- Introduction to Context Management
- Onboarding a Context Table
- Custom Context Tables
- Active Directory Context Tables
- Anomali Context Tables
- Prerequisites to Onboard an Anomali Context Table
- Create an Anomali Context Table
- View and Interact with an Anomali Context Table
- View the Details Panel for an Anomali Context Table
- Edit the Configuration of an Anomali Context Table
- Default IP Attribute Mapping for Anomali
- Default Domain Attribute Mapping for Anomali
- CrowdStrike Context Tables
- Microsoft Entra ID Context Tables
- Okta Context Tables
- Recorded Future Context Tables
- STIX/TAXII Context Tables
- Add Data to an Existing Context Table
- Using Context Data in Downstream Applications
- Pre-Built Context Tables
- Context Management APIs
- Troubleshooting Context Management
Anomali Context Tables

The Anomali option is designed to streamline the process of creating a new context table to onboard threat intelligence data from an Anomali source, including data such as threat detections and indicators of compromise. When an Anomali context table is onboarded, it processes either IP or domain attributes that a corresponding cloud collector has ingested from an Anomali threat intelligence source that supports the STIX/TAXII standard framework.
When the context table is onboarded, it normalizes Anomali context information so that it can be mapped to Exabeam target attributes. This data is used to enrich security content that can be leveraged by downstream services such as Search, Correlation Rules, and Dashboards. By default, Anomali tables map a set of specific IP or domain attributes that are compliant with the Exabeam common information model. This model defines standardized objects for security content across Exabeam products.
The Anomali option is available on the Context Library tab. However, to create an Anomali context table, you must first create an Anomali cloud collector in the Exabeam Cloud Collector service. To further streamline the process, you can opt to have the Anomali context table created automatically from the cloud collector itself. Once the Anomali context table is running in the Context Management service, it can begin processing the data sent from the cloud collector.
Note
Only one Anomali context table can be created for each Anomali cloud collector.
For more information, see the following sections: