Device
- 20 Nov 2024
- 4 Minutes to read
- Contributors
- Print
- DarkLight
Device
- Updated on 20 Nov 2024
- 4 Minutes to read
- Contributors
- Print
- DarkLight
Article summary
Did you find this summary helpful?
Thank you for your feedback
| Caption | Name | Requirement | Type | Description |
|---|---|---|---|---|
| Owner/Additional Owners | _owners | optional | json_t Array | Device.owner: The primary owner of a device. Device.additional_owners: Other possible owners of a device. This is added to allow an array of owners, but when there is only one owner, the owner field should be populated. |
| Modified Time | active | optional | boolean_t | Device.modified_time: The time when the device was last known to have been modified. |
| Created Time | created_time | optional | timestamp_t | Device.created_time: The time when the device was known to have been created. |
| Domain | domain | optional | string_t | Device.domain: The network domain where the device resides. For example: work.example.com. |
| End Time | end_time | optional | timestamp_t | Device.end_time: The end time of when a particular state of the user was valid. Using the start_time and end_time together bound the time when a particular user state was valid. If there is no end_time it tells the analyst that this is the current state of the user as DataBee understands it. There will ever only be a single user for which the end_time is null. |
| Environment | environment | optional | string_t | Device.environment: The operational environment in which the device exists. For example: Production, Development, QA. |
| First Seen | first_seen_time | optional | timestamp_t | Device.first_seen_time: The initial discovery time of the device. |
| Groups Name | group_names | optional | string_t Array | Device.groups: The group names to which the device belongs. For example: ['Windows Laptops', 'Engineering']Group.name: The group name. |
| History ID | hid | required | integer_t | Device.hid: The unique DataBee ID to identify a particular history entry in an object table. This field is the PK and should not be mapped manually as the DataBee product populates this field itself. |
| Hostname | hostname | recommended | string_t | Device.hostname: The device hostname. |
| Hardware Info BIOS Manufacturer | hw_info_bios_manufacturer | optional | string_t | Device.hw_info: The endpoint hardware information.| DeviceHwInfo.bios_manufacturer: The BIOS manufacturer. For example: LENOVO. |
| Hardware Info Serial Number | hw_info_serial_number | optional | string_t | Device.hw_info: The endpoint hardware information. DeviceHwInfo.serial_number: The device manufacturer serial number. |
| Hypervisor | hypervisor | optional | string_t | Device.hypervisor: The name of the hypervisor running on the device. For example, Xen, VMware, Hyper-V, VirtualBox, etc. |
| ID | id | required | integer_t | Device.id: The unique identifier used by DataBee for a specific device. This will be logged as device_id in activity tables to link to a particular device in this table. This field should not be mapped manually as the DataBee product populates this field itself. |
| Image Name | image_name | optional | string_t | Device.image: The image used as a template to run the virtual machine. Image.name: The image name. For example: elixir. |
| IMEI | imei | optional | string_t | Device.imei: The International Mobile Station Equipment Identifier that is associated with the device. For example: 123456789012345 |
| Instance ID | instance_uid | recommended | string_t | Device.instance_uid: The unique identifier of a VM instance. For example: 56 4d ef 2d 3f d4 14 e2-2e 04 c5 34 3a ec ee 65 for a VMWare UUIDE. |
| IP Address | ip | recommended | string_t | Device.ip: The device IP address, in either IPv4 or IPv6 format. |
| Compliant Device | is_compliant | optional | boolean_t | Device.is_compliant: The event occurred on a compliant device. |
| Managed Device | is_managed | optional | boolean_t | Device.is_managed: The event occurred on a managed device. |
| Personal Device | is_personal | optional | boolean_t | Device.is_personal: The event occurred on a personal device. |
| Trusted Device | is_trusted | optional | boolean_t | Device.is_trusted: The event occurred on a trusted device. |
| Last Seen | last_seen_time | optional | timestamp_t | Device.last_seen_time: The most recent discovery time of the device. |
| Geo Location City | location_city | optional | string_t | Device.location: The geographical location of the device. Location.city: The name of the city. For example: san diego. |
| Geo Location Country | location_country | optional | string_t | Device.location: The geographical location of the device. Location.country: The ISO 3166-1 Alpha-2 country code. For the complete list of country codes see `ISO 3166-1 alpha-2 codes <https://www.iso.org/obp/ui/#iso:pub:PUB500001:en>`_. |
| MAC Address | mac | optional | string_t | Device.mac: The Media Access Control (MAC) address of the endpoint. |
