Edge Delta Exabeam Destination
3 minute read
Overview
The Exabeam destination streams events over HTTP to Exabeam Cloud Collectors. Incoming logs and patterns are forwarded to the configured endpoint using the provided API token.
- incoming_data_types: log, cluster_pattern_and_sample, custom
Example Configuration
nodes:
- name: exabeam_us
type: exabeam_output
endpoint: "https://api2.uswest.exabeam.cloud/cloud-collectors/v1/logs/json"
token: my_api_token
disable_compression: false
This configuration defines an Edge Delta output node named exabeam_us that sends logs and pattern data to an Exabeam Cloud Collector. It uses the specified endpoint URL to stream data over HTTP and authenticates with the provided API token. Compression is enabled by default (disable_compression: false), which means data is sent using gzip to optimize network usage. This setup allows teams to forward observability data directly into their Exabeam environment for downstream security analytics and detection.
Required Parameters
name
A descriptive name for the node. This is the name that will appear in pipeline builder and you can reference this node in the YAML using the name. It must be unique across all nodes. It is a YAML list element so it begins with a - and a space followed by the string. It is a required parameter for all nodes.
nodes:
- name: <node name>
type: <node type>
type: exabeam_output
The type parameter specifies the type of node being configured. It is specified as a string from a closed list of node types. It is a required parameter.
nodes:
- name: <node name>
type: <node type>
endpoint
HTTP endpoint URL for your Exabeam Cloud Collector.
nodes:
- name: <node name>
type: exabeam_output
endpoint: https://api.example.exabeam.cloud/cloud-collectors/v1/logs/json
token: <token>
token
API token used to authenticate the requests.
nodes:
- name: <node name>
type: exabeam_output
endpoint: <endpoint>
token: my_api_token
Optional Parameters
disable_compression
Disables gzip compression before sending data. Default is false.
nodes:
- name: <node name>
type: exabeam_output
endpoint: <endpoint>
token: <token>
disable_compression: true
headers
Additional headers to include in each HTTP request.
nodes:
- name: <node name>
type: exabeam_output
endpoint: <endpoint>
token: <token>
headers:
- header: Custom-Header
value: header-value
batch_size
Maximum number of items to send per request.
nodes:
- name: <node name>
type: exabeam_output
endpoint: <endpoint>
token: <token>
batch_size: 1000
batch_bytes
Maximum size in bytes for a batched request.
nodes:
- name: <node name>
type: exabeam_output
endpoint: <endpoint>
token: <token>
batch_bytes: 1048576
parallel_worker_count
Number of workers sending data in parallel. Defaults to 5.
nodes:
- name: <node name>
type: exabeam_output
endpoint: <endpoint>
token: <token>
parallel_worker_count: 3
buffer_max_bytesize
The buffer_max_bytesize parameter configures the maximum byte size for total unsuccessful items. If the limit is reached, the remaining items are discarded until the buffer space becomes available. It is specified as a datasize.Size, has a default of 0 indicating no size limit, and it is optional.
nodes:
- name: <node name>
type: exabeam_output
endpoint: <endpoint>
token: <token>
buffer_max_bytesize: 2048
buffer_path
The buffer_path parameter configures the path to store unsuccessful items. Unsuccessful items are stored there to be retried back (exactly once delivery). It is specified as a string and it is optional.
nodes:
- name: <node name>
type: exabeam_output
endpoint: <endpoint>
token: <token>
buffer_path: <path to unsuccessful items folder>
buffer_ttl
The buffer_ttl parameter configures the time-to-Live for unsuccessful items, which indicates when to discard them. It is specified as a duration, has a default of 10m, and it is optional.
nodes:
- name: <node name>
type: exabeam_output
endpoint: <endpoint>
token: <token>
buffer_ttl: 20m