WebsiteBlogLogin

Exabeam

Overview

You can send logs to Exabeam using an Exabeam Webhook Cloud Collector and our HTTP Data sink.

Exabeam Webhook Cloud Collector configuration

Follow these steps to generate the required Exabeam webhook:

1

Log in to the New-Scale Security Operations Platform with your registered credentials as an administrator.

2

Navigate to Collectors > Cloud Collectors and click New Collector.

3

Click Webhook. Set the name for the Cloud Collector instance and select the required format. (JSON or Raw). For the Onum ingestion, we recommend selecting the Raw format just in case you want to keep the header of the event, but this might vary depending on your needs.

4

Click Install. A message will display the authentication token and the URL to which logs are sent.

5

Copy the authentication token and URL. The URL should match the following structure: https://api2.<REGION>.exabeam.cloud/cloud-collectores/v1/logs/<FORMAT>

6

Now, access Onum and create a Secret using the bearer token obtained here. You will need to enter this information later in the HTTP Data sink configuration.

Data sink configuration

To start sending data to Exabeam, follow these steps:

1

Create a new HTTP Data sink. To do it, go to Data sinks > New Data sink and double-click HTTP.

2

Give your Data sink a Name and, optionally, add a Description and some Tags. Click Finish when you're done.

3

Now, drag your Data sink to the required Pipeline canvas. Link it to the required Listener/Action and double-click it to configure it.

4

Fill the following parameters as follows:

Parameter
Description

HTTP method*

Choose POST.

URL*

Enter your Exabeam endpoint, which should have the following format: https://api2..exabeam.cloud/cloud-collectores/v1/logs/

Message

Choose the field that contains the raw messages you would like to send to Exabeam.

Content-Type, Support special characters, Use gzip, HTTP headers

Set as required.

5

In the Bulk configuration section, fill in the parameters as follows:

Parameter
Description

Bulk allow*

Set it to true.

Delimiter*

If you have selected the Raw format, choose Manual delimiter* and leave it as new line (\n).

Maximum number of buffers per server URL*

Set as required.

Event amount*, Event time limit*

These would depend on the length of the messages you want to forward.

Each batch request is restricted to 32 MB for uncompressed payloads and 2 minutes. For optimal performance, batch as many messages as possible within a single HTTP POST request, with a request limit of 32 MB.

6

Set the Authentication type* to Bearer and in the Token* field, choose the Secret you created before (see above for help on finding this).

7

Fill in the rest of the parameters and required, and click Save.

PreviousElasticsearchNextFalcon LogScale

Last updated

Was this helpful?