Exabeam EUBA

exabeam advanced analytics the exabeam euba connector enables seamless integration with swimlane turbine, providing automated actions for monitoring and analyzing user and asset behavior within an enterprise environment exabeam euba is an advanced security analytics platform that helps organizations detect, investigate, and respond to cyber threats this connector enables swimlane turbine users to integrate exabeam's user and entity behavior analytics (euba) capabilities into their security workflows by leveraging exabeam's insights, users can automate the retrieval of asset data, notable events, risk timelines, and security alerts, enhancing their threat detection and response strategies the integration empowers security teams to act swiftly on exabeam generated intelligence, streamlining investigations and bolstering their overall security posture exabeam advanced analytics the exabeam advanced analytics connector integrates with turbine to allow for automated actions using the advanced analytics api prerequisites to effectively utilize the exabeam euba connector with swimlane turbine, ensure you have the following prerequisites oauth 2 0 client credentials for secure authentication, which requires url endpoint for exabeam euba api access api key unique identifier to authenticate api requests api key secret confidential key paired with the api key for enhanced security api key authentication for simplified access, which involves url endpoint for exabeam euba api access exabeam authentication token specific token used for authenticating api requests http basic authentication for direct login credentials, requiring url endpoint for exabeam euba api access username your exabeam account username password your exabeam account password capabilities this connector provides the following capabilities get asset data get asset risk timeline data get asset security alerts get asset sequence triggered rules get notable users get session info get triggered rule stats data get triggered rules data get user info get user sequence data configurations exabeam euba api key authentication authenticates using an api key configuration parameters parameter description type required url a url to the target host string required exaauthtoken the exabeam authentication token string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional exabeam euba http basic authentication authenticates using username and password configuration parameters parameter description type required url a url to the target host string required username username string required password password string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional exabeam euba oauth 2 0 client credentials authenticates using oauth 2 0 client credentials configuration parameters parameter description type required url a url to the target host string required token url string optional client id the api key string required client secret the api key secret string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions get asset data retrieve detailed asset data from exabeam euba using a specific identifier such as hostname or ip address endpoint url /uba/api/asset/{{id}}/data method get input argument name type required description path parameters id string required parameters for the get asset data action input example {"path parameters" {"id" "darnellw offici or 8 8 8 8"}} output example {"json body" {}} get asset notables retrieve a list of notable assets from exabeam euba based on time frame and optional parameters unit, num, and numberofresults endpoint url /uba/api/assets/notable method get input argument name type required description parameters unit string required the timeduration unit parameters num number required number of timeduration unit parameters numberofresults number required number results to return input example {"parameters" {"unit" "day","num" 1,"numberofresults" 10}} output parameter type description status code number http status code of the response reason string response reason phrase assets array output field assets assets asset object output field assets asset assets asset hostname string name of the resource assets asset ipaddress string output field assets asset ipaddress assets asset assettype string type of the resource assets asset firstseen number output field assets asset firstseen assets asset lastseen number output field assets asset lastseen assets asset riskstate string output field assets asset riskstate assets asset compromisedtime number time value assets asset risksession string output field assets asset risksession assets highestriskscore number score value assets highestrisksequence object output field assets highestrisksequence assets highestrisksequence id string unique identifier assets highestrisksequence entityname string name of the resource assets highestrisksequence entityvalue string value for the parameter assets highestrisksequence day number output field assets highestrisksequence day assets highestrisksequence triggeredrulecountopt number output field assets highestrisksequence triggeredrulecountopt assets highestrisksequence riskscoreopt number output field assets highestrisksequence riskscoreopt assets incidentids array unique identifier assets incidentids file name string unique identifier assets incidentids file string unique identifier output example {"status code" 200,"response headers" {"date" "mon, 04 nov 2024 13 09 02 gmt","content type" "text/plain; charset=utf 8","content length" "37","connection" "keep alive","cache control" "no cache, no store, must revalidate","content encoding" "gzip","expires" "0","pragma" "no cache","request time" "3","set cookie" "csrf token=7941d625e16b411528c7a789109f671f905cf54d 1730725741886 c9a57a1f5b00f9 ","strict transport security" "max age=31536000","vary" "accept encoding","x frame options" "sameorig get asset risk timeline retrieve an asset's risk timeline from exabeam euba using its unique id and specified time range endpoint url /uba/api/asset/{{id}}/sequences method get input argument name type required description path parameters id string required the asset id parameters starttime number required start time of the time range (in unix epoch time) parameters endtime number required end time of the time range (in unix epoch time) input example {"parameters" {"starttime" 1726073820000,"endtime" 1726073820000},"path parameters" {"id" "darnellw offici or 8 8 8 8"}} output example {"json body" {}} get asset security alerts retrieve security alerts linked to a specific asset in exabeam euba by providing the unique asset id endpoint url /uba/api/asset/{{id}}/securityalerts method get input argument name type required description path parameters id string required parameters for the get asset security alerts action parameters sortby string optional sort by a specific field parameters sortorder number optional parameters for the get asset security alerts action parameters numberofresults number optional maximum number results to return input example {"parameters" {"sortby" "user","sortorder" 1,"numberofresults" 100},"path parameters" {"id" "darnellw offici or 8 8 8 8"}} output example {"json body" {}} get asset sequence triggered rules retrieve details of rules triggered by an asset sequence in exabeam euba using the specified asset id endpoint url /uba/api/asset/sequence/{{id}}/triggeredrules method get input argument name type required description path parameters id string required parameters for the get asset sequence triggered rules action parameters limit string optional parameters for the get asset sequence triggered rules action input example {"parameters" {"limit" "20"},"path parameters" {"id" "darnellw offici or 8 8 8 8"}} output example {"json body" {}} get notable users retrieve a list of notable users from exabeam euba based on specified time frame and parameters like unit, num, and numberofresults endpoint url /uba/api/users/notable method get input argument name type required description parameters unit string required the timeduration unit parameters num number required number of timeduration unit parameters numberofresults number required number results to return input example {"parameters" {"unit" "day","num" 1,"numberofresults" 10}} output parameter type description status code number http status code of the response reason string response reason phrase users array output field users users user object output field users user users user username string name of the resource users user riskscore number score value users user averageriskscore number score value users user pastscores array output field users user pastscores users user lastsessionid string unique identifier users user firstseen number output field users user firstseen users user lastseen number output field users user lastseen users user lastactivitytype string type of the resource users user lastactivitytime number time value users user labels array output field users user labels users user pendingrisktransfers array output field users user pendingrisktransfers users user pendingrisktransfers ruleid object unique identifier users user pendingrisktransfers ruleid name string unique identifier users user pendingrisktransfers sourcesequencename string name of the resource users user pendingrisktransfers sourceeventid string unique identifier users user pendingrisktransfers score number score value users user pendingrisktransfers time number time value users user latestusercomment object output field users user latestusercomment users user latestusercomment commentid string unique identifier users user latestusercomment commenttype string type of the resource users user latestusercomment commentobjectid string unique identifier output example {"status code" 200,"response headers" {"content length" "140","content type" "application/json","date" "thu, 2 may 2024 20 37 23 gmt"},"reason" "ok","json body" {"users" \[{}]}} get session info retrieve detailed information for a specific session in exabeam euba using the provided unique identifier endpoint url /uba/api/session/{{id}}/info method get input argument name type required description path parameters id string required parameters for the get session info action input example {"path parameters" {"id" "darnellw offici or 8 8 8 8"}} output example {"json body" {}} get triggered rule stats retrieve statistical data for a specific triggered rule in exabeam euba using the provided unique identifier endpoint url /uba/api/triggeredrules/{{id}}/stats method get input argument name type required description path parameters id string required parameters for the get triggered rule stats action parameters minnumberofbytes number optional parameters for the get triggered rule stats action parameters numberofresults number optional parameters for the get triggered rule stats action input example {"parameters" {"minnumberofbytes" 1024,"numberofresults" 20},"path parameters" {"id" "darnellw offici or 8 8 8 8"}} output example {"json body" {}} get triggered rules data retrieve data for all rules triggered within a specific sequence in exabeam euba endpoint url /uba/api/user/sequence/triggeredrules method get input argument name type required description parameters sequenceid string optional parameters for the get triggered rules data action parameters sequencetype string optional parameters for the get triggered rules data action input example {"parameters" {"sequenceid" "file\@darnell waters 20210908203509","sequencetype" "sequence type"}} output example {"json body" {}} get user info retrieve enriched user information, behavioral patterns, and risk scores for a specified id from exabeam euba endpoint url /uba/api/user/{{id}}/info method get input argument name type required description path parameters id string required parameters for the get user info action input example {"path parameters" {"id" "darnell waters"}} output example {"json body" {}} get user sequences data retrieve user sessions, account lockouts, and data feeds for a specified username within a defined time range in exabeam euba endpoint url /uba/api/user/{{username}}/sequences method get input argument name type required description path parameters username string required username to fetch data parameters starttime number required start time of the time range (in unix epoch time) parameters endtime number required end time of the time range (in unix epoch time) input example {"parameters" {"starttime" 1726073820000,"endtime" 1726073820000},"path parameters" {"username" "darnell waters"}} output example {"json body" {}} get user watchlists retrieves a list of user watchlists from exabeam euba using the specified 'id' parameter endpoint url /uba/api/watchlist/user/{{id}} method get input argument name type required description path parameters id string required parameters for the get user watchlists action input example {"path parameters" {"id" "swimlane"}} output example {"json body" {}} response headers header description example cache control directives for caching mechanisms no cache, no store, must revalidate cf cache status http response header cf cache status dynamic cf ray http response header cf ray 8dd4d60a8a6e2e9c hyd connection http response header connection keep alive content encoding http response header content encoding gzip content length the length of the response body in bytes 140 content type the media type of the resource application/json date the date and time at which the message was originated mon, 04 nov 2024 13 09 02 gmt expires the date/time after which the response is considered stale 0 pragma http response header pragma no cache request time http response header request time 3 server information about the software used by the origin server cloudflare set cookie http response header set cookie csrf token=7941d625e16b411528c7a789109f671f905cf54d 1730725741886 c9a57a1f5b00f99552e6d6ae; path=/; secure; httponly strict transport security http response header strict transport security max age=31536000 vary http response header vary accept encoding x frame options http response header x frame options sameorigin