Exabeam AA v2

the exabeam aa v2 connector facilitates seamless integration with swimlane turbine, enabling automated security incident response and rule management exabeam aa v2 is an advanced analytics platform that enhances security operations by identifying complex threats and improving incident response this connector allows swimlane turbine users to automate the creation, deletion, and management of correlation rules, as well as to search for events within exabeam by integrating with exabeam aa v2, users can streamline their security workflows, enforce consistent security policies, and rapidly respond to potential threats with precision and efficiency prerequisites to effectively utilize the exabeam aa v2 connector with swimlane turbine, ensure you have the following oauth 2 0 client credentials for secure authentication, which include url the endpoint url for the exabeam aa v2 api api key your unique identifier to authenticate with the exabeam aa v2 api api key secret a secret key paired with your api key for enhanced security capabilities this connector provides the following capabilities create a new correlation rule delete a correlation rule get a list of all correlation rules get correlation rule details search for events update a correlation rule configurations oauth 2 0 client credentials authenticates using oauth 2 0 client credentials configuration parameters parameter description type required url a url to the target host string required client id api key string required client secret api key secret string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions create a new correlation rule initiates the creation of a new correlation rule in exabeam aa v2 using the provided json body endpoint url /correlation rules/v2/rules method post input argument name type required description severity string optional parameter for create a new correlation rule enabled boolean optional parameter for create a new correlation rule testmode boolean optional parameter for create a new correlation rule sequencesconfig object optional parameter for create a new correlation rule sequences array optional parameter for create a new correlation rule condition object required parameter for create a new correlation rule groupbyoption boolean required parameter for create a new correlation rule functiontype string required type of the resource subject string required parameter for create a new correlation rule operator string required parameter for create a new correlation rule unit string required parameter for create a new correlation rule triggeronanymatch string optional parameter for create a new correlation rule groupby array optional parameter for create a new correlation rule field string optional parameter for create a new correlation rule value string required value for the parameter time number required time value name string required name of the resource query string required parameter for create a new correlation rule commonproperties object optional parameter for create a new correlation rule groupby array optional parameter for create a new correlation rule time number required time value unit string required parameter for create a new correlation rule outcomes object optional parameter for create a new correlation rule sendemail boolean optional parameter for create a new correlation rule createcase boolean optional parameter for create a new correlation rule output parameter type description status code number http status code of the response reason string response reason phrase id string unique identifier name string name of the resource description string output field description severity string output field severity enabled boolean output field enabled type string type of the resource author string output field author lastmodifier string output field lastmodifier createdat string output field createdat updatedat string output field updatedat autodisabled boolean output field autodisabled lasttriggeredat string output field lasttriggeredat timestriggered number output field timestriggered timessuppressed number output field timessuppressed sequencesconfig object output field sequencesconfig sequences array output field sequences name string name of the resource query string output field query condition object output field condition groupbyoption boolean output field groupbyoption groupby array output field groupby functiontype string type of the resource subject string output field subject example \[ { "status code" 201, "response headers" { "content length" "140", "content type" "application/json", "date" "tue, 5 sep 2023 20 37 23 gmt" }, "reason" "ok", "json body" { "id" "3fa85f64 5717 4562 b3fc 2c963f66afa6", "name" "string", "description" "string", "severity" "none", "enabled" true, "type" "string", "author" "string", "lastmodifier" "string", "createdat" "2023 09 06t10 08 31 303z", "updatedat" "2023 09 06t10 08 31 303z", "autodisabled" true, "lasttriggeredat" "2023 09 06t10 08 31 303z", "timestriggered" 0, "timessuppressed" 0, "sequencesconfig" {} } } ] delete a correlation rule deletes a specific correlation rule in exabeam aa v2 using the provided rule id endpoint url /correlation rules/v2/rules/{{rule id}} method delete input argument name type required description rule id string required unique identifier output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "tue, 5 sep 2023 20 37 23 gmt" }, "reason" "ok", "json body" {} } ] get a list of all correlation rules retrieve a comprehensive list of all correlation rules available in exabeam aa v2 endpoint url /correlation rules/v2/rules method get output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "tue, 5 sep 2023 20 37 23 gmt" }, "reason" "ok", "json body" \[ {}, {} ] } ] get correlation rule details retrieve detailed information for a specific correlation rule in exabeam aa v2 using the rule id endpoint url /correlation rules/v2/rules/{{rule id}} method get input argument name type required description rule id string required unique identifier output parameter type description status code number http status code of the response reason string response reason phrase id string unique identifier name string name of the resource enabled boolean output field enabled description string output field description severity string output field severity author string output field author lastmodifier