The Exabeam CDF provides users with visibility into their Exabeam instance by ingesting Incidents into ThreatQ. In addition to the high level incident information, the integration also ingests the related indicators and attack patterns for each incident.

Exabeam is a cloud-native SIEM solution that provides teams with modern search capabilities, powerful correlation, as well as reporting, dashboarding, and case management.

The integration provides the following feeds:

• Exabeam Events - retrieves all events that are not closed.
• Exabeam - Get Case (Supplemental) - retrieves event context from Exabeam.

The integration ingests the following system object types:

• Attack Patterns
• Events
• Indicators
• IP Address