Exabeam Data Sheet

Exabeam Platform
Integrations
Inbound Data Sources for Log Ingestion and
Service Integrations for Incident Response

The ability to quickly detect, investigate, and respond to Collectors for the Cloud and
modern threats is dependent on the quality and quantity
of log data from IT and security tools. With more than 640
On-premises
different product integrations across 330 different vendors, Collectors are pre-built connectors that enable security
Exabeam works extensively with third-party vendors to teams to easily collect logs from popular cloud services
provide a holistic view of activity across users and devices such as AWS, GitHub, Google, Microsoft, Salesforce,
whether on-premises or in the cloud. and others. The Exabeam Security Operations Platform
provides extensive data collection capabilities and
Extensive Data Sources coverage. The platform provides collection from 200+
on-premises products and supports 34 cloud-delivered
Exabeam ingests data from a variety of IT and security
security products, 11 SaaS productivity applications, and
products to provide security analysts with the full
21 cloud infrastructure products.
scope of events. Exabeam Security Log Management,
Exabeam SIEM, and Exabeam Fusion ingest logs from
various sources, including VPN, endpoint, network, web,
Behavioral Analytics Extended to
database, CASB, and cloud solutions. After ingesting the the Cloud
raw logs, Exabeam then parses and enriches them with For most security information and event management
contextual information to provide security analysts with (SIEM) products, user and entity behavior analytics (UEBA)
the information they need to detect and and automation is an afterthought. By combining insights
investigate incidents. from multiple different sources, security operations get a
deeper understanding of normal activity so they can better
detect anomalies that often go undetected. By collecting
log data from SaaS productivity applications and cloud
infrastructure products, security teams can extend any
compliance-based security requirements to the cloud.

exabeam.com | 01
Exabeam Platform Integrations
Exabeam Data Sheet

Centralized Security Automation and Orchestration with

Third-party Integrations
Incident Responder allows analysts to orchestrate and automate repeated workflows with APIs to 66
different vendors and 103 products with 613 actions and operations, from semi- to fully-automated
activity. With Incident Responder, analysts can automate gathering key pieces of information about
incidents via pre-built integrations with popular security and IT infrastructure, and run response
playbooks to programmatically perform investigation, containment, or mitigation. Running response
playbooks allows organizations to respond to threats faster and more consistently.

Inbound Data Sources for Log Ingestion

Type of Log Data Sources

Authentication Ť Akamai Cloud Ť Infoblox NIOS

and Access Ť Apache Subversion Ť LastPass
Management Ť AssetView Ť MasterSAM PAM
Ť Azure Active Directory Ť Microsoft Active Directory
Ť BeyondTrust Ť Namespacer Directory
Ť BloxOne DDI Ť Okta Adaptive MFA
Ť CA Privileged Access Manager Server Ť OneLogin
Control Ť PingOne
Ť Centrify Infrastructure Services Ť Powertech Identity and Access Manager
Ť Centrify Zero Trust Privilege Services Ť RSA Authentication Manager
Ť Check Point Identity Awareness Ť SailPoint IdentityIQ
Ť Cisco Adaptive Security Appliance Ť SecureAuth Login
Ť Cisco Duo Access Ť SecureLink
Ť Cisco Firepower Ť Symantec SiteMinder
Ť Cyberark Endpoint Protection Manager Ť TACACS
Ť Cyberark Privilege Access Management Ť Thycotic Software Secret Server
Ť Entrust Identity Enterprise Ť XAMS
Ť IBM Resource Access Control Facility
Ť IdentityNow

