The Fetch license details and consumptions API response now includes a significantly more comprehensive set of consumption metrics, including detailed information for Advanced Analytics (AA) log ingestion, long-term search capacity and consumption, long-term storage capacity and consumption, and API request consumption.

Additionally, the LicenseDetailsResponse schema now groups related ingestion details under a new logIngestionDetails object and introduces distinct nested objects for each new consumption type, improving organization and readability.

Exabeam now offers an MCP (Model Context Protocol) server that enables AI assistants like Claude, ChatGPT, and Gemini to interact directly with Exabeam's API documentation.

This integration helps developers explore APIs, understand request/response schemas, and generate code snippets—all through natural language conversation.

See https://developers.exabeam.com/exabeam/docs/exabeam-mcp-server-for-developers to learn more.

The Threat Center APIs deprecated in October 2025 are scheduled for removal on April 15, 2026.

See the original announcement for more information: https://developers.exabeam.com/exabeam/changelog/legacy-threat-center-endpoints

You can now use new endpoints to help programmatically manage content by importing and exporting a list of rules as well as by viewing all analytics rules and associated attributes.

• Detection Management > Export a list of analytics rules
• Detection Management > Import a list of rules
• Detection Management > Get all analytics rules and their attributes

📘

A maximum of 50 rules can be exported or imported at a time.

You can now use the following endpoints to view events associated to a trigger.

• Threat Center > Get alert details
• Threat Center > Get case details

📘

Only the last event will be included if there are multiple triggers (numeric or correlation rule).

You can now use new endpoints to help programmatically manage content by importing a list of correlation rules as well as exporting a list of correlation rules definitions based on the provided rule IDs.

• Correlation rules > Import a list of correlation rules
• Correlation rules > Export a list of correlation rule definitions

📘

A maximum of 50 rules can be exported at a time.

You can now use existing endpoints to define multiple recurrence patterns for correlation rules with the introduction of a new scheduleConfig property.

• Correlation rules > Get a list of all correlation rules
• Correlation rules > Create a new correlation rule
• Correlation rules > Get correlation rule details
• Correlation rules > Update a correlation rule

Recurrence patterns include several recurrence types (Daily, Weekly, Monthly, Custom). This offers granular control over when correlation rules are active, including specific times, days of the week, or days of the month.

You can now use new endpoints to retrieve a list of notes associated with a specified caseId and also add a new note to a specified case.

• Cases > List notes for a case
• Cases Create a note for a case

This will improve the experience of viewing and update cases.

You can now use a new endpoint to retrieve information about license details:

• License Consumption > Fetch license details and consumptions

This will help to monitor and manage your license entitlement and consumption effectively.

To support the new, improved versions of these endpoints, the following Threat Center endpoints will be supported for 6 months until April 15, 2026, after which they will be deprecated:

• Cases > Update case details (DEPRECATED)
• Cases> Create a new case (DEPRECATED)

We recommend updating your integrations to use the new enhanced endpoints as soon as possible to avoid disruption.