- Introduction to Context Management
- Onboarding a Context Table
- Custom Context Tables
- Create a Custom Context Table by Importing a CSV File
- Create a Custom Context Table Using the Add Custom Option
- Working with Filtered Context Tables
- View and Interact with a Custom or Filtered Context Table
- View the Details Panel for a Custom or Filtered Context Table
- Edit the Configuration of Custom or Filtered Context Tables
- Active Directory Context Tables
- Prerequisites to Onboard an Active Directory Context Table
- Create an Active Directory Context Table
- View and Interact with an Active Directory Context Table
- View the Details Panel for an Active Directory Context Table
- Edit the Configuration of an Active Directory Context Table
- Default Active Directory Attribute Mapping
- Microsoft Entra ID Context Tables
- Prerequisites to Onboard a Microsoft Entra ID Context Table
- Create a Microsoft Entra ID Context Table
- View and Interact with a Microsoft Entra ID Context Table
- View the Details Panel for a Microsoft Entra ID Context Table
- Edit the Configuration of a Microsoft Entra ID Context Table
- Default Microsoft Entra ID Attribute Mapping
- Okta Context Tables
- Custom Context Tables
- Add Data to an Existing Context Table
- Using Context Data in Downstream Applications
- Built-In Threat Intelligence Context Tables
- Context Management APIs
- Troubleshooting Context Management
Context in Audit Logs
Information related to specific types of context table activity is stored in audit logs. In the Exabeam Security Operations Platform audit logs are accessible in the Search query interface. The types of audit logs available for the Context Management service are listed below. Links are also included to specific activity-type pages in the Common Information Model Library where you can find detailed information about the fields available for searching.
For an easy way to access context table audit logs:
Log into the Exabeam Security Operations Platform and navigate to Search.
Choose the Basic Search mode and click in the search bar at the top. Select the Audit Logs tab.
Select one of the following fields, enter a specific context table value, and click Add to Query.
Search Field
Context Table Values
app
Context Management
operation
Context table created
Context table deleted
Context table modified
operation_type
context_table-create
context_table-delete
context_table-modify
Select a time range for the query and click Search.