Exabeam

Exabeam is an SIEM integration. SIEM integrations are used to perform analysis of any SIEM generated alerts, and/or to use generated data as part of investigation analysis.

The Dropzone platform integrates with the Exabeam security SIEM. Many customers ingest other alert sources into Exabeam (e.g. IDPs) and integrate Dropzone into Exabeam rather than the source systems.

Create an API Key

Exabeam requires an API key to enable. To create an API key, you must be an administrator with full access to your account.

To obtain an API Key, do the following:

As an administrator, open your Exabeam Platform
In the lower-left, navigate to Settings > API Keys
Click "+ New Keys" (or, if there are no existing API keys, "New API Keys")
Name the key something memorable, such as "Dropzone AI"
Add the following permissions
- Search, Analyze and Export (read)
- Threat Center alerts and cases (read)

If you use context management tables, also add the Context Management read permission

Click "Create"
Copy the Key ID and Key Secret values generated for use later in the Dropzone UI, where they are called "Client ID" and "Client Secret," respectively
Click "Ok, great!"

Enable Exabeam

To enable the Data Source integration, you will need the following information:

Dropzone Field

Source

API Base URL

Your region-specific Exabeam base URL, e.g. https://api.us-west.exabeam.cloud. Click here for more information

Client ID

The Key ID value you generated earlier

Client Secret

The Key Secret value you generated earlier

Navigate to your Dropzone AI tenant home page e.g. https://mycompany.dropzone.app
In the bottom left hand corner, navigate to Settings > Integrations
Click "Available"
In the Search bar, search Exabeam, then click "Configure"
Input the API Base URL, Client ID, and Client Secret
Click "Test & Save" to finish

If you have any errors engage your Dropzone AI support representative.

Last updated 9 days ago

Was this helpful?