You can now use existing endpoints to define multiple recurrence patterns for correlation rules with the introduction of a new scheduleConfig property.

• Correlation rules > Get a list of all correlation rules
• Correlation rules > Create a new correlation rule
• Correlation rules > Get correlation rule details
• Correlation rules > Update a correlation rule

Recurrence patterns include several recurrence types (Daily, Weekly, Monthly, Custom). This offers granular control over when correlation rules are active, including specific times, days of the week, or days of the month.

You can now use new endpoints to retrieve a list of notes associated with a specified caseId and also add a new note to a specified case.

• Cases > List notes for a case
• Cases Create a note for a case

This will improve the experience of viewing and update cases.

You can now use a new endpoint to retrieve information about license details:

• License Consumption > Fetch license details and consumptions

This will help to monitor and manage your license entitlement and consumption effectively.

To support the new, improved versions of these endpoints, the following Threat Center endpoints will be supported for 6 months until April 15, 2026, after which they will be deprecated:

• Cases > Update case details (DEPRECATED)
• Cases> Create a new case (DEPRECATED)

We recommend updating your integrations to use the new enhanced endpoints as soon as possible to avoid disruption.

You can now use improved versions of the following Threat Center endpoints:

• Cases > Update case details
• Cases > Create a new case

These endpoints offer new options for case closure and context and now support validated closedReason values — ensuring consistency and accuracy as well as a new supportingReason free text field — allowing you to provide additional context when closing cases. These improvements help streamline case management and improve data quality across your workflows.

As such, the previous versions of these endpoints, Update case details (DEPRECATED) and Create a new case (DEPRECATED) will be supported for 6 months until April 15, 2026, after which they will be deprecated.

You can now use the following endpoints for Cloud Collector configuration and account status:

• Configs > Get Cloud Collector list
• Configs> Get Cloud Collector Config details
• Accounts> Get Cloud Collector Account list
• Accounts> Get Cloud Collector Account details

These endpoints allow you to retrieve collector and account instances as well as View details of a specific account or a specific collector (including status and recent errors).

You can now delete one or more records directly from an existing custom context table via a new public API:

• Context Management > Delete records from an existing custom context table

To delete records from a custom table, specify the values from the primary key column in the request body.

The following updates have been made to the Service Health and Consumption endpoints:

• Application Health Status > Get application health status
  • A new endpoint that allows you to programmatically retrieve the status health of your applications, including start and end dates. In addition, a new AppHealthResponse schema has been added that includes applicationName, uptime, majorOutageInSeconds, partialOutageInSeconds, and date.
• License Consumption > Fetch long term search and storage usage consumption
  • Updates to the endpoint summary
• License Consumption > Get total number of correlation rules
  • Updates to rename the endpoint (old name: Get total number of correlation rules enabled)

You can now programmatically retrieve lists of users, roles, and API keys that are configured in your environment. The following new Access Control endpoints are available to view this information without the need to log in and navigate to the Settings options:

• Access Control > Get all users
• Access Control > Get all roles
• Access Control > Get all the API keys

You can now programmatically retrieve license information for Long Term Search, Long Term Storage, and Correlation Rules, via Exabeam Public API. With the new public API you can:

Monitor and manage your license consumption by retrieving data about usage of Long Term Search and Storage

Authenticate securely using OAuth 2.0 client credentials

Review application health status including uptime and outage