You can now update Threat Center cases and alerts using the Exabeam API. This feature allows you to modify alert properties, including name, description, priority, and tags using the alert ID. For cases, you can update the stage, closure reason, queue, and assignee. These capabilities enhance your ability to monitor, automate assignments, and streamline investigations, improving the efficiency of your security operations. For more information, see Update alert details, Update case details, and Create a new case.
You can now create additional collector agents using the Exabeam API. Types include Fortinet, File (Windows and Linux), Archive (Windows), Kafka, Qradar, and EStreamer. For more information, see Create a Site Collector agent.
A new API gateway is now available in the Kingdom of Saudi Arabia (KSA) region. This expansion enables seamless integration with the Exabeam Security Operations Platform for customers operating in the Middle East. For more information, see API Gateways.
You can now use the Exabeam API to configure Site Collector templates for rapid deployment of multiple Site Collector collectors (also known as agents). For more information, see Site Collector Templates and Site Collector Agents.
To effectively and efficiently respond to threats, you can now use the Exabeam API to search and retrieve details for alerts and cases in Threat Center. For more information, see the Threat Center endpoint.
The Exabeam API now supports deployments in the Switzerland region (europe-west6 in GCP).
If your Exabeam Security Operations Platform is hosted at https://org-name.euw6.exabeam.cloud/, you can perform API queries using the base URL of https://api.ch.exabeam.cloud/.
You can now use the Exabeam API to programmatically set up Site Collectors without using the user interface. For more information, see Site Collectors endpoints.
You can now use the Exabeam API to retrieve use case information including description, scenarios, and category. For more information, see the Get a list of all use cases endpoint.
A new endpoint is available for the Context Management service that allows for the deletion of specific context tables. A table ID is required to specify the table for deletion along with All table records are deleted. Optionally, unused custom attributes can also be deleted. The new API endpoint is: DELETE /context-management/v1/tables/{id}
To try the new API, see Delete a specific context table.
You can now use the Exabeam API to retrieve MITRE ATT&CK® tactics and techniques. This can be useful to help automate security operations related to MITRE information in security content (for example in correlation rules, behavioral rules, dashboards, alerts, and cases).