Exabeam
  • 10 Jul 2022
  • 2 Minutes to read
  • Dark
    Light
  • PDF

Exabeam

  • Dark
    Light
  • PDF

Exabeam is a cloud-based platform combining SIEM, threat detection, investigation, and response (TDIR) and XDR capabilities. Integrate Exabeam with the Axonius Cybersecurity Asset Management Platform.

Types of Assets Fetched

This adapter fetches the following types of assets:

  • Devices

Parameters

  1. Domain Name or IP Address (required) - The hostname or IP address of the Exabeam server.

  2. Login Method (required, default: Username and Password) - Select from the dropdown whether to login via Username and Password or Cluster Authentication Token.

  3. User Name and Password (required) - When the Username and Password (default) login method is selected from the Login Method dropdown, specify the credentials for a user account that has the Required Permissions to fetch assets.

  4. Cluster Authentication Token (required) - When the Cluster Authentication Token login method is selected from the Login Method dropdown, specify the cluster authentication token. An Admin must create the token. For more information, see Generating a Cluster Authentication Token.

  5. Verify SSL (required, default: false) - Select whether to verify the SSL certificate of the server against the CA database inside of Axonius. For more details, see SSL Trust & CA Settings.

  6. HTTPS Proxy (optional, default: empty) - Connect the adapter to a proxy instead of directly connecting it to the domain.

  7. HTTPS Proxy User Name (optional, default: empty) - The user name to use when connecting to the value supplied in Host Name or IP Address via the value supplied in HTTPS Proxy.

  8. HTTPS Proxy Password (optional, default: empty) - The password to use when connecting to the server using the HTTPS Proxy.

  9. To learn more about common adapter connection parameters and buttons, see Adding a New Adapter Connection.



Exabeam1


APIs

Axonius uses the Exabeam API Documentation.

Required Permissions

The value supplied in User Name must have Read permissions and an 'advanced_analyst' role to fetch assets.

Generating a Cluster Authentication Token

To generate a token:

  1. From Exabeam, select Settings > Core > Admin Operations > Cluster Authentication Token. The Cluster Authorization Token page is displayed.
  2. Click the Plus_Exabeam symbol. The Setup Token dialog is displayed.
  3. Enter the Token Name and Expiry Date in the relevant fields.
Note:

Token names can contain only letters, numbers, and spaces.

  1. In the Permission Level section, select the Default Roles for the token.
  2. Click Add Token. Use the generated file to allow your APIs to authenticate by token. Ensure that your API uses 'ExaAuthToken' in its requests. For curl clients, the request structure resembles the following:
curl -H "ExaAuthToken:<generated_token>" https://<external_host>:<api_port>/
<api_request_path>


Version Matrix

This adapter was only tested with the versions marked as supported, but may work with other versions. Contact Axonius Support if you have a version that is not listed, which is not functioning as expected.

Version Supported Notes
Advanced Analytics version i52 or greater Yes


Supported From Version

Supported from Axonius version 4.5



First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.