WebsiteBlogLogin

Send data to Exabeam

Overview

You can send logs to Exabeam using an Exabeam Webhook Cloud Collector and our HTTP Data sink.

Exabeam Webhook Cloud Collector configuration

Follow these steps to generate the required Exabeam webhook:

1

Log in to the New-Scale Security Operations Platform with your registered credentials as an administrator.

2

Navigate to Collectors > Cloud Collectors and click New Collector.

3

Click Webhook. Set the name for the Cloud Collector instance and select the required format. (JSON or Raw). For the Onum ingestion, we recommend selecting the Raw format just in case you want to keep the header of the event, but this might vary depending on your needs.

4

Click Install. A message will display the authentication token and the URL to which logs are sent.

5

Copy the authentication token and URL. The URL should match the following structure: https://api2.<REGION>.exabeam.cloud/cloud-collectores/v1/logs/<FORMAT>

6

Now, access Onum and create a Secret using the bearer token obtained here. You will need to enter this information later in the HTTP Data sink configuration.

Data sink configuration

To start sending data to Exabeam, follow these steps:

1

Create a new HTTP Data sink. To do it, go to Data sinks > New Data sink and double-click HTTP.

2

Give your Data sink a Name and, optionally, add a Description and some Tags. Click Finish when you're done.

3

Now, drag your Data sink to the required Pipeline canvas. Link it to the required Listener/Action and double-click it to configure it.

4

Fill the following parameters as follows:

  • HTTP method* - Choose POST.

  • URL* - Enter your Exabeam endpoint, which should have the following format: https://api2..exabeam.cloud/cloud-collectores/v1/logs/

  • Message - Choose the field that contains the raw messages you would like to send to Exabeam.

5

Set as required:

  • Content-Type

  • Support special characters

  • Use gzip

  • HTTP headers

6

In the Bulk configuration section, fill in the parameters as follows:

  • Set Bulk allow* to true

  • If you have selected the Raw format, choose Manual delimiter* and leave it as new line (\n).

  • Maximum number of buffers per server URL* - Set as required

  • Event amount*, Event time limit* These would depend on the length of the messages you want to forward.

Each batch request is restricted to 32 MB for uncompressed payloads and 2 minutes. For optimal performance, batch as many messages as possible within a single HTTP POST request, with a request limit of 32 MB.

7

Set the Authentication type* to Bearer and in the Token* field, choose the Secret you created before (see above for help on finding this).

8

In the Secrets area, New secret to create a new one:

  • Give the secret a Name.

  • Turn off the Expiration date option.

  • Click Add new value and paste the corresponding value.

  • Click Save.

Learn more about secrets in Onum in this article.

You can now select the created secrets in the configuration.

9

Fill in the rest of the parameters and required, and click Save.

PreviousSend data to ElasticsearchNextSend data to Microsoft Sentinel

Last updated

Was this helpful?