You can now use a new endpoint to retrieve information about license details:
- License Consumption > Fetch license details and consumptions
This will help to monitor and manage your license entitlement and consumption effectively.
To support the new, improved versions of these endpoints, the following Threat Center endpoints will be supported for 6 months until April 15, 2026, after which they will be deprecated:
- Cases > Update case details (DEPRECATED)
- Cases> Create a new case (DEPRECATED)
We recommend updating your integrations to use the new enhanced endpoints as soon as possible to avoid disruption.
You can now use improved versions of the following Threat Center endpoints:
- Cases > Update case details
- Cases > Create a new case
These endpoints offer new options for case closure and context and now support validated closedReason values — ensuring consistency and accuracy as well as a new supportingReason free text field — allowing you to provide additional context when closing cases. These improvements help streamline case management and improve data quality across your workflows.
As such, the previous versions of these endpoints, Update case details (DEPRECATED) and Create a new case (DEPRECATED) will be supported for 6 months until April 15, 2026, after which they will be deprecated.
You can now use the following endpoints for Cloud Collector configuration and account status:
- Configs > Get Cloud Collector list
- Configs> Get Cloud Collector Config details
- Accounts> Get Cloud Collector Account list
- Accounts> Get Cloud Collector Account details
These endpoints allow you to retrieve collector and account instances as well as View details of a specific account or a specific collector (including status and recent errors).
You can now delete one or more records directly from an existing custom context table via a new public API:
- Context Management > Delete records from an existing custom context table
To delete records from a custom table, specify the values from the primary key column in the request body.
The following updates have been made to the Service Health and Consumption endpoints:
- Application Health Status > Get application health status
- A new endpoint that allows you to programmatically retrieve the status health of your applications, including start and end dates. In addition, a new AppHealthResponse schema has been added that includes applicationName, uptime, majorOutageInSeconds, partialOutageInSeconds, and date.
- License Consumption > Fetch long term search and storage usage consumption
- Updates to the endpoint summary
- License Consumption > Get total number of correlation rules
- Updates to rename the endpoint (old name: Get total number of correlation rules enabled)
You can now programmatically retrieve lists of users, roles, and API keys that are configured in your environment. The following new Access Control endpoints are available to view this information without the need to log in and navigate to the Settings options:
- Access Control > Get all users
- Access Control > Get all roles
- Access Control > Get all the API keys
You can now programmatically retrieve license information for Long Term Search, Long Term Storage, and Correlation Rules, via Exabeam Public API. With the new public API you can:
Monitor and manage your license consumption by retrieving data about usage of Long Term Search and Storage
Authenticate securely using OAuth 2.0 client credentials
Review application health status including uptime and outage
You can now retrieve AI-generated Copilot Threat Summaries for individual alerts via the Exabeam API. Submit an alert ID and optional context in the prompt to receive threat insights and recommended next steps. For more information, see the Threat Center endpoint.
You can now update Threat Center cases and alerts using the Exabeam API. This feature allows you to modify alert properties, including name, description, priority, and tags using the alert ID. For cases, you can update the stage, closure reason, queue, and assignee. These capabilities enhance your ability to monitor, automate assignments, and streamline investigations, improving the efficiency of your security operations. For more information, see Update alert details, Update case details, and Create a new case.