Axonius Documentation
  1. Connecting Adapters
  2. Adapters D-E

Exabeam

Exabeam is a cloud-based platform combining SIEM, threat detection, investigation, and response (TDIR) and XDR capabilities. Integrate Exabeam with the Axonius Cybersecurity Asset Management Platform.

Asset Types Fetched

This adapter fetches the following types of assets:

Before You Begin

APIs

Axonius uses the Exabeam API Documentation.

  • To fetch Users, the following API endpoint is called: access-control/v1/users

Required Permissions

  • Read permissions
  • advanced_analyst role

Generating a Cluster Authentication Token

When selecting Cluster Authentication Token as the login method, this step is mandatory to be able to connect the adapter in Axonius.

🚧

Attention

The token can be generated only by admins.

  1. From Exabeam, select Settings > Core > Admin Operations > Cluster Authentication Token. The Cluster Authorization Token page is displayed.
  2. Click the symbol. The Setup Token dialog is displayed.
  3. Enter the Token Name and Expiry Date in the relevant fields.
📘

Note

Token names can contain only letters, numbers, and spaces.

  1. In the Permission Level section, select the Default Roles for the token.
  2. Click Add Token. Use the generated file to allow your APIs to authenticate by token. Ensure that your API uses 'ExaAuthToken' in its requests. For curl clients, the request structure resembles the following:
curl -H "ExaAuthToken:<generated_token>" https://<external_host>:<api_port>/<api_request_path>

Supported From Version

Supported from Axonius version 4.5

Connecting the Adapter in Axonius

Required Parameters

  1. Domain Name or IP Address - The hostname or IP address of the Exabeam server.

  2. Login Method (default: Username and Password) - Select from the dropdown whether to login via Username and Password, Cluster Authentication Token, or Access Token.

Specify the credentials for a user account that has the Required Permissions to fetch assets.

Optional Parameters

  1. Verify SSL (required, default: false) - Select whether to verify the SSL certificate of the server against the CA database inside of Axonius. For more details, see SSL Trust & CA Settings.

  2. HTTPS Proxy (optional, default: empty) - Connect the adapter to a proxy instead of directly connecting it to the domain.

  3. HTTPS Proxy User Name (optional, default: empty) - The user name to use when connecting to the value supplied in Host Name or IP Address via the value supplied in HTTPS Proxy.

  4. HTTPS Proxy Password (optional, default: empty) - The password to use when connecting to the server using the HTTPS Proxy.

  5. To learn more about common adapter connection parameters and buttons, see Adding a New Adapter Connection.

Advanced Settings

📘

Note

Advanced settings can either apply for all connections for this adapter, or you can set different advanced settings and/or different scheduling for a specific connection, refer to ​Advanced Configuration for Adapters

  1. Fetch Users (default: false) - Select this to fetch Users as assets.
  2. Fetch Devices - Selected by default. Unselect to not fetch Devices.
📘

Note

For details on general advanced settings under the Adapter Configuration tab, see Adapter Advanced Settings.

Version Matrix

This adapter was only tested with the versions marked as supported, but may work with other versions. Contact Axonius Support if you have a version that is not listed, which is not functioning as expected.

VersionSupportedNotes
Advanced Analytics version i52 or greaterYes

Related Enforcement Actions

Updated 25 days ago