Cloud Security Ť Apache Ť Microsoft 365

(CASB, CWP) Ť AWS CloudTrail Ť Microsoft Azure
Ť AWS CloudWatch Ť Microsoft CAS
Ť Azure Ť Netskope Security Cloud
Ť Azure Monitor Ť Open Shift
Ť Bitglass CASB Ť Oracle Public Cloud
Ť Carbon Black App Control Ť oVirt
Ť Citrix Virtual Apps Ť Palo Alto Prisma Cloud
Ť Google Cloud Platform Ť Skyhigh Networks CASB
Ť Google Workspace Ť Sterling B2B Integrator
Ť IIS Ť VMware ESXi
Ť Illumio Core Ť VMware Horizon
Ť Microsoft Defender for Cloud Ť VMware View
Ť M365 Audit Logs

exabeam.com | 02
Exabeam Platform Integrations
Exabeam Data Sheet

Inbound Data Sources for Log Ingestion

Type of Log Data Sources

Data Security Ť Code42 Incydr Ť RSA DLP

(Database, DLP) Ť Safend Data Protection Suite Ť Rubrik Cloud Data Management
Ť Forcepoint DLP Ť Salesforce
Ť InfoWatch DLP Ť SAP
Ť McAfee DLP Ť Symantec DLP
Ť Microsoft SQL Server Ť Vormetric
Ť Oracle Database Ť Workday

Email Security and Ť Barracuda Email Security Gateway Ť Microsoft Exchange

Management Ť Cisco Secure Email Ť Mimecast Secure Email Gateway
Ť hMailServer Ť Proofpoint Enterprise Protection
Ť Hornetsecurity Cloud Email Security Ť Symantec Email Security
Services Ť Targeted Threat Protection - URL
Ť IBM Lotus Notes Ť Unix Sendmail
Ť IronPort Email
Ť McAfee Email Protection

Endpoint Security Ť Auditbeat Ť McAfee Endpoint Security

(EPP/EDR) Ť Carbon Black CES Ť Microsoft Defender for Endpoint
Ť Carbon Black Cloud Enterprise EDR Ť OfficeScan
Ť Carbon Black EDR Ť SentinelOne
Ť CheckPoint Anti-Malware Ť Singularity Platform
Ť Cisco Secure Endpoint Ť Sophos Endpoint Protection
Ť CrowdStrike Falcon Ť Symantec Advanced Threat Protection
Ť Deep Security Ť Symantec EDR
Ť Digital Guardian Endpoint Protection Ť Sysmon
Ť ESET Endpoint Security Ť Tanium Core Platform
Ť Microsoft Event Viewer Ť Trend Micro
Ť Bitdefender GravityZone Ť Unix
Ť Kaspersky Endpoint Security Ť Vmware AirWatch UEM

exabeam.com | 03
Exabeam Platform Integrations
Exabeam Data Sheet

Inbound Data Sources for Log Ingestion

Type of Log Data Sources

Firewalls (WAF, Ť Airlock Security Access Hub Ť Huawei Unified Security Gateway
SWG, Proxy) Ť AWS WAF Ť Imperva Incapsula
Ť Barracuda Cloudgen Firewall Ť Imperva SecureSphere
Ť Barracuda WAF Ť IPTables
Ť Check Point NGFW Ť IPTables FW
Ť Cisco Adaptive Security Appliance Ť Juniper SRX Series
Ť Cisco Cloud Web Security Ť Magento WAF
Ť Cisco Firepower Ť McAfee Web Gateway
Ť Cisco Meraki MX appliance Ť Netscaler WAF
Ť Cisco PIX Ť NSX FW
Ť Cisco Umbrella Ť Palo Alto NGFW
Ť Citrix Web App Firewall Ť pfSense
Ť Cloudflare WAF Ť SIGSCI
Ť F5 Advanced Firewall Manager Ť Sonicwall
Ť F5 Advanced Web Application Firewall Ť Sophos XG Firewall
Ť Forcepoint Next-Gen Firewall Ť Squid
Ť FortiGate Ť Symantec Web Security Service
Ť Fortinet Enterprise Firewall Ť Trend Micro InterScan Web Security
Ť Fortinet FortiWeb Ť Web Gateway
Ť Fortinet UTM Ť Websense Security Gateway
Ť Huawei Enterprise Network Firewall Ť Zscaler Internet Access

Network Security Ť Aruba ClearPass Policy Manager Ť IBM Proventia Network IPS
(NDR, IPS, IDS) Ť Aruba Wireless controller Ť Juniper Networks
Ť Attivo BOTsink Ť LanScope Cat
Ť Check Point Threat Emulation Ť OSSEC
Ť Cisco ISE Ť Panorama
Ť Cisco Netflow Ť Pensando
Ť Cisco NPE Ť Reveal
Ť Cisco Secure Cloud Analytics Ť Ruckus
Ť Cisco Secure Network Analytics Ť ServiceNow
Ť Cisco SourceFire Ť SiteSpect
Ť Deep Discovery Inspector Ť Targeted Attack Platform
Ť F5 Ť Vectra Cognito Stream
Ť F5 BIG-IP Ť ViaScope IPScan
Ť Forescout CounterACT Ť VMware NSX
Ť F-Secure Policy Manager Ť Zeek
Ť HPE Comware

exabeam.com | 04
Exabeam Platform Integrations
Exabeam Data Sheet

Inbound Data Sources for Log Ingestion

Type of Log Data Sources

Physical Access and Ť CCURE Building Management System

Monitoring Ť OnGuard
Ť RightCrowd

Risk Management Ť DTEX InTERCEPT

Software Ť ObserveIT
Ť Tanium Integrity Monitor

SIEM Ť Advanced Analytics Ť Netwrix StealthDEFEND

Ť Akamai SIEM Ť RSA NetWitness Platform
Ť Azure Sentinel Ť SkySea ClientView
Ť Darktrace Ť Splunk
Ť Epic SIEM Ť Varonis Data Security Platform
Ť LogRhythm Ť Wazuh
Ť Netwrix Auditor

Threat Intelligence Ť Palo Alto WildFire

Platform Ť Proofpoint TAP/POD

Utilities/Other Ť Box Cloud Content Management Ť HPE 3PAR StoreServ

Ť CHCOM Ť iManage
Ť Citrix ShareFile Ť Kemp LoadMaster
Ť Cohesity DataPlatform Ť Kiteworks
Ť Dropbox Ť MoveIt Transfer
Ť ESector DEFESA Logger Ť MuleSoft
Ť FTP Ť Quest Change Auditor for Active Directory
Ť GoAnywhere MFT

VPN/Zero Trust Ť Cisco AnyConnect Ť Juniper Pulse Secure

Network Access Ť Check Point Security Gateway Ť Open VPN
Ť Citrix Gateway Ť Zscaler Private Access
Ť GlobalProtect

exabeam.com | 05
Exabeam Platform Integrations
Exabeam Data Sheet

Service Integrations for Incident Responder

Product Actions

Authentication and Authorization

Microsoft Active Ť Add User to Group Ť List user groups

Directory Ť Change Organizational Unit Ť Remove an active directory user from a group
Ť Disable user account Ť Reset password
Ť Enable user account Ť Set Host Attribute
Ť Expire Password Ť Set New Password
Ť Get User Information Ť Unlock User Account

Cisco Duo – Ť Send 2FA Push

Duo Auth

Cisco Duo – Ť Disable user account Ť Get User Information

Duo Admin Ť Enable user account

Cisco ISE Ť Get information about a device Ť List network devices

Okta Ť Add User to group Ť Reset User password

Ť Clear User Sessions Ť Send 2FA Push
Ť Get User Information Ť Suspend User
Ť Remove user from group Ť Unsuspend User

Cyberark Ť Disable User Ť Rotate account credentials

Ť Enable User

Cloud Security (CASB, CWP)

