Exabeam Product Categories
December 5, 2023 · View on GitHub
The following table lists the out-of-the-box supported data sources grouped by product categories.
| Product Category | Description | Product |
|---|---|---|
| File Systems and Object Storage | nutanix unified storage | |
| access management | These products establish, enforce and manage journey-time access controls to cloud, modern standards-based web, and legacy web applications. | active directory federation services appsense application manager auth0 aws bastion azure ad identity protection banyan security cloud akamai duo access entrust identity enterprise f5 access policy manager fortiauthenticator jumpcloud directory services & insights jumpcloud okta adaptive mfa onelogin onewelcome cloud identity platform oracle access management ping identity pingone secureauth idp secureauth login securid security access manager shibboleth simplesamlphp symantec siteminder symantec vip |
| application security testing | contrast agent | |
| asset management | These products support the management of an organization's IT assets like endpoints, containers, IOT, and OT devices. These products provide all of the information about the assets in the organization. | apex one lanscope cat mcafee application control qualys assetview |
| backup & recovery | These products support data management for an organization. These products deliver backup, recovery, analytics, and data governance across data in the organization. | cds code42 crashplan rubrik cloud data management |
| browser isolation | These products provide an isolation layer when a user is accessing the web via browsers. With these products, code from websites won't run on the device that accesses it. | symantec fireglass |
| cloud app security broker (casb) | -- | aws guardduty bitglass casb cisco cloudlock ermetic cloud infrastructure security forcepoint casb lacework netskope casb netskope security cloud palo alto aperture skyhigh networks casb symantec cloudsoc |
| cloud auditing | These products collect the audit logs of cloud platforms like Azure, AWS, and GCP. | aws cloudtrail azure ad activity logs azure ad sign-in logs azure monitor gcp cloudaudit google cloud platform google workspace m365 audit logs microsoft 365 oracle public cloud |
| cloud-native application protection platform (cnapp) | microsoft defender for cloud prisma access prisma cloud tanium cloud platform wiz | |
| code management | These products are a hosting service for software development and version control. They provide an easy way to manage the code and collaborate. | atlassian bitbucket github gitlab perforce |
| communication platform | These products provide a way to communicate with people in other places, like chat and video call software. | anywhere365 cisco unified communications manager sametime slack teams zoom |
| content delivery network (cdn) | cloudflare cdn | |
| credential management | These products allow users to store, generate, and manage their passwords for local applications and online services. | adssp lastpass password manager pro password reset portal specops password |
| crm (customer relationship management) | These products collect data from a range of different communication channels , including a company's website, telephone, email, live chat, marketing materials, and social media. They allow businesses to learn more about their target audiences and how to best cater for their needs. | salesforce zendesk |
| data warehouse | aws redshift | |
| database | These products are services for storing and accessing data. | amazon rds cassandra db db2 mariadb mongodb mssql mysql oracle database osquery postgresql progress database snowflake sonarg sybase teradata rdbms |
| database security | These products provide a security layer to databases, through analayzing, detection, or prevention that is specific to databases. | mcafee dam oracle audit vault and database firewall |
| ddos mitigation services | arbor cloud | |
| directory service auditing | These products collect the audit logs of directory services. Directory services map the names of network resources to their respective network addresses. | edirectory opendj semperis dsp sunone |
| dlp (data loss prevention) | These products provide visibility into data usage and movement across an organization. They can include dynamic enforcement of security policies and address data-related threats. | code42 incydr cyberhaven dlp data protection suite (dps) digital guardian network dlp forcepoint dlp gtb technologies dlp guardium infowatch dlp mcafee dlp endpoint mcafee dlp prevent proofpoint dlp reveal rsa dlp symantec dlp |
| document management | pro.file dms | |
| edr (endpoint detection & response) | These products provide endpoint system-level capabilities, including detection of security incidents, containment of incidents at the endpoint, investigation of security incidents, and remediation guidance. | carbon black ces carbon black edr cisco secure endpoint cortex xdr cyberhaven cloud data security cylance optics digital guardian endpoint protection endgame edr ensilo f5 websafe falcon fireeye endpoint security (hx) juniper advanced threat protection lumension malwarebytes endpoint detection and response malwarebytes incident response morphisec rsa ecat singularity platform symantec advanced threat protection tanium core platform |
| These products are for sending and receiving emails. | hcl notes hmailserver microsoft exchange postfix unix sendmail | |
| email security | These products provide the prediction, prevention, detection, and response framework that protects email access and protects against email attacks. They include gateways, email systems, user behavior, content security, and other supporting processes. | abnormal security armorblox barracuda email security gateway check point avanan cisco secure email clearswift secure email gateway cofense phishme fireeye email mps fireeye etp forcepoint email security gateway forcepoint email security hornetsecurity cloud email security services imsva inky anti-phishing ironport email kaspersky secure mail gateway mcafee email protection mimecast secure email gateway mimecast targeted threat protection - url phisher proofpoint email protection proofpoint enterprise protection safesend smg symantec email security tessian cloud email security trend micro email security trend micro scanmail virtru |
