- Introduction to Context Management
- Onboarding a Context Table
- Custom Context Tables
- Create a Custom Context Table by Importing a CSV File
- Create a Custom Context Table Using the Add Custom Option
- Working with Filtered Context Tables
- View and Interact with a Custom or Filtered Context Table
- View the Details Panel for a Custom or Filtered Context Table
- Edit the Configuration of Custom or Filtered Context Tables
- Active Directory Context Tables
- Prerequisites to Onboard an Active Directory Context Table
- Create an Active Directory Context Table
- View and Interact with an Active Directory Context Table
- View the Details Panel for an Active Directory Context Table
- Edit the Configuration of an Active Directory Context Table
- Default User Attribute Mapping for Active Directory
- Default Device Attribute Mapping for Active Directory
- Anomali Context Tables
- Prerequisites to Onboard an Anomali Context Table
- Create an Anomali Context Table
- View and Interact with an Anomali Context Table
- View the Details Panel for an Anomali Context Table
- Edit the Configuration of an Anomali Context Table
- Default IP Attribute Mapping for Anomali
- Default Domain Attribute Mapping for Anomali
- CrowdStrike Context Tables
- Google Workspace Context Tables
- Prerequisites to Onboard a Google Workspace Context Table
- Create a Google Workspace Context Table
- View and Interact with a Google Workspace Context Table
- View the Details Panel for a Google Workspace Context Table
- Edit the Configuration of a Google Workspace Context Table
- Default Google Workspace Attribute Mapping
- Microsoft Entra ID Context Tables
- Prerequisites to Onboard a Microsoft Entra ID Context Table
- Create a Microsoft Entra ID Context Table
- View and Interact with a Microsoft Entra ID Context Table
- View the Details Panel for a Microsoft Entra ID Context Table
- Edit the Configuration of a Microsoft Entra ID Context Table
- Default User Attribute Mapping for Microsoft Entra ID
- Default Device Attribute Mapping for Microsoft Entra ID
- Okta Context Tables
- Recorded Future Context Tables
- Prerequisites to Onboard a Recorded Future Context Table
- Create a Recorded Future Context Table
- View and Interact with a Recorded Future Context Table
- View the Details Panel for a Recorded Future Context Table
- Edit the Configuration of a Recorded Future Context Table
- Default IP Attribute Mapping for Recorded Future
- Default Domain Attribute Mapping for Recorded Future
- STIX/TAXII Context Tables
- Prerequisites to Onboard a STIX/TAXII Context Table
- Create a STIX/TAXII Context Table
- View and Interact with a STIX/TAXII Context Table
- View the Details Panel for a STIX/TAXII Context Table
- Edit the Configuration of a STIX/TAXII Context Table
- Default IP Attribute Mapping for STIX/TAXII
- Default Domain Attribute Mapping for STIX/TAXII
- Custom Context Tables
- Add Data to an Existing Context Table
- Using Context Data in Downstream Applications
- Pre-Built Context Tables
- Context Management APIs
- Troubleshooting Context Management
- Refresh Rates for Context Tables
Pre-Built Compliance Context Tables
The Context Management service includes a set of pre-built compliance context tables that are mainly used to provide context for compliance dashboards. When you populate the compliance context tables with users and accounts, the data can be visualized in the compliance dashboards in the Dashboard application. These dashboards are useful to monitor the activities of users and accounts with privileged access in your environment and to monitor other physical and network security systems.
For more information about each of the available compliance context tables, see the following sub-sections:
When you populate the compliance context tables with users and accounts, data from those users and accounts can be visualized in the compliance dashboards. The context tables must be populated before the data can be displayed in the dashboards. For the easiest way to populate these dashboards, see Bulk Onboard Compliance Context Tables via CSV. Alternately, you can onboard the context tables manually, one record at a time.
Compliance - Privileged Users
This context table lists user accounts that have privileged access to production systems in your environment, and that you want to visualize in the Dashboards application. The accounts in this table should be subject to periodic review. By default, the table is empty until you populate it with privileged account users..
The account users you add to this context table are visualized in the Privileged Account Activity visualization in the following compliance dashboards:
CMMC - Analyst
HIPAA - Analyst
ISO 27001 - Analyst
NIST 800-171 - Analyst
NIST 800-53 - Analyst
NIST CSF - Analyst
PCI DSS - Analyst
Compliance - Shared Accounts
This context table lists any shared user accounts in your environment that you want to visualize in the Dashboards application. These should include any accounts to which multiple users have access. By default, the table is empty until you populate it with shared account users.
The account users you add to this context table are visualized in the Shared Account Activity visualization in the following compliance dashboards:
CMMC - Analyst
HIPAA - Analyst
ISO 27001 - Analyst
NIST 800-171 - Analyst
NIST 800-53 - Analyst
NIST CSF - Analyst
PCI DSS - Analyst
Compliance - Third Party Users
This context table lists any contractor, vendor, or other third-party users in your environment that you want to visualize in the Dashboards application. By default, the table is empty until you populate it with third-party users.
The user account you add to this context table are visualized in the Third Party Activity visualization in the following compliance dashboards:
CMMC - Analyst
HIPAA - Analyst
ISO 27001 - Analyst
NIST 800-171 - Analyst
NIST 800-53 - Analyst
NIST CSF - Analyst
PCI DSS - Analyst
Compliance - System & Service Accounts
This context table lists any default, service, or automation accounts in your environment that you want to visualize in the Dashboards application. By default, the table is empty until you populate it with system and service accounts.
The accounts you add to this context table are visualized in the System and Service Account Activity visualization in the following compliance dashboards:
CMMC - Analyst
HIPAA - Analyst
ISO 27001 - Analyst
NIST 800-171 - Analyst
NIST 800-53 - Analyst
NIST CSF - Analyst
PCI DSS - Analyst
Bulk Onboard Compliance Context Tables via CSV
Bulk onboarding a context table requires preparing the CSV file for import and then importing the records to the context table. Follow these steps:
Prepare a CSV file that conforms to the following requirements:
It must be a maximum file size of 300 MB. If the CSV file is larger than 300 MB, compress it as a ZIP file. A compressed ZIP file must contain only one CSV file.
It must include a header row.
Note
A header row with column names is mandatory when uploading a CSV file. Failure to include a header row in the CSV file can result in missing or incorrect data in your context table.
The completed CSV file should resemble the example below:
In Context Management, navigate to the Overview tab and click the name of the pre-built compliance context table where you want to onboard the data. The detail page for the table opens.
Do one of the following:
If the table is currently empty, click Upload CSV. The Add Records dialog box opens.
If the table already contain data, click the plus icon (
) at the top of the detail page and select Upload CSV. The Add Records dialog box opens.
Note
Only one of each pre-built compliance context table can exist in your environment.
On the right side of the dialog box, click Select a CSV and select the CSV file to upload that you created in Step 1. Ensure that the file includes a header.
Click Review Mapping. A table is displayed listing the columns contained in the CSV file. It should resemble the image below.
Click Add Data. The CSV data is uploaded to the context table.
Click View Your Table to open the context table and view the uploaded data.