Skip to main content

Context ManagementContext Management Administration Guide

Recorded Future Context Tables

tile-recorded-future.png

The Recorded Future option is designed to streamline the process of creating a new context table to onboard threat intelligence data from a Recorded Future source, including data such as threat detections and indicators of compromise. When a Recorded Future context table is onboarded, it processes either IP or domain attributes that a corresponding cloud collector has ingested from a Recorded Future threat intelligence source that supports the STIX/TAXII standard framework.

When the context table is onboarded, it normalizes Recorded Future context information so that it can be mapped to Exabeam target attributes. This data is used to enrich security content that can be leveraged by downstream services such as Search, Correlation Rules, and Dashboards. By default, Recorded Future tables map a set of specific IP or domain attributes that are compliant with the Exabeam common information model. This model defines standardized objects for security content across Exabeam products.

The Recorded Future option is available on the Context Library tab. However, to create a Recorded Future context table, you must first create a Recorded Future cloud collector in the Exabeam Cloud Collector service. To further streamline the process, you can opt to have the Recorded Future context table created automatically from the cloud collector itself. Once the Recorded Future context table is running in the Context Management service, it can begin processing the data sent from the cloud collector.

Note

Only one Recorded Future context table can be created for each Recorded Future cloud collector.

For more information, see the following sections: