You can now use the Exabeam API to retrieve MITRE ATT&CK® tactics and techniques. This can be useful to help automate security operations related to MITRE information in security content (for example in correlation rules, behavioral rules, dashboards, alerts, and cases).

The Correlation Rule endpoint now introduces the nameContains parameter to enable you to filter results by a partial or full rule name. For more information, see Correlation Rules - Get all rules.

An endpoint for deleting correlation rules by ID is now available. See Delete a correlation rule.

New API endpoints have been introduced to support viewing, creating, and updating correlation rules. See the following:

• Get a list of all correlation rules
• Create a new correlation rule
• Get correlation rule details
• Update a correlation rule

The Context Collectors endpoints are now renamed and organized as Context Management. To facilitate this change, a new path is now available: context-management/v1.

As of 31 October 2023, the previously released Context Collector endpoints are no longer available under the context-collectors/v1 path.

For more information, see End of Life APIs in the Context Collectors Administration Guide.

New Context Management endpoints are available to support the following use cases:

• Create a context table with metadata
• Get the available attributes for a specific context table type
• Get context table records by ID

For more information, see Context Management.

The following enhancements are now available with Search:

• ISO-8601 timestamp format now supported for start and end times
• Added support for field summary and full event detail examples

You can now search for audit logs using the Exabeam API. For more information, see Search audit events.