- Introduction to Context Management
- Onboarding a Context Table
- Custom Context Tables
- Create a Custom Context Table by Importing a CSV File
- Create a Custom Context Table Using the Add Custom Option
- Working with Filtered Context Tables
- View and Interact with a Custom or Filtered Context Table
- View the Details Panel for a Custom or Filtered Context Table
- Edit the Configuration of Custom or Filtered Context Tables
- Active Directory Context Tables
- Prerequisites to Onboard an Active Directory Context Table
- Create an Active Directory Context Table
- View and Interact with an Active Directory Context Table
- View the Details Panel for an Active Directory Context Table
- Edit the Configuration of an Active Directory Context Table
- Default Active Directory Attribute Mapping
- Microsoft Entra ID Context Tables
- Prerequisites to Onboard a Microsoft Entra ID Context Table
- Create a Microsoft Entra ID Context Table
- View and Interact with a Microsoft Entra ID Context Table
- View the Details Panel for a Microsoft Entra ID Context Table
- Edit the Configuration of a Microsoft Entra ID Context Table
- Default Microsoft Entra ID Attribute Mapping
- Okta Context Tables
- Custom Context Tables
- Add Data to an Existing Context Table
- Using Context Data in Downstream Applications
- Built-In Threat Intelligence Context Tables
- Context Management APIs
- Troubleshooting Context Management
Highlights of the Context Management Service
The Context Management service is designed with the following functional benefits in mind:
It provides a central location where you can onboard context data and configure context tables quickly and efficiently.
It facilitates visualization of collected context data in individual context tables.
It ensures operational visibility so you can view the health of your context data, including how well the connected site and cloud collectors are working and how much context data the Context Management service is processing over time.
It includes built-in threat intelligence tables that provide information about known malicious IP addresses and domains. The schemas for these tables are predefined so data processing begins immediately, with no user action required.
It uses multi-column tables to store an unlimited number of data attributes so that no metadata collected from a context source is lost. You can also map custom attributes and those attributes are available for use in downstream applications.
It ensures that standardized context data is available to all Exabeam services. Field mapping can be viewed and validated.
It allows context data to be exported in a CSV format for external review and use in downstream applications.