diff --git a/Packs/CommonTypes/IncidentFields/incidentfield-Department.json b/Packs/CommonTypes/IncidentFields/incidentfield-Department.json
index 2e35ba0055c5..bd3faab69843 100644
--- a/Packs/CommonTypes/IncidentFields/incidentfield-Department.json
+++ b/Packs/CommonTypes/IncidentFields/incidentfield-Department.json
@@ -1,41 +1,42 @@
-{
- "id": "incident_department",
- "version": -1,
- "modified": "2020-09-29T12:43:19.261344539Z",
- "name": "Department",
- "ownerOnly": false,
- "description": "Department",
- "cliName": "department",
- "type": "shortText",
- "closeForm": false,
- "editForm": true,
- "required": false,
- "neverSetAsRequired": false,
- "isReadOnly": false,
- "useAsKpi": false,
- "locked": false,
- "system": false,
- "content": true,
- "group": 0,
- "hidden": false,
- "associatedTypes": [
-  "SysAid Change",
-  "SysAid Incident",
-  "SysAid Problem",
-  "SysAid Request",
-  "IAM - Rehire User",
-  "IAM - New Hire",
-  "IAM - Terminate User",
-  "IAM - Update User",
-  "User Profile",
-  "IAM - Sync User",
-  "Vectra Account"
- ],
- "associatedToAll": false,
- "unmapped": false,
- "unsearchable": false,
- "caseInsensitive": true,
- "sla": 0,
- "threshold": 72,
- "fromVersion": "5.0.0"
+{
+ "id": "incident_department",
+ "version": -1,
+ "modified": "2020-09-29T12:43:19.261344539Z",
+ "name": "Department",
+ "ownerOnly": false,
+ "description": "Department",
+ "cliName": "department",
+ "type": "shortText",
+ "closeForm": false,
+ "editForm": true,
+ "required": false,
+ "neverSetAsRequired": false,
+ "isReadOnly": false,
+ "useAsKpi": false,
+ "locked": false,
+ "system": false,
+ "content": true,
+ "group": 0,
+ "hidden": false,
+ "associatedTypes": [
+  "SysAid Change",
+  "SysAid Incident",
+  "SysAid Problem",
+  "SysAid Request",
+  "IAM - Rehire User",
+  "IAM - New Hire",
+  "IAM - Terminate User",
+  "IAM - Update User",
+  "User Profile",
+  "IAM - Sync User",
+  "Vectra Account",
+  "Exabeam Notable User"
+ ],
+ "associatedToAll": false,
+ "unmapped": false,
+ "unsearchable": false,
+ "caseInsensitive": true,
+ "sla": 0,
+ "threshold": 72,
+ "fromVersion": "5.0.0"
 }
\ No newline at end of file
diff --git a/Packs/CommonTypes/IncidentFields/incidentfield-Email.json b/Packs/CommonTypes/IncidentFields/incidentfield-Email.json
index 0a1ad43799e5..8659d6dcae6e 100644
--- a/Packs/CommonTypes/IncidentFields/incidentfield-Email.json
+++ b/Packs/CommonTypes/IncidentFields/incidentfield-Email.json
@@ -14,7 +14,8 @@
         "IAM - AD User Activation",
         "IAM - AD User Deactivation",
         "Vectra Account",
-        "CrowdStrike Falcon Mobile Detection"
+        "CrowdStrike Falcon Mobile Detection",
+        "Exabeam Notable User"
     ],
     "caseInsensitive": true,
     "cliName": "email",
diff --git a/Packs/CommonTypes/IncidentFields/incidentfield-End_Time.json b/Packs/CommonTypes/IncidentFields/incidentfield-End_Time.json
index 7aec1834e4a1..92ef86d65529 100644
--- a/Packs/CommonTypes/IncidentFields/incidentfield-End_Time.json
+++ b/Packs/CommonTypes/IncidentFields/incidentfield-End_Time.json
@@ -3,7 +3,8 @@
     "associatedTypes": [
         "Guardicore Incident",
         "Graph Security Alert",
-        "CrowdStrike Falcon IDP Detection"
+        "CrowdStrike Falcon IDP Detection",
+        "Exabeam Notable User"
     ],
     "breachScript": "",
     "caseInsensitive": true,
diff --git a/Packs/CommonTypes/IncidentFields/incidentfield-First_Seen.json b/Packs/CommonTypes/IncidentFields/incidentfield-First_Seen.json
index 552882073dd5..65b05b3f49e5 100644
--- a/Packs/CommonTypes/IncidentFields/incidentfield-First_Seen.json
+++ b/Packs/CommonTypes/IncidentFields/incidentfield-First_Seen.json
@@ -7,11 +7,12 @@
         "AWS CloudTrail Misconfiguration",
         "AWS IAM Policy Misconfiguration",
         "AWS EC2 Instance Misconfiguration",
-        "Netwitness Incident",
+        "NetWitness Incident",
         "Symantec DLP Discover Incident",
         "Symantec DLP Endpoint Incident",
         "Symantec DLP Network Incident",
-		"Prisma Cloud - VM Alert Prioritization"
+		"Prisma Cloud - VM Alert Prioritization",
+        "Exabeam Notable User"
     ],
     "caseInsensitive": true,
     "cliName": "firstseen",
diff --git a/Packs/CommonTypes/IncidentFields/incidentfield-Last_Seen.json b/Packs/CommonTypes/IncidentFields/incidentfield-Last_Seen.json
index 8397f83d9c50..f782fe6f798b 100644
--- a/Packs/CommonTypes/IncidentFields/incidentfield-Last_Seen.json
+++ b/Packs/CommonTypes/IncidentFields/incidentfield-Last_Seen.json
@@ -9,7 +9,8 @@
         "Nutanix Hypervisor Alert",
 		"OpsGenie Alert",
 		"Microsoft Sentinel Incident",
-		"Prisma Cloud - VM Alert Prioritization"
+		"Prisma Cloud - VM Alert Prioritization",
+        "Exabeam Notable User"
 	],
 	"breachScript": "",
 	"caseInsensitive": true,
diff --git a/Packs/CommonTypes/IncidentFields/incidentfield-Location.json b/Packs/CommonTypes/IncidentFields/incidentfield-Location.json
index 7849797641bb..e8a3cf61a337 100644
--- a/Packs/CommonTypes/IncidentFields/incidentfield-Location.json
+++ b/Packs/CommonTypes/IncidentFields/incidentfield-Location.json
@@ -1,41 +1,42 @@
-{
- "id": "incident_location",
- "version": -1,
- "modified": "2020-09-29T12:47:15.280457549Z",
- "name": "Location",
- "ownerOnly": false,
- "description": "Location",
- "cliName": "location",
- "type": "shortText",
- "closeForm": false,
- "editForm": true,
- "required": false,
- "neverSetAsRequired": false,
- "isReadOnly": false,
- "useAsKpi": false,
- "locked": false,
- "system": false,
- "content": true,
- "group": 0,
- "hidden": false,
- "associatedTypes": [
-  "SysAid Change",
-  "SysAid Incident",
-  "SysAid Problem",
-  "SysAid Request",
-  "IAM - New Hire",
-  "IAM - Terminate User",
-  "IAM - Update User",
-  "User Profile",
-  "IAM - Sync User",
-  "IAM - Rehire User",
-  "Azure Active Directory Identity and Access"
- ],
- "associatedToAll": false,
- "unmapped": false,
- "unsearchable": false,
- "caseInsensitive": true,
- "sla": 0,
- "threshold": 72,
- "fromVersion": "5.0.0"
+{
+ "id": "incident_location",
+ "version": -1,
+ "modified": "2020-09-29T12:47:15.280457549Z",
+ "name": "Location",
+ "ownerOnly": false,
+ "description": "Location",
+ "cliName": "location",
+ "type": "shortText",
+ "closeForm": false,
+ "editForm": true,
+ "required": false,
+ "neverSetAsRequired": false,
+ "isReadOnly": false,
+ "useAsKpi": false,
+ "locked": false,
+ "system": false,
+ "content": true,
+ "group": 0,
+ "hidden": false,
+ "associatedTypes": [
+  "SysAid Change",
+  "SysAid Incident",
+  "SysAid Problem",
+  "SysAid Request",
+  "IAM - New Hire",
+  "IAM - Terminate User",
+  "IAM - Update User",
+  "User Profile",
+  "IAM - Sync User",
+  "IAM - Rehire User",
+  "Azure Active Directory Identity and Access",
+  "Exabeam Notable User"
+ ],
+ "associatedToAll": false,
+ "unmapped": false,
+ "unsearchable": false,
+ "caseInsensitive": true,
+ "sla": 0,
+ "threshold": 72,
+ "fromVersion": "5.0.0"
 }
\ No newline at end of file
diff --git a/Packs/CommonTypes/IncidentFields/incidentfield-Manager_Name.json b/Packs/CommonTypes/IncidentFields/incidentfield-Manager_Name.json
index c5c777e88078..ad54a7f441d9 100644
--- a/Packs/CommonTypes/IncidentFields/incidentfield-Manager_Name.json
+++ b/Packs/CommonTypes/IncidentFields/incidentfield-Manager_Name.json
@@ -1,40 +1,41 @@
-{
- "id": "incident_managername",
- "version": -1,
- "modified": "2020-09-06T10:29:12.223513078Z",
- "name": "Manager Name",
- "ownerOnly": false,
- "description": "Manager Name",
- "cliName": "managername",
- "type": "shortText",
- "closeForm": false,
- "editForm": true,
- "required": false,
- "neverSetAsRequired": false,
- "isReadOnly": false,
- "useAsKpi": false,
- "locked": false,
- "system": false,
- "content": true,
- "group": 0,
- "hidden": false,
- "associatedTypes": [
-  "SysAid Change",
-  "SysAid Incident",
-  "SysAid Problem",
-  "SysAid Request",
-  "IAM - New Hire",
-  "IAM - Terminate User",
-  "IAM - Update User",
-  "User Profile",
-  "IAM - Sync User",
-  "IAM - Rehire User"
- ],
- "associatedToAll": false,
- "unmapped": false,
- "unsearchable": true,
- "caseInsensitive": true,
- "sla": 0,
- "threshold": 72,
- "fromVersion": "5.0.0"
+{
+ "id": "incident_managername",
+ "version": -1,
+ "modified": "2020-09-06T10:29:12.223513078Z",
+ "name": "Manager Name",
+ "ownerOnly": false,
+ "description": "Manager Name",
+ "cliName": "managername",
+ "type": "shortText",
+ "closeForm": false,
+ "editForm": true,
+ "required": false,
+ "neverSetAsRequired": false,
+ "isReadOnly": false,
+ "useAsKpi": false,
+ "locked": false,
+ "system": false,
+ "content": true,
+ "group": 0,
+ "hidden": false,
+ "associatedTypes": [
+  "SysAid Change",
+  "SysAid Incident",
+  "SysAid Problem",
+  "SysAid Request",
+  "IAM - New Hire",
+  "IAM - Terminate User",
+  "IAM - Update User",
+  "User Profile",
+  "IAM - Sync User",
+  "IAM - Rehire User",
+  "Exabeam Notable User"
+ ],
+ "associatedToAll": false,
+ "unmapped": false,
+ "unsearchable": true,
+ "caseInsensitive": true,
+ "sla": 0,
+ "threshold": 72,
+ "fromVersion": "5.0.0"
 }
\ No newline at end of file
diff --git a/Packs/CommonTypes/IncidentFields/incidentfield-Mobile_Phone.json b/Packs/CommonTypes/IncidentFields/incidentfield-Mobile_Phone.json
index f6420ba2ae9c..d70cce839f98 100644
--- a/Packs/CommonTypes/IncidentFields/incidentfield-Mobile_Phone.json
+++ b/Packs/CommonTypes/IncidentFields/incidentfield-Mobile_Phone.json
@@ -1,34 +1,35 @@
-{
- "associatedToAll": false,
- "associatedTypes": [
-  "User Profile",
-  "IAM - New Hire",
-  "IAM - Update User",
-  "IAM - Terminate User",
-  "IAM - Sync User",
-  "IAM - Rehire User"
- ],
- "caseInsensitive": true,
- "cliName": "mobilephone",
- "closeForm": false,
- "content": true,
- "editForm": true,
- "group": 0,
- "hidden": false,
- "id": "incident_mobilephone",
- "isReadOnly": false,
- "locked": false,
- "name": "Mobile Phone",
- "neverSetAsRequired": false,
- "ownerOnly": false,
- "required": false,
- "sla": 0,
- "system": false,
- "threshold": 72,
- "type": "shortText",
- "unmapped": false,
- "unsearchable": false,
- "useAsKpi": false,
- "version": -1,
- "fromVersion": "5.0.0"
+{
+ "associatedToAll": false,
+ "associatedTypes": [
+  "User Profile",
+  "IAM - New Hire",
+  "IAM - Update User",
+  "IAM - Terminate User",
+  "IAM - Sync User",
+  "IAM - Rehire User",
+  "Exabeam Notable User"
+ ],
+ "caseInsensitive": true,
+ "cliName": "mobilephone",
+ "closeForm": false,
+ "content": true,
+ "editForm": true,
+ "group": 0,
+ "hidden": false,
+ "id": "incident_mobilephone",
+ "isReadOnly": false,
+ "locked": false,
+ "name": "Mobile Phone",
+ "neverSetAsRequired": false,
+ "ownerOnly": false,
+ "required": false,
+ "sla": 0,
+ "system": false,
+ "threshold": 72,
+ "type": "shortText",
+ "unmapped": false,
+ "unsearchable": false,
+ "useAsKpi": false,
+ "version": -1,
+ "fromVersion": "5.0.0"
 }
\ No newline at end of file
diff --git a/Packs/CommonTypes/IncidentFields/incidentfield-Risk_Score.json b/Packs/CommonTypes/IncidentFields/incidentfield-Risk_Score.json
index d011c683619c..7c418bda74e2 100644
--- a/Packs/CommonTypes/IncidentFields/incidentfield-Risk_Score.json
+++ b/Packs/CommonTypes/IncidentFields/incidentfield-Risk_Score.json
@@ -13,7 +13,8 @@
 		"Skyhigh Security Alert",
 		"Skyhigh Security Threat",
 		"AWS Security Hub Finding",
-		"Prisma Cloud - VM Alert Prioritization"
+		"Prisma Cloud - VM Alert Prioritization",
+        "Exabeam Notable User"
 	],
 	"breachScript": "",
 	"caseInsensitive": true,
diff --git a/Packs/CommonTypes/IncidentFields/incidentfield-Start_Time.json b/Packs/CommonTypes/IncidentFields/incidentfield-Start_Time.json
index fd4edfb42e8f..9970284c4837 100644
--- a/Packs/CommonTypes/IncidentFields/incidentfield-Start_Time.json
+++ b/Packs/CommonTypes/IncidentFields/incidentfield-Start_Time.json
@@ -13,7 +13,8 @@
         "Microsoft Sentinel Incident",
         "Graph Security Alert",
         "CrowdStrike Falcon IDP Detection",
-        "Stamus Networks DoC"
+        "Stamus Networks DoC",
+        "Exabeam Notable User"
     ],
     "breachScript": "",
     "caseInsensitive": true,
diff --git a/Packs/CommonTypes/IncidentFields/incidentfield-Title.json b/Packs/CommonTypes/IncidentFields/incidentfield-Title.json
index 1fc48658747c..43ca3a88ca00 100644
--- a/Packs/CommonTypes/IncidentFields/incidentfield-Title.json
+++ b/Packs/CommonTypes/IncidentFields/incidentfield-Title.json
@@ -1,56 +1,57 @@
-{
-    "id": "incident_title",
-    "version": -1,
-    "modified": "2020-09-06T10:29:12.755957238Z",
-    "name": "Title",
-    "ownerOnly": false,
-    "description": "Title",
-    "cliName": "title",
-    "type": "shortText",
-    "closeForm": false,
-    "editForm": true,
-    "required": false,
-    "neverSetAsRequired": false,
-    "isReadOnly": false,
-    "useAsKpi": true,
-    "locked": false,
-    "system": false,
-    "content": true,
-    "group": 0,
-    "hidden": false,
-    "associatedTypes": [
-        "SysAid Change",
-        "SysAid Incident",
