Context Hub: Configure Lists as a Data Source

Document created by RSA Information Design and Development on Oct 23, 2017
Version 1Show Document
  • Comment0
  • View in full screen mode
  

This topic describes the procedure to create and configure custom lists for Context Hub. These lists are automatically considered as data sources for Context Hub.

To use the Context Hub service to fetch contextual information from meta types that support context lookup, you can create one or more lists and add relevant list values to the list. Make sure that you create meaningful list such as blacklisted IPs, whitelisted IPs, and so on. These custom lists may be populated with items either by importing CSV files or by adding meta values by using the option Add/Remove from List in Investigation views.

You can also import and export a list. For more information, see Import or Export Lists for Context Hub.

You can also create lists and add list values from Investigation views. For instructions, see the Manage Lists and List Values in Investigation topic in the Investigation and Malware Analysis Guide

Prerequisites

Ensure that Context Hub is enabled and the service is added in Administration > Services view of Security Analytics.

Procedure

To add a new list for Context Hub:

  1. In the Security Analytics menu, select Administration > Services.
  2. In the Services grid, select the Context Hub service and  settings.png > View > Config.
    The Services Config view of the selected Context Hub is displayed.
  3. Click the List tab.
    The List tab consists of the Lists panel and List Values panel.
    F-Conf-List-ds.png
  4. Clickic-add.png on the Lists panel to add a new list and complete the following steps:
    1. In the List Name field, enter a unique name for the list.
    2. In the Description field, enter the description of the list.
    3. In the List Values panel, clickic-add.pngto add unique list values.
    4. To import a list, click ic-Import.png on the Lists panel.
    5. To import list values for a list, click ic-Import.png on the List Values panel.
      For more information about importing list and list values, see Import or Export Lists for Context Hub.
  5. Click Save.
    The list is saved with the values. These lists are considered as data sources for retrieving contextual information.

Next steps 

After completing the configuration, you can use the Context Lookup option in Investigate > Navigate view or Investigation > Events view to query and view contextual information. For instructions, see the View Additional Context for a Data Point topic in the Investigation and Malware Analysis Guide.

You are here
Table of Contents > Basic Setup > Step 2. Configure Data Sources for Context Hub > Configure Lists as a Data Source for Context Hub

Attachments

    Outcomes