- Introduction to Context Management
- Onboarding a Context Table
- Custom Context Tables
- Create a Custom Context Table by Importing a CSV File
- Create a Custom Context Table Using the Add Custom Option
- Working with Filtered Context Tables
- View and Interact with a Custom or Filtered Context Table
- View the Details Panel for a Custom or Filtered Context Table
- Edit the Configuration of Custom or Filtered Context Tables
- Active Directory Context Tables
- Prerequisites to Onboard an Active Directory Context Table
- Create an Active Directory Context Table
- View and Interact with an Active Directory Context Table
- View the Details Panel for an Active Directory Context Table
- Edit the Configuration of an Active Directory Context Table
- Default Active Directory Attribute Mapping
- Microsoft Entra ID Context Tables
- Prerequisites to Onboard a Microsoft Entra ID Context Table
- Create a Microsoft Entra ID Context Table
- View and Interact with a Microsoft Entra ID Context Table
- View the Details Panel for a Microsoft Entra ID Context Table
- Edit the Configuration of a Microsoft Entra ID Context Table
- Default Microsoft Entra ID Attribute Mapping
- Okta Context Tables
- Custom Context Tables
- Add Data to an Existing Context Table
- Using Context Data in Downstream Applications
- Built-In Threat Intelligence Context Tables
- Context Management APIs
- Troubleshooting Context Management
Create a Microsoft Entra ID Context Table
Before beginning this procedure, review the prerequisites.
To onboard a Microsoft Entra ID context table:
Log into the Exabeam Security Operations Platform with your registered credentials.
Find the Security Management tab and click the Context Management tile.
Navigate to the Context Library tab and click Microsoft Entra ID. The Microsoft Entra ID Context Table panel opens.
In the Configuration section, complete the Definition step by entering the following information:
Context Table Name – Enter a name for the new Microsoft Entra ID context table you're creating.
Microsoft Entra ID Collector – In the Data Source section, choose a data source for your new context table. The drop down menu displays a list of the Microsoft Entra ID Context cloud collectors that are currently configured and running in the Exabeam Cloud Collectors service. In the list, select a collector from which your new context table will process user attribute data.
If no Microsoft Entra ID Context cloud collectors are listed, follow the steps in the Microsoft Entra ID Context Cloud Collector section of the Cloud Collector Administration Guide.
Click Next.
In the Review Attributes step, review the mapping of available Microsoft Entra ID attributes to the target attributes in the new context table you are creating.
The attribute mapping table has the following columns (as shown in the image below):
– Shows whether a specific attribute is visible as a column in the context table. Use the icon next to each attribute to toggle the display on or off.Source Attribute – Shows a default set of attributes available from your Microsoft Entra ID. Some source attributes are listed simply as Calculated attribute. These are attributes that are calculated, either in format or in value. Hover over the Calculated attribute tag in the Source Attribute column to view a description of the attribute and its calculation.
Target Attribute – The Target Attributes column shows the Exabeam common information model attributes that are mapped to the Microsoft Entra ID attributes in your context table. For easy-to-read tables of the default attribute mapping, see:
– Indicates that an attribute is designated as the key attribute for the context table. The designated key and its mapping cannot be changed.
– Indicates that an attribute and its mapping cannot be changed.
You can modify the mapping of Microsoft Entra ID attributes, that are not key or locked attributes, in the following ways:
Hover over an attribute row where you want to change the mapping.
Click the delete icon (
) to remove the currently mapped target attribute.Then click Add Target Attributes and do one of the following:
Search for and select an existing target attribute to map it as the target.
Click Add Custom Attribute, enter a new attribute name, and click the plus icon (
) to add it to the list of available target attributes. It will be added with a custom icon (
) to the left of the attribute name. Then select the newly created target attribute to map it.
When you are satisfied with the attribute mapping, click Create to onboard the new Microsoft Entra ID context table. A success message is displayed.
Click Go to Overview to return to the Overview tab that lists all the context tables currently available. The new context table should appear in the list. When you open the table, it displays the user objects processed from the source Cloud Collector (it does not include asset objects).