Analyst at a government with 1,001-5,000 employees
Real User
Top 20
2025-03-14T08:01:52Z
Mar 14, 2025
We use the on-prem Exabeam product and face limitations using the web UI and administration of custom models and rules. I have explored the SaaS version; it offers many new features. We are considering migrating, but for now, we are limited by the on-prem solution.
Exabeam needs to improve its adaptive nature towards rules and its capability to understand the entire client environment faster. It should accurately differentiate between an asset, its user, a host, or a service account, and structure its baseline activity precisely. Despite being a UEBA tool, it needs to speed up the entire process. Integrating AI could help Exabeam to effectively stay ahead in the competition. Improved adaptability in baselining scores and triggering rules would reduce false positives, ultimately enhancing security posture.
Graduate Student at a tech services company with 1-10 employees
Real User
Top 20
2024-10-01T07:08:00Z
Oct 1, 2024
One area that needs improvement is interacting with Exabeam's API. There was a headache regarding the API; the documentation wasn't clear, and the syntax wasn't very precise. This situation arose when we needed to retrieve a list of public IPs to block, and it required interacting with Exabeam's API on the cloud platform.
Solutions Architect at a tech services company with 51-200 employees
Real User
Top 5
2024-08-09T16:13:16Z
Aug 9, 2024
One area for the solution's improvement is integration capabilities, particularly out-of-the-box integration which sometimes requires additional professional services. I would like to see more capabilities in the Security Orchestration Automation and Response (SOAR) aspect.
The solution's data lake features could be easier to understand for end users. They should also provide detailed information about detecting phishing emails and integrating another platform for development.
The problem I was facing was with the UI when trying to identify the exact services and server names. The UI's left panel was not as informative as I expected. Often, when we needed to retrieve specific information or details, the UI provided a lot of information along with filter criteria. Without the filter criteria, we had to make certain changes in the Exabeam UI. For example, there were three options available to display logs: raw, execution, and view. When selecting "raw," we obtained comprehensive information, but some details were repetitive, such as the server name, service name, method, and agent activities at different times. Although we could access this information, it took time to identify the exact log statement, especially in the case of exception-related log statements. Determining the timestamp at which a particular log was ingested posed a challenge. This improvement will assist our developers in precisely identifying their logs. Even though you have provided a bar to create a customized dashboard for verifying logs of any service, there is still a problem. If a log is generated on the production server, let's say at 8:30 PM IST or at the present time, it takes a few seconds to be ingested into Exabeam Cloud. However, in the company, Exabeam always shows repetitive logs if my log file hasn't been generated. For example, if nothing has been logged or no action has been performed on the application for the past two hours, my log file will be empty. But still, by default, the agent collectors will check the specific location we configured for log ingestion. If that location doesn't contain anything, the logs are displayed on the screen by default. This is why we need to filter and search through numerous timestamps to find the exact location of our logs.
Updating the new release of Exabeam Fusion SIEM takes time and slows our performance. Exabeam Fusion SIEM's login could be better. Also, its performance could be improved by reducing the response time.
Senior Solutions Architect at a tech services company with 1,001-5,000 employees
Reseller
2020-07-08T09:01:02Z
Jul 8, 2020
It's not a complete solution. It really focuses on user behavioral analytics, which is a big part of the product. It doesn't support flow analysis. Not everything is left in logs, to be conveniently reviewed. However, if they had flow analysis, it's possible you can catch a lot of hackers looking at the behavior and network flow. Things need to be cross-correlated with logs. They need real-time flow analysis. They need to focus on more of the MITRE ATT&CK Framework and coverage. They claim they cover about 70 to 80%. I'm not sure if it's really quite that much, however.
Co-Founder, Director - Technology & Consulting at a tech services company with 11-50 employees
Real User
2020-04-19T07:40:35Z
Apr 19, 2020
The product is good but the organzation is rigid and not flexible in the way they operate. Their response time is very bad. They obviously have a small team and not enough staff. They have their own priorities, it seems but the customer should be their first priority. The company really needs to improve their commitment to their customers.
IT Specialist at a tech services company with 51-200 employees
Real User
2019-12-09T10:58:00Z
Dec 9, 2019
The product could be improved by implementing cost use cases. I believe if it were more flexible it would be a better product. For additional features, I'd like to see more visibility in the networking.