-        "SysAid Problem",
-        "SysAid Request",
-        "IAM - New Hire",
-        "IAM - Terminate User",
-        "IAM - Update User",
-        "User Profile",
-        "IAM - Sync User",
-        "IAM - Rehire User",
-        "Mandiant Automated Defense Incident",
-        "OpsGenie Incident",
-        "ThreatConnect",
-        "Vectra Account",
-        "AWS Guard Duty EC2 Finding",
-        "AWS Guard Duty IAM Finding",
-        "AWS Guard Duty Kubernetes Finding",
-        "AWS Guard Duty Malware Protection Finding",
-        "AWS Guard Duty S3 Finding",
-        "Exabeam Incident",
-        "AWS Security Hub Finding",
-        "FreshworksFreshservice Ticket",
-        "FreshworksFreshservice Release Request",
-        "FreshworksFreshservice Problem Request",
-        "FreshworksFreshservice Change Request",
-        "Graph Security Alert"
-    ],
-    "associatedToAll": false,
-    "unmapped": false,
-    "unsearchable": false,
-    "caseInsensitive": true,
-    "sla": 0,
-    "threshold": 72,
-    "fromVersion": "5.0.0"
+{
+    "id": "incident_title",
+    "version": -1,
+    "modified": "2020-09-06T10:29:12.755957238Z",
+    "name": "Title",
+    "ownerOnly": false,
+    "description": "Title",
+    "cliName": "title",
+    "type": "shortText",
+    "closeForm": false,
+    "editForm": true,
+    "required": false,
+    "neverSetAsRequired": false,
+    "isReadOnly": false,
+    "useAsKpi": true,
+    "locked": false,
+    "system": false,
+    "content": true,
+    "group": 0,
+    "hidden": false,
+    "associatedTypes": [
+        "SysAid Change",
+        "SysAid Incident",
+        "SysAid Problem",
+        "SysAid Request",
+        "IAM - New Hire",
+        "IAM - Terminate User",
+        "IAM - Update User",
+        "User Profile",
+        "IAM - Sync User",
+        "IAM - Rehire User",
+        "Mandiant Automated Defense Incident",
+        "OpsGenie Incident",
+        "ThreatConnect",
+        "Vectra Account",
+        "AWS Guard Duty EC2 Finding",
+        "AWS Guard Duty IAM Finding",
+        "AWS Guard Duty Kubernetes Finding",
+        "AWS Guard Duty Malware Protection Finding",
+        "AWS Guard Duty S3 Finding",
+        "Exabeam Incident",
+        "AWS Security Hub Finding",
+        "FreshworksFreshservice Ticket",
+        "FreshworksFreshservice Release Request",
+        "FreshworksFreshservice Problem Request",
+        "FreshworksFreshservice Change Request",
+        "Graph Security Alert",
+        "Exabeam Notable User"
+    ],
+    "associatedToAll": false,
+    "unmapped": false,
+    "unsearchable": false,
+    "caseInsensitive": true,
+    "sla": 0,
+    "threshold": 72,
+    "fromVersion": "5.0.0"
 }
\ No newline at end of file
diff --git a/Packs/CommonTypes/IncidentFields/incidentfield-User_Groups.json b/Packs/CommonTypes/IncidentFields/incidentfield-User_Groups.json
index 300b71bd1099..4009e9191098 100644
--- a/Packs/CommonTypes/IncidentFields/incidentfield-User_Groups.json
+++ b/Packs/CommonTypes/IncidentFields/incidentfield-User_Groups.json
@@ -19,7 +19,8 @@
     "hidden": false,
     "openEnded": true,
     "associatedTypes": [
-        "Data Loss Prevention"
+        "Data Loss Prevention",
+        "Exabeam Notable User"
     ],
     "associatedToAll": false,
     "unmapped": false,
diff --git a/Packs/CommonTypes/IncidentFields/incidentfield-Username.json b/Packs/CommonTypes/IncidentFields/incidentfield-Username.json
index 6a2b70fe1a7a..e47724e26e14 100644
--- a/Packs/CommonTypes/IncidentFields/incidentfield-Username.json
+++ b/Packs/CommonTypes/IncidentFields/incidentfield-Username.json
@@ -49,7 +49,8 @@
 		"IAM - Update User",
 		"User Profile",
 		"IAM - Sync User",
-		"IAM - Rehire User"
+		"IAM - Rehire User",
+		"Exabeam Notable User"
 	],
 	"threshold": 72,
 	"type": "shortText",
diff --git a/Packs/CommonTypes/IncidentFields/incidentfield-Work_Phone.json b/Packs/CommonTypes/IncidentFields/incidentfield-Work_Phone.json
index d92f68b688a9..934a94d337c4 100644
--- a/Packs/CommonTypes/IncidentFields/incidentfield-Work_Phone.json
+++ b/Packs/CommonTypes/IncidentFields/incidentfield-Work_Phone.json
@@ -1,34 +1,35 @@
-{
- "associatedToAll": false,
- "associatedTypes": [
-  "User Profile",
-  "IAM - New Hire",
-  "IAM - Update User",
-  "IAM - Terminate User",
-  "IAM - Sync User",
-  "IAM - Rehire User"
- ],
- "caseInsensitive": true,
- "cliName": "workphone",
- "closeForm": false,
- "content": true,
- "editForm": true,
- "group": 0,
- "hidden": false,
- "id": "incident_workphone",
- "isReadOnly": false,
- "locked": false,
- "name": "Work Phone",
- "neverSetAsRequired": false,
- "ownerOnly": false,
- "required": false,
- "sla": 0,
- "system": false,
- "threshold": 72,
- "type": "shortText",
- "unmapped": false,
- "unsearchable": false,
- "useAsKpi": false,
- "version": -1,
- "fromVersion": "5.0.0"
+{
+ "associatedToAll": false,
+ "associatedTypes": [
+  "User Profile",
+  "IAM - New Hire",
+  "IAM - Update User",
+  "IAM - Terminate User",
+  "IAM - Sync User",
+  "IAM - Rehire User",
+  "Exabeam Notable User"
+ ],
+ "caseInsensitive": true,
+ "cliName": "workphone",
+ "closeForm": false,
+ "content": true,
+ "editForm": true,
+ "group": 0,
+ "hidden": false,
+ "id": "incident_workphone",
+ "isReadOnly": false,
+ "locked": false,
+ "name": "Work Phone",
+ "neverSetAsRequired": false,
+ "ownerOnly": false,
+ "required": false,
+ "sla": 0,
+ "system": false,
+ "threshold": 72,
+ "type": "shortText",
+ "unmapped": false,
+ "unsearchable": false,
+ "useAsKpi": false,
+ "version": -1,
+ "fromVersion": "5.0.0"
 }
\ No newline at end of file
diff --git a/Packs/CommonTypes/ReleaseNotes/3_5_9.md b/Packs/CommonTypes/ReleaseNotes/3_5_9.md
new file mode 100644
index 000000000000..397ab773ae9c
--- /dev/null
+++ b/Packs/CommonTypes/ReleaseNotes/3_5_9.md
@@ -0,0 +1,43 @@
+#### Incident Fields
+
+##### Location
+Added support for incident type Exabeam Notable User.
+
+##### Department
+Added support for incident type Exabeam Notable User.
+
+##### End Time
+Added support for incident type Exabeam Notable User.
+
+##### Work Phone
+Added support for incident type Exabeam Notable User.
+
+##### Start Time
+Added support for incident type Exabeam Notable User.
+
+##### First Seen
+Added support for incident type Exabeam Notable User.
+
+##### Last Seen
+Added support for incident type Exabeam Notable User.
+
+##### Mobile Phone
+Added support for incident type Exabeam Notable User.
+
+##### Manager Name
+Added support for incident type Exabeam Notable User.
+
+##### User Groups
+Added support for incident type Exabeam Notable User.
+
+##### Title
+Added support for incident type Exabeam Notable User.
+
+##### Email
+Added support for incident type Exabeam Notable User.
+
+##### Username
+Added support for incident type Exabeam Notable User.
+
+##### Risk Score
+Added support for incident type Exabeam Notable User.
diff --git a/Packs/CommonTypes/pack_metadata.json b/Packs/CommonTypes/pack_metadata.json
index be798c6425cc..1c2afaef5708 100644
--- a/Packs/CommonTypes/pack_metadata.json
+++ b/Packs/CommonTypes/pack_metadata.json
@@ -2,7 +2,7 @@
     "name": "Common Types",
     "description": "This Content Pack will get you up and running in no-time and provide you with the most commonly used incident & indicator fields and types.",
     "support": "xsoar",
-    "currentVersion": "3.5.8",
+    "currentVersion": "3.5.9",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",
diff --git a/Packs/Exabeam/Classifiers/classifier-Exabeam.json b/Packs/Exabeam/Classifiers/classifier-Exabeam.json
new file mode 100644
index 000000000000..4d16a249e723
--- /dev/null
+++ b/Packs/Exabeam/Classifiers/classifier-Exabeam.json
@@ -0,0 +1,19 @@
+{
+    "description": "",
+    "feed": false,
+    "id": "Exabeam Classifier",
+    "keyTypeMap": {
+        "Exabeam Incident": "Exabeam Incident",
+        "Exabeam Notable User": "Exabeam Notable User"
+    },
+    "name": "Exabeam Classifier",
+    "propagationLabels": [
+        "all"
+    ],
+    "transformer": {
+        "simple": "incident_type"
+    },
+    "type": "classification",
+    "version": -1,
+    "fromVersion": "6.10.0"
+}
\ No newline at end of file
diff --git a/Packs/Exabeam/Classifiers/classifier-exabeam_mapping.json b/Packs/Exabeam/Classifiers/classifier-exabeam_mapping.json
index 6f357a07c35c..c71b760e55db 100644
--- a/Packs/Exabeam/Classifiers/classifier-exabeam_mapping.json
+++ b/Packs/Exabeam/Classifiers/classifier-exabeam_mapping.json
@@ -49,6 +49,217 @@
                     "simple": "name"
                 }
             }
+        },
+        "Exabeam Notable User": {
+            "dontMapEventToLabels": true,
+            "internalMapping": {
+                "Account Member Of": {
+                    "simple": "highestRiskSession.accounts"
+                },
+                "Account Status": {
+                    "simple": "user.accessStatus"
+                },
+                "Country": {
+                    "simple": "user.info.country"
+                },
+                "Department": {
+                    "simple": "user.info.department"
+                },
+                "Email": {
+                    "simple": "user.info.email"
+                },
+                "Exabeam Average Risk Score": {
+                    "simple": "user.averageRiskScore"
+                },
+                "Exabeam Highest Session Login Host": {
+                    "simple": "highestRiskSession.loginHost"
+                },
+                "Exabeam Highest Session Number Of Reasons": {
+                    "simple": "highestRiskSession.numOfReasons"
+                },
+                "Exabeam Last Activity Time": {
+                    "simple": "user.lastActivityTime"
+                },
+                "Exabeam Last Activity Type": {
+                    "simple": "user.lastActivityType"
+                },
+                "Exabeam Past Scores": {
+                    "complex": {
+                        "accessor": "pastScores",
+                        "filters": [],
+                        "root": "user",
+                        "transformers": [
+                            {
+                                "args": {
+                                    "item": {
+                                        "isContext": true,
+                                        "value": {
+                                            "simple": "highestRiskScore"
+                                        }
+                                    }
+                                },
+                                "operator": "append"
+                            }
+                        ]
+                    }
+                },
+                "Exabeam Session IDs": {
+                    "simple": "notableSessionIds"
+                },
+                "External End Time": {
+                    "simple": "highestRiskSession.endTime"
+                },
+                "External Start Time": {
+                    "simple": "highestRiskSession.startTime"
+                },
+                "First Name": {
+                    "simple": "user.info.fullName"
+                },
+                "First Seen": {
+                    "simple": "user.firstSeen"
+                },
+                "Full Name": {
+                    "simple": "user.info.fullName"
+                },
+                "Last Seen": {
+                    "simple": "user.lastSeen"
+                },
+                "Manager Name": {
+                    "complex": {
+                        "accessor": "manager",
+                        "filters": [],
+                        "root": "user.info",
+                        "transformers": []
+                    }
+                },
+                "Mobile Phone": {
+                    "simple": "user.info.phoneCell"
+                },
+                "Number Of Found Related Alerts": {
+                    "simple": "highestRiskSession.numOfEvents"
+                },
+                "Number of Related Incidents": {
+                    "simple": "highestRiskSession.numOfSecurityEvents"
+                },
+                "Risk Score": {
+                    "simple": "user.riskScore"
+                },
+                "Tags": {
+                    "simple": "user.labels"
+                },
+                "Team name": {
+                    "simple": "user.info.division"
+                },
+                "Title": {
+                    "simple": "user.info.title"
+                },
+                "User Groups": {
+                    "simple": "user.info.group"
+                },
+                "Username": {
+                    "simple": "user.username"
+                },
+                "Work Phone": {
+                    "simple": "user.info.phoneOffice"
+                },
+                "occurred": {
+                    "complex": {
+                        "accessor": "startTime",
+                        "filters": [],
