushOkta Add User To GroupGet User InformationRemove User From GroupReset PasswordSend 2FA PushSuspend UserUnsuspend UserCLOUD ACCESS SECURITY BROKER(CASB)Netskope Update File Hash List Update URL ListCLOUD SECURITY ANDINFRASTRUCTUREAmazon AWS EC2 Add Tag for InstanceDescribe Tags of InstanceDisable AccountEnable AccountGet InstanceGet Security GroupsMonitor InstanceRemove Tag for InstanceStart InstanceStop InstanceTerminate InstanceUnmonitor InstanceEMAIL SECURITY ANDMANAGEMENTGoogle Gmail Delete EmailGet Email ByIdMove Email To TrashRun QueryMicrosoft ExchangeMicrosoft 365 Delete Emails Delete Emails by Message ID Search Emails by SenderMessage Trace (Microsoft) Search Emails by SenderExabeam Security Management Platform Integrations7
PRODUCT AREAPRODUCTEMAIL SECURITY ANDMANAGEMENT - CON’TMimecast Add Group MemberBlock URLBlocked Sender PolicyBlocks SenderCreate GroupDecode URLDelete URLGet AliasesList Group MembersList GroupsList UrlsPermit URLPermits SenderRemove Group MemberSearch EmailSearch File HashSMTP NotificationPhishing Summary ReportNotifyUserByEmailPhishingSend EmailSend Indicator EmailSend Template EmailCarbonBlack Defense Delete FilesGet FileKill ProcessList FilesList Processes on hostCarbonBlack Enterprise EDR Create ReportDelete Single FeedDelete ReportDownload FileGet Single FeedGet Feed ReportsGet All FeedsGet File MetadataSearch ProcessUpdate ReportCarbonBlack Response Ban Hash from EndpointDelete FileGet Device InfoGet FileGet Triage DataHunt FileIsolate (Contain) CarbonBlack Response HostKill ProcessList alertsUnblock HashUndo Host IsolationCarbonBlack Live Response Delete FileDelete Registry KeyDelete Registry ValueExecute ScriptGet File ContentKill ProcessList FilesList ProcessesQuery Registry ValueSet Registry ValueENDPOINT SECURITY (EPP/EDR)ACTIONSExabeam Security Management Platform Integrations8
PRODUCT AREAPRODUCTENDPOINT SECURITY (EPP/EDR) CON’TCisco AMPACTIONS Add File to BlacklistFind Affected HostsGet Device DetailsGet Device IDGet Device Trajectory for IndicatorGet Device Trajectory for UserHunt FileHunt IPHunt URLHunt UsernameIsolate HostRemove Host from IsolationCrowdStrike Falcon Contain DeviceDetonate File in SandboxDetonate URL in SandboxGet Device DetailsGet Device DetailsGet Domain ReputationGet File ReputationGet IP ReputationGet Process InfoGet ProcessesGet User InfoHunt FileHunt URLSearch Device(s)Search Device(s)Un-quarantine hostUpload IOCCylance OPTICS Get Device DetectionsGet File From HostQuarantine DeviceUnQuarantine DeviceCylance PROTECT Add hash to blacklistGet Device InfoGet Device ThreatsGet File ReputationHunt FileRemove Hash From BlacklistRemove Hash From WhitelistAdd hash to whitelistFireEye HX Detonate FileDetonate URLGet FileGet Containment StateGet Device InfoGet Triage DataIsolate (contain) HostHunt FileHunt IPHunt URLHunt User NameMcAfee EPO Add Tag to Host Remove Tag from HostExabeam Security Management Platform Integrations9
PRODUCT AREAPRODUCTENDPOINT SECURITY (EPP/EDR) CON’TMicrosoft WindowsDefender ATPACTIONS Add Tag to HostCollect Investigation PackageFind Alerts for DeviceFind Alerts for DomainFind Alerts for FileFind Alerts for IPFind Alerts for MachineFind Alerts for UserFind Devices for UserGet Device InfoGet File InformationGet Investigation Package SAS URIGet IP InformationGet Logged On UsersGet URL/Domain InformationHunt DomainHunt FileOffboard MachineQuarantine HostRemove App RestrictionRemove Tag from HostRestrict App ExecutionScan HostStop and Quarantine FileUn-quarantine hostSentinelOne Add Hash to BlacklistConnect to NetworkDisable 2FA pushDisconnect From NetworkEnable 2FA pushFind Devices for UserGet Device InfoGet Device InfoGet FileGet File ReputationGet Threat ForensicsGet Threats for FileGet User InformationHunt FileList applications on hostList ProcessesList reportsList Threats on DeviceMark as BenignMark as ResolvedMark as ThreatMark as UnresolvedMitigate ThreatRestart HostScan HostSymantec ATP Quarantine HostUn-quarantine HostDelete FilesGet File ReputationSymantec EndPoint Protection(EPP) Ban Hash from EndpointGet Device InfoQuarantine HostScan HostUn-quarantine HostExabeam Security Management Platform Integrations10