Netskope Ť Update File Hash List Ť Update URL list

Microsoft CAS Ť Bulk dismiss alert Ť Dismiss alert

Ť Bulk resolve alert Ť List alerts

Amazon AWS EC2 Ť Add Tag for Instance Ť Enable Account

Ť Remove Tag for Instance Ť Monitor Instance
Ť Get Instance Ť Start Instance
Ť Get Security Groups Ť Stop Instance
Ť Describe Tags of Instance Ť Terminate Instance
Ť Disable Account Ť Unmonitor Instance

exabeam.com | 06
Exabeam Platform Integrations
Exabeam Data Sheet

Service Integrations for Incident Responder

Product Actions

Data Security (Database, DLP)

Code42 Ť Add User To Legal Hold Ť Deauthorize Device

Ť Block Device Ť Reactivate Device
Ť Block User Ť Reactivate User
Ť Deactivate Device Ť Unblock Device
Ť Deactivate User Ť Unblock User

Email Security and Management

Google Gmail Ť Delete Emails Ť Move Emails to Trash

Ť Get Email by Message ID Ť Run Query

Microsoft Exchange Ť Delete Emails Ť Delete Emails by Message ID

Microsoft Message Ť Search Emails by sender Ť Update File Hash List

Trace

Microsoft Outlook Ť Delete Emails Ť Search Emails by sender

Office 365 Ť Delete Emails by Message ID

Mimecast Ť Add Group Member Ť List Group Members

Ť Blocks Sender Ť List Groups
Ť Block URL Ť List URLs
Ť Create Group Ť Permits Sender
Ť Decode URL Ť Permit URL
Ť Delete URL Ť Remove Group Member
Ť Get Aliases Ť Search Email
Ť Blocked Sender Policy Ť Search File Hash

SMTP Ť Internal SMTP Email Action Ť Send email to user

Ť Notify by email Ť Send Indicators via email
Ť Phishing Summary Report (Default) Ť Send template email to user
Ť Send notification email to user

exabeam.com | 07
Exabeam Platform Integrations
Exabeam Data Sheet

Service Integrations for Incident Responder

Product Actions

Endpoint Security (EPP/EDR)

Carbon Black Ť Delete Files Ť List Processes On Host

Defense Ť List Files Ť Kill Process
Ť Get File

Carbon Black Ť Create Report Ť Get Feed Reports

Enterprise EDR Ť Delete Single Feed Ť Get All Feeds
Ť Delete Report Ť Get File Metadata
Ť Download File Ť Search Process
Ť Get Single Feed Ť Update Report

Carbon Black Ť Ban Hash from Endpoint Delete File Ť Isolate (Contain) CarbonBlack Response
Response Ť Get Device Info Host Kill Process
Ť Get File Ť List alerts
Ť Get Triage Data Ť Unblock Hash
Ť Hunt File Ť Undo Host Isolation

Carbon Black Live Ť Delete File Ť Kill Process

Response Ť Delete Registry Key Ť List Files
Ť Delete Registry Value Ť List Processes
Ť Execute Script Ť Query Registry Value
Ť Get File Content Ť Set Registry Value

Cisco AMP Ť Add File to Blacklist Ť Hunt IP

Ť Get Device ID Ť Hunt URL
Ť Get Device Details Ť Hunt Username
Ť Get Device Trajectory for Indicator Ť Isolate Host
Ť Get Device Trajectory for User Ť Find Affected Hosts
Ť Hunt File Ť Remove Host from Isolation

CrowdStrike Falcon Ť Get Device Details Ť Get Processes

Host API Ť Get Domain Reputation Ť Hunt File
Ť Get File Reputation Ť Hunt URL
Ť Get IP Reputation Ť Search Device(s)
Ť Get Process Info Ť Upload IOC

exabeam.com | 08
Exabeam Platform Integrations
Exabeam Data Sheet

Service Integrations for Incident Responder

Product Actions

Endpoint Security (EPP/EDR) Contd.

Crowdstrike Falcon Ť Contain Device Ť Get Processes

Host API V2 Ť Detonate File in Sandbox Ť Get User Info
Ť Detonate URL in Sandbox Ť Hunt File
Ť Get Device Details Ť Hunt URL
Ť Get Domain Reputation Ť Search Device(s)
Ť Get File Reputation Ť Un-contain Device
Ť Get IP Reputation Ť Upload IOC
Ť Get Process Info

Cylance Optics Ť Get Device Detections Ť Get File From Host

Ť Quarantine Device Ť Unquarantine Device

Cylance Protect Ť Add Hash to Blacklist Ť Hunt File

Ť Get Device Info Ť Remove Hash from Blacklist
Ť Get Device Threats Ť Remove Hash from Whitelist
Ť Get File Reputation Ť Add Hash to Whitelist
Ť Add Tag to Host

FireEye HX Ť Get File Ť Host Containment

Ť Get Containment State Ť Hunt File – FireEyeHX
Ť Get Device Info Ť Hunt IP – FireEyeHX
Ť Get Hosts Set Ť Hunt URL – FireEyeHX
Ť Get Triage Data Ť Hunt User Name

McAfee EPO Ť Add Tag to Host Ť Remove Tag from Host

Microsoft Windows Ť Add Tag to Host Ť Find Alerts for Domain

Defender ATP Ť Collect Investigation Package Ť Find Alerts for File
Ť Find Devices for User Ť Find Alerts for IP
Ť Get Device Info Ť Find Alerts for Machine
Ť Get File Information Ť Find Alerts for User
Ť Get IP Information Ť Offboard Machine
Ť Get Investigation Package SAS URI Ť Un-quarantine Host
Ť Get Logged On Users Ť Remove App Restriction
Ť Get URL/Domain Information Ť Remove Tag from Host
Ť Hunt Domain Ť Restrict App Execution
Ť Hunt File Ť Scan Host
Ť Quarantine Host Ť Stop and Quarantine File
Ť Find Alerts for Device
exabeam.com | 09
Exabeam Platform Integrations
Exabeam Data Sheet

Service Integrations for Incident Responder

Product Actions

Endpoint Security (EPP/EDR) Contd.

SentinelOne Ť Disable 2FA push Ť Get File

Ť Enable 2FA push Ť Get Threat Forensics
Ť Get Device Info Ť Get User Information
Ť Get User Information Ť Hunt File
Ť List applications on host Ť List applications on host
Ť List Processes Ť List reports
Ť Restart Host Ť Mark as Benign
Ť Scan Host Ť Mark as Resolved
Ť Add Hash to Blacklist Ť Mark as Threat
Ť Connect to Network Ť Mark as Unresolved
Ť Find Devices for User Ť Mitigate Threat
Ť Disable 2FA push Ť Restart Host
Ť Disconnect From Network Ť Scan Host
Ť Enable 2FA push Ť List Threats on Device
Ť Get Device Info Ť Get Threats for File
Ť Get File Reputation

Symantec ATP Ť Delete File Ť Isolate Host

Ť Get File Reputation Ť Rejoin Host

Symantec Endpoint Ť Ban hash Ť Scan Host

Protection Ť Get Device Info Ť Un-quarantine Host
Ť Quarantine Host

Symantec Site Ť Get URL/Domain Category

Review

Tanium Ť Get Device Info Ť Run Sensor

Ť List Sensors

Windows Ť Get Endpoint Installed Applications Ť Get Recently Opened Files

Management Ť Get Endpoint Process List Ť Get Recently Run Applications
Instrumentation Ť Get File Ť Get Removable Device Information

exabeam.com | 10
Exabeam Platform Integrations
Exabeam Data Sheet

Service Integrations for Incident Responder

Product Actions

Endpoint Security (EPP/EDR) Contd.

