You can now use the Exabeam API to retrieve MITRE ATT&CK® tactics and techniques. This can be useful to help automate security operations related to MITRE information in security content (for example in correlation rules, behavioral rules, dashboards, alerts, and cases).

The Correlation Rule endpoint now introduces the nameContains parameter to enable you to filter results by a partial or full rule name. For more information, see Correlation Rules - Get all rules.

An endpoint for deleting correlation rules by ID is now available. See Delete a correlation rule.

New API endpoints have been introduced to support viewing, creating, and updating correlation rules. See the following:

The Context Collectors endpoints are now renamed and organized as Context Management. To facilitate this change, a new path is now available: context-management/v1.

New Context Management endpoints are available to support the following use cases:

The following enhancements are now available with Search:

You can now search for audit logs using the Exabeam API. For more information, see Search audit events.