| endpoint auditing | These products collect audit logs on endpoins. | auditbeat azure monitor - vm insights bind dns event viewer - adfs event viewer - application event viewer - applocker event viewer - azureadpasswordprotection-dcagent event viewer - base-filtering-engine-connections event viewer - bfe resorce flows event viewer - certificateservicesclient event viewer - dfs-replication event viewer - dhcp-client event viewer - dhcp-server event viewer - directory-service event viewer - dnsserver event viewer - iphlpsvc event viewer - kernel-io event viewer - knownfolders event viewer - licensing-platform event viewer - liveid event viewer - nps event viewer - ntlm event viewer - powershell event viewer - printservice event viewer - security event viewer - sentinelone event viewer - system event viewer - taskscheduler event viewer - terminalservices-gateway event viewer - terminalservices-localsessionmanager event viewer - winnat macos openvms solaris sysmon unix auditd unix dhcpd unix named unix z/os |
| epp (endpoint protection) | These products are deployed on endpoint devices to prevent file-based malware, detect and block malicious activity from trusted and untrusted applications, and provide the investigation and remediation capabilities needed to dynamically respond to security incidents and alerts. | absolute dds advanced threat defense airlock allowlisting assetview azure atp blackberry protect bromium secure platform check point anti-malware check point endpoint security cybereason cylance protect deep security eset endpoint security gravityzone ibm security trusteer apex advanced malware protection kaspersky av kaspersky endpoint security for business malwarebytes endpoint protection mcafee endpoint security microsoft defender for endpoint officescan sophos endpoint protection symantec endpoint protection traps endpoint security manager vbcorp |
| erp (enterprise resource planning) | These products provide an integrated and continuously updated view of core business processes using common databases. They track business resources cash, raw materials, production capacity and the status of business commitments: orders, purchase orders, and payroll. | sap workday |
| esignature (electronic signature) | These products gather metadata related to signing events and create an audit trail that is cryptographically sealed to ensure the authenticity of an electronically signed document. | docusign esignature onespan sign signnow |
| event management & forwarding | These products are used for analayzing events and to transfer and store them in a different place. | adauditplus admanager plus azure event hub centrify audit and monitoring service citrix gateway connector for exchange activesync esector defesa logger logbinder for sharepoint logbinder for sql server microfocus arcsight quest change auditor for active directory quest intrust rangeraudit rsyslog search skyformation |
| file integrity monitoring | These products can determine if a file has been tampered with, updated, or corrupted. | cimtrak imperva file activity monitoring nnt changetracker tanium integrity monitor tripwire fim |
| file sharing | These products allow users to store their files outside their devices and share them with others. | box cloud content management citrix sharefile cohesity dataplatform dropbox egnyte emc isilon hpe 3par storeserv imanage kiteworks nasuni netapp netdocs synology nas |
| file transfer | These products allow users to transfer files from one place to another. | axway gateway ftp goanywhere mft liquidfiles moveit transfer sftp titanftp |
| firewall | These products secure traffic bidirectionally across networks, and can detect and prevent rogue network traffic. | barracuda cloudgen firewall check point ngfw cisco adaptive security appliance cisco firepower cisco meraki mx appliance cisco pix f5 advanced firewall manager forcepoint next-gen firewall fortigate fortinet enterprise firewall fortinet utm huawei enterprise network firewall huawei unified security gateway iptables fw juniper srx series nsx distributed firewall palo alto ngfw pfsense sangfor ngaf sonicwall sophos utm sophos xg firewall threatblockr watchguard |
| honeypot | These products can isolate and monitor an attack, and are capable of blocking or analyzing an attacker. | botsink trapx |
| human capital management (hcm) | These products include human resource functionality such as HR administration, talent management, workforce management, and HR service delivery. They may also include case management, knowledge base, and digital document management. | successfactors |
| ics security | nozomi networks guardian | |
| identity administration | These products manage digital identity and access rights across multiple systems. They aggregate and crrelate disparate identity and access rights data that is distributed throughout the IT landscape to enhance control over user access. | check point identity awareness identitynow imprivata micro focus netiq identity manager one identity manager sailpoint iiq securelink securityiq vmware identity manager xceedium |
| infrastructure monitoring? | -- | nexthink infinity sysdig monitor |
| insider risk management | These products measure, detect, and contain undesireable behavior of trusted accounts within an organization. They include capabilties to monitor insider behavior and evaluate whether the behavior falls within expectations of role and corporate risk tolerance. These risks can involve errors, fraud, information theft, or sabotage. | activtrak cyberhaven insider risk management dtex intercept forcepoint insider threat logrhythm userxdr micro focus arcsight intelligence microsoft advanced threat analytics observeit proofpoint insider threat management |
