- Introduction to Context Management
- Onboarding a Context Table
- Custom Context Tables
- Create a Custom Context Table by Importing a CSV File
- Create a Custom Context Table Using the Add Custom Option
- Working with Filtered Context Tables
- View and Interact with a Custom or Filtered Context Table
- View the Details Panel for a Custom or Filtered Context Table
- Edit the Configuration of Custom or Filtered Context Tables
- Active Directory Context Tables
- Prerequisites to Onboard an Active Directory Context Table
- Create an Active Directory Context Table
- View and Interact with an Active Directory Context Table
- View the Details Panel for an Active Directory Context Table
- Edit the Configuration of an Active Directory Context Table
- Default User Attribute Mapping for Active Directory
- Default Device Attribute Mapping for Active Directory
- CrowdStrike Context Tables
- Microsoft Entra ID Context Tables
- Prerequisites to Onboard a Microsoft Entra ID Context Table
- Create a Microsoft Entra ID Context Table
- View and Interact with a Microsoft Entra ID Context Table
- View the Details Panel for a Microsoft Entra ID Context Table
- Edit the Configuration of a Microsoft Entra ID Context Table
- Default User Attribute Mapping for Microsoft Entra ID
- Default Device Attribute Mapping for Microsoft Entra ID
- Okta Context Tables
- Custom Context Tables
- Add Data to an Existing Context Table
- Using Context Data in Downstream Applications
- Pre-Built Context Tables
- Context Management APIs
- Troubleshooting Context Management
Create a CrowdStrike Context Table
Before beginning this procedure, review the prerequisites.
Note
License Requirement for Device Context Tables
Currently, device context data can only be accessed if you have the New-Scale Analytics license. Access to device data will be available to other licenses in the near future.
To onboard a CrowdStrike device context table:
Log into the New-Scale Security Operations Platform with your registered credentials.
Find the Security Management tab and click the Context Management tile.
Navigate to the Context Library tab and click the Crowdstrike tile. The CrowdStrike panel opens.
If no CrowdStrike device context table currently exists in your Exabeam subscription, click Create. A new table is created and automatically named CrowdStrike Devices.
Note
Only one CrowdStrike context table can be created per Exabeam subscription. So, if a CrowdStrike context table already exists, the Create button is disabled and you cannot create a new CrowdStrike context table.
Return to the Overview tab that lists all the context tables currently available. The new CrowdStrike Devices context table should appear in the list. When you open the table, it displays the device objects processed from the CrowdStrike source.