Exabeam Reviews

I use Exabeam for it's end-to-end detection and it's user event behavioural Analytics, i find it a useful SIEM for investigating unusual behaviour by clicking into an incident from the main dashboard. From here we can go into the details of the incident, which are shown by the individual risk reasons associated with the incident. We use the events time line to investigate what events happened before and after the incident, i find it useful as we can view the event logs which shows the events as they occurred in order which helps in the incident investigation outcome.

The Exabeam SIEM has a user friendly UI interface.

The Exabeam SIEM has a clear dashboard experience which helps in monitoring the incidents as they occur, Exabeam's search facility is user friendly. You need some background experience and training to get familiar with the tool initially, however once the basics are grasped the Exabeam solution is quite straightforward to use and I think most people could pick it up and use it without to much of an issue.

The primary use case for Exabeam was to monitor security incidents and run our SOC operation. It is a SIEM tool used in our organization to handle security incidents effectively by creating a timeline or profiling based on the log sources.

Exabeam has improved our organization by speeding up the investigation process. Providing a user's profiling page allows us to see the rules a user triggered in both past and current sessions, which helps when making forward decisions. 

It also improves the speed of the investigative process by having timelines of most events or triggered events.

We were using Exabeam for security purposes only. We were collecting and storing security events from endpoints, cloud infrastructure, and data from various resources for analysis. 

We worked on incident detection, identifying user behavior and how users log into different applications that trigger conditional access policies and detect any external attacks. We had set up a conditional access policy using Azure to receive alerts. 

Additionally, we implemented an automated system for incident reporting that triggers notifications on our phones using PagerDuty. This setup was also extended to cloud systems, including Microsoft Azure and AWS, with certain thresholds.

Exabeam's alert triage automatically analyzes alerts and correlates them with log data and user behavior, helping us identify true and false positives. This has been important in prioritizing incidents using machine learning. 

It reduces the time security teams spend on low-risk incidents. Automated playbooks in Exabeam have been effective in common incidents such as isolating compromised devices or resetting users' credentials.

So my use of Exabeam was primarily focused on ingesting logs from multiple web services. The current product is designed for our organization, which involves managing multiple web services and microservices deployed on different servers. Previously, before utilizing Exabeam, we had to manually log into each server and search for the existing logs. Tracking all the logs for various web services, whether in production or in other environments like pre-production, was a challenging task. 

To address this, we incorporated Exabeam agents, both collector agents for Windows servers and Linux servers. This allowed us to collect all the logs on a single platform. If we needed specific logs for a particular service, we could directly access them on the Exabeam Cloud. 

The problem I was facing was with the user interface (UI) when trying to identify the exact services and server names.

The problem I was facing was with the UI when trying to identify the exact services and server names. The UI's left panel was not as informative as I expected. Often, when we needed to retrieve specific information or details, the UI provided a lot of information along with filter criteria. Without the filter criteria, we had to make certain changes in the Exabeam UI. For example, there were three options available to display logs: raw, execution, and view. When selecting "raw," we obtained comprehensive information, but some details were repetitive, such as the server name, service name, method, and agent activities at different times. Although we could access this information, it took time to identify the exact log statement, especially in the case of exception-related log statements. Determining the timestamp at which a particular log was ingested posed a challenge.

This improvement will assist our developers in precisely identifying their logs. Even though you have provided a bar to create a customized dashboard for verifying logs of any service, there is still a problem. If a log is generated on the production server, let's say at 8:30 PM IST or at the present time, it takes a few seconds to be ingested into Exabeam Cloud. However, in the company, Exabeam always shows repetitive logs if my log file hasn't been generated. For example, if nothing has been logged or no action has been performed on the application for the past two hours, my log file will be empty. But still, by default, the agent collectors will check the specific location we configured for log ingestion. If that location doesn't contain anything, the logs are displayed on the screen by default. This is why we need to filter and search through numerous timestamps to find the exact location of our logs.

We struggled a bit with Exabeam initially, particularly with data ingestion, since it was at the early stage of our project. We experienced some downtime with the Data Lake when it was integrated with Exabeam.

Regarding IOC searches, which involve looking for malicious files or IP addresses, Data Lake provided good results when it was operational. Several instances of downtime affected our ability to perform these searches effectively.

It is user-friendly and quite simple to use.

I have been using Exabeam Fusion SIEM on the myDesktop version.

Exabeam Fusion SIEM has a good performance and more advantages than traditional solutions.

We use Exabeam as a SIEM tool. The solution's automation capabilities are great.

The solution's reporting and dashboarding could be improved.