The Correlation Rule endpoint now introduces the nameContains parameter to enable you to filter results by a partial or full rule name. For more information, see Correlation Rules - Get all rules.

An endpoint for deleting correlation rules by ID is now available. See Delete a correlation rule.

New API endpoints have been introduced to support viewing, creating, and updating correlation rules. See the following:

• Get a list of all correlation rules
• Create a new correlation rule
• Get correlation rule details
• Update a correlation rule

The Context Collectors endpoints are now renamed and organized as Context Management. To facilitate this change, a new path is now available: context-management/v1.

As of 31 October 2023, the previously released Context Collector endpoints are no longer available under the context-collectors/v1 path.

For more information, see End of Life APIs in the Context Collectors Administration Guide.

New Context Management endpoints are available to support the following use cases:

• Create a context table with metadata
• Get the available attributes for a specific context table type
• Get context table records by ID

For more information, see Context Management.

The following enhancements are now available with Search:

• ISO-8601 timestamp format now supported for start and end times
• Added support for field summary and full event detail examples

You can now search for audit logs using the Exabeam API. For more information, see Search audit events.