AiStrike Documentation

Exabeam

Integrate Exabeam with AiStrike for ingestion of alerts and security events, threat hunting, and detection engineering — covering API authentication, basic user authentication, and IP access configuration.

1. API authentication

  1. Log in to Exabeam with Admin permissions.

  2. Go to Exabeam Security Operations Platform → Settings → API Keys.

  3. Provide a key name and add read/write permissions for Search, Analyze, Export, Threat Center, correlation rules, and Access Control.

  4. Click Create, then securely copy the token for the AiStrike connector.

  5. Share the Exabeam URL and region (based on where your instance is hosted).

API for incidents & context management (Tier 3 Analyst)

  1. In the Exabeam Console, go to Settings → Core → Admin Operations and select Cluster Authentication Token.

  2. Click Add Token, provide a name and expiry (manual or permanent).

  3. Under Permission Level → Default Roles, select Tier 3 Analyst (Advanced Analytics), then click Add Token.

  4. Store the generated key securely.

2. IP access restrictions

Log in as an administrator (New-Scale Security Operations Platform), go to Settings → Access Control → IP-Based Access, add the AiStrike connector IPs, and grant access to UI & Public API:

3.135.165.25/32     3.148.24.98/32     3.148.93.249/32
3.14.192.137/32     13.201.28.59/32    18.223.178.199/32
52.15.138.222/32    54.246.180.34/32   63.35.37.74/32
54.220.227.162/32

Click Add to finish. Once saved and connectivity is established, AiStrike begins fetching data.

3. Connector configuration

Field

Details

Server URL

e.g. https://api.us-west.exabeam.com

API Region (optional)

e.g. us-west

API Key Secret

Token generated for AiStrike

API Key ID

Key ID for the API token

Username (optional, UI)

aistrike_user

Password (optional, UI)

Password for that user

4. (Optional) Basic authentication

Go to Settings → Users → Add New User, create a local user (e.g. AiStrike_User, email threat@aistrike.com) with a password, set the permission level to Administrator or Security Engineer, and securely share the credentials.