All Collections
Authentication guides
Exabeam Authentication Guide
Exabeam Authentication Guide

How to authenticate Exabeam for use with Tines

Daniel Stoeski avatar
Written by Daniel Stoeski
Updated over a week ago

Exabeam is a global cybersecurity leader and creator of New-Scale SIEM™️ that helps organizations detect threats, defend against cyberattacks, and defeat adversaries, offering a new way for security teams to approach threat detection, investigation, and response (TDIR).

First, get your Exabeam API Key

  1. Navigate to "Settings > Core > Admin Operations > Cluster Authentication Token"

  2. Click on the "+" icon

  3. Fill out the "Token Name" an "Expiry Date", select the "Default Roles" and then click "Add token"

  4. Select "Add New API Client"

  5. Enter details about the API Client, select the relevant scopes, then click "Add"

  6. Copy the "API Client ID" and "Secret"

Lastly, Create an Exabeam credential in Tines

  1. Login to your Tines tenant

  2. Navigate to the team that will be using the API and click "Credential"

  3. Click "+ New Credential" and select "HTTP Request"

  4. Input the values for the Exabeam credential

    1. Name: Required

    2. Description: Optional

    3. URL: https://api.us-west.exabeam.cloud/auth/v1/token/

      1. The Base URL may be different depending on where you account is based.

    1. Content Type: JSON

    2. Method: post

    3. Payload: {"client_id": "API Key","client_secret": "API Key Secret","grant_type": "client_credentials"}

    4. Headers: {"accept": "application/json"}

    5. Click "Run options" and double-click on the key named access_token in the response.

    6. Location of token from response: Paste the value copied in the previous step.

  5. Optional

    1. Domains: Ensure this credential can only be used when making HTTP requests to specific domains

    2. Access: What other teams can also use the API

For more on creating credentials in Tines, click here.

Using the credential in an action

When you make an API request, include the HTTP request type credential in the Authorization header after "Bearer" like:

Bearer <<CREDENTIAL.exabeam_token>>​
Did this answer your question?