- Introduction to Context Management
- Onboarding a Context Table
- Custom Context Tables
- Create a Custom Context Table by Importing a CSV File
- Create a Custom Context Table Using the Add Custom Option
- Working with Filtered Context Tables
- View and Interact with a Custom or Filtered Context Table
- View the Details Panel for a Custom or Filtered Context Table
- Edit the Configuration of Custom or Filtered Context Tables
- Active Directory Context Tables
- Prerequisites to Onboard an Active Directory Context Table
- Create an Active Directory Context Table
- View and Interact with an Active Directory Context Table
- View the Details Panel for an Active Directory Context Table
- Edit the Configuration of an Active Directory Context Table
- Default User Attribute Mapping for Active Directory
- Default Device Attribute Mapping for Active Directory
- Anomali Context Tables
- Prerequisites to Onboard an Anomali Context Table
- Create an Anomali Context Table
- View and Interact with an Anomali Context Table
- View the Details Panel for an Anomali Context Table
- Edit the Configuration of an Anomali Context Table
- Default IP Attribute Mapping for Anomali
- Default Domain Attribute Mapping for Anomali
- CrowdStrike Context Tables
- Microsoft Entra ID Context Tables
- Prerequisites to Onboard a Microsoft Entra ID Context Table
- Create a Microsoft Entra ID Context Table
- View and Interact with a Microsoft Entra ID Context Table
- View the Details Panel for a Microsoft Entra ID Context Table
- Edit the Configuration of a Microsoft Entra ID Context Table
- Default User Attribute Mapping for Microsoft Entra ID
- Default Device Attribute Mapping for Microsoft Entra ID
- Okta Context Tables
- Recorded Future Context Tables
- Prerequisites to Onboard a Recorded Future Context Table
- Create a Recorded Future Context Table
- View and Interact with a Recorded Future Context Table
- View the Details Panel for a Recorded Future Context Table
- Edit the Configuration of a Recorded Future Context Table
- Default IP Attribute Mapping for Recorded Future
- Default Domain Attribute Mapping for Recorded Future
- STIX/TAXII Context Tables
- Prerequisites to Onboard a STIX/TAXII Context Table
- Create a STIX/TAXII Context Table
- View and Interact with a STIX/TAXII Context Table
- View the Details Panel for a STIX/TAXII Context Table
- Edit the Configuration of a STIX/TAXII Context Table
- Default IP Attribute Mapping for STIX/TAXII
- Default Domain Attribute Mapping for STIX/TAXII
- Custom Context Tables
- Add Data to an Existing Context Table
- Using Context Data in Downstream Applications
- Pre-Built Context Tables
- Context Management APIs
- Troubleshooting Context Management
Pre-Built Compliance Context Tables
The Context Management service includes a set of pre-built compliance context tables used mainly to provide context for compliance dashboards. These dashboards, available in the Dashboards application, are used to monitor the activities of users and accounts with privileged access and to monitor other physical and network security systems. The following compliance context tables are available:
Compliance - Privileged Users – This context table lists any user accounts with privileged access to production systems in your environment that you want to visualize in the Dashboards application. The accounts in this table should be subject to periodic review. By default, the table is empty until you populate it with privileged account users. This table supports the Privileged Account Activity visualization in the following pre-built compliance dashboards:
CMMC - Analyst
HIPAA - Analyst
ISO 27001 - Analyst
NIST 800-171 - Analyst
NIST 800-53 - Analyst
NIST CSF - Analyst
PCI DSS - Analyst
Compliance - Shared Accounts – This context table lists any shared user accounts in your environment that you want to visualize in the Dashboards application. These should include any accounts to which multiple users have access. By default, the table is empty until you populate it with shared account users. This table supports the Shared Account Activity visualization in the following pre-built compliance dashboards:
CMMC - Analyst
HIPAA - Analyst
ISO 27001 - Analyst
NIST 800-171 - Analyst
NIST 800-53 - Analyst
NIST CSF - Analyst
PCI DSS - Analyst
Compliance - Third-Party Users – This context table lists any contractor, vendor, or other third-party users in your environment that you want to visualize in the Dashboards application. By default, the table is empty until you populate it with third-party users. This table supports the Third Party Activity visualization in the following pre-built compliance dashboards:
CMMC - Analyst
HIPAA - Analyst
ISO 27001 - Analyst
NIST 800-171 - Analyst
NIST 800-53 - Analyst
NIST CSF - Analyst
PCI DSS - Analyst
Compliance - System & Service Accounts – This context table lists any default, service, or automation accounts in your environment that you want to visualize in the Dashboards application. By default, the table is empty until you populate it with system and service accounts. This table supports the System and Service Account Activity visualization in the following pre-built compliance dashboards:
CMMC - Analyst
HIPAA - Analyst
ISO 27001 - Analyst
NIST 800-171 - Analyst
NIST 800-53 - Analyst
NIST CSF - Analyst
PCI DSS - Analyst
Compliance - In-Scope Data Systems – This context table lists any in-scope data systems in your environment that you want to visualize in the Dashboards application, including databases. By default, the table is empty until you populate it with in-scope data systems. This table supports a pre-built dashboard called TBD.
Compliance - Physical Security Systems – This context table lists any physical security systems in your environment that you want to visualize in the Dashboards application. These can include any system used to authenticate access to a physical location, including badge or card readers and door access. By default, the table is empty until you populate it with physical security systems. This table supports a pre-built dashboard called TBD.
Compliance - Network Security Systems – This context table lists any production network security systems in your environment that you want to visualize in the Dashboards application. These can include systems like firewalls, intrusion detection or prevention, malware detection and prevention, network access control, remote access, virtual private network and vulnerability scanning. By default, the table is empty until you populate it with network security systems. This table supports a pre-built dashboard called TBD.