--- title: Exabeam API Integration on Truto slug: exabeam category: Security canonical: "https://truto.one/integrations/detail/exabeam/" --- # Exabeam API Integration on Truto **Category:** Security **Status:** Beta ## Unified APIs ### Unified User Directory API - **Roles** — The Role object represents a role of a User. - **Users** — The User object represents a User. ## How it works 1. **Link your customer's Exabeam account.** Use Truto's frontend SDK; we handle every OAuth and API key flow so you don't need to create the OAuth app. 2. **Authentication is automatic.** Truto refreshes tokens, stores credentials securely, and injects them into every API request. 3. **Call Truto's API to reach Exabeam.** The Proxy API is a 1-to-1 mapping of the Exabeam API. 4. **Get a unified response format.** Every response uses a single shape, with cursor-based pagination and data in the `result` field. ## Use cases - **Sync workforce identity into Exabeam for behavioral context** — HRIS and IAM platforms can push users, roles, and organizational structure into Exabeam so its UEBA engine has the identity context needed to detect anomalies like privilege misuse or lateral movement. - **Automate insider threat and departing employee monitoring** — When an employee is terminated or flagged as a flight risk in your HR or IAM product, automatically reflect that role change in Exabeam so SOC teams can immediately tighten detection thresholds around that user. - **Keep role-based access context in sync for SOC investigations** — Detection engineers rely on accurate role data to write meaningful rules. Streaming role assignments and changes into Exabeam means analysts see up-to-date 'who should have access to what' context inside every Smart Timeline. - **Power least-privilege analytics for governance and compliance tools** — IGA and compliance SaaS can correlate user and role data from Exabeam with their own entitlement models to highlight over-privileged accounts and policy drift without forcing customers to manage another connector. ## What you can build - **One-click Exabeam connector in your app** — Let your end users connect their Exabeam tenant from your UI with Truto handling auth, token refresh, and connection health monitoring. - **Continuous user directory sync into Exabeam** — Push and update users from your platform into Exabeam's identity context on a scheduled or event-driven basis using the Unified User Directory API. - **Role mapping and propagation** — Map roles from your product (or upstream IdPs in your customer's stack) to Exabeam roles so behavioral baselines stay aligned with organizational reality. - **Lifecycle-driven security context updates** — Trigger user create, update, and deactivate flows in Exabeam from joiner-mover-leaver events in your app to keep SOC context current without manual CSV uploads. - **Bulk backfill of identity data** — Run an initial historical sync of all users and roles into Exabeam when a customer first connects, then switch to incremental updates automatically. - **Audit log of identity changes pushed to Exabeam** — Surface a clear record of every user and role write your integration performs, so security teams can trace exactly what identity context Exabeam received and when. ## FAQs ### What Exabeam data can I access through Truto today? Exabeam is currently exposed through Truto's Unified User Directory API, covering Users and Roles. Other Exabeam objects like Watchlists, Context Tables, and Cases can be built on request. ### How does authentication to Exabeam work? Exabeam uses API key-based authentication issued from the customer's Exabeam tenant. Truto handles credential storage, injection, and rotation so your end users only complete the connection flow once. ### Can I write data back into Exabeam, or is it read-only? The Unified User Directory API supports both read and write operations, so you can create and update users and roles in Exabeam — not just pull them out. ### How fresh is the data synced between my product and Exabeam? Truto supports both scheduled polling and event-driven syncs. For identity data, most teams configure near real-time updates on lifecycle events (create, update, deactivate) with a periodic full reconciliation. ### What if I need Exabeam objects beyond Users and Roles, like Watchlists or Cases? Truto builds new tools and endpoints on request. If your use case requires Context Tables, Watchlists, Notable Sessions, or custom event ingestion, reach out and we'll prioritize it on the roadmap. ### Do I need to handle Exabeam's API quirks like pagination or schema differences? No. Truto normalizes pagination, error handling, and field mapping behind the Unified User Directory API so you work with a consistent schema regardless of Exabeam's underlying API conventions.