Skip to content

Latest commit

 

History

History
54 lines (40 loc) · 8.85 KB

README.md

File metadata and controls

54 lines (40 loc) · 8.85 KB

Exabeam

Exabeam Content Library

⚠ This location for the Exabeam Content Library has been deprecated. Updated security content is now available at the following new location: https://github.com/ExabeamLabs/Content-Library-CIM1. Be sure to bookmark the new site.

Welcome to the Exabeam Content Library.

The Content Library is an online repository of knowledge and content that organizations can use to learn about available log source integrations and security use cases.

This is a programmatic generation of content documentation from Exabeam's content repository. As new content is committed to the content repository, the Content Library is automatically updated to provide fast and easy access *.

* If you are using Advanced Analytics i63 or later, see the Content Library based on the Common Information Model.

Branch Version Content MITRE ATT&CK® Release Note
master canary Data Sources, Use Cases Coverage Map
c2206.2_62.5 i62.5 Data Sources, Use Cases Coverage Map Release Notes
c2206.2 i62.4 Data Sources, Use Cases Coverage Map Release Notes
c2204.3 i62.3 Data Sources, Use Cases Coverage Map Release Notes
c2112.2 i62.1 & i62.2 Data Sources, Use Cases Coverage Map Release Notes
c2110.2 i61 Data Sources, Use Cases Coverage Map Release Notes
c2109.2 i60 Data Sources, Use Cases Coverage Map Release Notes
c2108.2 i59 Data Sources, Use Cases Coverage Map Release Notes
c2106.2 i58 Data Sources, Use Cases Coverage Map Release Notes
c2105.2 i57 Data Sources, Use Cases Coverage Map Release Notes
c2102.5 i56 Data Sources, Use Cases Coverage Map Release Notes
c2010.6 i55 Data Sources, Use Cases Coverage Map
c2006.4 i54 Data Sources, Use Cases Coverage Map
c2002 i53 Data Sources, Use Cases Coverage Map
c1907 i52 Data Sources, Use Cases Coverage Map

How do I use it?

The Content Library provides navigation from an Exabeam supported data source to a use case (or use case to data source) showing the event types and parsers for each.

The Content Library currently allows browsing Exabeam content branches:

  • "master" branch: The master repository with the latest content developed by the Exabeam content team
  • "cxxxx" branches: Out-of-the-box content that was shipped with major Advanced Analytics releases

Browse the specific branches to see the documentation for the content that is available in the product today or browse the master repository for a peek into what is coming next ("canary" content). Note that the content in the master may not be fully tested as of yet and should be used carefully.

How can it help me?

The Content Library helps answer some of the most frequently asked questions regarding Exabeam's rich security content:

  • What use cases does Exabeam content support out of the box?

    • What are the data sources that can be used to get that content to function?
    • What are the components of Exabeam content that enable that use case?
  • What data sources does Exabeam support out of the box?

    • What use case(s) does that content enable?
    • What are the components of Exabeam content that are enabled by a data source integration?