- Introduction to Context Management
- Onboarding a Context Table
- Custom Context Tables
- Create a Custom Context Table by Importing a CSV File
- Create a Custom Context Table Using the Add Custom Option
- Working with Filtered Context Tables
- View and Interact with a Custom or Filtered Context Table
- View the Details Panel for a Custom or Filtered Context Table
- Edit the Configuration of Custom or Filtered Context Tables
- Active Directory Context Tables
- Prerequisites to Onboard an Active Directory Context Table
- Create an Active Directory Context Table
- View and Interact with an Active Directory Context Table
- View the Details Panel for an Active Directory Context Table
- Edit the Configuration of an Active Directory Context Table
- Default User Attribute Mapping for Active Directory
- Default Device Attribute Mapping for Active Directory
- CrowdStrike Context Tables
- Microsoft Entra ID Context Tables
- Prerequisites to Onboard a Microsoft Entra ID Context Table
- Create a Microsoft Entra ID Context Table
- View and Interact with a Microsoft Entra ID Context Table
- View the Details Panel for a Microsoft Entra ID Context Table
- Edit the Configuration of a Microsoft Entra ID Context Table
- Default User Attribute Mapping for Microsoft Entra ID
- Default Device Attribute Mapping for Microsoft Entra ID
- Okta Context Tables
- Custom Context Tables
- Add Data to an Existing Context Table
- Using Context Data in Downstream Applications
- Pre-Built Context Tables
- Context Management APIs
- Troubleshooting Context Management
CrowdStrike Context Tables
The CrowdStrike option is designed to streamline the process of creating a new CrowdStrike device context table. When a CrowdStrike context table is onboarded, it processes device attributes from a CrowdStrike source. These attributes can be mapped to Exabeam target attributes.
By default, CrowdStrike tables map a set of specific device attributes that are compliant with the Exabeam common user information model. This model defines standardized device objects for security content across Exabeam products.
Tip
Only one CrowdStrike context table can be created per Exabeam subscription. The name of the CrowdStrike context table is fixed and cannot be changed because it supports the following downstream enrichment rules:
CrowdStrike asset ID to User Lookup
CrowdStrikeNetwork Connection Assets in
CrowdStrikeNetwork Connection Assets Out
CrowdStrike asset ID to Source Host Lookup
The CrowdStrike device option is available on the Context Library tab. If you want the CrowdStrike table to populate automatically with device data from a CrowdStrike source, you must have the Exabeam Ingester for CrowdStrike add-on license. Otherwise when you create a CrowdStrike context table in the Context Management service, you can populate it with data manually or via CSV file.
For more information, see the following sections:
Note
License Requirement for Device Context Tables
Currently, device context data can only be accessed if you have the New-Scale Analytics license. Access to device data will be available to other licenses in the near future.