Skip to main content

Context ManagementContext Management Administration Guide

Pre-Built New-Scale Analytics Context Tables

icon-pre-built.png

The Context Management service includes a set of pre-built context tables used mainly to provide context for activities performed in the New Scale Analytics and the Attack Surface Insights applications. The data contained in these tables can be used to support various detection and enrichment rules that are part of specific use cases.

Note

License Requirement for New-Scale Analytics Context Tables

Currently, New-Scale Analytics context tables can only be accessed if you have the New-Scale Analytics license. Access to these tables will be available to other licenses in the near future.

The following sections list the New-Scale context tables that are available.

New Scale Analytics Tables

Context Table

Used by Pre-Built New-Scale Analytics Detection Engine Rules

Used by Pre-Built Enrichment Rules

Use Cases

System Enumeration Processes

Yes

Malware, Privilege Escalation

Account Enumeration Processes

Yes

Malware, Privilege Escalation

Pentesting Processes

Yes

Malware, Compromised Credentials

Net Sniffer Processes

Yes

Malware, Compromised Credentials

Malicious Websites

Yes

Malware

Malicious Website Categories

Yes

Malware

Temporary Directories

Yes

Malware

Threat Windows Commands

Yes

Malware

Administrative Windows Privilege Constants

Yes

Privileged Activity

Source Code File Extensions

Yes

Compromised Credentials, Data Access

Competitor Company Names

Yes

Workforce Protection

Job Search Categories

Yes

Yes

Workforce Protection

Job Search Websites

Yes

Yes

Workforce Protection

File Storage Categories

Yes

Data Exfiltration

File Storage Websites

Yes

Data Exfiltration

Network Zones

Yes

Geo-location Based Detection

IOT Device Types

Future use case

Threat PowerShell Commands

Future use case

Per-User Windows Service Names

Future use case

Windows Control Panel Items

Future use case

Attack Surface Insights Context Tables

Context Table

Used by Pre-Built New-Scale Analytics Detection Engine Rules

Use by Pre-Built Enrichment Rules

Use Cases

Departing Employees

Workforce Protection

Used by the Departing Employees pre-built tagging rule

Internal Domains

Yes

Ignore external email domains when discovering user entities