Exabeam EUBA

exabeam advanced analytics the exabeam euba connector enables seamless integration with swimlane turbine, providing automated actions for monitoring and analyzing user and asset behavior within an enterprise environment exabeam euba is an advanced security analytics platform that helps organizations detect, investigate, and respond to cyber threats this connector enables swimlane turbine users to integrate exabeam's user and entity behavior analytics (euba) capabilities into their security workflows by leveraging exabeam's insights, users can automate the retrieval of asset data, notable events, risk timelines, and security alerts, enhancing their threat detection and response strategies the integration empowers security teams to act swiftly on exabeam generated intelligence, streamlining investigations and bolstering their overall security posture exabeam advanced analytics the exabeam advanced analytics connector integrates with turbine to allow for automated actions using the advanced analytics api prerequisites to effectively utilize the exabeam euba connector with swimlane turbine, ensure you have the following prerequisites oauth 2 0 client credentials for secure authentication, which requires url endpoint for exabeam euba api access api key unique identifier to authenticate api requests api key secret confidential key paired with the api key for enhanced security api key authentication for simplified access, which involves url endpoint for exabeam euba api access exabeam authentication token specific token used for authenticating api requests http basic authentication for direct login credentials, requiring url endpoint for exabeam euba api access username your exabeam account username password your exabeam account password capabilities this connector provides the following capabilities get asset data get asset risk timeline data get asset security alerts get asset sequence triggered rules get notable users get session info get triggered rule stats data get triggered rules data get user info get user sequence data configurations exabeam euba api key authentication authenticates using an api key configuration parameters parameter description type required url a url to the target host string required exaauthtoken the exabeam authentication token string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional exabeam euba http basic authentication authenticates using username and password configuration parameters parameter description type required url a url to the target host string required username username string required password password string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional exabeam euba oauth 2 0 client credentials authenticates using oauth 2 0 client credentials configuration parameters parameter description type required url a url to the target host string required token url string optional client id the api key string required client secret the api key secret string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions get asset data retrieve detailed asset data from exabeam euba using a specific identifier such as hostname or ip address endpoint url /uba/api/asset/{{id}}/data method get input argument name type required description id string required unique identifier example \[ { "json body" {} } ] get asset notables retrieve a list of notable assets from exabeam euba based on time frame and optional parameters unit, num, and numberofresults endpoint url /uba/api/assets/notable method get input argument name type required description unit string required the timeduration unit num number required number of timeduration unit numberofresults number required number results to return output parameter type description status code number http status code of the response reason string response reason phrase assets array output field assets asset object output field asset hostname string name of the resource ipaddress string output field ipaddress assettype string type of the resource firstseen number output field firstseen lastseen number output field lastseen riskstate string output field riskstate compromisedtime number time value risksession string output field risksession highestriskscore number score value highestrisksequence object output field highestrisksequence id string unique identifier entityname string name of the resource entityvalue string value for the parameter day number output field day triggeredrulecountopt number output field triggeredrulecountopt riskscoreopt number output field riskscoreopt incidentids array unique identifier file name string name of the resource file string output field file example \[ { "status code" 200, "response headers" { "date" "mon, 04 nov 2024 13 09 02 gmt", "content type" "text/plain; charset=utf 8", "content length" "37", "connection" "keep alive", "cache control" "no cache, no store, must revalidate", "content encoding" "gzip", "expires" "0", "pragma" "no cache", "request time" "3", "set cookie" "csrf token=7941d625e16b411528c7a789109f671f905cf54d 1730725741886 c9a57a1f5b00f9 ", "strict transport security" "max age=31536000", "vary" "accept encoding", "x frame options" "sameorigin", "cf cache status" "dynamic", "server" "cloudflare" }, "reason" "ok", "json body" { "assets" \[] } } ] get asset risk timeline retrieve an asset's risk timeline from exabeam euba using its unique id and specified time range endpoint url /uba/api/asset/{{id}}/sequences method get input argument name type required description id string required the asset id starttime number required start time of the time range (in unix epoch time) endtime number required end time of the time range (in unix epoch time) example \[ { "json body" {} } ] get asset security alerts retrieve security alerts linked to a specific asset in exabeam euba by providing the unique asset id endpoint url /uba/api/asset/{{id}}/securityalerts method get input argument name type required description id string required unique identifier sortby string optional sort by a specific field sortorder number optional parameter for get asset security alerts numberofresults number optional maximum number results to return example \[ { "json body" {} } ] get asset sequence triggered rules retrieve details of rules triggered by an asset sequence in exabeam euba using the specified asset id endpoint url /uba/api/asset/sequence/{{id}}/triggeredrules method get input argument name type required description id string required unique identifier limit string optional parameter for get asset sequence triggered rules example \[ { "json body" {} } ] get notable users retrieve a list of notable users from exabeam euba based on specified time frame and parameters like unit, num, and numberofresults endpoint url /uba/api/users/notable method get input argument name type required description unit string required the timeduration unit num number required number of timeduration unit numberofresults number required number results to return output parameter type description status code number http status code of the response reason string response reason phrase users array output field users user object output field user username string name of the resource riskscore number score value averageriskscore number score value pastscores array output field pastscores lastsessionid string unique identifier firstseen number output field firstseen lastseen number output field lastseen lastactivitytype string type of the resource lastactivitytime number time value labels array output field labels pendingrisktransfers array output field pendingrisktransfers ruleid object unique identifier name string name of the resource sourcesequencename string name of the resource sourceeventid string unique identifier score number score value time number time value latestusercomment object output field latestusercomment commentid string unique identifier commenttype string type of the resource commentobjectid string unique identifier example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "thu, 2 may 2024 20 37 23 gmt" }, "reason" "ok", "json body" { "users" \[] } } ] get session info retrieve detailed information for a specific session in exabeam euba using the provided unique identifier endpoint url /uba/api/session/{{id}}/info method get input argument name type required description id string required unique identifier example \[ { "json body" {} } ] get triggered rule stats retrieve statistical data for a specific triggered rule in exabeam euba using the provided unique identifier endpoint url /uba/api/triggeredrules/{{id}}/stats method get input argument name type required description id string required unique identifier minnumberofbytes number optional parameter for get triggered rule stats numberofresults number optional result of the operation example \[ { "json body" {} } ] get triggered rules data retrieve data for all rules triggered within a specific sequence in exabeam euba endpoint url /uba/api/user/sequence/triggeredrules method get input argument name type required description sequenceid string optional unique identifier sequencetype string optional type of the resource example \[ { "json body" {} } ] get user info retrieve enriched user information, behavioral patterns, and risk scores for a specified id from exabeam euba endpoint url /uba/api/user/{{id}}/info method get input argument name type required description id string required unique identifier example \[ { "json body" {} } ] get user sequences data retrieve user sessions, account lockouts, and data feeds for a specified username within a defined time range in exabeam euba endpoint url /uba/api/user/{{username}}/sequences method get input argument name type required description username string required username to fetch data starttime number required start time of the time range (in unix epoch time) endtime number required end time of the time range (in unix epoch time) example \[ { "json body" {} } ] get user watchlists retrieves a list of user watchlists from exabeam euba using the specified 'id' parameter endpoint url /uba/api/watchlist/user/{{id}} method get input argument name type required description id string required unique identifier example \[ { "json body" {} } ] response headers header description example cache control directives for caching mechanisms no cache, no store, must revalidate cf cache status http response header cf cache status dynamic cf ray http response header cf ray 8dd4d60a8a6e2e9c hyd connection http response header connection keep alive content encoding http response header content encoding gzip content length the length of the response body in bytes 140 content type the media type of the resource application/json date the date and time at which the message was originated mon, 04 nov 2024 13 09 02 gmt expires the date/time after which the response is considered stale 0 pragma http response header pragma no cache request time http response header request time 3 server information about the software used by the origin server cloudflare set cookie http response header set cookie csrf token=7941d625e16b411528c7a789109f671f905cf54d 1730725741886 c9a57a1f5b00f99552e6d6ae; path=/; secure; httponly strict transport security http response header strict transport security max age=31536000 vary http response header vary accept encoding x frame options http response header x frame options sameorigin