Skip to main content

Context ManagementContext Management Release Notes

Table of Contents

Context Management Features Introduced in 2025

April 2025

The following features were introduced in Context Management during April 2025:

Feature

Description

Expanded IOC Field Enrichment

You can now search for IOC data from both internal and external threat intelligence sources. This functionality is made possible because the Context Management service now provides threat intelligence data from both prebuilt, curated sources and from external log sources that support the STIX/TAXII framework.

Note

STIX/TAXII context tables are available as part of a Cloud Collector Early Access program. During the early access period, you can access this functionality for STIX/TAXII context tables only if you participate in the program. To participate, see Sign Up for the Early Access Program, in the Cloud Collectors Administration Guide.

To facilitate this expanded functionality, a new ioc_sources attribute has been added to the enriched IOC fields you can use in the Search and Correlation Rules applications. Values in this field identity which log source a suspected IOC record was ingested by.

For more information, see Context in Search and Correlation Rules in the Context Management Guide.

March 2025

The following features were introduced in Context Management during March 2025:

Feature

Description

STIX/TAXII Context Tables

Context Management now supports onboarding STIX/TAXII context tables. These tables process data that is ingested by a corresponding STIX/TAXII cloud collector from an external threat intelligence source that use the STIX/TAXII framework. By default these context tables process a predetermined set of IP or domain attributes from the source collector and maps them to a set of standardized Exabeam target attributes.

The STIX/TAXII context tables are available as part of the Early Access program. During the early access period, STIX/TAXII context tables can be created from either a STIX/TAXII or a Recorded Future Context cloud collector. The early access program offers you an opportunity to gain access to the latest cloud collectors before their official release. To participate, see Sign Up for the Early Access Program, in the Cloud Collectors Administration Guide.

For more information, see STIX/TAXII Context Tables in the Context Management Guide.

January 2025

The following features were introduced in Context Management during January 2025:

Feature

Description

Support Context Tables for Device Data

Context Management now supports onboarding device data into the following types of context tables:

  • Custom and filtered context tables

  • Active Directory context tables

  • CrowdStrike context tables

  • Microsoft Entra ID context tables

To facilitate onboarding device data to the Active Directory, CrowdStrike, and Microsoft Entra ID context tables, new tiles are available from the Context Library page in Context Management. Data in these device tables is available for use in the downstream Search application. It is not yet available for building dashboards or correlation rules.

These device context tables are available with any New-Scale Security Operations or Exabeam Security Operations license. For more information, see Onboarding a Context Table and navigate to a specific context table section.

Support Pre-Built New-Scale Analytics Context Tables

Context Management now provides new pre-built New-Scale Analytics context tables. These context tables are used to support activities by the New-Scale Analytics engine and in the Attack Surface Insights application. These New-Scale Analytics context tables are currently available only for the New-Scale Analytics license.

For more information about the new context tables, see Pre-Built New-Scale Analytics Context Tables in the Context Management Guide.