WebsiteBlogLogin

Exabeam

Send logs from Onum to Exabeam at this moment is using the Generic Webhook Cloud Collector.

It enables you to ingest logs into the New-Scale Security Operations Platform and use the Exabeam Search to find specific events in those logs.

See the changelog of this Data sink type here.

Overview

Onum supports integration with HTTP.

HTTP, which stands for Hypertext Transfer Protocol, is a foundational protocol for communication on the World Wide Web. It defines how messages are formatted and transmitted between web servers and browsers, enabling the retrieval and display of webpages and other web content.

Select HTTP from the list of Data sink types and click Configuration to start.

Cloud collector configuration

  1. Log in to the New-Scale Security Operations Platform with your registered credentials as an administrator.

  2. Navigate to Collectors > Cloud Collectors.

  3. Click New Collector.

  4. Click Webhook.

  5. Set the name for the Cloud Collector instance and select the format. Either Json or Raw. For the Onum ingestion we recommend to select Raw format just in case you want to keep the header of the event but this might change depending on the customer needs / use case.

  • JSON – Use JSON format to ingest a cloud log source that can forward logs in JSON format: JSON single object, or JSON Array with a single or multiple objects (compressed and uncompressed data).

  • RAW – Use RAW format to ingest a cloud log source that can forward raw logs delimited by a newline.

  1. Click Install. A message displays the authentication token and the URL to which logs are sent.

  2. Copy the authentication token and URL. The URL should match the following structure: https://api2.<REGION>.exabeam.cloud/cloud-collectores/v1/logs/<FORMAT>

  3. Create a Secret for the bearer token obtained here. You will need to enter this information later in the HTTP sink configuration.

Data sink configuration

Now you need to specify how and where to send the data, and how to establish a connection with HTTP.

Metadata

Enter the basic information for the new Data sink.

Parameters
Description

Name*

Enter a name for the new Data sink.

Description

Optionally, enter a description for the Data sink.

Tags

Add tags to easily identify your Data sink. Hit the Enter key after you define each tag

Metrics display

Decide whether or not to include this Data sink info in the metrics and graphs of the Home area.

Click Finish when complete. Your new Data sink will appear in the Data sinks area list.

Pipeline configuration

When it comes to using this Data sink in a Pipeline, you must configure the following output parameters. To do it, simply click the Data sink on the canvas and select Configuration.

Output configuration

  • HTTP method* - POST

  • URL* - the Exabeam endpoint should have the following format https://api2..exabeam.cloud/cloud-collectores/v1/logs/

  • Message - enter the raw messages you would like to send to Exabeam.

Bulk configuration

  • Bulk allow* - Set true to set a bulk amount.

  • Delimiter* if we have configured Raw it should be With delimiter (default newline)

  • Event amount & event time limit - they would depend on the length of the messages you want to forward.

Each batch request is restricted to 32 MB for uncompressed payloads and 2 minutes. For optimal performance batch as many messages as possible within a single HTTP POST request, and request limit of 32 MB.

Authentication configuration

Set the type to Bearer and select the Secret you created for the bearer token you retrieved from Exabeam Webhook (see above for help on finding this).

PreviousElasticsearchNextMicrosoft Sentinel

Last updated

Was this helpful?