PRODUCT AREAPRODUCTENDPOINT SECURITY (EPP/EDR) CON’TSymantec SiteReview Get URL/Domain CategoryTanium Get Device Info List Sensors Run SensorWindows ManagementInstrumentation (WMI) Windows Remote Management(WinRM) Get Endpoint Process List Get List of Installed Applications Get triage Get Endpoint Triage Data fromWindows systems Get File Get Recently Run Applications Get Removable Device Get Recently Opened Files Get Event LogsCheckpoint Firewall Block IPFortinet Block IP Unblock IPPalo Alto Firewall AnyRun Get Analysis History Get Report Run New AnalysisCisco Threat GridPalo Alto WildfireQuickSandPayload Security VxStream Detonate file in a sandboxCuckooFireEye AXJoe SecurityVMRay Detonate file in a sandbox Detonate URL in a sandboxYara Scan file Scan textAtlassian JIRA Comment on IncidentChange Ticket StatusCreate External TicketDelete Ticket (External)Get Ticket (External)Re-assign TicketBMC Remedy Comment on TicketCreate TicketSet StatusUpdate TicketServiceNow Create External TicketUpdate Incident (External)Comment on IncidentClose Incident (External)FIREWALLSFORENSICS AND MALWAREANALYSISINFORMATION TECHNOLOGYSERVICE MANAGEMENT (ITSM)ACTIONSGet Endpoint Installed ApplicationsGet Endpoint Process ListGet Recently Opened FilesGet FileGet Recently Run ApplicationsGet Removable Device InformationBlock IPBlock URL/DomainUnblock IPUnblock URLExabeam Security Management Platform Integrations11
PRODUCT AREAPRODUCTSECURITY ANALYTICSExabeam Case ManagerACTIONS Add CommentAdd Incident TypeAdd To IncidentAggregate OutputsBase64 DecodeChange Incident AssigneeChange Incident PriorityChange Incident StatusCheck Empty FieldsClose IncidentClose Incident as False PositiveConvert Email to URLCreate TaskDiscover Anti-forensic ApplicationsDiscover Cloud ApplicationsDiscover Departed Employee Application ActivityDiscover Departed Employee File ActivityEvaluate Phishing ResultsExpert RulesExtract Hash From FileExtract Links from TextFile Investigation ReportFilter Whitelisted URLsGet Domain from URLGet HTMLHunt FileHunt Network ItemIR Action Based Set Operations.Job SearchesKeyword SearchParse Domain From EmailParse Username from EmailPhishing Expert RulesSearch IR IncidentsSummary - Departed employee playbookWHOISExabeam Advanced Analytics Accept Asset SessionAccept RuleAccept User SessionAdd Asset to WatchlistAdd Role for UserAdd User to WatchlistClear Context TableCreate Context TableGet Asset InformationGet Asset Risk ScoresGet Event InfoGet Top Device for UserGet triggered rulesGet User InformationGet User Risk ScoresGet User Session InfoGet Values from Context TableList Assets in WatchlistList Context TablesList Users in WatchlistLookup Value in Context TableRemove from Context TableRemove Role for UserReplace Context TableReset PasswordUpdate Context TableExabeam Security Management Platform Integrations12
PRODUCT AREAPRODUCTSECURITY INFORMATION ANDEVENT MANAGEMENT (SIEM)ArcSight Logger Run Query Search URL in SIEMExabeam Data Lake Clear Context TableGet Values from Context TableHunt FileHunt IPHunt KeywordHunt URL/DomainList Context TablesLookup Value in Context TableRemove from Context TableReplace Context TableRun QueryUpdate Context TableElasticsearch Hunt File in SIEMHunt IP in SIEMHunt Keyword in SIEMHunt ULR in SIEMRun QueryIBM QRadar Add Asset to Reference SetAdd Asset to Reference SetGet Values From Lookup TableRun QuerySearch for network connectionsSplunk Get Values From Context TableHunt File in SIEMHunt IP in SIEMHunt URL in SIEMSearch for similar security alertsSearch for users who visited a URLSplunk QueryAPIVoid Get DNS RecordsGet DNS Reverse RecordsGet Domain ReputationGet Email ReputationGet IP ReputationAlienVault OTX Get URL/Domain ReputationGet Email ReputationGet File ReputationGet IP ReputationAnomali ThreatStream Get Email ReputationGet IP ReputationGet File ReputationGet URL/Domain ReputationCisco Umbrella (EnforcementAPI) BlockDomainCisco Umbrella Investigate THREAT INTELLIGENCE PLATFORMACTIONS
Webmail OWA VPN / ZERO TRUST NETWORK ACCESS Avaya VPN Checkpoint Cisco ASA Citrix Netscaler Cognitas CrossLink Dell F5 Networks Fortinet VPN Juniper VPN NetMotion Wireless Nortel Contivity Palo Alto Prisma Access Pulse Secure SecureNet SonicWall Aventail SSL Open VPN .