Windows Remote Ť Get Endpoint Installed Applications Ť Get Recently Opened Files
Management Ť Get Endpoint Process List Ť Get Recently Run Applications
Ť Get Event Logs Ť Get Removable Device Information
Ť Get File Ť Get Triage Data

Firewalls (WAF, SWG, Proxy)

Checkpoint Firewall Ť Block IP

Fortinet Ť Block IP Ť Unblock IP

Palo Alto Networks Ť Block IP Ť Unblock IP

Firewall Ť Block URLs Ť Unblock URL

Forensics and Malware Analysis

Any Run Ť Get Analysis History Ť Run New Analysis

Ť Get Report

Cisco Threat Grid Ť Detonate File Ť Detonate URL

Cuckoo Ť Detonate File Ť Detonate URL

FireEye AX Ť Detonate File Ť Detonate URL

FireEye Detection Ť Detonate File in Sandbox

On-Demand Ť Detonate URL in Sandbox

Joe Security - Joe Ť Detonate File

Sandbox Ť Detonate URL

exabeam.com | 11
Exabeam Platform Integrations
Exabeam Data Sheet

Service Integrations for Incident Responder

Product Actions

Forensics and Malware Analysis Contd.

Palo Alto Networks Ť Detonate File

Wildfire

Payload Security Ť Detonate File

VxStream

Quicksand Ť Detonate File In A Sandbox

VMRay Analyzer Ť Detonate File in Sandbox

Ť Detonate URL in Sandbox

Yara Ť Scan File - YARA

Ť Scan Text

Incident Response Services

PagerDuty Ť Add Note Ť List Incidents

Ť Add Status Update Ť Resolve Incident
Ť Create Incident Ť Run Response Play

Information Technology Service Management (ITSM)

Atlassian JIRA Ť Add Comment Ť Delete Ticket

Ť Change Ticket Status Ť Get Ticket
Ť Create Ticket Ť Re-assign Ticket

BMC Remedy Ť Comment on Ticket Ť Set Status

Ť Create Ticket Ť Update Ticket

ServiceNow Ť Close Incident Ť Get Updates

Ť Comment on Incident Ť Update Incident
Ť Create External Ticket Ť Update Security Incident
Ť Create Security Incident

exabeam.com | 12
Exabeam Platform Integrations
Exabeam Data Sheet

Service Integrations for Incident Responder

Product Actions

Network Security (NDR, IPS, IDS)

Cisco SecureX Ť Get URL/Domain Category Ť Get IP Reputation

Cisco ISE Ť Get information about a device Ť List Network Devices

Risk Management Software

Tanium Ť Get Device Info Ť Run Sensor

Ť List Sensors

Security Information and Orchestration

Cisco SecureX Ť Get URL/Domain reputation Ť Get IP reputation

SIEM

Arcsight Logger Ť ArcSight Query

Ť Search for users who visited a URL –
ArcSight

Elasticsearch Ť Hunt File in SIEM Ť Hunt ULR in SIEM

Ť Hunt IP in SIEM Ť Run Query
Ť Hunt Keyword in SIEM

Splunk Ť Search for similar security alerts Ť Hunt URL in SIEM

Ť Get Values From Context Table Ť Splunk Query
Ť Hunt File in SIEM Ť Search for users who visited a URL
Ť Hunt IP in SIEM

IBM QRadar Ť Add Asset to Reference Set Ť Search for network connections
Ť Get Values From Lookup Table Ť Search for users who visited a URL
Ť QRadar Query

exabeam.com | 13
Exabeam Platform Integrations
Exabeam Data Sheet

Service Integrations for Incident Responder

Product Actions

Threat Intelligence Platform

AlienVault OTX Ť Get URL/Domain Reputation Ť Get File Reputation

Ť Get Email Reputation Ť Get IP Reputation

Anomali Ť Get Email Reputation Ť Upload Hash with approval

ThreatStream Ť Get File Reputation Ť Upload IP with approval
Ť Get IP Reputation Ť Upload URL with approval
Ť Get URL/Domain Reputation