+                        "root": "highestRiskSession",
+                        "transformers": []
+                    }
+                }
+            }
+        },
+        "Vulnerability": {
+            "dontMapEventToLabels": true,
+            "internalMapping": {
+                "Full Name": {
+                    "complex": {
+                        "filters": [],
+                        "root": "userFullName",
+                        "transformers": []
+                    }
+                },
+                "Source Username": {
+                    "simple": "user.username"
+                },
+                "name": {
+                    "complex": {
+                        "filters": [],
+                        "root": "name",
+                        "transformers": []
+                    }
+                },
+                "occurred": {
+                    "complex": {
+                        "accessor": "startTime",
+                        "filters": [],
+                        "root": "highestRiskSession",
+                        "transformers": []
+                    }
+                },
+                "owner": {
+                    "complex": {
+                        "accessor": "owner",
+                        "filters": [],
+                        "root": "baseFields",
+                        "transformers": []
+                    }
+                },
+                "severity": {
+                    "complex": {
+                        "accessor": "priority",
+                        "filters": [],
+                        "root": "baseFields",
+                        "transformers": []
+                    }
+                }
+            }
+        },
+        "dbot_classification_incident_type_all": {
+            "dontMapEventToLabels": false,
+            "internalMapping": {
+                "Full Name": {
+                    "complex": {
+                        "filters": [],
+                        "root": "userFullName",
+                        "transformers": []
+                    }
+                },
+                "name": {
+                    "complex": {
+                        "filters": [],
+                        "root": "name",
+                        "transformers": []
+                    }
+                },
+                "occurred": {
+                    "complex": {
+                        "accessor": "startTime",
+                        "filters": [],
+                        "root": "highestRiskSession",
+                        "transformers": []
+                    }
+                },
+                "owner": {
+                    "complex": {
+                        "accessor": "owner",
+                        "filters": [],
+                        "root": "baseFields",
+                        "transformers": []
+                    }
+                },
+                "severity": {
+                    "complex": {
+                        "accessor": "priority",
+                        "filters": [],
+                        "root": "baseFields",
+                        "transformers": []
+                    }
+                }
+            }
         }
     },
     "name": "Exabeam mapping",
diff --git a/Packs/Exabeam/IncidentFields/incidentfields-Exabeam_Average_Risk_Score.json b/Packs/Exabeam/IncidentFields/incidentfields-Exabeam_Average_Risk_Score.json
new file mode 100644
index 000000000000..9309fc857d31
--- /dev/null
+++ b/Packs/Exabeam/IncidentFields/incidentfields-Exabeam_Average_Risk_Score.json
@@ -0,0 +1,31 @@
+{
+    "id": "incident_exabeamaverageriskscore",
+    "version": -1,
+    "modified": "2024-06-23T08:15:03.486366733Z",
+    "name": "Exabeam Average Risk Score",
+    "ownerOnly": false,
+    "cliName": "exabeamaverageriskscore",
+    "type": "number",
+    "closeForm": false,
+    "editForm": true,
+    "required": false,
+    "neverSetAsRequired": false,
+    "isReadOnly": false,
+    "useAsKpi": false,
+    "locked": false,
+    "system": false,
+    "content": true,
+    "group": 0,
+    "hidden": false,
+    "openEnded": false,
+    "associatedTypes": [
+        "Exabeam Notable User"
+    ],
+    "associatedToAll": false,
+    "unmapped": false,
+    "unsearchable": true,
+    "caseInsensitive": true,
+    "sla": 0,
+    "threshold": 72,
+    "fromVersion": "6.10.0"
+}
\ No newline at end of file
diff --git a/Packs/Exabeam/IncidentFields/incidentfields-Exabeam_Highest_Session_Login_Host.json b/Packs/Exabeam/IncidentFields/incidentfields-Exabeam_Highest_Session_Login_Host.json
new file mode 100644
index 000000000000..9275bb2ac38e
--- /dev/null
+++ b/Packs/Exabeam/IncidentFields/incidentfields-Exabeam_Highest_Session_Login_Host.json
@@ -0,0 +1,31 @@
+{
+    "id": "incident_exabeamhighestsessionloginhost",
+    "version": -1,
+    "modified": "2024-06-23T09:00:50.674970362Z",
+    "name": "Exabeam Highest Session Login Host",
+    "ownerOnly": false,
+    "cliName": "exabeamhighestsessionloginhost",
+    "type": "shortText",
+    "closeForm": false,
+    "editForm": true,
+    "required": false,
+    "neverSetAsRequired": false,
+    "isReadOnly": false,
+    "useAsKpi": false,
+    "locked": false,
+    "system": false,
+    "content": true,
+    "group": 0,
+    "hidden": false,
+    "openEnded": false,
+    "associatedTypes": [
+        "Exabeam Notable User"
+    ],
+    "associatedToAll": false,
+    "unmapped": false,
+    "unsearchable": true,
+    "caseInsensitive": true,
+    "sla": 0,
+    "threshold": 72,
+    "fromVersion": "6.10.0"
+}
diff --git a/Packs/Exabeam/IncidentFields/incidentfields-Exabeam_Highest_Session_Number_Of_Asset.json b/Packs/Exabeam/IncidentFields/incidentfields-Exabeam_Highest_Session_Number_Of_Asset.json
new file mode 100644
index 000000000000..dd4186ded3ea
--- /dev/null
+++ b/Packs/Exabeam/IncidentFields/incidentfields-Exabeam_Highest_Session_Number_Of_Asset.json
@@ -0,0 +1,31 @@
+{
+    "id": "incident_exabeamhighestsessionnumberofasset",
+    "version": -1,
+    "modified": "2024-06-23T09:00:26.500910853Z",
+    "name": "Exabeam Highest Session Number Of Asset",
+    "ownerOnly": false,
+    "cliName": "exabeamhighestsessionnumberofasset",
+    "type": "number",
+    "closeForm": false,
+    "editForm": true,
+    "required": false,
+    "neverSetAsRequired": false,
+    "isReadOnly": false,
+    "useAsKpi": false,
+    "locked": false,
+    "system": false,
+    "content": true,
+    "group": 0,
+    "hidden": false,
+    "openEnded": false,
+    "associatedTypes": [
+        "Exabeam Notable User"
+    ],
+    "associatedToAll": false,
+    "unmapped": false,
+    "unsearchable": true,
+    "caseInsensitive": true,
+    "sla": 0,
+    "threshold": 72,
+    "fromVersion": "6.10.0"
+}
diff --git a/Packs/Exabeam/IncidentFields/incidentfields-Exabeam_Highest_Session_Number_Of_Reasons.json b/Packs/Exabeam/IncidentFields/incidentfields-Exabeam_Highest_Session_Number_Of_Reasons.json
new file mode 100644
index 000000000000..a69b102abfa3
--- /dev/null
+++ b/Packs/Exabeam/IncidentFields/incidentfields-Exabeam_Highest_Session_Number_Of_Reasons.json
@@ -0,0 +1,31 @@
+{
+    "id": "incident_exabeamhighestsessionnumberofreasons",
+    "version": -1,
+    "modified": "2024-06-23T09:01:03.308095116Z",
+    "name": "Exabeam Highest Session Number Of Reasons",
+    "ownerOnly": false,
+    "cliName": "exabeamhighestsessionnumberofreasons",
+    "type": "number",
+    "closeForm": false,
+    "editForm": true,
+    "required": false,
+    "neverSetAsRequired": false,
+    "isReadOnly": false,
+    "useAsKpi": false,
+    "locked": false,
+    "system": false,
+    "content": true,
+    "group": 0,
+    "hidden": false,
+    "openEnded": false,
+    "associatedTypes": [
+        "Exabeam Notable User"
+    ],
+    "associatedToAll": false,
+    "unmapped": false,
+    "unsearchable": true,
+    "caseInsensitive": true,
+    "sla": 0,
+    "threshold": 72,
+    "fromVersion": "6.10.0"
+}
diff --git a/Packs/Exabeam/IncidentFields/incidentfields-Exabeam_Last_Activity_Time.json b/Packs/Exabeam/IncidentFields/incidentfields-Exabeam_Last_Activity_Time.json
new file mode 100644
index 000000000000..04fa9a529b8d
--- /dev/null
+++ b/Packs/Exabeam/IncidentFields/incidentfields-Exabeam_Last_Activity_Time.json
@@ -0,0 +1,31 @@
+{
+    "id": "incident_exabeamlastactivitytime",
+    "version": -1,
+    "modified": "2024-06-23T08:52:11.469205207Z",
+    "name": "Exabeam Last Activity Time",
+    "ownerOnly": false,
+    "cliName": "exabeamlastactivitytime",
+    "type": "date",
+    "closeForm": false,
+    "editForm": true,
+    "required": false,
+    "neverSetAsRequired": false,
+    "isReadOnly": false,
+    "useAsKpi": false,
+    "locked": false,
+    "system": false,
+    "content": true,
+    "group": 0,
+    "hidden": false,
+    "openEnded": false,
+    "associatedTypes": [
+        "Exabeam Notable User"
+    ],
+    "associatedToAll": false,
+    "unmapped": false,
+    "unsearchable": true,
+    "caseInsensitive": true,
+    "sla": 0,
+    "threshold": 72,
+    "fromVersion": "6.10.0"
+}
\ No newline at end of file
diff --git a/Packs/Exabeam/IncidentFields/incidentfields-Exabeam_Last_Activity_Type.json b/Packs/Exabeam/IncidentFields/incidentfields-Exabeam_Last_Activity_Type.json
new file mode 100644
index 000000000000..7f15f4853da0
--- /dev/null
+++ b/Packs/Exabeam/IncidentFields/incidentfields-Exabeam_Last_Activity_Type.json
@@ -0,0 +1,31 @@
+{
+    "id": "incident_exabeamlastactivitytype",
+    "version": -1,
+    "modified": "2024-06-23T08:52:37.631645622Z",
+    "name": "Exabeam Last Activity Type",
+    "ownerOnly": false,
+    "cliName": "exabeamlastactivitytype",
+    "type": "shortText",
+    "closeForm": false,
+    "editForm": true,
+    "required": false,
+    "neverSetAsRequired": false,
+    "isReadOnly": false,
+    "useAsKpi": false,
+    "locked": false,
+    "system": false,
+    "content": true,
+    "group": 0,
+    "hidden": false,
+    "openEnded": false,
+    "associatedTypes": [
+        "Exabeam Notable User"
+    ],
+    "associatedToAll": false,
+    "unmapped": false,
+    "unsearchable": true,
+    "caseInsensitive": true,
+    "sla": 0,
+    "threshold": 72,
+    "fromVersion": "6.10.0"
+}
diff --git a/Packs/Exabeam/IncidentFields/incidentfields-Exabeam_Past_Scores.json b/Packs/Exabeam/IncidentFields/incidentfields-Exabeam_Past_Scores.json
new file mode 100644
index 000000000000..f3af52d64f56
--- /dev/null
+++ b/Packs/Exabeam/IncidentFields/incidentfields-Exabeam_Past_Scores.json
@@ -0,0 +1,31 @@
+{
+    "id": "incident_exabeampastscores",
+    "version": -1,
+    "modified": "2024-06-23T08:26:37.01054087Z",
+    "name": "Exabeam Past Scores",
+    "ownerOnly": false,
+    "cliName": "exabeampastscores",
+    "type": "multiSelect",
+    "closeForm": false,
+    "editForm": true,
+    "required": false,
+    "neverSetAsRequired": false,
+    "isReadOnly": false,
+    "useAsKpi": false,
+    "locked": false,
+    "system": false,
+    "content": true,
+    "group": 0,
+    "hidden": false,
+    "openEnded": true,
+    "associatedTypes": [
+        "Exabeam Notable User"
+    ],
+    "associatedToAll": false,
+    "unmapped": false,
+    "unsearchable": true,
+    "caseInsensitive": true,
+    "sla": 0,
+    "threshold": 72,
+    "fromVersion": "6.10.0"
+}
diff --git a/Packs/Exabeam/IncidentFields/incidentfields-Exabeam_Session_IDs.json b/Packs/Exabeam/IncidentFields/incidentfields-Exabeam_Session_IDs.json
new file mode 100644
index 000000000000..441f84efde53
--- /dev/null
+++ b/Packs/Exabeam/IncidentFields/incidentfields-Exabeam_Session_IDs.json
@@ -0,0 +1,31 @@
+{
+    "id": "incident_exabeamsessionids",
+    "version": -1,
+    "modified": "2024-06-30T09:57:24.730584014Z",
+    "name": "Exabeam Session IDs",
+    "ownerOnly": false,
+    "cliName": "exabeamsessionids",
+    "type": "multiSelect",
+    "closeForm": false,
+    "editForm": true,
+    "required": false,
+    "neverSetAsRequired": false,
+    "isReadOnly": false,
+    "useAsKpi": false,
+    "locked": false,
+    "system": false,
+    "content": true,
+    "group": 0,
+    "hidden": false,
+    "openEnded": true,
+    "associatedTypes": [
+        "Exabeam Notable User"
+    ],
+    "associatedToAll": false,
+    "unmapped": false,
+    "unsearchable": true,
+    "caseInsensitive": true,
+    "sla": 0,
+    "threshold": 72,
+    "fromVersion": "6.10.0"
+}
diff --git a/Packs/Exabeam/IncidentTypes/Exabeam_Incident.json b/Packs/Exabeam/IncidentTypes/Exabeam_Incident.json
index a8babf74b92a..9084033f796c 100644
--- a/Packs/Exabeam/IncidentTypes/Exabeam_Incident.json
+++ b/Packs/Exabeam/IncidentTypes/Exabeam_Incident.json
@@ -24,5 +24,6 @@
         "mode": "Specific",
         "fieldCliNameToExtractSettings": {}
     },
-    "fromVersion": "6.5.0"
+    "fromVersion": "6.5.0",
+    "layout": "Exabeam Incident"
 }
\ No newline at end of file
diff --git a/Packs/Exabeam/IncidentTypes/Exabeam_Notable_User_Incident.json b/Packs/Exabeam/IncidentTypes/Exabeam_Notable_User_Incident.json