| iot security | These products provide security for information trasmittend by sensor-based things and other devices across an Internet of Things environment. | armis platform claroty netskope iot security ordr sce symantec critical system protection |
| ip address management (ipam) | These products are for planning and managing the assignment and use of IP addresses and closely related resources of a computer network. | bloxone ddi bluecat networks infoblox nios n3k nokia vitalqip |
| ips (intrusion prevention system) | These products are stand-alone physical and virtual applicances that inspect network traffic either on-premises or in the cloud. They are often located in network to inspect traffic that has passed through permimeter security devices. They provide detection via several methods. | alert logic managed detection and response cisco cognitive threat analytics cisco sourcefire damballa failsafe fidelis xps fireeye web mps ixia threatarmor managed isensor ips mcafee network security platform ossec proventia network ips sentinel ips snort suricata tippingpoint ngips zimperium mtd |
| load balancer | These products manage traffic, move packets efficienty across multiple servers, optimizes the use of network resources, and prevent network overloads. | alteon amazon route 53 avi networks software load balancer big-ip f5 lbr f5 local traffic manager kemp loadmaster |
| managed detection and response (mdr) | red canary managed detection and response vigilance | |
| managed security services | symantec managed security services | |
| mobile management | These products support the management of mobile devices, wireless networks, and other mobile computing services in a business context. | airwatch mobile device management ibm mobile connect mobileiron simplemdm mobile device management vmware airwatch |
| ndr (network detection and response) | awake security cisco secure cloud analytics cisco secure network analytics extrahop reveal(x) fidelis network verizon ndr vision one | |
| network access control (nac) | These products enable organizations to implement policies for controlling access to corporate infrastructure by both user-oriented devices and Internet of Things (IoT) devices. Policies can be based on authentication, endpoint configuration, or user role or identity. | airespace wireless lan controller aruba clearpass policy manager cisco acs cisco ise forescout counteract microsoft network policy server packetfence portnox clear unifi access point viascope ipscan |
| network analyzer | These products are used for analyzing network traffic. | cisco netflow cloudflare insights gigavue-hc2 irondefense microsoft dhcp log microsoft dns log network security group flow logs vectra cognito stream vpc flow logs zeek |
| network automation and orchestration | These products automate the maintenance of virtual and physical network device configurations, providing an opportunity to lower costs, reduce human error, and improve compliance with configuration policies. | f5 big-ip dns msdhcp |
| network devices | These products represent network devices and their operating systems. | aruba wireless controller arubaos avaya ethernet routing switch cisco ios hpe comware junos os |
| network infrastructure & management | These products support management of the network environment and infrastructure in the organization. | extremecloud iq ruckus zebra wlan management |
| network performance monitoring | These products leverage a combination of data sources to provide a holistic view of how networks (including corporate on-premises, cloud, multicloud, hybrid, and other networks) are performing. Based on network-derived performance data, these tools provide insight into the quality of the end-user experience. | nagios splunk stream |
| network security policy management (nspm) | algosec firewall analyzer mcafee epolicy orchestrator panorama tufin securetrack | |
| operational technology security | ctd | |
| other | These products do not fit into one of the defined product categories. | adaxes apache subversion apache tomcat apc aruba mobility master attack analytics buildkite chcom cisco dhcp clearsense cortex xsoar counterbreach dxc technology edocs emp f-secure client security f-secure policy manager f5 big-ip fast enterprises gentax fileauditor filesite gamma hp ilo hp virtual connect enterprise manager ibm datapower ibm mainframe ibm resource access control facility ibm icdb imss jh kasada leap mulesoft anypoint platform mvision namespace rdirectory onapsis pensando phantom pharos picture perfect postscript powersentry riverbed steelhead rstudio server ruid rundeck safend dps sailpoint fam seclore servicenow sitespect smartdefense sophos safeguard stealthbits stealth defend stealthintercept sterling b2b integrator swift tanium threat response terraform usb vectra cognito detect vmware nsx vormetric weblogin xams xplan xsuite zlock |
| physical access control | These products help organizations to monitor and forbid entrance to physical locations in their organization, like a person entering an office or a building. | accessit universal.net aviglion acm badge badgepoint brivo ccure building management system datawatch galaxy gallagher access control generic badge access genetec badge honeywell pro-watch honeywell siama honeywell win-pak icpam identiv johnson controls p2000 kaba exos lenel onguard lyrix net2door onguard rightcrowd rs2 technologies securityexpert sensormatik siemens access control swipes symmetry access control timelox vanderbilt |
| printer | These products represent printers or the software that operates them. | asupim hp laserjet printer hp print server hp safecom lexmark ricoh printer xerox xps |
| printing management | ysoft | |
