- Advanced Analytics
- Understand the Basics of Advanced Analytics
- Configure Log Management
- Set Up Admin Operations
- Set Up Authentication and Access Control
- Additional Configurations
- Configure Rules
- Exabeam Threat Intelligence Service
- Threat Intelligence Service Prerequisites
- View Threat Intelligence Feeds
- Threat Intelligence Context Tables
- View Threat Intelligence Context Tables
- Assign a Threat Intelligence Feed to a New Context Table
- Create a New Context Table from a Threat Intelligence Feed
- Check ExaCloud Connector Service Health Status
- Exabeam Cloud Telemetry Service
- Manage Security Content in Advanced Analytics
- Health Status Page
Threat Intelligence Context Tables
Data provided by threat intelligence feeds is stored in context tables associated with each feed. By default, feeds are initially associated with existing context tables. As a result, when your Advanced Analytics deployment is connected to the Threat Intelligence Service, it immediately begins collecting threat intelligence data.
In Advanced Analytics, the data in context tables can be leveraged by creating rules that match log events to indicators stored in a threat intelligence context table. If the RuleExpression logic finds a match, an event can be identified as malicious without further analysis.
In Data Lake, the data in context tables can help to enrich log event data.
For more information about working with context tables, see the following:
Note
To view a sample list of Threat Intelligence Service indicator sources see the Exabeam Community.