Exabeam

Exabeam is an SIEM integration. SIEM integrations are used to perform analysis of any SIEM generated alerts, and/or to use generated data as part of investigation analysis.

The Dropzone platform integrates with the Exabeam security SIEM. Many customers ingest other alert sources into Exabeam (e.g. IDPs) and integrate Dropzone into Exabeam rather than the source systems.

Create an API Key

Exabeam requires an API key to enable. To create an API key, you must be an administrator with full access to your account.

To obtain an API Key, do the following:

  • As an administrator, open your Exabeam Platform

  • In the lower-left, navigate to Settings > API Keys

  • Click "+ New Keys" (or, if there are no existing API keys, "New API Keys")

  • Name the key something memorable, such as "Dropzone AI"

  • Add the following permissions

    • Search, Analyze and Export (read)

    • Threat Center alerts and cases (read)

If you use context management tables, also add the Context Management read permission

  • Click "Create"

  • Copy the Key ID and Key Secret values generated for use later in the Dropzone UI, where they are called "Client ID" and "Client Secret," respectively

  • Click "Ok, great!"

Enable Exabeam

To enable the Data Source integration, you will need the following information:

Dropzone Field
Source

API Base URL

Your region-specific Exabeam base URL, e.g. https://api.us-west.exabeam.cloud. Click here for more information

Client ID

The Key ID value you generated earlier

Client Secret

The Key Secret value you generated earlier

  • Navigate to your Dropzone AI tenant home page e.g. https://mycompany.dropzone.app

  • In the bottom left hand corner, navigate to Settings > Integrations

  • Click "Available"

  • In the Search bar, search Exabeam, then click "Configure"

  • Input the API Base URL, Client ID, and Client Secret

  • Click "Test & Save" to finish

If you have any errors engage your Dropzone AI support representative.

Last updated

Was this helpful?