new file mode 100644
index 000000000000..40418002d071
--- /dev/null
+++ b/Packs/Exabeam/IncidentTypes/Exabeam_Notable_User_Incident.json
@@ -0,0 +1,29 @@
+{
+    "id": "Exabeam Notable User",
+    "version": -1,
+    "vcShouldIgnore": false,
+    "locked": false,
+    "name": "Exabeam Notable User",
+    "prevName": "Exabeam Notable User",
+    "color": "#A3C9FF",
+    "hours": 0,
+    "days": 0,
+    "weeks": 0,
+    "hoursR": 0,
+    "daysR": 0,
+    "weeksR": 0,
+    "system": false,
+    "readonly": false,
+    "default": false,
+    "autorun": false,
+    "disabled": false,
+    "reputationCalc": 0,
+    "onChangeRepAlg": 0,
+    "layout": "Exabeam Notable User",
+    "detached": false,
+    "extractSettings": {
+        "mode": "Specific",
+        "fieldCliNameToExtractSettings": {}
+    },
+    "fromVersion": "6.10.0"
+}
\ No newline at end of file
diff --git a/Packs/Exabeam/Integrations/Exabeam/Exabeam.py b/Packs/Exabeam/Integrations/Exabeam/Exabeam.py
index 48eb04ab1775..ceae8c2cbdd1 100644
--- a/Packs/Exabeam/Integrations/Exabeam/Exabeam.py
+++ b/Packs/Exabeam/Integrations/Exabeam/Exabeam.py
@@ -14,6 +14,10 @@
 TOKEN_INPUT_IDENTIFIER = '__token'
 DAYS_BACK_FOR_FIRST_QUERY_OF_INCIDENTS = 3
 DATETIME_FORMAT_MILISECONDS = '%Y-%m-%dT%H:%M:%S.%f'
+DEFAULT_LIMIT = 50
+MAX_LENGTH_CONTEXT = 10000
+DEFAULT_FETCH_TYPE = ["Exabeam Incident"]
+MAX_LIMIT_FETCH_USERS = 200
 
 
 class Client(BaseClient):
@@ -1184,6 +1188,18 @@ def convert_all_unix_keys_to_date(incident: dict) -> dict:
     return incident
 
 
+def convert_all_unix_keys_to_date_user(incident: dict) -> dict:
+    keys = ['firstSeen', 'lastSeen', 'lastActivityTime', 'endTime', 'startTime']
+    if 'user' in incident:
+        for key in keys:
+            if key in incident['user']:
+                incident['user'][key] = convert_unix_to_date(incident['user'][key]).split('.')[0] + 'Z'
+            if key in incident['highestRiskSession'] and incident['highestRiskSession'][key]:
+                incident['highestRiskSession'][key] = convert_unix_to_date(
+                    incident['highestRiskSession'][key]).split('.')[0] + 'Z'
+    return incident
+
+
 def build_incident_response_query_params(query: str | None,
                                          incident_type: str | None,
                                          priority: str | None,
@@ -1233,6 +1249,25 @@ def test_module(client: Client, args: dict[str, str], params: dict[str, str]):
         ok if successful
     """
     client.test_module_request()
+
+    is_fetch = argToBoolean(params.get("isFetch") or False)
+    if is_fetch:
+        fetch_type = params.get("fetch_type", DEFAULT_FETCH_TYPE)
+        if "Exabeam Notable User" in fetch_type:
+
+            fetch_interval = arg_to_number(params.get("notable_users_fetch_interval")) or 60
+            if fetch_interval % 60 != 0:
+                raise ValueError("The Notable Users Fetch Interval must be specified in whole hours")
+
+            max_fetch_users = arg_to_number(params.get("max_fetch_users")) or DEFAULT_LIMIT
+            if max_fetch_users <= 0 or max_fetch_users > MAX_LIMIT_FETCH_USERS:
+                raise ValueError("The Max Users Per Fetch must be between 1 and 200")
+
+            client.get_notable_users_request("h", "1", 1)
+
+        if "Exabeam Incident" in fetch_type:
+            client.get_incidents({})
+
     demisto.results('ok')
 
 
@@ -2085,9 +2120,28 @@ def list_incidents(client: Client, args: dict[str, str]):
 
 
 def fetch_incidents(client: Client, args: dict[str, str]) -> tuple[list, dict]:
-    look_back = arg_to_number(args.get('look_back', '1'))
-    last_run = demisto.getLastRun()
+    incidents: list[dict] = []
+    last_run: dict[str, Any] = demisto.getLastRun()
     demisto.debug(f"Last run before the fetch run: {last_run}")
+    fetch_type = args.get("fetch_type", DEFAULT_FETCH_TYPE)
+
+    if "Exabeam Notable User" in fetch_type:
+        incidents, last_run = fetch_notable_users(client, args, last_run)
+        demisto.debug(f'After fetch notable users, there are {len(incidents)} new incidents')
+
+    if "Exabeam Incident" in fetch_type:
+        exabeam_incidents, updated_last_run = fetch_exabeam_incidents(client, args, last_run)
+        incidents.extend(exabeam_incidents)
+        last_run.update(updated_last_run)
+
+    demisto.debug(f"Last run after the fetch run: {last_run}")
+    return incidents, last_run
+
+
+def fetch_exabeam_incidents(client: Client, args: dict[str, str], last_run: dict[str, Any]) -> tuple[list, dict]:
+    incidents: list[dict] = []
+    look_back = arg_to_number(args.get('look_back')) or 1.
+
     start_time, end_time = get_fetch_run_time_range(
         last_run=last_run,
         first_fetch=args.get('first_fetch', '3 days'),
@@ -2135,11 +2189,11 @@ def fetch_incidents(client: Client, args: dict[str, str]) -> tuple[list, dict]:
     )
     demisto.debug(f'After filtering, there are {len(incidents_filtered)} incidents')
 
-    incidents: list[dict] = []
     for incident in incidents_filtered:
         incident['createdAt'] = datetime.fromtimestamp(
             incident.get('baseFields', {}).get('createdAt') / 1000.0).strftime(DATETIME_FORMAT_MILISECONDS)
         incident = convert_all_unix_keys_to_date(incident)
+        incident['incident_type'] = 'Exabeam Incident'
         incidents.append({
             'Name': incident.get('name'),
             'occurred': incident.get('baseFields', {}).get('createdAt'),
@@ -2158,10 +2212,86 @@ def fetch_incidents(client: Client, args: dict[str, str]) -> tuple[list, dict]:
         date_format=DATETIME_FORMAT_MILISECONDS,
         increase_last_run_time=True
     )
-    demisto.debug(f"Last run after the fetch run: {last_run}")
     return incidents, last_run
 
 
+def fetch_notable_users(client: Client, args: dict[str, str], last_run_obj: dict) -> tuple[list, dict]:
+    current_time = datetime.now(timezone.utc)
+    last_run_notable_users: str = last_run_obj.get("last_run_notable_users", "")
+    demisto.debug(f"Last run notable users: {last_run_notable_users}, before fetch")
+
+    if last_run_notable_users:
+        last_run_time = datetime.fromisoformat(last_run_notable_users).astimezone(timezone.utc)
+        difference = current_time - last_run_time
+        difference_minutes = difference.total_seconds() / 60
+        fetch_interval = arg_to_number(args.get("notable_users_fetch_interval")) or 60
+
+       # Ensure fetch_interval is at least 60 and rounded to the nearest multiple of 60
+        fetch_interval = max(60, round(fetch_interval / 60) * 60)
+
+        demisto.debug(f"Difference of {difference_minutes} minutes between the current time and the last run notable users")
+        if difference_minutes <= fetch_interval:  # Check if the time interval is past.
+            return [], last_run_obj
+
+        else:
+            time_period = f"{int(fetch_interval/60)} hours"
+
+    else:  # In the first run
+        time_period = args.get("notable_users_first_fetch", "3 months")
+
+    limit = arg_to_number(args.get("max_fetch_users")) or DEFAULT_LIMIT
+    args_notable_users = {"limit": limit, "time_period": time_period}
+    demisto.debug(f"Before the request args notable users, limit: {limit}, time period: {time_period}")
+    _, _, res = get_notable_users(client, args_notable_users)
+    users = res.get("users", [])
+    demisto.debug(f"Got {len(users)} users from the API, before filtering")
+
+    minimum_risks = arg_to_number(args.get("minimum_risk_score_to_fetch_users"))
+
+    existing_usernames: list[str] = last_run_obj.get("usernames", [])
+
+    demisto.debug(f"Existing {len(existing_usernames)} usernames in last run")
+    new_risky_users = []
+    new_usernames = []
+    for user in users:
+        user_details = user.get("user", {})
+        username = user_details.get("username", "")
+        risk_score = user_details.get("riskScore", -1)
+        if risk_score >= minimum_risks and username not in existing_usernames:
+            new_risky_users.append(user)
+            new_usernames.append(username)
+
+    demisto.debug(f"After filtering, there are {len(new_risky_users)} new risky users")
+
+    combined_usernames = existing_usernames + new_usernames
+
+    # Calculate the excess length, which is the amount by which the combined list exceeds the maximum allowed length
+    excess_length = max(len(combined_usernames) - MAX_LENGTH_CONTEXT, 0)
+
+    # Create the new list of usernames, trimming the excess from the existing ones
+    usernames_to_last_run = existing_usernames[excess_length:] + new_usernames
+    demisto.debug(f"{excess_length} usernames deleted from the lest run to avoid exceeding the maximum")
+
+    last_run_obj["usernames"] = usernames_to_last_run
+    demisto.debug(f"After the added lest run contain {len(usernames_to_last_run)} usernames")
+
+    incidents: list[dict] = []
+    for user_data in new_risky_users:
+        user_data_fixed_time = convert_all_unix_keys_to_date_user(user_data)
+        user_username = user_data.get("user", {}).get("username", "")
+        user_data_fixed_time['incident_type'] = 'Exabeam Notable User'
+        incidents.append(
+            {
+                "Name": user_username,
+                "rawJSON": json.dumps(user_data_fixed_time),
+            }
+        )
+
+    last_run_obj["last_run_notable_users"] = current_time.strftime(DATETIME_FORMAT_MILISECONDS)
+    demisto.debug(f"Last run notable users after the fetch run: {last_run_notable_users}")
+    return incidents, last_run_obj
+
+
 def main():  # pragma: no cover
     """
     PARSE AND VALIDATE INTEGRATION PARAMS
diff --git a/Packs/Exabeam/Integrations/Exabeam/Exabeam.yml b/Packs/Exabeam/Integrations/Exabeam/Exabeam.yml
index 07c188824209..355b410bc441 100644
--- a/Packs/Exabeam/Integrations/Exabeam/Exabeam.yml
+++ b/Packs/Exabeam/Integrations/Exabeam/Exabeam.yml
@@ -7,10 +7,12 @@ configuration:
   name: url
   required: true
   type: 0
+  section: Connect
 - display: Username
   name: credentials
   type: 9
   required: false
+  section: Connect
 - additionalinfo: Cluster Authentication Token
   display: Username
   displaypassword: API Token
@@ -18,6 +20,7 @@ configuration:
   type: 9
   hiddenusername: true
   required: false
+  section: Connect
 - defaultvalue: "generic,abnormalAuth,accountManipulation,accountTampering,ueba,bruteForce,compromisedCredentials, cryptomining,dataAccessAbuse,dataExfiltration,dlp,departedEmployee,dataDestruction,evasion,lateralMovement,alertTriage, malware,phishing,privilegeAbuse,physicalSecurity,privilegeEscalation,privilegedActivity,ransomware,workforceProtection"
   display: Exabeam Incident Type
   name: incident_type
@@ -48,6 +51,8 @@ configuration:
   - workforceProtection
   type: 16
   required: false
+  section: Collect
+  advanced: true
 - defaultvalue: low,medium,high,critical
   display: Priority
   name: priority
@@ -58,6 +63,8 @@ configuration:
   - critical
   type: 16
   required: false
+  section: Collect
+  advanced: true
 - defaultvalue: closed,closedFalsePositive,inprogress,new,pending,resolved
   display: Status
   name: status
@@ -74,16 +81,20 @@ configuration:
   name: isFetch
   type: 8
   required: false
+  section: Collect
+  advanced: true
 - defaultvalue: '50'
   display: Max incidents per fetch
   name: max_fetch
   type: 0
   required: false
+  section: Collect
 - defaultvalue: 3 days
   display: First fetch timestamp (<number> <time unit>, e.g., 12 hours, 7 days)
   name: first_fetch
   type: 0
   required: false
+  section: Collect
 - display: 'Advanced: Minutes to look back when fetching'
   name: look_back
   type: 0
@@ -98,12 +109,49 @@ configuration:
   name: insecure
   type: 8
   required: false
+  section: Connect
+  advanced: true
 - display: Use system proxy settings
   name: proxy
   type: 8
   required: false
+  section: Connect
+  advanced: true
+- display: Fetch Type
+  defaultvalue: Exabeam Incident
+  name: fetch_type
+  type: 16
+  options:
+  - Exabeam Incident
+  - Exabeam Notable User
+  section: Collect
+- display: Max Users Per Fetch
+  name: max_fetch_users
+  additionalinfo: Applies only when the Fetch Type is set to Exabeam Notable User.
+  type: 0
+  section: Collect
+  defaultvalue: 50
+- display: Notable Users Fetch Interval
+  name: notable_users_fetch_interval
+  additionalinfo: The interval, in whole hours, between consecutive fetch operations.
+  defaultvalue: "60"
+  type: 19
+  section: Collect
+  advanced: true
+- defaultvalue: 3 months
+  display: Notable Users First Fetch Timestamp (<number> <time unit>, e.g., 12 hours, 7 days)
+  name: notable_users_first_fetch
+  type: 0
+  section: Collect
+  advanced: true
+- display: Minimum Risk Score To Fetch Users
+  name: minimum_risk_score_to_fetch_users
+  type: 0
+  section: Collect
+  advanced: true
+  defaultvalue: 90
 description: The Exabeam Security Management Platform provides end-to-end detection, User Event Behavioral Analytics, and SOAR.
