Step 6 - Configure Network Zones (Best Practice)
The goal of this step is to populate the Network Zones context table with a list of network zone CIDR ranges and associated names. This context table provides enriched source and destination zone information that make it possible to trigger network zone-based detections. Example: Abnormal number of unique destination network zone in login for this user
The Network Zones context table is a pre-built table in the Context Management application but must be populated manually. For more information about working with pre-built context tables, see Pre-Built Context Tables in the Context Management Administration Guide.
Before beginning the steps below, make sure you have completed the necessary prerequisite of creating a CSV file that lists the network zones in your environment. For more information, see Identify Network Zones in the Prerequisites.
Before beginning the steps below, make sure you have completed the necessary prerequisite of creating a CSV file listing the network zones and zone names used in your environment. For more information, see Identify Network Zones in the Prerequisites.
On the New-Scale Security Operations Platform home page, navigate to Security Management column and click the Context Management tile.
On the Overview tab in Context Management, use the Search field at the top to enter
Network Zones
.Click on the Network Zones context table to open it. The table may initially be empty.
Click the plus icon (
) in the upper right corner and select the Upload CSV option. The Add Records dialog box opens.
On the right side of the dialog box, click Select a CSV and select the CSV file you prepared in the prerequisites with a list of CIDR ranges and associated names.
When the CSV file finishes uploading, click Review Mapping at the bottom of the dialog box. A table is displayed where you can review the network zone entries and map them to Exabeam attributes.
Review the data in the table to ensure that each column contain the appropriate type of data. The columns should match the data contained in the CSV file.
In the Target row of the table, click Add Attribute for each CSV column and select the appropriate Exabeam attribute from the Available Attributes list. This action maps the columns from your CSV file to standard Exabeam attributes. The CIDR Range column is already designated as the key column for the context table.
Click Add Data. An Ingesting Data dialog box is displayed.
Click View Your Table to open the populated Network Zones context table and confirm that the data was uploaded properly.