Resident Engineer with Exabeam SIEM 3 Years Experience.
For scope that cannot be cover. Exabeam will ensure that training will be done to have the skillsets to complete the below scope:
Job Desk:
1. UI Configurations
a. Assistance with Exabeam UI configurations.
i. Examples: include AA/DL context tables; AA Threat Hunter searches; AA watchlists; AA rules; DL visualizations, dashboards, and reports; DL Correlation Rules; CM triage rules & queues
2. Site Collector Review
a. Review of SIA’s site collector architecture and configuration
3. Data Source On-Boarding
a. Onboard supported data sources and review parsing, field extractions, event creation, event enrichment, timeline creation, model population, and rule triggering.
4. Data Integrity Monitoring & Maintenance
a. Deploying data sources, monitor data integrity through review of parsing, field extractions, event creation, event enrichment, timeline creation, model population, and rule.
b. Work with EXABEAM Content Team, through EXABEAM Support process, to modify content when changes are required.
5. Exabeam Rule Tuning
a. Rule confirmation, which may include Increasing or decreasing risk score; Disabling rule; Exclusion or inclusion of supported data types; Allow listing using Exabeam context table; Model percentile threshold configuration.
6. Assistance with Exabeam Platform
a. SIEM
b. Incident Responder (SOAR)
c. Long-term Search
7. Exabeam Support Case Assistance
a. Assistance in filing and updating Exabeam Support cases, and coordination with Exabeam Support
8. Quarterly Reports:
a. Resident Engineer to provide quarterly reports to SIA on activities executed.
b. Quarterly Reports consist of the following tasks/activities:
9. Site Collector review
a. Data Source on-boarding
b. List of Correlation rules created.
c. List of Dashboard created.
10. Weekly / Monthly Status reports
a. Weekly / monthly updates on Exabeam to SIA
b. Monthly Report consist of the following tasks/activities:
c. Site Collectors upgrade/patching status
d. Executive report (number of threats detected, incidents & etc)
e. Audit/compliance report for the month.
11. Weekly Report consist of the following tasks or activities.
a. Site Collectors health check
b. Number of threats detected and incident for the week.
c. Data source health check or status check.
12. Exabeam Playbook Integration
a. To assist in the configuration of Exabeam supported integration with external services for automation
b. To modify and refine on playbooks within Exabeam platform