⚠ This location for the Exabeam Content Library has been deprecated. Updated security content is now available at the following new location: https://github.com/ExabeamLabs/Content-Library-CIM1. Be sure to bookmark the new site.
Welcome to the Exabeam Content Library.
The Content Library is an online repository of knowledge and content that organizations can use to learn about available log source integrations and security use cases.
This is a programmatic generation of content documentation from Exabeam's content repository. As new content is committed to the content repository, the Content Library is automatically updated to provide fast and easy access *.
* If you are using Advanced Analytics i63 or later, see the Content Library based on the Common Information Model.
| Branch | Version | Content | MITRE ATT&CK® | Release Note |
|---|---|---|---|---|
| master | canary | Data Sources, Use Cases | Coverage Map | |
| c2206.2_62.5 | i62.5 | Data Sources, Use Cases | Coverage Map | Release Notes |
| c2206.2 | i62.4 | Data Sources, Use Cases | Coverage Map | Release Notes |
| c2204.3 | i62.3 | Data Sources, Use Cases | Coverage Map | Release Notes |
| c2112.2 | i62.1 & i62.2 | Data Sources, Use Cases | Coverage Map | Release Notes |
| c2110.2 | i61 | Data Sources, Use Cases | Coverage Map | Release Notes |
| c2109.2 | i60 | Data Sources, Use Cases | Coverage Map | Release Notes |
| c2108.2 | i59 | Data Sources, Use Cases | Coverage Map | Release Notes |
| c2106.2 | i58 | Data Sources, Use Cases | Coverage Map | Release Notes |
| c2105.2 | i57 | Data Sources, Use Cases | Coverage Map | Release Notes |
| c2102.5 | i56 | Data Sources, Use Cases | Coverage Map | Release Notes |
| c2010.6 | i55 | Data Sources, Use Cases | Coverage Map | |
| c2006.4 | i54 | Data Sources, Use Cases | Coverage Map | |
| c2002 | i53 | Data Sources, Use Cases | Coverage Map | |
| c1907 | i52 | Data Sources, Use Cases | Coverage Map |
The Content Library provides navigation from an Exabeam supported data source to a use case (or use case to data source) showing the event types and parsers for each.
The Content Library currently allows browsing Exabeam content branches:
- "master" branch: The master repository with the latest content developed by the Exabeam content team
- "cxxxx" branches: Out-of-the-box content that was shipped with major Advanced Analytics releases
Browse the specific branches to see the documentation for the content that is available in the product today or browse the master repository for a peek into what is coming next ("canary" content). Note that the content in the master may not be fully tested as of yet and should be used carefully.
The Content Library helps answer some of the most frequently asked questions regarding Exabeam's rich security content:
-
What use cases does Exabeam content support out of the box?
- What are the data sources that can be used to get that content to function?
- What are the components of Exabeam content that enable that use case?
-
What data sources does Exabeam support out of the box?
- What use case(s) does that content enable?
- What are the components of Exabeam content that are enabled by a data source integration?