You can now use new endpoints to retrieve threat timelines by specific alerts or case IDs.
- Threat Center > Threat Timeline > Get the threat timeline given an alert id
- Threat Center > Threat Timeline > Get the threat timeline given a case id
You can now use a new alertStatus field on alert-related schemas to alert update operations, request/response examples, and the alert schema definition. This allows tracking whether an alert has been read or not.
You can now use a new endpoint to support new case creation workflows without an associated alert.
The Fetch license details and consumptions API response now includes a significantly more comprehensive set of consumption metrics, including detailed information for Advanced Analytics (AA) log ingestion, long-term search capacity and consumption, long-term storage capacity and consumption, and API request consumption.
Additionally, the LicenseDetailsResponse schema now groups related ingestion details under a new logIngestionDetails object and introduces distinct nested objects for each new consumption type, improving organization and readability.
Exabeam now offers an MCP (Model Context Protocol) server that enables AI assistants like Claude, ChatGPT, and Gemini to interact directly with Exabeam's API documentation.
This integration helps developers explore APIs, understand request/response schemas, and generate code snippets—all through natural language conversation.
See https://developers.exabeam.com/exabeam/docs/exabeam-mcp-server-for-developers to learn more.
The Threat Center APIs deprecated in October 2025 are scheduled for removal on April 15, 2026.
See the original announcement for more information: https://developers.exabeam.com/exabeam/changelog/legacy-threat-center-endpoints
You can now use new endpoints to help programmatically manage content by importing and exporting a list of rules as well as by viewing all analytics rules and associated attributes.
- Detection Management > Export a list of analytics rules
- Detection Management > Import a list of rules
- Detection Management > Get all analytics rules and their attributes
A maximum of 50 rules can be exported or imported at a time.
You can now use the following endpoints to view events associated to a trigger.
- Threat Center > Get alert details
- Threat Center > Get case details
Only the last event will be included if there are multiple triggers (numeric or correlation rule).
You can now use new endpoints to help programmatically manage content by importing a list of correlation rules as well as exporting a list of correlation rules definitions based on the provided rule IDs.
- Correlation rules > Import a list of correlation rules
- Correlation rules > Export a list of correlation rule definitions
A maximum of 50 rules can be exported at a time.
You can now use existing endpoints to define multiple recurrence patterns for correlation rules with the introduction of a new scheduleConfig property.
- Correlation rules > Get a list of all correlation rules
- Correlation rules > Create a new correlation rule
- Correlation rules > Get correlation rule details
- Correlation rules > Update a correlation rule
Recurrence patterns include several recurrence types (Daily, Weekly, Monthly, Custom). This offers granular control over when correlation rules are active, including specific times, days of the week, or days of the month.