-display: Exabeam
+display: Exabeam Advanced Analytics
 name: Exabeam
 script:
   commands:
@@ -1692,7 +1740,7 @@ script:
     - contextPath: Exabeam.incidents.fields.description
       description: The incident description.
       type: String
-  dockerimage: demisto/python3:3.10.14.91134
+  dockerimage: demisto/python3:3.11.9.101916
   isfetch: true
   runonce: false
   script: '-'
@@ -1701,3 +1749,5 @@ script:
 tests:
 - Exabeam - Test
 fromversion: 5.0.0
+defaultclassifier: "Exabeam Classifier"
+defaultmapperin: "Exabeam mapping"
diff --git a/Packs/Exabeam/Integrations/Exabeam/Exabeam_test.py b/Packs/Exabeam/Integrations/Exabeam/Exabeam_test.py
index 0f4f87d97193..29f4dc72f223 100644
--- a/Packs/Exabeam/Integrations/Exabeam/Exabeam_test.py
+++ b/Packs/Exabeam/Integrations/Exabeam/Exabeam_test.py
@@ -2,11 +2,12 @@
 from datetime import datetime
 from freezegun import freeze_time
 import pytz
+import copy
 from Exabeam import Client, contents_append_notable_user_info, contents_user_info, get_peer_groups, \
     get_user_labels, get_watchlist, get_asset_data, get_session_info_by_id, get_rules_model_definition, \
     parse_context_table_records_list, get_notable_assets, get_notable_session_details, get_notable_sequence_details, \
     get_notable_sequence_event_types, delete_context_table_records, list_incidents, convert_all_unix_keys_to_date, \
-    fetch_incidents, build_incident_response_query_params
+    fetch_incidents, build_incident_response_query_params, fetch_notable_users
 from test_data.response_constants import RESPONSE_PEER_GROUPS, RESPONSE_USER_LABELS, RESPONSE_WATCHLISTS, \
     RESPONSE_ASSET_DATA, RESPONSE_SESSION_INFO, RESPONSE_MODEL_DATA, RESPONSE_NOTABLE_ASSET_DATA, \
     RESPONSE_NOTABLE_SESSION_DETAILS, RESPONSE_NOTABLE_SEQUENCE_DETAILS, RESPONSE_NOTABLE_SEQUENCE_EVENTS, \
@@ -18,6 +19,7 @@
 from test_data.response_incidents import INCIDENTS, EXPECTED_INCIDENTS, EXPECTED_LAST_RUN, EXPECTED_CALL_ARGS, \
     EXPECTED_LAST_RUN_FOR_LOOK_BACK, INCIDENTS_FOR_LOOK_BACK_FIRST_TIME, EXPECTED_INCIDENTS_FOR_LOOK_BACK, \
     EXPECTED_CALL_ARGS_FOR_LOOK_BACK, INCIDENTS_FOR_LOOK_BACK_SECOND_TIME
+from test_data.response_users import RES_USERS
 
 
 def test_contents_append_notable_user_info():
@@ -525,3 +527,76 @@ def test_fetch_incidents_with_look_back(mocker, params, expected_incidents, expe
     assert last_run['time'] == expected_last_run['second_fetch']['time']
     for id_ in expected_last_run['second_fetch']['found_incident_ids']:
         assert id_ in last_run['found_incident_ids']
+
+
+@pytest.mark.parametrize(
+    "args, last_run_obj, expected_new_incidents_count",
+    [
+        (
+            {
+                "notable_users_fetch_interval": "60",
+                "notable_users_first_fetch": "3 months",
+                "max_fetch_users": "50",
+                "minimum_risk_score_to_fetch_users": "90",
+                "type_fetch": "Exabeam Notable User",
+            },
+            {
+                "last_run_notable_users": "2024-06-18T13:08:58.489698",
+                "usernames": ["old_username_risky"],
+            },
+            1,
+        ),
+        (
+            {
+                "notable_users_fetch_interval": "60",
+                "notable_users_first_fetch": "3 months",
+                "max_fetch_users": "50",
+                "minimum_risk_score_to_fetch_users": "90",
+                "type_fetch": "Exabeam Notable User",
+            },
+            {"last_run_notable_users": "2024-06-18T13:08:58.489698"},
+            2,
+        ),
+    ],
+    ids=["with_old_username_risky", "without_old_username_risky"],
+)
+def test_notable_users_fetch_incdents(mocker, args, last_run_obj, expected_new_incidents_count):
+    mocker.patch.object(Client, '_login', return_value=None)
+    client = Client(base_url='https://example.com', username='test_user', password='1234', verify=False, proxy=False, headers={})
+    copy_res = copy.deepcopy(RES_USERS)  # for separation between the tests
+    mocker.patch('Exabeam.get_notable_users', return_value=(None, None, copy_res))
+
+    incidents, last_run = fetch_notable_users(client, args, last_run_obj)
+
+    assert len(incidents) == expected_new_incidents_count
+    assert incidents[0]['Name'] == 'new_username_risky'
+    actual_last_run = last_run['last_run_notable_users'].split('.')[0]  # Remove microseconds for comparison
+    assert actual_last_run == datetime.now(pytz.utc).strftime('%Y-%m-%dT%H:%M:%S')
+
+
+@pytest.mark.parametrize(
+    "params, expected_functions_called",
+    [
+        (
+            {
+                "fetch_type": ["Exabeam Notable User", "Exabeam Incident"],
+            },
+            {"fetch_notable_users": 1, "fetch_exabeam_incidents": 1},
+        ),
+        (
+            {},
+            {"fetch_notable_users": 0, "fetch_exabeam_incidents": 1},
+        ),
+    ],
+    ids=["both_notable_users_and_incidents", "default_configuration"],
+)
+def test_fetch_incidents(mocker, params, expected_functions_called):
+    mocker.patch.object(Client, '_login', return_value=None)
+    client = Client(base_url='https://example.com', username='test_user', password='1234', verify=False, proxy=False, headers={})
+
+    fetch_notable_users = mocker.patch('Exabeam.fetch_notable_users', return_value=([], {}))
+    fetch_exabeam_incidents = mocker.patch('Exabeam.fetch_exabeam_incidents', return_value=([], {}))
+
+    fetch_incidents(client, params)
+    assert fetch_notable_users.call_count == expected_functions_called.get("fetch_notable_users")
+    assert fetch_exabeam_incidents.call_count == expected_functions_called.get("fetch_exabeam_incidents")
diff --git a/Packs/Exabeam/Integrations/Exabeam/README.md b/Packs/Exabeam/Integrations/Exabeam/README.md
index d1ee06c833a5..3be6b65da571 100644
--- a/Packs/Exabeam/Integrations/Exabeam/README.md
+++ b/Packs/Exabeam/Integrations/Exabeam/README.md
@@ -44,6 +44,25 @@ For additional information, refer to [Exabeam Administration Guide](https://docs
     | Use system proxy settings |  | False |
 
 4. Click **Test** to validate the URLs, token, and connection.
+
+
+### Fetch
+
+#### Exabeam Incident
+
+- Description: Information about incidents collected from the Exabeam system.
+- Details: The incidents include details about events and actions identified in the Exabeam system, intended for monitoring and response.
+
+#### Exabeam Notable User
+
+- Description: Information about notable users collected from the Exabeam system.
+- Details: Notable users are identified by the Exabeam system based on suspicious or abnormal behavior, and the information includes details about their actions in the system.
+- Important: Duplicate notable users are never fetched unless the "Reset the 'last run' timestamp" button is pressed.
+
+#### Note
+The "Reset the 'last run' timestamp" button resets both the regular fetch and the Exabeam Notable User fetch.
+
+
 ## Commands
 You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook.
 After you successfully execute a command, a DBot message appears in the War Room with the command details.
diff --git a/Packs/Exabeam/Integrations/Exabeam/test_data/response_users.py b/Packs/Exabeam/Integrations/Exabeam/test_data/response_users.py
new file mode 100644
index 000000000000..24113130bcde
--- /dev/null
+++ b/Packs/Exabeam/Integrations/Exabeam/test_data/response_users.py
@@ -0,0 +1,184 @@
+RES_USERS = {
+    "users": [
+        {
+            "user": {
+                "username": "new_username_risky",
+                "riskScore": 95.5,
+                "averageRiskScore": 93.06,
+                "pastScores": [
+                    92.7356224797443,
+                    93.36451351435753,
+                ],
+                "lastSessionId": "user-000000000",
+                "firstSeen": 1682956976547,
+                "lastSeen": 1719331984447,
+                "lastActivityType": "Account is active",
+                "accessStatus": "Account deleted",
+                "lastActivityTime": 1719331984447,
+                "info": {
+                    "location": "dallas",
+                    "photo": "aaabbb",
+                    "phoneCell": "(000) 000-0000",
+                    "email": "user@example.com",
+                    "employeeType": "employee",
+                    "fullName": "User Employee",
+                    "departmentNumber": "100",
+                    "dn": "cn=name name,ou=users,ou=acetomato,dc=lab,dc=local",
+                    "country": "usa",
+                    "division": "operations",
+                    "department": "operations",
+                    "manager": "cn=name nmae,ou=users,ou=acetomato,dc=lab,dc=local",
+                    "phoneOffice": "000-000-0000",
+                    "employeeNumber": "000-000a",
+                    "title": "operations director",
+                    "group": "sap:design,milling",
+                },
+                "labels": ["APsiteB"],
+                "pendingRiskTransfers": [],
+            },
+            "userFullName": "Name Name",
+            "isExecutive": False,
+            "highestRiskScore": 116,
+            "highestRiskSession": {
+                "sessionId": "user-000000000",
+                "username": "username_not_risky",
+                "startTime": 1719331984447,
+                "endTime": 0,
+                "initialRiskScore": 23,
+                "riskScore": 95.5,
+                "numOfReasons": 6,
+                "loginHost": "aa",
+                "label": "",
+                "accounts": ["user"],
+                "numOfAccounts": 1,
+                "zones": [],
+                "numOfZones": 0,
+                "numOfAssets": 5,
+                "numOfEvents": 44199,
+                "numOfSecurityEvents": 40,
+            },
+            "notableSessionIds": ["abc-00000000000"],
+            "incidentIds": [],
+        },
+        {
+            "user": {
+                "username": "old_username_risky",
+                "riskScore": 98,
+                "averageRiskScore": 93.06,
+                "pastScores": [
+                    92.7356224797443,
+                    93.36451351435753,
+                ],
+                "lastSessionId": "user-20240624160804",
+                "firstSeen": 1682956976547,
+                "lastSeen": 1719331984447,
+                "lastActivityType": "Account is active",
+                "accessStatus": "Account deleted",
+                "lastActivityTime": 1719331984447,
+                "info": {
+                    "location": "dallas",
+                    "photo": "aaabbb",
+                    "phoneCell": "(000) 000-0000",
+                    "email": "user@example.com",
+                    "employeeType": "employee",
+                    "fullName": "User Employee",
+                    "departmentNumber": "100",
+                    "dn": "cn=name name,ou=users,ou=acetomato,dc=lab,dc=local",
+                    "country": "usa",
+                    "division": "operations",
+                    "department": "operations",
+                    "manager": "cn=name nmae,ou=users,ou=acetomato,dc=lab,dc=local",
+                    "phoneOffice": "000-000-0000",
+                    "employeeNumber": "000-000a",
+                    "title": "operations director",
+                    "group": "sap:design,milling",
+                },
+                "labels": ["APsiteB"],
+                "pendingRiskTransfers": [],
+            },
+            "userFullName": "Name Name2",
+            "isExecutive": False,
+            "highestRiskScore": 116,
+            "highestRiskSession": {
+                "sessionId": "user-000000000",
+                "username": "user",
+                "startTime": 1719331984447,
+                "endTime": 0,
+                "initialRiskScore": 23,
+                "riskScore": 85.5,
+                "numOfReasons": 6,
+                "loginHost": "aa",
+                "label": "",
+                "accounts": ["user"],
+                "numOfAccounts": 1,
+                "zones": [],
+                "numOfZones": 0,
+                "numOfAssets": 5,
+                "numOfEvents": 44199,
+                "numOfSecurityEvents": 40,
+            },
+            "notableSessionIds": ["abc-00000000000"],
+            "incidentIds": [],
+        },
+        {
+            "user": {
+                "username": "username_not_risky",
+                "riskScore": 85.5,
+                "averageRiskScore": 93.06,
+                "pastScores": [
+                    92.7356224797443,
+                    93.36451351435753,
+                ],
+                "lastSessionId": "user-20240624160804",
+                "firstSeen": 1682956976547,
+                "lastSeen": 1719331984447,
+                "lastActivityType": "Account is active",
+                "accessStatus": "Account deleted",
+                "lastActivityTime": 1719331984447,
+                "info": {
+                    "location": "dallas",
+                    "photo": "aaabbb",
+                    "phoneCell": "(000) 000-0000",
+                    "email": "user@example.com",
+                    "employeeType": "employee",
+                    "fullName": "User Employee",
+                    "departmentNumber": "100",
+                    "dn": "cn=name name,ou=users,ou=acetomato,dc=lab,dc=local",
+                    "country": "usa",
+                    "division": "operations",
+                    "department": "operations",
+                    "manager": "cn=name nmae,ou=users,ou=acetomato,dc=lab,dc=local",
+                    "phoneOffice": "000-000-0000",
+                    "employeeNumber": "000-000a",
+                    "title": "operations director",
+                    "group": "sap:design,milling",
+                },
+                "labels": ["APsiteB"],
+                "pendingRiskTransfers": [],
+            },
+            "userFullName": "Name Name2",
+            "isExecutive": False,
+            "highestRiskScore": 116,
+            "highestRiskSession": {
+                "sessionId": "user-000000000",
+                "username": "user",
+                "startTime": 1719331984447,
+                "endTime": 0,
+                "initialRiskScore": 23,
+                "riskScore": 85.5,
+                "numOfReasons": 6,
+                "loginHost": "aa",
+                "label": "",
+                "accounts": ["user"],
+                "numOfAccounts": 1,
+                "zones": [],
+                "numOfZones": 0,
+                "numOfAssets": 5,
+                "numOfEvents": 44199,
+                "numOfSecurityEvents": 40,
+            },
+            "notableSessionIds": ["abc-00000000000"],
+            "incidentIds": [],
+        },
+    ]
+}
diff --git a/Packs/Exabeam/Layouts/layoutscontainer-Exabeam_Incident.json b/Packs/Exabeam/Layouts/layoutscontainer-Exabeam_Incident.json
new file mode 100644
index 000000000000..51e33db1b8a8
--- /dev/null
+++ b/Packs/Exabeam/Layouts/layoutscontainer-Exabeam_Incident.json
@@ -0,0 +1,422 @@
+{
+    "detailsV2": {
+        "tabs": [
+            {
+                "id": "summary",
+                "name": "Legacy Summary",
+                "type": "summary"
+            },
+            {
+                "id": "caseinfoid",
+                "name": "Incident Info",
+                "sections": [
+                    {
+                        "displayType": "ROW",
+                        "h": 2,
+                        "i": "caseinfoid-fce71720-98b0-11e9-97d7-ed26ef9e46c8",
+                        "isVisible": true,
+                        "items": [
+                            {
+                                "endCol": 2,
+                                "fieldId": "type",
+                                "height": 22,
+                                "id": "incident-type-field",
+                                "index": 0,
+                                "sectionItemType": "field",
+                                "startCol": 0
+                            },
+                            {
+                                "endCol": 2,
+                                "fieldId": "severity",
+                                "height": 22,
+                                "id": "incident-severity-field",
+                                "index": 1,
+                                "sectionItemType": "field",
+                                "startCol": 0
+                            },
+                            {
+                                "endCol": 2,
+                                "fieldId": "owner",
+                                "height": 22,
+                                "id": "incident-owner-field",
+                                "index": 2,
+                                "sectionItemType": "field",
+                                "startCol": 0
+                            },
+                            {
+                                "endCol": 2,
+                                "fieldId": "sourcebrand",
+                                "height": 22,
+                                "id": "incident-sourceBrand-field",
+                                "index": 4,
+                                "sectionItemType": "field",
+                                "startCol": 0
+                            },
+                            {
+                                "endCol": 2,
+                                "fieldId": "sourceinstance",
+                                "height": 22,
+                                "id": "incident-sourceInstance-field",
+                                "index": 5,
+                                "sectionItemType": "field",
+                                "startCol": 0
+                            },
+                            {
+                                "endCol": 2,
+                                "fieldId": "playbookid",
+                                "height": 22,
+                                "id": "incident-playbookId-field",
+                                "index": 6,
+                                "sectionItemType": "field",
+                                "startCol": 0
+                            }
+                        ],
+                        "maxW": 3,
+                        "moved": false,
+                        "name": "Case Details",
+                        "static": false,
+                        "w": 1,
+                        "x": 0,
+                        "y": 0
+                    },
+                    {
+                        "h": 2,
+                        "i": "caseinfoid-61263cc0-98b1-11e9-97d7-ed26ef9e46c8",
+                        "maxW": 3,
+                        "moved": false,
+                        "name": "Notes",
+                        "static": false,
+                        "type": "notes",
+                        "w": 1,
+                        "x": 2,
+                        "y": 0
+                    },
+                    {
+                        "displayType": "ROW",
+                        "h": 2,
+                        "i": "caseinfoid-6aabad20-98b1-11e9-97d7-ed26ef9e46c8",
+                        "maxW": 3,
+                        "moved": false,
+                        "name": "Work Plan",
+                        "static": false,
+                        "type": "workplan",
+                        "w": 1,
+                        "x": 1,
+                        "y": 0
+                    },
+                    {
+                        "displayType": "ROW",
+                        "h": 2,
+                        "i": "caseinfoid-7ce69dd0-a07f-11e9-936c-5395a1acf11e",
+                        "maxW": 3,
+                        "moved": false,
+                        "name": "Indicators",
+                        "query": "",
+                        "queryType": "input",
+                        "static": false,
+                        "type": "indicators",
+                        "w": 2,
+                        "x": 0,
+                        "y": 4
+                    },
+                    {
+                        "displayType": "CARD",
+                        "h": 2,
+                        "i": "caseinfoid-ac32f620-a0b0-11e9-b27f-13ae1773d289",
+                        "items": [
+                            {
+                                "endCol": 1,
+                                "fieldId": "occurred",
+                                "height": 22,
+                                "id": "incident-occurred-field",
+                                "index": 0,
+                                "sectionItemType": "field",
+                                "startCol": 0
+                            },
+                            {
+                                "endCol": 1,
+                                "fieldId": "dbotmodified",
+                                "height": 22,
+                                "id": "incident-modified-field",
+                                "index": 1,
+                                "sectionItemType": "field",
+                                "startCol": 0
+                            },
+                            {
+                                "endCol": 2,
+                                "fieldId": "dbotduedate",
+                                "height": 22,
+                                "id": "incident-dueDate-field",
+                                "index": 2,
+                                "sectionItemType": "field",
+                                "startCol": 0
+                            },
+                            {
+                                "endCol": 2,
+                                "fieldId": "dbotcreated",
+                                "height": 22,
+                                "id": "incident-created-field",
+                                "index": 0,
+                                "sectionItemType": "field",
+                                "startCol": 1
+                            },
+                            {
+                                "endCol": 2,
+                                "fieldId": "dbotclosed",
+                                "height": 22,
+                                "id": "incident-closed-field",