APIVoid Ť Get DNS Records Ť Get Email Reputation

Ť Get DNS Reverse Records Ť Get IP Reputation
Ť Get Domain Reputation

Cisco Umbrella Ť Block Domains

Enforcement

Cisco Umbrella Ť Get Email Reputation Ť Get URL/Domain Reputation

Investigate Ť Get URL/Domain Category Ť Get Domain Whois

DomainTools Ť Get Domain Profile Ť Reverse IP

Ť Get Domain Reputation Ť Reverse Whois
Ť Get Domain Risk Score Ť Whois

Forcepoint Ť Add Api-managed category Ť Delete URL/IP from API-managed category

Ť Add URL/IP to API-managed category Ť Get system and transaction status
Ť Commit the API transaction Ť List URL/IP in API-managed category
Ť Delete Api-managed category

Google Cloud Ť Detonate File In A Sandbox Ť Get File Reputation

Security Scanner Ť Download File Ť Get IP Reputation
Ť Get Email Reputation Ť Get URL/Domain Reputation

exabeam.com | 14
Exabeam Platform Integrations
Exabeam Data Sheet

Service Integrations for Incident Responder

Product Actions

Threat Intelligence Platform Contd.

Google Safe Ť Get Email Reputation

Browsing Ť Get URL/Domain Reputation

Greynoise Ť Get IP Reputation

Have I Been Pwned Ť Get Domain Reputation

Service Ť Get Email Reputation

IBM X-Force Ť Get Email Reputation Ť Get URL/Domain Reputation

Exchange Ť Get IP Reputation

IntSights Cyber Ť Get File Reputation Ť Get URL/Domain Reputation

Intelligence Ltd. Ť Get IP Reputation

MxToolbox Ť Get Email Reputation

Ť Get URL/Domain Reputation

Palo Alto Networks Ť Get File Reputation

AutoFocus

Palo Alto WildFire Ť Detonate File

Proofpoint Ť Get Forensics Info

Proofpoint Emerging Ť Get File Reputation Ť Get IP Reputation

Threat Intelligence Ť Get Domain Reputation

Recorded Future Ť Get Email Reputation Ť Get IP Reputation

Ť Get File Reputation Ť Get URL/Domain Reputation

exabeam.com | 15
Exabeam Platform Integrations
Exabeam Data Sheet

Service Integrations for Incident Responder

Product Actions

Threat Intelligence Platform Contd.

ReversingLabs Ť Download file Ť Search Files by MD5 Hash

Ť Get File Reputation Ť Search Files by Filename
Ť Get Related Files Ť Upload File

RiskIQ PassiveTotal Ť Get IP Reputation Ť Get Passive DNS (Unique)

Ť Get OSINT Ť Get Whois
Ť Get Related Samples Reputation Ť Search Whois Keyword
Ť Get URL/Domain Reputation Ť Search Whois by Email

ThreatConnect Ť Get Email Reputation Ť Get Indicators

Ť Get File Reputation Ť Get URL/Domain Reputation
Ť Get IP Reputation

ThreatMiner Ť Get File Reputation Ť Get Domain Whois

Ť Get IP Whois

ThreatQuotient Ť Get Email Reputation Ť Get IP Reputation

Ť Get File Reputation Ť Get URL/Domain Reputation

Urlscan.io Ť Get Email Reputation

Ť Get URL/Domain Reputation

URLvoid Ť Get URL Reputation

VirusTotal Ť Detonate file Ť Get File Reputation

Ť Download file Ť Get IP Reputation
Ť Get Email Reputation Ť Get URL/Domain Reputation

Zscaler Zulu URL Ť Get Email Reputation

Analyzer Ť Get URL/Domain Reputation

exabeam.com | 16
Exabeam Platform Integrations
Exabeam Data Sheet

Service Integrations for Incident Responder

Product Actions

Utilities/Other

Maxmind GeoLite2 Ť Geolocation

Local DB

MaxMind GeoIP2 Ť Get Geolocation

Precision Web API

Maxmind Geoip3 Ť Get Geolocation IP

IP API Ť Get Geolocation

Jenkins Ť Copy Job Ť Get Job Details

Ť Create Job Ť Get Last Build Info
Ť Delete Job Ť List Jobs
Ť Disable Job Ť List Running Builds
Ť Enable Job

