Context Retrieval

Welcome to Exabeam Security Content
- Security Content in the Legacy Structure
What is Security Content?
- The Security Content Pipeline
- The Content Library
Understanding the Log
- Do You Need a Parser?
  - Parsing for Data Lake
  - Parsing for Advanced Analytics
- Log Process Example
Exabeam Parsers
Exabeam Event Building
Exabeam Enrichment
Exabeam Persistence and Templates
Exabeam Models
Exabeam Rules

Enrichers that provide contextual enrichment use a parsed field value as a key to extract a value for a new field from a context table.

In the example below, the user field is created from a context table called user_email. When the email_user field is parsed from the log, the AD user value is fetched from the context table and mapped to the email_user which will stitch the event to the user timeline.

user-email {...
      Map = [
        {
          Field = "user"
          Value = """GetValue('email_user',toLower(user_email))"""
        }...

Security ContentExabeam Security Content in the Legacy Structure

Table of ContentsTable of Contents

Context Retrieval