- Introduction to Context Management
- Onboarding a Context Table
- Custom Context Tables
- Create a Custom Context Table by Importing a CSV File
- Create a Custom Context Table Using the Add Custom Option
- Working with Filtered Context Tables
- View and Interact with a Custom or Filtered Context Table
- View the Details Panel for a Custom or Filtered Context Table
- Edit the Configuration of Custom or Filtered Context Tables
- Active Directory Context Tables
- Prerequisites to Onboard an Active Directory Context Table
- Create an Active Directory Context Table
- View and Interact with an Active Directory Context Table
- View the Details Panel for an Active Directory Context Table
- Edit the Configuration of an Active Directory Context Table
- Default Active Directory Attribute Mapping
- Microsoft Entra ID Context Tables
- Prerequisites to Onboard a Microsoft Entra ID Context Table
- Create a Microsoft Entra ID Context Table
- View and Interact with a Microsoft Entra ID Context Table
- View the Details Panel for a Microsoft Entra ID Context Table
- Edit the Configuration of a Microsoft Entra ID Context Table
- Default Microsoft Entra ID Attribute Mapping
- Okta Context Tables
- Custom Context Tables
- Add Data to an Existing Context Table
- Using Context Data in Downstream Applications
- Pre-Built Context Tables
- Context Management APIs
- Troubleshooting Context Management
Introduction to Context Management
The Context Management service provides a single point of entry for managing context data, including data from:
Threat intelligence services
Identity providers
Custom context
Context Management supports the processing of context data from multiple collection sources across your security environment. The data is stored in context tables and is then available for use by downstream applications.
Note
Currently, data processed by the Context Management service is available for use in New-Scale products, including Search, Correlation Rules, and Dashboards.
Beyond managing context data, the Context Management service represents a single source of truth for information about context data. It provides a centralized experience that helps administrators bridge the gap between simply collecting context data and using that data to glean useful security insights. It ensures that the collected context data can be viewed, searched, and visualized by other Exabeam services.