string output field lastmodifier createdat string output field createdat updatedat string output field updatedat autodisabled boolean output field autodisabled lasttriggeredat string output field lasttriggeredat timestriggered number output field timestriggered timessuppressed number output field timessuppressed sequencesconfig object output field sequencesconfig sequences array output field sequences name string name of the resource query string output field query condition object output field condition groupbyoption boolean output field groupbyoption functiontype string type of the resource subject string output field subject field string output field field operator string output field operator example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "tue, 5 sep 2023 20 37 23 gmt" }, "reason" "ok", "json body" { "id" "4e775ff5 78c1 4b2d 81fd 26be2632f042", "name" "rule with more than one sequence that triggers when the conditions of both seque ", "enabled" true, "description" "rule is triggered when the conditions of both sequences are met in this example ", "severity" "none", "author" "admin", "lastmodifier" "standard user", "createdat" "2023 06 25t14 48 00 000z", "updatedat" "2023 06 26t14 48 00 000z", "autodisabled" false, "lasttriggeredat" "2023 06 28t12 10 00 000z", "timestriggered" 5, "timessuppressed" 0, "sequencesconfig" {} } } ] search for events performs a search across logs and events within a specified time range using exabeam aa v2, requiring fields, starttime, endtime, and filter endpoint url /search/v2/events method post input argument name type required description limit number optional limit the number of events returned from the search request groupby array optional list of fields to group by orderby array optional order fields by asc or desc distinct boolean optional include or exclude distinct from the select clause defaults to false starttime string required timestamp to start the search (iso 8601 format) endtime string required timestamp to end the search (iso 8601 format) filter string required filter for specific events output parameter type description status code number http status code of the response reason string response reason phrase timestartedmillis number output field timestartedmillis timecompletedmillis number output field timecompletedmillis rows array output field rows additionalprop object output field additionalprop totalrows number output field totalrows example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "tue, 5 sep 2023 20 37 23 gmt" }, "reason" "ok", "json body" { "timestartedmillis" 0, "timecompletedmillis" 0, "rows" \[], "totalrows" 0 } } ] update a correlation rule updates an existing correlation rule in exabeam aa v2 using the specified rule id requires path parameters and json body endpoint url /correlation rules/v2/rules/{{rule id}} method put input argument name type required description rule id string required unique identifier severity string optional parameter for update a correlation rule enabled boolean optional parameter for update a correlation rule testmode boolean optional parameter for update a correlation rule sequencesconfig object optional parameter for update a correlation rule sequences array optional parameter for update a correlation rule condition object optional parameter for update a correlation rule groupbyoption boolean required parameter for update a correlation rule functiontype string required type of the resource subject string required parameter for update a correlation rule operator string required parameter for update a correlation rule unit string required parameter for update a correlation rule triggeronanymatch string optional parameter for update a correlation rule groupby array optional parameter for update a correlation rule field string optional parameter for update a correlation rule value string required value for the parameter name string optional name of the resource query string required parameter for update a correlation rule commonproperties object optional parameter for update a correlation rule time number optional time value unit string optional parameter for update a correlation rule outcomes object optional parameter for update a correlation rule sendemail boolean optional parameter for update a correlation rule createcase boolean optional parameter for update a correlation rule sendalerttriage boolean optional parameter for update a correlation rule output parameter type description status code number http status code of the response reason string response reason phrase id string unique identifier name string name of the resource description string output field description severity string output field severity enabled boolean output field enabled type string type of the resource author string output field author lastmodifier string output field lastmodifier createdat string output field createdat updatedat string output field updatedat autodisabled boolean output field autodisabled lasttriggeredat string output field lasttriggeredat timestriggered number output field timestriggered timessuppressed number output field timessuppressed sequencesconfig object output field sequencesconfig sequences array output field sequences name string name of the resource query string output field query condition object output field condition groupbyoption boolean output field groupbyoption groupby array output field groupby functiontype string type of the resource subject string output field subject example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "tue, 5 sep 2023 20 37 23 gmt" }, "reason" "ok", "json body" { "id" "3fa85f64 5717 4562 b3fc 2c963f66afa6", "name" "string", "description" "string", "severity" "none", "enabled" true, "type" "string", "author" "string", "lastmodifier" "string", "createdat" "2023 09 09t07 57 00 686z", "updatedat" "2023 09 09t07 57 00 686z", "autodisabled" true, "lasttriggeredat" "2023 09 09t07 57 00 686z", "timestriggered" 0, "timessuppressed" 0, "sequencesconfig" {} } } ] response headers header description example content length the length of the response body in bytes 140 content type the media type of the resource application/json date the date and time at which the message was originated tue, 5 sep 2023 20 37 23 gmt notes for more information on exabeam exabeam aa bi directional api documentation https //docs exabeam com/apis/