Context Management Features Introduced in 2025
April 2025
The following features were introduced in Context Management during April 2025:
Feature | Description |
|---|---|
Expanded IOC Field Enrichment | You can now search for IOC data from both internal and external threat intelligence sources. This functionality is made possible because the Context Management service now provides threat intelligence data from both prebuilt, curated sources and from external log sources that support the STIX/TAXII framework. NoteSTIX/TAXII context tables are available as part of a Cloud Collector Early Access program. During the early access period, you can access this functionality for STIX/TAXII context tables only if you participate in the program. To participate, see Sign Up for the Early Access Program, in the Cloud Collectors Administration Guide. To facilitate this expanded functionality, a new For more information, see Context in Search and Correlation Rules in the Context Management Guide. |
March 2025
The following features were introduced in Context Management during March 2025:
Feature | Description |
|---|---|
STIX/TAXII Context Tables | Context Management now supports onboarding STIX/TAXII context tables. These tables process data that is ingested by a corresponding STIX/TAXII cloud collector from an external threat intelligence source that use the STIX/TAXII framework. By default these context tables process a predetermined set of IP or domain attributes from the source collector and maps them to a set of standardized Exabeam target attributes. The STIX/TAXII context tables are available as part of the Early Access program. During the early access period, STIX/TAXII context tables can be created from either a STIX/TAXII or a Recorded Future Context cloud collector. The early access program offers you an opportunity to gain access to the latest cloud collectors before their official release. To participate, see Sign Up for the Early Access Program, in the Cloud Collectors Administration Guide. For more information, see STIX/TAXII Context Tables in the Context Management Guide. |
January 2025
The following features were introduced in Context Management during January 2025:
Feature | Description |
|---|---|
Support Context Tables for Device Data | Context Management now supports onboarding device data into the following types of context tables:
To facilitate onboarding device data to the Active Directory, CrowdStrike, and Microsoft Entra ID context tables, new tiles are available from the Context Library page in Context Management. Data in these device tables is available for use in the downstream Search application. It is not yet available for building dashboards or correlation rules. These device context tables are available with any New-Scale Security Operations or Exabeam Security Operations license. For more information, see Onboarding a Context Table and navigate to a specific context table section. |
Support Pre-Built New-Scale Analytics Context Tables | Context Management now provides new pre-built New-Scale Analytics context tables. These context tables are used to support activities by the New-Scale Analytics engine and in the Attack Surface Insights application. These New-Scale Analytics context tables are currently available only for the New-Scale Analytics license. For more information about the new context tables, see Pre-Built New-Scale Analytics Context Tables in the Context Management Guide. |