- Introduction to Context Management
- Onboarding a Context Table
- Custom Context Tables
- Create a Custom Context Table by Importing a CSV File
- Create a Custom Context Table Using the Add Custom Option
- Working with Filtered Context Tables
- View and Interact with a Custom or Filtered Context Table
- View the Details Panel for a Custom or Filtered Context Table
- Edit the Configuration of Custom or Filtered Context Tables
- Active Directory Context Tables
- Prerequisites to Onboard an Active Directory Context Table
- Create an Active Directory Context Table
- View and Interact with an Active Directory Context Table
- View the Details Panel for an Active Directory Context Table
- Edit the Configuration of an Active Directory Context Table
- Default User Attribute Mapping for Active Directory
- Default Device Attribute Mapping for Active Directory
- Anomali Context Tables
- Prerequisites to Onboard an Anomali Context Table
- Create an Anomali Context Table
- View and Interact with an Anomali Context Table
- View the Details Panel for an Anomali Context Table
- Edit the Configuration of an Anomali Context Table
- Default IP Attribute Mapping for Anomali
- Default Domain Attribute Mapping for Anomali
- CrowdStrike Context Tables
- Google Workspace Context Tables
- Prerequisites to Onboard a Google Workspace Context Table
- Create a Google Workspace Context Table
- View and Interact with a Google Workspace Context Table
- View the Details Panel for a Google Workspace Context Table
- Edit the Configuration of a Google Workspace Context Table
- Default Google Workspace Attribute Mapping
- Microsoft Entra ID Context Tables
- Prerequisites to Onboard a Microsoft Entra ID Context Table
- Create a Microsoft Entra ID Context Table
- View and Interact with a Microsoft Entra ID Context Table
- View the Details Panel for a Microsoft Entra ID Context Table
- Edit the Configuration of a Microsoft Entra ID Context Table
- Default User Attribute Mapping for Microsoft Entra ID
- Default Device Attribute Mapping for Microsoft Entra ID
- Okta Context Tables
- Recorded Future Context Tables
- Prerequisites to Onboard a Recorded Future Context Table
- Create a Recorded Future Context Table
- View and Interact with a Recorded Future Context Table
- View the Details Panel for a Recorded Future Context Table
- Edit the Configuration of a Recorded Future Context Table
- Default IP Attribute Mapping for Recorded Future
- Default Domain Attribute Mapping for Recorded Future
- REST API Context Tables
- STIX/TAXII Context Tables
- Prerequisites to Onboard a STIX/TAXII Context Table
- Create a STIX/TAXII Context Table
- View and Interact with a STIX/TAXII Context Table
- View the Details Panel for a STIX/TAXII Context Table
- Edit the Configuration of a STIX/TAXII Context Table
- Default IP Attribute Mapping for STIX/TAXII
- Default Domain Attribute Mapping for STIX/TAXII
- Custom Context Tables
- Add Data to an Existing Context Table
- Using Context Data in Downstream Applications
- Pre-Built Context Tables
- Context Management APIs
- Troubleshooting Context Management
- Refresh Rates for Context Tables
REST API Context Tables
Note
The REST API context table onboarding via cloud collector is available as part of the Early Access program. The early access program offers you an opportunity to gain access to the latest cloud collectors before their official release. To participate, see Sign Up for the Early Access Program, in the Cloud Collectors Administration Guide
The REST API option is designed to streamline the process of creating a new REST API context table. When the context table is onboarded, it processes either user or device attributes that a REST API Context cloud collector has pulled from a source API endpoint.
REST API Context collectors are configured in the Cloud Collector service. They facilitate data collection via REST API endpoints from a range of vendors and products. These cloud collectors simplify third-party log ingestion so that you can create custom API integrations without relying on vendor-specific collectors or external developers.
In a REST API Context collector, you can tailor the API request itself, as well as how it's authenticated and processed. You can also view the extracted data that is returned in the API response. When you begin creating a corresponding context table, the extracted data is useful to ensure you configure source attributes in the table appropriately, according to the JSON schema of the API response.
REST API context tables do not map, by default, to a set of specific user or device attributes. Instead, you have the flexibility to customize the attribute mapping for any of the source attributes returned by the API response in the collector, including first level, nested, and array attributes. You can map them to target attributes that are compliant with the Exabeam common user information model. This model defines standardized user or device objects for security content across Exabeam products. You can also map the source attributes to existing or newly-created custom attributes.
In the Context Management service, the REST API user and device options are available as separate tiles on the Context Library tab. To create a REST API context table, you must first have a REST API Context cloud collector configured and running in the Exabeam Cloud Collectors service. You also need to view the extracted data, which is available in the collector itself, to determine which attributes to include in the context table and how to configure them. Then you can create the context table and it can begin processing the data sent from the cloud collector.
Note
Data in a REST API context table is refreshed according to the Collection Interval configured in the corresponding REST API Context cloud collector. For information about configuring this interval, see Configure the REST API Context Cloud Collector in the Get Started with Collector Onboarding Guide.
For more information, see the following sections: