- Print
- DarkLight
Article summary
Did you find this summary helpful?
Thank you for your feedback
Caption | Name | Requirement | Type | Description |
---|---|---|---|---|
Device ID | device_id | required | :ref:`integer_t <integer_t>` | | Derived from OCSF ApplicationLifecycle.device.id. ApplicationLifecycle.device: An addressable device, computer system or host. Device.id: None |
Device End Time | end_time | recommended | :ref:`timestamp_t <timestamp_t>` | | Derived from OCSF ApplicationLifecycle.device.end_time. ApplicationLifecycle.device: An addressable device, computer system or host. Device.end_time: The end time of when a particular state of the user was valid. Using the ``start_time`` and ``end_time`` together bound the time when a particular user state was valid. If there is no ``end_time`` it tells the analyst that this is the current state of the user as DataBee understands it. There will ever only be a single user for which the ``end_time`` is ``null``. |
Record Created At | record_created_at | required | :ref:`timestamp_t <timestamp_t>` | | CDPs generated timestamp when record was created. |
Record Updated At | record_updated_at | required | :ref:`timestamp_t <timestamp_t>` | | CDPs generated timestamp when record was last updated. |
Application Vendor Name/Application Version/Application Name/Application Unique ID | application_id | required | :ref:`integer_t <integer_t>` | | Derived from CORE_DATA Application.id. Application.id: Derived from OCSF ApplicationLifecycle.app.vendor_name and OCSF ApplicationLifecycle.app.version and OCSF ApplicationLifecycle.app.name and OCSF ApplicationLifecycle.app.uid. ApplicationLifecycle.app: The application that was affected by the lifecycle event. This also applies to self-updating application systems. Product.vendor_name: The name of the vendor of the product. ApplicationLifecycle.app: The application that was affected by the lifecycle event. This also applies to self-updating application systems. Product.version: The version of the product, as defined by the event source. For example: ``2013.1.3-beta``. ApplicationLifecycle.app: The application that was affected by the lifecycle event. This also applies to self-updating application systems. Product.name: The name of the product. ApplicationLifecycle.app: The application that was affected by the lifecycle event. This also applies to self-updating application systems. Product.uid: The unique identifier of the product. |
Device Start Time | start_time | recommended | :ref:`timestamp_t <timestamp_t>` | | Derived from OCSF ApplicationLifecycle.device.start_time. ApplicationLifecycle.device: An addressable device, computer system or host. Device.start_time: The start time when a particular state of the user became valid |
Was this article helpful?