Skip to main content

Context ManagementContext Management Administration Guide

Create an Active Directory Context Table

Before beginning this procedure, review the prerequisites.

To onboard an Active Directory context table:

  1. Log into the Exabeam Security Operations Platform with your registered credentials.

  2. Find the Security Management tab and click the Context Management tile.

  3. Navigate to the Context Library tab and click Active Directory. The Active Directory panel opens.

  4. In the Configuration section, complete the Definition step by entering the following information:

    • Context Table Name – Enter a name for the new Active Directory context table you're creating.

    • Active Directory Collector – In the Data Source section, choose a data source for your new context table. The drop down menu displays a list of the Active Directory collectors that are currently configured and running in the Site Collectors service. In the list, select a collector from which your new context table will process user attribute data.

      If no Active Directory site collectors are listed, follow the instructions in the Site Collectors Guide to Set up an Windows Active Directory Collector.

    • nETBIOSName – Enter an Active Directory domain name that will help to uniquely identify individual users. To retrieve the nETBIOSName, execute the following command from the Powershell command line of your domain controller:

      Get-ADDomain -Identity <BaseDN>

      For the <BaseDN> value, use the DN value of the source collector you selected in the Active Directory Collector field.

      For more information, see the Microsoft Documentation.

      Note

      For an existing Active Directory context table that was created before a nETBIOSName value was required, this field will appear empty. You can view the existing context table data but cannot edit or update the table until you add a nETBIOSName value.

      To add a nETBIOSName value, run the following command from the Powershell command line of your domain controller:

      Get-ADDomain -Identity <BaseDN>

      For the <BaseDN> value, use the DN value of the Site Collector that is the source of your context data. This source collector is listed in the Active Directory Collector field of the context table.

      When you've retrieved the nETBIOSName value, edit the existing Active Directory context table to add the value in the nETBIOSName field.

  5. Click Next.

  6. In the Review Attributes step, review the mapping of available Active Directory attributes to the target attributes in the new context table you are creating.

    The attribute mapping table has the following columns (as shown in the image below):

    • icon-visible.png – Shows whether a specific attribute is visible as a column in the context table. Use the icon next to each attribute to toggle the display on or off.

    • Source Attribute – Shows a default set of attributes available from your Microsoft Active Directory. Some source attributes are listed simply as Calculated attribute. These are attributes that are calculated, either in format or in value. To view a description of an attribute and its calculation, hover over the Calculated attribute tag in the Source Attribute column.

    • Target Attribute – The Target Attributes column shows the Exabeam common user information model attributes that are mapped to the AD attributes in your context table. For an easy-to-read table of the default attribute mapping, see Default Active Directory Attribute Mapping.

    • icon-key.png – Indicates that an attribute is designated as the key attribute for the context table. The designated key and its mapping cannot be changed.

    • icon-lock.png – Indicates that an attribute and its mapping cannot be changed.

    attribute-map-ad.png

    You can modify the mapping of Active Directory attributes, that are not key or locked attributes, in the following ways:

    • Add an attribute that is not mapped by default – At the top of the Source Attributes column, click Add New Attribute. Enter a custom attribute name and click the plus icon (icon-add-attribute.png) to add it to the column. It will be added with a custom icon (icon-custom-attribute.png) to the left of the attribute name. In the corresponding row of the Target Attributes column, click Add Target Attributes to map the newly added custom attribute to a target (see the next bullet).

    • Add a target attribute – In the Target Attributes column click Add Target Attribute. Do one of the following to add a custom attribute:

      • Search for and select an existing target attribute to map it as the target.

      • Click Add Custom Attribute, enter a new attribute name, and click the plus icon (icon-add-attribute.png) to add it to the list of available target attributes. It will be added with a custom icon (icon-custom-attribute.png) to the left of the attribute name. Then select the newly created custom attribute to map it as the target.

    • Remap an Active Directory attribute to a different target attribute – Hover over an attribute row where you want to change the mapping and click the delete icon (icon-delete.png) to remove the currently mapped target attribute. Then click Add Target Attributes to map a different target (see the previous bullet).

  7. When you are satisfied with the attribute mapping, click Create to onboard the new Active Directory context table. A success message is displayed.

    Click Go to Overview to return to the Overview tab that lists all the context tables currently available. The new context table should appear in the list. When you open the table, it displays the user objects processed from the source Site Collector (it does not include asset objects).