Skip to main content

Cloud-delivered Advanced AnalyticsExabeam Advanced Analytics Administration Guide

Threat Intelligence Context Tables

Data provided by threat intelligence feeds is stored in context tables associated with each feed. By default, feeds are initially associated with existing context tables. As a result, when your Advanced Analytics deployment is connected to the Threat Intelligence Service, it immediately begins collecting threat intelligence data.

In Advanced Analytics, the data in context tables can be leveraged by creating rules that match log events to indicators stored in a threat intelligence context table. If the RuleExpression logic finds a match, an event can be identified as malicious without further analysis.

In Data Lake, the data in context tables can help to enrich log event data.

For more information about working with context tables, see the following:

Note

To view a sample list of Threat Intelligence Service indicator sources see the Exabeam Community.