Edge Delta Exabeam Destination
3 minute read
Overview
The Exabeam destination streams events over HTTP to Exabeam Cloud Collectors. Incoming logs and patterns are forwarded to the configured endpoint using the provided API token.
- incoming_data_types: log, cluster_pattern_and_sample, custom
Example Configuration
nodes:
- name: exabeam_us
type: exabeam_output
endpoint: "https://api2.uswest.exabeam.cloud/cloud-collectors/v1/logs/json"
token: my_api_token
disable_compression: false
This configuration defines an Edge Delta output node named exabeam_us that sends logs and pattern data to an Exabeam Cloud Collector. It uses the specified endpoint URL to stream data over HTTP and authenticates with the provided API token. Compression is enabled by default (disable_compression: false), which means data is sent using gzip to optimize network usage. This setup allows teams to forward observability data directly into their Exabeam environment for downstream security analytics and detection.
Required Parameters
name
A descriptive name for the node. This is the name that will appear in Visual Builder and you can reference this node in the YAML using the name. It must be unique across all nodes. It is a YAML list element so it begins with a - and a space followed by the string. It is a required parameter for all nodes.
nodes:
- name: <node name>
type: <node type>
type: exabeam_output
The type parameter specifies the type of node being configured. It is specified as a string from a closed list of node types. It is a required parameter.
nodes:
- name: <node name>
type: <node type>
endpoint
HTTP endpoint URL for your Exabeam Cloud Collector.
nodes:
- name: <node name>
type: exabeam_output
endpoint: https://api.example.exabeam.cloud/cloud-collectors/v1/logs/json
token: <token>
token
API token used to authenticate the requests.
nodes:
- name: <node name>
type: exabeam_output
endpoint: <endpoint>
token: my_api_token
Optional Parameters
disable_compression
Disables gzip compression before sending data. Default is false.
nodes:
- name: <node name>
type: exabeam_output
endpoint: <endpoint>
token: <token>
disable_compression: true
headers
Additional headers to include in each HTTP request.
nodes:
- name: <node name>
type: exabeam_output
endpoint: <endpoint>
token: <token>
headers:
- header: Custom-Header
value: header-value
batch_size
Maximum number of items to send per request.
nodes:
- name: <node name>
type: exabeam_output
endpoint: <endpoint>
token: <token>
batch_size: 1000
batch_bytes
Maximum size in bytes for a batched request.
nodes:
- name: <node name>
type: exabeam_output
endpoint: <endpoint>
token: <token>
batch_bytes: 1048576
parallel_worker_count
Number of workers sending data in parallel. Defaults to 5.
nodes:
- name: <node name>
type: exabeam_output
endpoint: <endpoint>
token: <token>
parallel_worker_count: 3
buffer_ttl
How long to keep failed data locally before retrying. Example 10m.
nodes:
- name: <node name>
type: exabeam_output
endpoint: <endpoint>
token: <token>
buffer_ttl: 10m
buffer_path
Directory for storing buffered data.
nodes:
- name: <node name>
type: exabeam_output
endpoint: <endpoint>
token: <token>
buffer_path: /buffers/exabeam
buffer_max_bytesize
Maximum size of the buffer on disk.
nodes:
- name: <node name>
type: exabeam_output
endpoint: <endpoint>
token: <token>
buffer_max_bytesize: 512MB