| privilege access management | These products help organizations provide secure privileged access to critical assets and meet compliance requirements by managing and monitoring privileged accounts and access. | admin by request beyondinsight beyondtrust privileged identity beyondtrust secure remote access beyondtrust ca privileged access manager server control centrify infrastructure services cyberark endpoint privilege manager cyberark privilege access manager hashicorp vault mastersam pam megaflex osirium pam360 passwordstate powertech identity and access manager thycotic software secret server unix privilege management |
| proxy | These products are server applications that act as an intermediary between a client requesting a resource and the server providing that resource. | envoy microsoft web application proxy squid |
| remote access | These products allow users to take control of a remote machine. | apache guacamole microsoft rras remotelyanywhere secomea |
| sandboxing | These products are used for exceution of untested or untrusted programs or code, possibly from unverified or untrusted third parties, suppliers, users, or websites, without risking harm to the host machine or operating system. They are frequently used to test unverified programs that may contain a virus or other malicious code without allowing the software to harm the host device. | check point threat emulation deep discovery inspector lastline symantec content analysis system targeted attack platform |
| security configuration management (scm) | aws ssm tripwire enterprise | |
| security services edge (sse) | appomni saas security blue coat proxysg check point vsec virtual edition cisco cloud web security cisco gateway cisco secure web appliance cisco umbrella digital arts i-filter for business edgewave iprism iboss cloud ironport web security mcafee siteadvisor mcafee web gateway microsoft cas mimecast web security proofpoint casb skyhigh security cloud suridata saas security posture management symantec virtual secure web gateway symantec web security service trend micro cloud app security trend micro interscan web security websense security gateway zscaler internet access | |
| siem (security information and event management) | These products aggregate event data produced by security devices, network infrastructure, systems, and applications. They allow analysis of event data in real time for early detection of attacks and breaches. The event data can be combined with contextual data about users, assets, threats, and vulnerabilities. | advanced analytics akamai siem audit log azure sentinel correlation rule darktrace epic siem eyeinspect fireeye cms fireeye helix ibm sense logrhythm mcafee enterprise security manager netwrix auditor qradar siem rsa netwitness platform skysea clientview splunk es splunk se varonis data security platform wazuh |
| social networks | google plus | |
| software-defined networking | cisco aci | |
| threat intelligence | These products deliver knowledge, information, and data about cybersecurity threats. | centurylink managed security service f5 ip intelligence palo alto wildfire |
| unified endpoint management (UEM) | These products provide agent and agentless management fo computers and mobile devices through a single console. | citrix endpoint management |
| user authentication | These products provide real-time corroboration of an identity claim by a person accessing an organization�s assets. They enable or provide one or more credential-based or signal-based authentication methods that can augment or replace legacy passwords. | azure mfa centrify authentication service centrify zero trust privilege services digipass for apps gemalto mfa rsa adaptive authentication rsa authentication manager secure computing safeword securenvoy multi-factor authentication silverfort authentication platform swivel thales |
| virtualization & containers | These products provide the abillity to create a virtual version of things like virtual computer hardware platforms, storage devices, and computer network resources. | amazon eks citrix virtual apps citrix virtual desktop openshift ovirt vcenter vmware esxi vmware horizon vmware view |
| vpn (virtual private network) | These products can be used to achieve security and confidentiality for data in motion by means of encryption and access controls. Solutions may be implemented in software on end-user devices, servers, and appliances. | anyconnect avaya vpn barracuda cloudgen access cato cloud check point security gateway citrix gateway cognitas crosslink fortinet vpn globalprotect ivanti pulse secure meraki asa ncp netmotion wireless nortel contivity vpn open vpn securenet web application proxy-tls gateway zscaler private access |
| vulnerability assessment | These products provide capabilities to identify, categorize, and manage vulnerabilities. These include unsecure system configurations or missing patches, as well as other security-related updates in the systems connected to the enterprise network directly, remotely, or in the cloud. | rapid7 insightvm tenable.io uptycs endpoint security and vulnerability management |
| waf (web application firewall) | Theses products filter, monitor, and block HTTP traffic to and from a web service. By inspecting HTTP traffic, they can prevent attacks exploiting a web application's vulnerabilities. | airlock security access hub aws waf barracuda waf citrix web app firewall cloudflare waf f5 advanced web application firewall f5 application security manager f5 silverline fortiweb web application firewall imperva incapsula imperva securesphere imperva web application firewall magento waf radware waf sigsci |
| web server | nonstop | |
| web server auditing | These products collect audit logs of web servers. | apache microsoft iis microsoft wmi log |
| workload protection | These products protect server workloads in hybrid, multicloud data center environments. They provide consistent visibility and control for physical machines, virtual machines (VMs), containers, and serverless workloads, regardless of location. | aws cloudwatch carbon black app control cisco adc illumio core windows defender application control |