- Introduction to Context Management
- Onboarding a Context Table
- Custom Context Tables
- Create a Custom Context Table by Importing a CSV File
- Create a Custom Context Table Using the Add Custom Option
- Working with Filtered Context Tables
- View and Interact with a Custom or Filtered Context Table
- View the Details Panel for a Custom or Filtered Context Table
- Edit the Configuration of Custom or Filtered Context Tables
- Active Directory Context Tables
- Prerequisites to Onboard an Active Directory Context Table
- Create an Active Directory Context Table
- View and Interact with an Active Directory Context Table
- View the Details Panel for an Active Directory Context Table
- Edit the Configuration of an Active Directory Context Table
- Default User Attribute Mapping for Active Directory
- Default Device Attribute Mapping for Active Directory
- Anomali Context Tables
- Prerequisites to Onboard an Anomali Context Table
- Create an Anomali Context Table
- View and Interact with an Anomali Context Table
- View the Details Panel for an Anomali Context Table
- Edit the Configuration of an Anomali Context Table
- Default IP Attribute Mapping for Anomali
- Default Domain Attribute Mapping for Anomali
- CrowdStrike Context Tables
- Microsoft Entra ID Context Tables
- Prerequisites to Onboard a Microsoft Entra ID Context Table
- Create a Microsoft Entra ID Context Table
- View and Interact with a Microsoft Entra ID Context Table
- View the Details Panel for a Microsoft Entra ID Context Table
- Edit the Configuration of a Microsoft Entra ID Context Table
- Default User Attribute Mapping for Microsoft Entra ID
- Default Device Attribute Mapping for Microsoft Entra ID
- Okta Context Tables
- Recorded Future Context Tables
- Prerequisites to Onboard a Recorded Future Context Table
- Create a Recorded Future Context Table
- View and Interact with a Recorded Future Context Table
- View the Details Panel for a Recorded Future Context Table
- Edit the Configuration of a Recorded Future Context Table
- Default IP Attribute Mapping for Recorded Future
- Default Domain Attribute Mapping for Recorded Future
- STIX/TAXII Context Tables
- Prerequisites to Onboard a STIX/TAXII Context Table
- Create a STIX/TAXII Context Table
- View and Interact with a STIX/TAXII Context Table
- View the Details Panel for a STIX/TAXII Context Table
- Edit the Configuration of a STIX/TAXII Context Table
- Default IP Attribute Mapping for STIX/TAXII
- Default Domain Attribute Mapping for STIX/TAXII
- Custom Context Tables
- Add Data to an Existing Context Table
- Using Context Data in Downstream Applications
- Pre-Built Context Tables
- Context Management APIs
- Troubleshooting Context Management
Create a CrowdStrike Context Table
Before beginning this procedure, review the prerequisites.
To onboard a CrowdStrike device context table:
Log into the New-Scale Security Operations Platform with your registered credentials.
Find the Security Management tab and click the Context Management tile.
Navigate to the Context Library tab and click the Crowdstrike tile. The CrowdStrike panel opens.
Note
Only one CrowdStrike context table can be created per Exabeam subscription. So, if a CrowdStrike context table already exists, the Create button is disabled and you cannot create a new CrowdStrike context table.
In the Context Table Name field, the name CrowdStrike Devices is already provided. This name is fixed and cannot be changed because it supports specific downstream enrichment rules.
In the Data Source section of the panel, select an option for the CrowdStrike Collector field. Depending on how you plan to ingest CrowdStrike data, select one of the following options:
Exabeam Ingester For CrowdStrike – Select this option if you have both the New-Scale Analytics Exabeam license and the Ingester for CrowdStrike add-on.
CrowdStrike Context cloud collector – Select this option if you have created a CrowdStrike Context Cloud Collector in the Cloud Collector service.
Note
If you want to use the cloud collector option to ingest CrowdStrike data, the collector must be created before the context table. If you previously onboarded a CrowdStrike context table and you want to integrate with the cloud collector, you must delete the context table and recreate it after the CrowdStrike cloud collector is created and running.
Click Create. A new table is created and automatically named CrowdStrike Devices.
Return to the Overview tab that lists all the context tables currently available. The new CrowdStrike Devices context table should appear in the list. When you open the table, it displays the device objects processed from the CrowdStrike source.