- Introduction to Context Management
- Onboarding a Context Table
- Custom Context Tables
- Create a Custom Context Table by Importing a CSV File
- Create a Custom Context Table Using the Add Custom Option
- Working with Filtered Context Tables
- View and Interact with a Custom or Filtered Context Table
- View the Details Panel for a Custom or Filtered Context Table
- Edit the Configuration of Custom or Filtered Context Tables
- Active Directory Context Tables
- Prerequisites to Onboard an Active Directory Context Table
- Create an Active Directory Context Table
- View and Interact with an Active Directory Context Table
- View the Details Panel for an Active Directory Context Table
- Edit the Configuration of an Active Directory Context Table
- Default Active Directory Attribute Mapping
- Microsoft Entra ID Context Tables
- Prerequisites to Onboard a Microsoft Entra ID Context Table
- Create a Microsoft Entra ID Context Table
- View and Interact with a Microsoft Entra ID Context Table
- View the Details Panel for a Microsoft Entra ID Context Table
- Edit the Configuration of a Microsoft Entra ID Context Table
- Default Microsoft Entra ID Attribute Mapping
- Okta Context Tables
- Custom Context Tables
- Add Data to an Existing Context Table
- Using Context Data in Downstream Applications
- Built-In Threat Intelligence Context Tables
- Context Management APIs
- Troubleshooting Context Management
Context in Dashboards
In Dashboards, context data is available for use both via a pre-built IOC Statistics dashboard and by filtering on context table data in custom dashboards. For more information about each method, see the appropriate sections below.
IOC Statistics Dashboard
The IOC Statistics dashboard reflects information about the context data being collected in the built-in threat intelligence tables. This dashboard includes information about the numbers and types of IOCs found over time, as well as IOC trend analysis. For more information about this dashboard, see Indicator of Compromise (IOC) Statistics in the Dashboards Guide.
Filtering on Context Table Data When Creating a Custom Dashboard
When defining a custom dashboard visualization, context data is available by specifying a custom context table using the Context Filter option. You can filter on a custom context table of type Other or User. You can also filter on a filtered context table.
The Context Filter option is available at the bottom of the Query Filters section.
When you select the Context Filter option, you have the opportunity to select a Context Field, an Operator, and a Context Table to filter on. For example, in the image below, the condition is filtering on User values that are included in the PM IPs context table. For more information about building dashboards, see Add a Visualization in the Dashboards Guide.
Note
Certain restrictions apply to dashboard filtering when a context table lookup is included:
The context table can be included with an AND but not with an OR operator.
Only one context table can be included per dashboard visualization.
Only custom context tables are available for inclusion in a dashboard.
Active Directory context tables cannot be included directly. However, you can include a filtered context table that is created with an Active Directory context table as its source.