+                                "index": 1,
+                                "sectionItemType": "field",
+                                "startCol": 1
+                            }
+                        ],
+                        "maxW": 3,
+                        "moved": false,
+                        "name": "Timeline Information",
+                        "static": false,
+                        "w": 1,
+                        "x": 0,
+                        "y": 2
+                    },
+                    {
+                        "displayType": "ROW",
+                        "h": 2,
+                        "i": "caseinfoid-88e6bf70-a0b1-11e9-b27f-13ae1773d289",
+                        "isVisible": true,
+                        "items": [
+                            {
+                                "endCol": 2,
+                                "fieldId": "dbotclosed",
+                                "height": 22,
+                                "id": "incident-dbotClosed-field",
+                                "index": 0,
+                                "sectionItemType": "field",
+                                "startCol": 0
+                            },
+                            {
+                                "endCol": 2,
+                                "fieldId": "closereason",
+                                "height": 22,
+                                "id": "incident-closeReason-field",
+                                "index": 1,
+                                "sectionItemType": "field",
+                                "startCol": 0
+                            },
+                            {
+                                "endCol": 2,
+                                "fieldId": "closenotes",
+                                "height": 22,
+                                "id": "incident-closeNotes-field",
+                                "index": 2,
+                                "sectionItemType": "field",
+                                "startCol": 0
+                            }
+                        ],
+                        "maxW": 3,
+                        "moved": false,
+                        "name": "Closing Information",
+                        "static": false,
+                        "w": 1,
+                        "x": 0,
+                        "y": 6
+                    },
+                    {
+                        "displayType": "CARD",
+                        "h": 2,
+                        "i": "caseinfoid-e54b1770-a0b1-11e9-b27f-13ae1773d289",
+                        "isVisible": true,
+                        "items": [
+                            {
+                                "endCol": 2,
+                                "fieldId": "details",
+                                "height": 22,
+                                "id": "incident-details-field",
+                                "index": 0,
+                                "sectionItemType": "field",
+                                "startCol": 0
+                            }
+                        ],
+                        "maxW": 3,
+                        "moved": false,
+                        "name": "Investigation Data",
+                        "static": false,
+                        "w": 1,
+                        "x": 1,
+                        "y": 2
+                    }
+                ],
+                "type": "custom"
+            },
+            {
+                "hidden": false,
+                "id": "hjz1thixle",
+                "name": "exabeam incident",
+                "sections": [
+                    {
+                        "displayType": "CARD",
+                        "h": 4,
+                        "hideName": false,
+                        "i": "caseinfoid-0cccf740-3226-11ef-9f2b-1555829de806",
+                        "items": [
+                            {
+                                "endCol": 2,
+                                "fieldId": "closetime",
+                                "height": 53,
+                                "id": "0de2ad00-3226-11ef-9f2b-1555829de806",
+                                "index": 0,
+                                "sectionItemType": "field",
+                                "startCol": 0
+                            },
+                            {
+                                "endCol": 2,
+                                "fieldId": "description",
+                                "height": 53,
+                                "id": "278701c0-3226-11ef-9f2b-1555829de806",
+                                "index": 1,
+                                "sectionItemType": "field",
+                                "startCol": 0
+                            },
+                            {
+                                "endCol": 2,
+                                "fieldId": "exabeamid",
+                                "height": 53,
+                                "id": "2b9780f0-3226-11ef-9f2b-1555829de806",
+                                "index": 2,
+                                "sectionItemType": "field",
+                                "startCol": 0
+                            },
+                            {
+                                "endCol": 2,
+                                "fieldId": "exabeamqueue",
+                                "height": 53,
+                                "id": "32d3c4a0-3226-11ef-9f2b-1555829de806",
+                                "index": 3,
+                                "sectionItemType": "field",
+                                "startCol": 0
+                            },
+                            {
+                                "endCol": 2,
+                                "fieldId": "itemowner",
+                                "height": 53,
+                                "id": "4bf66640-3226-11ef-9f2b-1555829de806",
+                                "index": 4,
+                                "sectionItemType": "field",
+                                "startCol": 0
+                            },
+                            {
+                                "endCol": 2,
+                                "fieldId": "sourcecategory",
+                                "height": 53,
+                                "id": "51d60020-3226-11ef-9f2b-1555829de806",
+                                "index": 5,
+                                "sectionItemType": "field",
+                                "startCol": 0
+                            },
+                            {
+                                "endCol": 2,
+                                "fieldId": "sourcepriority",
+                                "height": 53,
+                                "id": "b467eaf0-3226-11ef-9f2b-1555829de806",
+                                "index": 6,
+                                "sectionItemType": "field",
+                                "startCol": 0
+                            },
+                            {
+                                "dropEffect": "move",
+                                "endCol": 4,
+                                "fieldId": "title",
+                                "height": 53,
+                                "id": "c57240c0-3226-11ef-9f2b-1555829de806",
+                                "index": 0,
+                                "listId": "caseinfoid-0cccf740-3226-11ef-9f2b-1555829de806",
+                                "sectionItemType": "field",
+                                "startCol": 2
+                            },
+                            {
+                                "dropEffect": "move",
+                                "endCol": 4,
+                                "fieldId": "starttime",
+                                "height": 53,
+                                "id": "c1f15760-3226-11ef-9f2b-1555829de806",
+                                "index": 1,
+                                "listId": "caseinfoid-0cccf740-3226-11ef-9f2b-1555829de806",
+                                "sectionItemType": "field",
+                                "startCol": 2
+                            },
+                            {
+                                "dropEffect": "move",
+                                "endCol": 4,
+                                "fieldId": "sourceupdatedby",
+                                "height": 53,
+                                "id": "bd9465e0-3226-11ef-9f2b-1555829de806",
+                                "index": 2,
+                                "listId": "caseinfoid-0cccf740-3226-11ef-9f2b-1555829de806",
+                                "sectionItemType": "field",
+                                "startCol": 2
+                            },
+                            {
+                                "dropEffect": "move",
+                                "endCol": 4,
+                                "fieldId": "sourcestatus",
+                                "height": 53,
+                                "id": "b9c842b0-3226-11ef-9f2b-1555829de806",
+                                "index": 3,
+                                "listId": "caseinfoid-0cccf740-3226-11ef-9f2b-1555829de806",
+                                "sectionItemType": "field",
+                                "startCol": 2
+                            },
+                            {
+                                "dropEffect": "move",
+                                "endCol": 4,
+                                "fieldId": "sourcecreatedby",
+                                "height": 53,
+                                "id": "a30da060-3226-11ef-9f2b-1555829de806",
+                                "index": 4,
+                                "listId": "caseinfoid-0cccf740-3226-11ef-9f2b-1555829de806",
+                                "sectionItemType": "field",
+                                "startCol": 2
+                            },
+                            {
+                                "dropEffect": "move",
+                                "endCol": 4,
+                                "fieldId": "sourcecreatetime",
+                                "height": 53,
+                                "id": "5c669ef0-3226-11ef-9f2b-1555829de806",
+                                "index": 5,
+                                "listId": "caseinfoid-0cccf740-3226-11ef-9f2b-1555829de806",
+                                "sectionItemType": "field",
+                                "startCol": 2
+                            }
+                        ],
+                        "maxW": 3,
+                        "minH": 1,
+                        "moved": false,
+                        "name": "info",
+                        "static": false,
+                        "w": 3,
+                        "x": 0,
+                        "y": 0
+                    }
+                ],
+                "type": "custom"
+            },
+            {
+                "id": "warRoom",
+                "name": "War Room",
+                "type": "warRoom"
+            },
+            {
+                "id": "workPlan",
+                "name": "Work Plan",
+                "type": "workPlan"
+            }
+        ]
+    },
+    "group": "incident",
+    "id": "Exabeam Incident",
+    "name": "Exabeam Incident",
+    "system": false,
+    "version": -1,
+    "fromVersion": "6.10.0",
+    "description": ""
+}
\ No newline at end of file
diff --git a/Packs/Exabeam/Layouts/layoutscontainer-Exabeam_Notable_User.json b/Packs/Exabeam/Layouts/layoutscontainer-Exabeam_Notable_User.json
new file mode 100644
index 000000000000..bad380a958a3
--- /dev/null
+++ b/Packs/Exabeam/Layouts/layoutscontainer-Exabeam_Notable_User.json
@@ -0,0 +1,1868 @@
+{
+    "close": {
+        "sections": [
+            {
+                "description": "",
+                "fields": [
+                    {
+                        "fieldId": "incident_closereason",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_closenotes",
+                        "isVisible": true
+                    }
+                ],
+                "isVisible": true,
+                "name": "Basic Information",
+                "query": null,
+                "queryType": "",
+                "readOnly": false,
+                "type": ""
+            },
+            {
+                "description": "",
+                "isVisible": true,
+                "name": "Custom Fields",
+                "query": null,
+                "queryType": "",
+                "readOnly": false,
+                "type": ""
+            }
+        ]
+    },
+    "detailsV2": {
+        "tabs": [
+            {
+                "id": "summary",
+                "name": "Legacy Summary",
+                "type": "summary"
+            },
+            {
+                "id": "caseinfoid",
+                "name": "Incident Info",
+                "sections": [
+                    {
+                        "displayType": "ROW",
+                        "h": 2,
+                        "i": "caseinfoid-sosmfpdiuh-caseinfoid-fce71720-98b0-11e9-97d7-ed26ef9e46c8",
+                        "isVisible": true,
+                        "items": [
+                            {
+                                "endCol": 2,
+                                "fieldId": "type",
+                                "height": 22,
+                                "id": "incident-type-field",
+                                "index": 0,
+                                "sectionItemType": "field",
+                                "startCol": 0
+                            },
+                            {
+                                "endCol": 2,
+                                "fieldId": "severity",
+                                "height": 22,
+                                "id": "incident-severity-field",
+                                "index": 1,
+                                "sectionItemType": "field",
+                                "startCol": 0
+                            },
+                            {
+                                "endCol": 2,
+                                "fieldId": "owner",
+                                "height": 22,
+                                "id": "incident-owner-field",
+                                "index": 2,
+                                "sectionItemType": "field",
+                                "startCol": 0
+                            },
+                            {
+                                "endCol": 2,
+                                "fieldId": "sourcebrand",
+                                "height": 22,
+                                "id": "incident-sourceBrand-field",
+                                "index": 4,
+                                "sectionItemType": "field",
+                                "startCol": 0
+                            },
+                            {
+                                "endCol": 2,
+                                "fieldId": "sourceinstance",
+                                "height": 22,
+                                "id": "incident-sourceInstance-field",
+                                "index": 5,
+                                "sectionItemType": "field",
+                                "startCol": 0
+                            },
+                            {
+                                "endCol": 2,
+                                "fieldId": "playbookid",
+                                "height": 22,
+                                "id": "incident-playbookId-field",
+                                "index": 6,
+                                "sectionItemType": "field",
+                                "startCol": 0
+                            }
+                        ],
+                        "maxW": 3,
+                        "moved": false,
+                        "name": "Case Details",
+                        "static": false,
+                        "w": 1,
+                        "x": 0,
+                        "y": 0
+                    },
+                    {
+                        "h": 2,
+                        "i": "caseinfoid-sosmfpdiuh-caseinfoid-61263cc0-98b1-11e9-97d7-ed26ef9e46c8",
+                        "maxW": 3,
+                        "moved": false,
+                        "name": "Notes",
+                        "static": false,
+                        "type": "notes",
+                        "w": 1,
+                        "x": 2,
+                        "y": 0
+                    },
+                    {
+                        "displayType": "ROW",
+                        "h": 2,
+                        "i": "caseinfoid-sosmfpdiuh-caseinfoid-6aabad20-98b1-11e9-97d7-ed26ef9e46c8",
+                        "maxW": 3,
+                        "moved": false,
+                        "name": "Work Plan",
+                        "static": false,
+                        "type": "workplan",
+                        "w": 1,
+                        "x": 1,
+                        "y": 0
+                    },
+                    {
+                        "displayType": "ROW",
+                        "h": 2,
+                        "i": "caseinfoid-sosmfpdiuh-caseinfoid-7ce69dd0-a07f-11e9-936c-5395a1acf11e",
+                        "maxW": 3,
+                        "moved": false,
+                        "name": "Indicators",
+                        "query": "",
+                        "queryType": "input",
+                        "static": false,
+                        "type": "indicators",
+                        "w": 2,
+                        "x": 0,
+                        "y": 4
+                    },
+                    {
+                        "displayType": "CARD",
+                        "h": 2,
+                        "i": "caseinfoid-sosmfpdiuh-caseinfoid-ac32f620-a0b0-11e9-b27f-13ae1773d289",
+                        "items": [
+                            {
+                                "endCol": 1,
+                                "fieldId": "occurred",
+                                "height": 22,
+                                "id": "incident-occurred-field",
+                                "index": 0,
+                                "sectionItemType": "field",
+                                "startCol": 0
+                            },
+                            {
+                                "endCol": 1,
+                                "fieldId": "dbotmodified",
+                                "height": 22,
+                                "id": "incident-modified-field",
+                                "index": 1,
+                                "sectionItemType": "field",
+                                "startCol": 0
+                            },
+                            {
+                                "endCol": 2,
+                                "fieldId": "dbotduedate",
+                                "height": 22,
+                                "id": "incident-dueDate-field",
+                                "index": 2,
+                                "sectionItemType": "field",
+                                "startCol": 0
+                            },
+                            {
+                                "endCol": 2,
+                                "fieldId": "dbotcreated",
+                                "height": 22,
+                                "id": "incident-created-field",
+                                "index": 0,
+                                "sectionItemType": "field",
+                                "startCol": 1
+                            },
+                            {
+                                "endCol": 2,
+                                "fieldId": "dbotclosed",
+                                "height": 22,
+                                "id": "incident-closed-field",
+                                "index": 1,
+                                "sectionItemType": "field",
+                                "startCol": 1
+                            }
+                        ],
+                        "maxW": 3,
+                        "moved": false,
+                        "name": "Timeline Information",
+                        "static": false,
+                        "w": 1,
+                        "x": 0,
+                        "y": 2
+                    },
+                    {
+                        "displayType": "ROW",
+                        "h": 2,
+                        "i": "caseinfoid-sosmfpdiuh-caseinfoid-88e6bf70-a0b1-11e9-b27f-13ae1773d289",
+                        "isVisible": true,
+                        "items": [
+                            {
+                                "endCol": 2,
+                                "fieldId": "dbotclosed",
+                                "height": 22,
+                                "id": "incident-dbotClosed-field",
+                                "index": 0,
+                                "sectionItemType": "field",
+                                "startCol": 0
+                            },
+                            {
+                                "endCol": 2,
+                                "fieldId": "closereason",
+                                "height": 22,
+                                "id": "incident-closeReason-field",
+                                "index": 1,
+                                "sectionItemType": "field",
+                                "startCol": 0
+                            },
+                            {
+                                "endCol": 2,
+                                "fieldId": "closenotes",
+                                "height": 22,
+                                "id": "incident-closeNotes-field",
+                                "index": 2,
+                                "sectionItemType": "field",
+                                "startCol": 0
+                            }
+                        ],
+                        "maxW": 3,
+                        "moved": false,
+                        "name": "Closing Information",
+                        "static": false,
