- Introduction to Context Management
- Onboarding a Context Table
- Custom Context Tables
- Create a Custom Context Table by Importing a CSV File
- Create a Custom Context Table Using the Add Custom Option
- Working with Filtered Context Tables
- View and Interact with a Custom or Filtered Context Table
- View the Details Panel for a Custom or Filtered Context Table
- Edit the Configuration of Custom or Filtered Context Tables
- Active Directory Context Tables
- Prerequisites to Onboard an Active Directory Context Table
- Create an Active Directory Context Table
- View and Interact with an Active Directory Context Table
- View the Details Panel for an Active Directory Context Table
- Edit the Configuration of an Active Directory Context Table
- Default User Attribute Mapping for Active Directory
- Default Device Attribute Mapping for Active Directory
- CrowdStrike Context Tables
- Microsoft Entra ID Context Tables
- Prerequisites to Onboard a Microsoft Entra ID Context Table
- Create a Microsoft Entra ID Context Table
- View and Interact with a Microsoft Entra ID Context Table
- View the Details Panel for a Microsoft Entra ID Context Table
- Edit the Configuration of a Microsoft Entra ID Context Table
- Default User Attribute Mapping for Microsoft Entra ID
- Default Device Attribute Mapping for Microsoft Entra ID
- Okta Context Tables
- Recorded Future Context Tables
- Prerequisites to Onboard a Recorded Future Context Table
- Create a Recorded Future Context Table
- View and Interact with a Recorded Future Context Table
- View the Details Panel for a Recorded Future Context Table
- Edit the Configuration of a Recorded Future Context Table
- Default IP Attribute Mapping for Recorded Future
- Default Domain Attribute Mapping for Recorded Future
- STIX/TAXII Context Tables
- Prerequisites to Onboard a STIX/TAXII Context Table
- Create a STIX/TAXII Context Table
- View and Interact with a STIX/TAXII Context Table
- View the Details Panel for a STIX/TAXII Context Table
- Edit the Configuration of a STIX/TAXII Context Table
- Default IP Attribute Mapping for STIX/TAXII
- Default Domain Attribute Mapping for STIX/TAXII
- Custom Context Tables
- Add Data to an Existing Context Table
- Using Context Data in Downstream Applications
- Pre-Built Context Tables
- Context Management APIs
- Troubleshooting Context Management
STIX/TAXII Context Tables
The STIX/TAXII option is designed to streamline the process of creating a new context table to onboard threat intelligence data from external sources, including data such as threat detections and indicators of compromise. When a STIX/TAXII context table is onboarded, it processes either IP or domain attributes that a cloud collector has ingested from any external threat intelligence source that supports the STIX/TAXII standard framework.
When the context table is onboarded, it normalizes STIX/TAXII context information so that it can be mapped to Exabeam target attributes. This data is used to enrich security content that can be leveraged by downstream services such as Search, Correlation Rules, and Dashboards. By default, STIX/TAXII tables map a set of specific IP or domain attributes that are compliant with the Exabeam common information model. This model defines standardized objects for security content across Exabeam products.
The STIX/TAXII option is available on the Context Library tab. However, to create a STIX/TAXII context table, you must first create a STIX/TAXII cloud collector in the Exabeam Cloud Collector service. To further streamline the process, you can opt to have the STIX/TAXII context table created automatically from the cloud collector itself. Once the STIX/TAXII context table is running in the Context Management service, it can begin processing the data sent from the cloud collector.
Note
Only one STIX/TAXII context table can be created for each STIX/TAXII cloud collector.
For more information, see the following sections: