Console
    Contact Us Start free

    Entity

    An Entity provides additional context about an item in a UDM event. For example, a PROCESS_LAUNCH event describes that user 'abc@example.corp' launched process 'shady.exe'. The event does not include information that user 'abc@example.com' is a recently terminated employee who administers a server storing finance data. Information stored in one or more Entities can add this additional context.

    JSON representation 
     { 
 "metadata" 
 : 
 { 
 object (  EntityMetadata 
 
) 
 } 
 , 
 "entity" 
 : 
 { 
 object (  Noun 
 
) 
 } 
 , 
 "relations" 
 : 
 [ 
 { 
 object (  Relation 
 
) 
 } 
 ] 
 , 
 "additional" 
 : 
 { 
 object 
 } 
 , 
 "metric" 
 : 
 { 
 object (  Metric 
 
) 
 } 
 , 
 "riskScore" 
 : 
 { 
 object (  EntityRisk 
 
) 
 } 
 }
    Fields
    metadata

    object ( EntityMetadata )

    Entity metadata such as timestamp, product, etc.
    entity

    object ( Noun )

    Noun in the UDM event that this entity represents.
    relations[]

    object ( Relation )

    One or more relationships between the entity (a) and other entities, including the relationship type and related entity.
    additional

    object ( Struct format)

    Important entity data that cannot be adequately represented within the formal sections of the Entity.
    metric

    object ( Metric )

    Stores statistical metrics about the entity. Used if metadata.entity_type is METRIC.
    riskScore

    object ( EntityRisk )

    Stores information related to the entity's risk score.
    Create a Mobile Website
    View Site in Mobile | Classic
    Share by: