Exabeam Security Management Platform

this connector integrates exabeam's security management platform with swimlane turbine to query the exabeam data lake prerequisites an auth token and a host are required for authentication capabilities the exabeam security management platform integration provides the following capabilities query data lake additional information about capabilities query exabeam's data lake the exabeam data lake attempts to normalize the data from various sources but some unique variables may be missing these variables can be found in the json payload which will have the entirety of the api response there are default queries to make automation more simple they are as follows ip src ip "1 2 3 4" or dest ip "1 2 3 4" domain or url "swimlane com" and data type "web activity" other such as hash or username "username" (just a raw search of the ioc input) the start time and end time keys adds the time filter to the above queries and default to a 1 month look back ex the ip query would be src ip "1 2 3 4" or dest ip "1 2 3 4" and indextime=\[2020 07 22t13 35 35+00 00 to 2020 08 26t13 35 35+00 00] unless the "time key" (indextime) or the time look back is changed configurations api key authentication authenticates using an api key configuration parameters parameter description type required url a url to the target host string required exaauthtoken exabeam auth token string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions query data lake query data lake endpoint url /dl/api/es/search method post input argument name type required description cluster name string required cluster name to query indices array required list of indices to query ioc string optional the ioc to use in the default queries please see the connector documentation for more information custom query string optional if supplied, this query will be used and the ioc/default query will be ignored query default field string optional query analyze field start time string optional time value end time string optional time value sort field string optional parameter for query data lake sorted fields array optional parameter for query data lake source boolean optional parameter for query data lake sort order string optional parameter for query data lake highlight boolean optional parameter for query data lake query analyze wildcard boolean optional parameter for query data lake doc values array optional list of doc values defaults to \[indextime] time key string optional if filtering by time filter, which time key to filter by defaults to indextime size number optional how many records to return defaults to 100 input example {"cluster name" "local","indices" \["exabeam "],"ioc" "1 2 3 4","custom query" "custom query","query default field" "message","start time" "","end time" "","sort field" "indextime","sorted fields" \[" "],"source"\ true,"sort order" "desc","highlight"\ true,"query analyze wildcard"\ true,"doc values" \["indextime"],"time key" "indextime","size" 100} output parameter type description results object result of the operation output example {} response headers header description example content type the media type of the resource application/json date the date and time at which the message was originated thu, 01 jan 2024 00 00 00 gmt