Screenshot Machine Ť Get URL Screenshot

Shodan Ť Lookup IP Ť Lookup URL

Slack Ť Send Message

SlashNext Ť Download HTML Ť Get IP/Domain reputation

Ť Download ScreenShot Ť Get URL reputation
Ť Download Text Ť URL scan
Ť Get Host Report Ť URL Synchronous Scan

exabeam.com | 17
Exabeam Platform Integrations
Exabeam Data Sheet

Service Integrations for Incident Responder

Product Actions

Vulnerability Management

Qualys Ť Scan host

Vulnerability Management Contd.

Rapid7 insightVM Ť Add Targets to Scan Ť Get Scans for Site

Ť Download Scan Report Ť Get Site Info
Ť Get Scan Report Ť Scan Site

Web Security and Monitoring

Zscaler Ť Activate Ť Get URL BlackList

Ť Add URLs to Blacklist Ť Get URL WhiteList
Ť Add URLs to Whitelist Ť Remove URLs from Blacklist
Ť Get File Reputation Ť Remove URLs from Whitelist
Ť Get Status

exabeam.com | 18
Exabeam Platform Integrations
Exabeam Data Sheet

Security operations success requires

a new approach: New-Scale SIEM™.
New-Scale SIEM is the powerful combination of cloud-scale Ť Exabeam Security Log Management — Cloud-scale
security log management, behavioral analytics, and an log management
automated investigation experience. Unlike most offerings Ť Exabeam SIEM — Cloud-scale log management and
that are repurposed for SIEM, the Exabeam Security powerful correlation and dashboarding
Operations Platform is a New-Scale SIEM, designed with
Ť Exabeam Fusion — Cloud-scale log management,
a purpose-built, cloud-native architecture to deliver much
industry leading analytics and automation, powerful
more than speed and scale.
correlation building and dashboarding
New-Scale SIEM enables security operations excellence: Ť Exabeam Security Investigation — Automated threat
scaling response to focus on risk-based priorities, scaling detection, investigation, and response powered by
investigations with automation, scaling detection with UEBA and threat intelligence for your existing SIEM or
behavioral analytics across billions of access points, scaling data lake
ease of use to empower talent, and controlling the scale of
Ť Exabeam Security Analytics — Automated threat
budgets with cloud economics.
detection, analytics, and automation for your existing
Whether you’re looking to replace a SIEM or complement an SIEM or data lake.
existing SIEM or Log Management solution with UEBA the
Exabeam Security Operations Platform provides a path to
security operations success.

Exabeam, the Exabeam logo, New-Scale SIEM, Detect. Defend. Defeat., Exabeam Fusion, Smart Timelines,
Security Operations Platform, and XDR Alliance are service marks, trademarks, or registered marks of Exabeam,
Inc. in the United States and/or other countries. All other brand names, product names, or trademarks belong to
their respective owners. © 2023 Exabeam, Inc. All rights reserved.

About Exabeam
Exabeam is a global cybersecurity leader that created New-Scale SIEM™
for advancing security operations. We help organizations detect threats,
defend against cyberattacks, and defeat adversaries. The powerful
combination of our cloud-scale security log management, behavioral
analytics, and automated investigation experience results in an Learn how at
unprecedented advantage over insider threats, nation states, and other Exabeam.com
cyber criminals. We understand normal behavior, even as normal keeps
changing — giving security operations teams a holistic view of incidents
for faster, more complete response.

Exabeam-Data-Sheet-Platform-Integrations-Inbound-and-Response-08|08/30/23 exabeam.com | 19