Skip to main content

Context ManagementContext Management Administration Guide

STIX/TAXII Context Tables

icon-pre-built.png

Note

Early Release Program

This context table is a part of the early access program that offers you an opportunity to gain access to the latest cloud collectors before their official release. To participate, see Sign Up for the Early Access Program, in the Cloud Collectors Administration Guide.

The STIX/TAXII option is designed to streamline the process of creating a new context table to onboard threat intelligence data from external sources, such as threat detections and indicators of compromise. When a STIX/TAXII context table is onboarded, it processes either IP or domain attributes that a cloud collector has ingested from any external threat intelligence source that supports the STIX/TAXII standard framework.

When the context table is onboarded, it normalizes STIX/TAXII context information so that it can be mapped to Exabeam target attributes. This data is used to enrich security content that can be leveraged by downstream services such as Search, Correlation Rules, and Dashboards. By default, STIX/TAXII tables map a set of specific IP or domain attributes that are compliant with the Exabeam common information model. This model defines standardized objects for security content across Exabeam products.

The STIX/TAXII option is available on the Context Library tab. However, to create a STIX/TAXII context table, you must first create a STIX/TAXII cloud collector in the Exabeam Cloud Collector service. To further streamline the process, you can opt to have the STIX/TAXII context table created automatically from the cloud collector itself. Once the STIX/TAXII context table is running in the Context Management service, it can begin processing the data sent from the cloud collector.

Note

Only one STIX/TAXII context table can be created for each STIX/TAXII cloud collector.

For more information, see the following sections:

Tip

Recorded Future - for Early Release

During Early Release, an option is available in the Cloud Collector service to create a cloud collector for a Recorded Future Context source. However, this cloud collector will connect to a STIX/TAXII context table in Context Management. For more information, see Create a STIX/TAXII Context Table