+                        "w": 1,
+                        "x": 0,
+                        "y": 6
+                    },
+                    {
+                        "displayType": "CARD",
+                        "h": 2,
+                        "i": "caseinfoid-sosmfpdiuh-caseinfoid-e54b1770-a0b1-11e9-b27f-13ae1773d289",
+                        "isVisible": true,
+                        "items": [
+                            {
+                                "endCol": 2,
+                                "fieldId": "details",
+                                "height": 22,
+                                "id": "incident-details-field",
+                                "index": 0,
+                                "sectionItemType": "field",
+                                "startCol": 0
+                            }
+                        ],
+                        "maxW": 3,
+                        "moved": false,
+                        "name": "Investigation Data",
+                        "static": false,
+                        "w": 1,
+                        "x": 1,
+                        "y": 2
+                    }
+                ],
+                "type": "custom"
+            },
+            {
+                "hidden": false,
+                "id": "sosmfpdiuh",
+                "name": "user",
+                "sections": [
+                    {
+                        "displayType": "CARD",
+                        "h": 4,
+                        "hideName": false,
+                        "i": "caseinfoid-sosmfpdiuh-caseinfoid-5bea9230-3157-11ef-8149-addaf9dc6392",
+                        "items": [
+                            {
+                                "endCol": 2,
+                                "fieldId": "fullname",
+                                "height": 53,
+                                "id": "94007a30-3162-11ef-8149-addaf9dc6392",
+                                "index": 0,
+                                "sectionItemType": "field",
+                                "startCol": 0
+                            },
+                            {
+                                "endCol": 2,
+                                "fieldId": "username",
+                                "height": 53,
+                                "id": "d9369870-3160-11ef-8149-addaf9dc6392",
+                                "index": 1,
+                                "sectionItemType": "field",
+                                "startCol": 0
+                            },
+                            {
+                                "dropEffect": "move",
+                                "endCol": 2,
+                                "fieldId": "riskscore",
+                                "height": 53,
+                                "id": "ff5e8260-3160-11ef-8149-addaf9dc6392",
+                                "index": 2,
+                                "listId": "caseinfoid-sosmfpdiuh-caseinfoid-5bea9230-3157-11ef-8149-addaf9dc6392",
+                                "sectionItemType": "field",
+                                "startCol": 0
+                            },
+                            {
+                                "endCol": 2,
+                                "fieldId": "starttime",
+                                "height": 53,
+                                "id": "5110c980-3164-11ef-97ed-51db7b22d264",
+                                "index": 3,
+                                "sectionItemType": "field",
+                                "startCol": 0
+                            },
+                            {
+                                "dropEffect": "move",
+                                "endCol": 2,
+                                "fieldId": "endtime",
+                                "height": 53,
+                                "id": "5adc4390-3164-11ef-97ed-51db7b22d264",
+                                "index": 4,
+                                "listId": "caseinfoid-sosmfpdiuh-caseinfoid-5bea9230-3157-11ef-8149-addaf9dc6392",
+                                "sectionItemType": "field",
+                                "startCol": 0
+                            },
+                            {
+                                "dropEffect": "move",
+                                "endCol": 2,
+                                "fieldId": "title",
+                                "height": 53,
+                                "id": "8972cf10-3206-11ef-97d6-054c45da533b",
+                                "index": 5,
+                                "listId": "caseinfoid-sosmfpdiuh-caseinfoid-5bea9230-3157-11ef-8149-addaf9dc6392",
+                                "sectionItemType": "field",
+                                "startCol": 0
+                            },
+                            {
+                                "dropEffect": "move",
+                                "endCol": 4,
+                                "fieldId": "managername",
+                                "height": 53,
+                                "id": "1c7122e0-3161-11ef-8149-addaf9dc6392",
+                                "index": 0,
+                                "listId": "caseinfoid-sosmfpdiuh-caseinfoid-5bea9230-3157-11ef-8149-addaf9dc6392",
+                                "sectionItemType": "field",
+                                "startCol": 2
+                            },
+                            {
+                                "dropEffect": "move",
+                                "endCol": 4,
+                                "fieldId": "usergroups",
+                                "height": 53,
+                                "id": "66e3e730-3202-11ef-97d6-054c45da533b",
+                                "index": 1,
+                                "listId": "caseinfoid-sosmfpdiuh-caseinfoid-5bea9230-3157-11ef-8149-addaf9dc6392",
+                                "sectionItemType": "field",
+                                "startCol": 2
+                            },
+                            {
+                                "dropEffect": "move",
+                                "endCol": 4,
+                                "fieldId": "teamname",
+                                "height": 53,
+                                "id": "23eef140-3202-11ef-97d6-054c45da533b",
+                                "index": 2,
+                                "listId": "caseinfoid-sosmfpdiuh-caseinfoid-5bea9230-3157-11ef-8149-addaf9dc6392",
+                                "sectionItemType": "field",
+                                "startCol": 2
+                            },
+                            {
+                                "dropEffect": "move",
+                                "endCol": 4,
+                                "fieldId": "accountstatus",
+                                "height": 53,
+                                "id": "05045940-31fe-11ef-97d6-054c45da533b",
+                                "index": 3,
+                                "listId": "caseinfoid-sosmfpdiuh-caseinfoid-5bea9230-3157-11ef-8149-addaf9dc6392",
+                                "sectionItemType": "field",
+                                "startCol": 2
+                            },
+                            {
+                                "dropEffect": "move",
+                                "endCol": 4,
+                                "fieldId": "tags",
+                                "height": 53,
+                                "id": "a564a540-3161-11ef-8149-addaf9dc6392",
+                                "index": 4,
+                                "listId": "caseinfoid-sosmfpdiuh-caseinfoid-5bea9230-3157-11ef-8149-addaf9dc6392",
+                                "sectionItemType": "field",
+                                "startCol": 2
+                            },
+                            {
+                                "dropEffect": "move",
+                                "endCol": 4,
+                                "fieldId": "lastseen",
+                                "height": 53,
+                                "id": "71e2f4f0-3162-11ef-8149-addaf9dc6392",
+                                "index": 5,
+                                "listId": "caseinfoid-sosmfpdiuh-caseinfoid-5bea9230-3157-11ef-8149-addaf9dc6392",
+                                "sectionItemType": "field",
+                                "startCol": 2
+                            },
+                            {
+                                "dropEffect": "move",
+                                "endCol": 4,
+                                "fieldId": "firstseen",
+                                "height": 53,
+                                "id": "02ce1130-3162-11ef-8149-addaf9dc6392",
+                                "index": 6,
+                                "listId": "caseinfoid-sosmfpdiuh-caseinfoid-5bea9230-3157-11ef-8149-addaf9dc6392",
+                                "sectionItemType": "field",
+                                "startCol": 2
+                            },
+                            {
+                                "dropEffect": "move",
+                                "endCol": 6,
+                                "fieldId": "mobilephone",
+                                "height": 53,
+                                "id": "86e93080-3162-11ef-8149-addaf9dc6392",
+                                "index": 0,
+                                "listId": "caseinfoid-sosmfpdiuh-caseinfoid-5bea9230-3157-11ef-8149-addaf9dc6392",
+                                "sectionItemType": "field",
+                                "startCol": 4
+                            },
+                            {
+                                "dropEffect": "move",
+                                "endCol": 6,
+                                "fieldId": "email",
+                                "height": 53,
+                                "id": "8c624060-3162-11ef-8149-addaf9dc6392",
+                                "index": 1,
+                                "listId": "caseinfoid-sosmfpdiuh-caseinfoid-5bea9230-3157-11ef-8149-addaf9dc6392",
+                                "sectionItemType": "field",
+                                "startCol": 4
+                            },
+                            {
+                                "dropEffect": "move",
+                                "endCol": 6,
+                                "fieldId": "department",
+                                "height": 53,
+                                "id": "0c8bec20-3161-11ef-8149-addaf9dc6392",
+                                "index": 2,
+                                "listId": "caseinfoid-sosmfpdiuh-caseinfoid-5bea9230-3157-11ef-8149-addaf9dc6392",
+                                "sectionItemType": "field",
+                                "startCol": 4
+                            },
+                            {
+                                "dropEffect": "move",
+                                "endCol": 6,
+                                "fieldId": "country",
+                                "height": 53,
+                                "id": "17ba8d80-3202-11ef-97d6-054c45da533b",
+                                "index": 3,
+                                "listId": "caseinfoid-sosmfpdiuh-caseinfoid-5bea9230-3157-11ef-8149-addaf9dc6392",
+                                "sectionItemType": "field",
+                                "startCol": 4
+                            },
+                            {
+                                "dropEffect": "move",
+                                "endCol": 6,
+                                "fieldId": "location",
+                                "height": 53,
+                                "id": "e4d2c8b0-3201-11ef-97d6-054c45da533b",
+                                "index": 4,
+                                "listId": "caseinfoid-sosmfpdiuh-caseinfoid-5bea9230-3157-11ef-8149-addaf9dc6392",
+                                "sectionItemType": "field",
+                                "startCol": 4
+                            },
+                            {
+                                "dropEffect": "move",
+                                "endCol": 6,
+                                "fieldId": "workphone",
+                                "height": 53,
+                                "id": "4a3cb2b0-3202-11ef-97d6-054c45da533b",
+                                "index": 5,
+                                "listId": "caseinfoid-sosmfpdiuh-caseinfoid-5bea9230-3157-11ef-8149-addaf9dc6392",
+                                "sectionItemType": "field",
+                                "startCol": 4
+                            }
+                        ],
+                        "maxW": 3,
+                        "minH": 1,
+                        "moved": false,
+                        "name": "main",
+                        "static": false,
+                        "w": 3,
+                        "x": 0,
+                        "y": 0
+                    },
+                    {
+                        "displayType": "CARD",
+                        "h": 4,
+                        "hideName": false,
+                        "i": "caseinfoid-sosmfpdiuh-d1d990e5-3161-11ef-8149-addaf9dc6392",
+                        "items": [
+                            {
+                                "endCol": 2,
+                                "fieldId": "numberoffoundrelatedalerts",
+                                "height": 53,
+                                "id": "66395a20-3164-11ef-97ed-51db7b22d264",
+                                "index": 0,
+                                "sectionItemType": "field",
+                                "startCol": 0
+                            },
+                            {
+                                "endCol": 2,
+                                "fieldId": "exabeamhighestsessionnumberofasset",
+                                "height": 53,
+                                "id": "fe92d120-3164-11ef-97ed-51db7b22d264",
+                                "index": 1,
+                                "sectionItemType": "field",
+                                "startCol": 0
+                            },
+                            {
+                                "endCol": 2,
+                                "fieldId": "exabeampastscores",
+                                "height": 53,
+                                "id": "a2e9d9e0-3164-11ef-97ed-51db7b22d264",
+                                "index": 2,
+                                "sectionItemType": "field",
+                                "startCol": 0
+                            },
+                            {
+                                "endCol": 2,
+                                "fieldId": "exabeamhighestsessionloginhost",
+                                "height": 53,
+                                "id": "e9afadf0-3164-11ef-97ed-51db7b22d264",
+                                "index": 3,
+                                "sectionItemType": "field",
+                                "startCol": 0
+                            },
+                            {
+                                "endCol": 2,
+                                "fieldId": "exabeamaverageriskscore",
+                                "height": 53,
+                                "id": "9a860620-3164-11ef-97ed-51db7b22d264",
+                                "index": 4,
+                                "sectionItemType": "field",
+                                "startCol": 0
+                            },
+                            {
+                                "endCol": 2,
+                                "fieldId": "exabeamhighestsessionnumberofreasons",
+                                "height": 53,
+                                "id": "f4317fb0-3164-11ef-97ed-51db7b22d264",
+                                "index": 5,
+                                "sectionItemType": "field",
+                                "startCol": 0
+                            },
+                            {
+                                "dropEffect": "move",
+                                "endCol": 4,
+                                "fieldId": "accountmemberof",
+                                "height": 53,
+                                "id": "60feb2d0-3164-11ef-97ed-51db7b22d264",
+                                "index": 0,
+                                "listId": "caseinfoid-sosmfpdiuh-d1d990e5-3161-11ef-8149-addaf9dc6392",
+                                "sectionItemType": "field",
+                                "startCol": 2
+                            },
+                            {
+                                "dropEffect": "move",
+                                "endCol": 4,
+                                "fieldId": "numberofrelatedincidents",
+                                "height": 53,
+                                "id": "6d0b9160-3164-11ef-97ed-51db7b22d264",
+                                "index": 1,
+                                "listId": "caseinfoid-sosmfpdiuh-d1d990e5-3161-11ef-8149-addaf9dc6392",
+                                "sectionItemType": "field",
+                                "startCol": 2
+                            },
+                            {
+                                "dropEffect": "move",
+                                "endCol": 4,
+                                "fieldId": "exabeamlastactivitytype",
+                                "height": 53,
+                                "id": "d4db7ee0-3164-11ef-97ed-51db7b22d264",
+                                "index": 2,
+                                "listId": "caseinfoid-sosmfpdiuh-d1d990e5-3161-11ef-8149-addaf9dc6392",
+                                "sectionItemType": "field",
+                                "startCol": 2
+                            },
+                            {
+                                "dropEffect": "move",
+                                "endCol": 4,
+                                "fieldId": "exabeamlastactivitytime",
+                                "height": 53,
+                                "id": "def259d0-3164-11ef-97ed-51db7b22d264",
+                                "index": 4,
+                                "listId": "caseinfoid-sosmfpdiuh-d1d990e5-3161-11ef-8149-addaf9dc6392",
+                                "sectionItemType": "field",
+                                "startCol": 2
+                            }
+                        ],
+                        "maxW": 3,
+                        "minH": 1,
+                        "moved": false,
+                        "name": "highest Risk Session",
+                        "static": false,
+                        "w": 3,
+                        "x": 0,
+                        "y": 4
+                    }
+                ],
+                "type": "custom"
+            },
+            {
+                "id": "warRoom",
+                "name": "War Room",
+                "type": "warRoom"
+            },
+            {
+                "id": "workPlan",
+                "name": "Work Plan",
+                "type": "workPlan"
+            }
+        ]
+    },
+    "edit": {
+        "sections": [
+            {
+                "description": "",
+                "fields": [
+                    {
+                        "fieldId": "incident_name",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_occurred",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_reminder",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_owner",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_roles",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_type",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_severity",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_playbookid",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_labels",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_phase",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_details",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_attachment",
+                        "isVisible": true
+                    }
+                ],
+                "isVisible": true,
+                "name": "Basic Information",
+                "query": null,
+                "queryType": "",
+                "readOnly": false,
+                "type": ""
+            },
+            {
+                "description": "",
+                "fields": [
+                    {
+                        "fieldId": "incident_asn",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_asnname",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_accountmemberof",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_accountstatus",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_additionaldata",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_additionalemailaddresses",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_additionalindicators",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_affectedhosts",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_affectedusers",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_agentid",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_agentversion",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_agentsid",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_alertcategory",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_alertid",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_alertname",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_alertrules",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_alertsource",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_alerttypeid",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_alerttags",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_analysisreport",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_app",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_appmessage",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_assigneduser",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_assignmentgroup",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_attackpatterns",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_birthday",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_blockindicatorsstatus",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_cmd",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_cmdline",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_cveid",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_cvelist",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_cvepublished",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_caller",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_campaignname",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_categories",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_changed",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_childprocess",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_classification",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_cloudaccountid",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_cloudinstanceid",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_cloudoperationtype",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_commandline",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_commandlineverdict",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_comment",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_country",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_countrycode",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_countrycodenumber",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_customqueryresults",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_description",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_destinationhostname",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_destinationip",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_destinationnetwork",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_destinationnetworks",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_destinationport",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_detectedendpoints",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_detectedips",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_detecteduser",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_detectionurl",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_deviceexternalip",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_deviceexternalips",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_devicehash",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_deviceid",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_deviceinternalips",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_devicelocalip",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_devicemacaddress",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_devicemodel",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_devicename",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_deviceosname",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_deviceosversion",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_deviceou",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_deviceusername",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_domainname",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_domainregistrarabuseemail",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_domainupdateddate",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_dsts",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_endpoint",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_endpointisolationstatus",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_endpointsdetails",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_escalation",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_eventid",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_eventtype",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_exabeamsessionids",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_externalcategoryid",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_externalcategoryname",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_externalconfidence",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_externalendtime",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_externallink",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_externalseverity",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_externalstarttime",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_externalstatus",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_externalsubcategoryid",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_externalsubcategoryname",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_externalsystemid",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_failedlogonevents",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_failedlogoneventstimeframe",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_filehash",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_filemd5",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_filename",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_filenames",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_filepath",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_filepaths",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_filerelationships",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_filesha1",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_filesha256",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_filesize",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_fileupload",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_firstname",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_fullname",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_highriskyhosts",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_highriskyusers",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_hostnames",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_huntresultscount",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_ipblockedstatus",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_ipreputation",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_identitytype",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_incidentlink",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_incomingmirrorerror",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_investigationstage",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_isactive",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_lastmirroredtimestamp",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_lastname",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_logsource",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_lowlevelcategoriesevents",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_macaddress",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_md5",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_mitretacticid",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_mitretacticname",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_mitretechniqueid",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_mitretechniquename",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_mobiledevicemodel",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_numberoffoundrelatedalerts",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_numberofrelatedincidents",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_numberofsimilarfiles",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_os",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_ostype",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_osversion",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_objective",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_operationname",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_orglevel1",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_orglevel2",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_orglevel3",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_orgunit",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_outgoingmirrorerror",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_pid",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_parentcmdline",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_parentprocess",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_parentprocesscmd",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_parentprocessfilepath",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_parentprocessids",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_parentprocessmd5",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_parentprocessname",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_parentprocesspath",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_parentprocesssha256",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_passwordchangeddate",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_phonenumber",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_policyactions",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_processcmd",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_processcreationtime",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_processid",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_processmd5",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_processname",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_processnames",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_processpath",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_processpaths",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_processsha256",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_projectid",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_protocol",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_protocolnames",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_referencedresourceid",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_referencedresourcename",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_registrationemail",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_registryhive",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_registrykey",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_registryvalue",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_registryvaluetype",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_relatedalerts",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_relatedcampaign",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_relatedendpoints",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_relatedreport",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_renderedhtml",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_reportname",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_resourceurl",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_rulename",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_sha1",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_sha256",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_sha512",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_ssdeep",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_scenario",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_selectedindicators",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_servicenowassignedto",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_servicenowassignmentgroup",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_servicenowattackvector",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_servicenowbusinessimpact",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_servicenowcaller",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_servicenowcallerid",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_servicenowcategory",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_servicenowclosedby",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_servicenowcloseddate",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_servicenowdescription",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_servicenowduedate",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_servicenowescalation",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_servicenowimpact",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_servicenownotify",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_servicenowopeneddate",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_servicenowpriority",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_servicenowresolutioncode",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_servicenowresolutionnotes",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_servicenowresolvedtime",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_servicenowsircategory",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_servicenowsirstate",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_servicenowseverity",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_servicenowstate",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_servicenowticketnumber",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_servicenowurgency",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_similarincidentsdbot",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_sourcecategory",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_sourcecreatetime",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_sourcecreatedby",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_sourceexternalips",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_sourcehostname",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_sourceip",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_sourceid",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_sourcenetwork",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_sourcenetworks",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_sourceport",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_sourcepriority",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_sourcestatus",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_sourceupdatedby",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_sourceusername",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_spycloudcompassdevicedata",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_spycloudconfidence",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_spyclouddocumentid",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_spycloudemaildomain",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_spycloudemailusername",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_spycloudinfectedmachineid",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_spycloudpassword",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_spycloudpasswordplaintext",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_spycloudpasswordtype",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_spycloudpublishdate",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_spycloudrecordmodificationdate",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_spycloudtargetdomain",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_spycloudtargetsubdomain",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_spyclouduserbrowser",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_spycloudusersysregisteredowner",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_spycloudusersystemdomain",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_srcs",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_state",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_statusreason",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_stringsimilarityresults",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_subcategory",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_suspiciousexecutions",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_suspiciousexecutionsfound",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_tactic",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_tacticid",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_tags",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_target",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_teamname",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_technique",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_techniqueid",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_tenantname",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_threatfamilyname",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_threathuntingdetectedhostnames",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_threathuntingdetectedip",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_threatname",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_ticketacknowledgeddate",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_ticketcloseddate",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_ticketnumber",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_ticketopeneddate",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_toolusagefound",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_tools",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_urlsslverification",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_urls",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_usecasedescription",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_useragent",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_useranomalycount",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_userblockstatus",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_usercreationtime",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_userengagementresponse",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_userrisklevel",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_usersid",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_users",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_usersdetails",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_verdict",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_vulnerableproduct",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_appchannelname",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_samaccountname",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_similarincidents",
+                        "isVisible": true
+                    },
+                    {
+                        "fieldId": "incident_useraccountcontrol",
+                        "isVisible": true
+                    }
+                ],
+                "isVisible": true,
+                "name": "Custom Fields",
+                "query": null,
+                "queryType": "",
+                "readOnly": false,
+                "type": ""
+            }
+        ]
+    },
+    "group": "incident",
+    "id": "Exabeam Notable User",
+    "name": "Exabeam Notable User",
+    "system": false,
+    "version": -1,
+    "fromVersion": "6.10.0",
+    "description": ""
+}
\ No newline at end of file
diff --git a/Packs/Exabeam/ReleaseNotes/2_4_0.md b/Packs/Exabeam/ReleaseNotes/2_4_0.md
new file mode 100644
index 000000000000..c75026ac4ba2
--- /dev/null
+++ b/Packs/Exabeam/ReleaseNotes/2_4_0.md
@@ -0,0 +1,85 @@
+#### Mappers
+
+##### Exabeam mapping
+
+Added a mapping for the new incident type: **Exabeam Notable User**.
+
+
+#### Incident Types
+
+##### New: Exabeam Notable User
+
+New: Created a new incident type for notable users fetched.
+
+##### Exabeam Incident
+
+Added a new layout.
+
+
+#### Layouts
+
+##### New: Exabeam Incident
+
+Created a new layout for the incident type: **Exabeam Incident**.
+
+##### New: Exabeam Notable User
+
+New: Created a new layout for the incident type: **Exabeam Notable User**.
+
+
+#### Integrations
+
+##### Exabeam Advanced Analytics
+
+- Updated the integration to support fetch notable users.
+- Added the following new parameters:
+  - *Fetch Type*.
+  - *Max Users Per Fetch*.
+  - *Notable Users Fetch Interval*.
+  - *Notable Users First Fetch Timestamp*.
+  - *Minimum Risk Score To Fetch Users*.
+- Updated the integration display Name from  **Exabeam** to  **Exabeam Advanced Analytics**.
+- Updated the Docker image to: *demisto/python3:3.11.9.101916*.
+
+#### Classifiers
+
+##### New: Exabeam Classifier
+
+ Created a new classifier to classify incidents based on the source of the data.
+
+- If the source is the fetch incidents, the incident type will be **Exabeam Incident**.
+- If the source is the fetch notable users the incident type will be **Exabeam Notable User**.
+
+#### Incident Fields
+
+##### New: Exabeam Average Risk Score
+
+Added a new incident field to store the average risk score of a user.
+
+##### New: Exabeam Highest Session Login Host
+
+Added a new incident field to store the highest session login host of a user.
+
+##### New: Exabeam Highest Session Number Of Asset
+
+Added a new incident field to store the number of assets in the highest risk session.
+
+##### New: Exabeam Highest Session Number Of Reasons
+
+Added a new incident field to store the number of reasons in the highest risk session.
+
+##### New: Exabeam Last Activity Time
+
+Added a new incident field to store the last activity time of a user.
+
+##### New: Exabeam Last Activity Type
+
+Added a new incident field to store the type of the last activity of a user.
+
+##### New: Exabeam Past Scores
+
+Added a new incident field to store past risk scores of a user.
+
+##### New: Exabeam Session IDs
+
+Added a new incident field to store the session IDs of a user.
diff --git a/Packs/Exabeam/pack_metadata.json b/Packs/Exabeam/pack_metadata.json
index 25412f684d62..77365a92d86f 100644
--- a/Packs/Exabeam/pack_metadata.json
+++ b/Packs/Exabeam/pack_metadata.json
@@ -1,8 +1,8 @@
 {
-    "name": "Exabeam",
+    "name": "Exabeam Advanced Analytics",
     "description": "The Exabeam Security Management Platform provides end-to-end detection, User Event Behavioral Analytics, and SOAR.",
     "support": "xsoar",
-    "currentVersion": "2.3.1",
+    "currentVersion": "2.4.0",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",
@@ -16,5 +16,8 @@
     "marketplaces": [
         "xsoar",
         "marketplacev2"
+    ],
+    "itemPrefix": [
+        "Exabeam"
     ]
 }
\ No newline at end of file