Exabeam Fusion is a cloud-delivered solution that that enables you to:-Leverage turnkey threat detection, investigation, and response-Collect, search and enhance data from anywhere-Detect threats missed by other tools, using market-leading behavior analytics-Achieve successful SecOps outcomes with prescriptive, threat-centric use case packages-Enhance productivity and reduce response times with automation-Meet regulatory compliance and audit requirements with ease
We use the on-prem Exabeam product and face limitations using the web UI and administration of custom models and rules. I have explored the SaaS version; it offers many new features. We are considering migrating, but for now, we are limited by the on-prem solution.
Exabeam needs to improve its adaptive nature towards rules and its capability to understand the entire client environment faster. It should accurately differentiate between an asset, its user, a host, or a service account, and structure its baseline activity precisely. Despite being a UEBA tool, it needs to speed up the entire process. Integrating AI could help Exabeam to effectively stay ahead in the competition. Improved adaptability in baselining scores and triggering rules would reduce false positives, ultimately enhancing security posture.
One area that needs improvement is interacting with Exabeam's API. There was a headache regarding the API; the documentation wasn't clear, and the syntax wasn't very precise. This situation arose when we needed to retrieve a list of public IPs to block, and it required interacting with Exabeam's API on the cloud platform.
Exabeam lacks customizable dashboards, which might be a limitation if visualization is a key requirement.
One area for the solution's improvement is integration capabilities, particularly out-of-the-box integration which sometimes requires additional professional services. I would like to see more capabilities in the Security Orchestration Automation and Response (SOAR) aspect.
The solution's data lake features could be easier to understand for end users. They should also provide detailed information about detecting phishing emails and integrating another platform for development.
The problem I was facing was with the UI when trying to identify the exact services and server names. The UI's left panel was not as informative as I expected. Often, when we needed to retrieve specific information or details, the UI provided a lot of information along with filter criteria. Without the filter criteria, we had to make certain changes in the Exabeam UI. For example, there were three options available to display logs: raw, execution, and view. When selecting "raw," we obtained comprehensive information, but some details were repetitive, such as the server name, service name, method, and agent activities at different times. Although we could access this information, it took time to identify the exact log statement, especially in the case of exception-related log statements. Determining the timestamp at which a particular log was ingested posed a challenge. This improvement will assist our developers in precisely identifying their logs. Even though you have provided a bar to create a customized dashboard for verifying logs of any service, there is still a problem. If a log is generated on the production server, let's say at 8:30 PM IST or at the present time, it takes a few seconds to be ingested into Exabeam Cloud. However, in the company, Exabeam always shows repetitive logs if my log file hasn't been generated. For example, if nothing has been logged or no action has been performed on the application for the past two hours, my log file will be empty. But still, by default, the agent collectors will check the specific location we configured for log ingestion. If that location doesn't contain anything, the logs are displayed on the screen by default. This is why we need to filter and search through numerous timestamps to find the exact location of our logs.
Updating the new release of Exabeam Fusion SIEM takes time and slows our performance. Exabeam Fusion SIEM's login could be better. Also, its performance could be improved by reducing the response time.
We still have questions surrounding hardware deployment.
Adding to the number of certifications that they have, for example, ISO 27001, would be helpful. Currently, they only have SOC 2.
It's not a complete solution. It really focuses on user behavioral analytics, which is a big part of the product. It doesn't support flow analysis. Not everything is left in logs, to be conveniently reviewed. However, if they had flow analysis, it's possible you can catch a lot of hackers looking at the behavior and network flow. Things need to be cross-correlated with logs. They need real-time flow analysis. They need to focus on more of the MITRE ATT&CK Framework and coverage. They claim they cover about 70 to 80%. I'm not sure if it's really quite that much, however.
The product is good but the organzation is rigid and not flexible in the way they operate. Their response time is very bad. They obviously have a small team and not enough staff. They have their own priorities, it seems but the customer should be their first priority. The company really needs to improve their commitment to their customers.
The product could be improved by implementing cost use cases. I believe if it were more flexible it would be a better product. For additional features, I'd like to see more visibility in the networking.