- 26 Oct 2023
- 2 Minutes to read
- Updated on 26 Oct 2023
- 2 Minutes to read
Exabeam is a cloud-based platform combining SIEM, threat detection, investigation, and response (TDIR) and XDR capabilities. Integrate Exabeam with the Axonius Cybersecurity Asset Management Platform.
Types of Assets Fetched
This adapter fetches the following types of assets:
Domain Name or IP Address (required) - The hostname or IP address of the Exabeam server.
Login Method (required, default: Username and Password) - Select from the dropdown whether to login via Username and Password or Cluster Authentication Token.
User Name and Password (required) - When the Username and Password (default) login method is selected from the Login Method dropdown, specify the credentials for a user account that has the Required Permissions to fetch assets.
Cluster Authentication Token - When the Cluster Authentication Token login method is selected from the Login Method dropdown, specify the cluster authentication token. An Admin must create the token. For more information, see Generating a Cluster Authentication Token.
Access Token - When the Access Token login method is selected from the Login Method dropdown, specify an API Key and an API Secret. Refer to Exabeam documentation.
Verify SSL (required, default: false) - Select whether to verify the SSL certificate of the server against the CA database inside of Axonius. For more details, see SSL Trust & CA Settings.
HTTPS Proxy (optional, default: empty) - Connect the adapter to a proxy instead of directly connecting it to the domain.
HTTPS Proxy User Name (optional, default: empty) - The user name to use when connecting to the value supplied in Host Name or IP Address via the value supplied in HTTPS Proxy.
HTTPS Proxy Password (optional, default: empty) - The password to use when connecting to the server using the HTTPS Proxy.
To learn more about common adapter connection parameters and buttons, see Adding a New Adapter Connection.
Axonius uses the Exabeam API Documentation.
The value supplied in User Name must have Read permissions and an 'advanced_analyst' role to fetch assets.
Generating a Cluster Authentication Token
To generate a token:
- From Exabeam, select Settings > Core > Admin Operations > Cluster Authentication Token. The Cluster Authorization Token page is displayed.
- Click the symbol. The Setup Token dialog is displayed.
- Enter the Token Name and Expiry Date in the relevant fields.
Token names can contain only letters, numbers, and spaces.
- In the Permission Level section, select the Default Roles for the token.
- Click Add Token. Use the generated file to allow your APIs to authenticate by token. Ensure that your API uses 'ExaAuthToken' in its requests. For curl clients, the request structure resembles the following:
curl -H "ExaAuthToken:<generated_token>" https://<external_host>:<api_port>/ <api_request_path>
This adapter was only tested with the versions marked as supported, but may work with other versions. Contact Axonius Support if you have a version that is not listed, which is not functioning as expected.
|Advanced Analytics version i52 or greater||Yes|
Supported From Version
Supported from Axonius version 4.5