| Modified Time | modified_time | optional | timestamp_t | Device.modified_time: The time when the device was last known to have been modified. |
| Network Interfaces Hostname | network_interfaces_hostnames | optional | string_t Array | Device.network_interfaces: The network interfaces that are associated with the device, one for each unique MAC address/IP address/hostname/name combination. |
| Network Interfaces IP Address | network_interfaces_ips | optional | string_t Array | Device.network_interfaces: The network interfaces that are associated with the device, one for each unique MAC address/IP address/hostname/name combination. |
| Network Interfaces MAC Address | network_interfaces_macs | optional | string_t Array | Device.network_interfaces: The network interfaces that are associated with the device, one for each unique MAC address/IP address/hostname/name combination. |
| Organization Name | org_name | optional | string_t | Device.org: Organization and org unit related to the device. Organization.name: The name of the organization. For example, Widget, Inc. |
| Organization Org Unit Name | org_ou_name | optional | string_t | Device.org: Organization and org unit related to the device. Organization.ou_name: The name of the organizational unit, within an organization. For example, Finance, IT, R&D. |
| OS Name | os_name | optional | string_t | Device.os: The endpoint operating system. Os.name: The operating system name. |
| OS Type | os_type | optional | string_t | Device.os: The endpoint operating system. Os.type: The type of the operating system. |
| OS Version | os_version | optional | string_t | Device.os: The endpoint operating system. Os.version: The version of the OS running on the device that originated the event. For example: 'Windows 10', 'OS X 10.7', or 'iOS 9'. |
| Owner Email Address | owner_email_addr | optional | string_t | Device.owner: The primary owner of a device. User.email_addr: The user's primary email address. For example: noone@nowhere.ru |
| Owner Employee ID | owner_employee_uid | optional | string_t | Device.owner: The primary owner of a device. User.employee_uid: The employee identifier assigned to the user by the organization. |
| Owner Full Name | owner_full_name | optional | string_t | Device.owner: The primary owner of a device. User.full_name: The full name of the person, as per the LDAP Common Name attribute (cn). |
| Owner Name | owner_name | recommended | string_t | Device.owner: The primary owner of a device. User.name: The username. For example, janedoe1. |
| Owner ID | owner_user_id | optional | integer_t | Device.owner: The primary owner of a device. User.id: The unique identifier used by DataBee for a specific user. This will be logged as user_id in activity tables to link to a particular user in this table. This field should not be mapped manually as the DataBee product populates this field itself. |
| Record Created At | record_created_at | required | timestamp_t | CDPs generated timestamp when record was created. |
| Record Updated At | record_updated_at | required | timestamp_t | CDPs generated timestamp when record was last updated. |
| Region | region | recommended | string_t | Device.region: The region where the virtual machine is located. For example, an AWS Region. |
| Selected Owner Selected On | selected_on | optional | timestamp_t | Device.selected_owner: The owner selected by a DataBee user to assign to a device. Keys in object are user_id an integer, user_email a string and selected_on a datetime. SelectedOwner.selected_on: The time when the owner selection was made. |
| Selected Owner User Email | selected_owner_user_email | optional | string_t | Device.selected_owner: The owner selected by a DataBee user to assign to a device. Keys in object are user_id an integer, user_email a string and selected_on a datetime. SelectedOwner.user_email: The email address of the DataBee user that made the selection. |
| Selected Owner User ID | selected_owner_user_id | optional | integer_t | Device.selected_owner: The owner selected by a DataBee user to assign to a device. Keys in object are user_id an integer, user_email a string and selected_on a datetime. SelectedOwner.user_id: This is the id that DataBee uses to link this to a specific user. |
| Backtrace | sources | recommended | string_t Array | Device.backtrace: This object is a key value set that relates each field in the user to the earliest raw event that gave DataBee that particular value in the correlation. For example, {'email_addr': 'email_activity.key=123456'} |
| Start Time | start_time | optional | timestamp_t | Device.start_time: The start time when a particular state of the user became valid. |
| Type | type | optional | string_t | Device.type: The device type. For example: unknown, server, desktop, laptop, tablet, mobile, virtual, browser, or other. |
| VPC UID | vpc_uid | optional | string_t | Device.vpc_uid: The unique identifier of the Virtual Private Cloud (VPC). For example: Often the VPC ARN similar to: arn:aws:ec2:us-east-1:123456789012:vpc/vpc-1234567890abcdef0. |
Was this article helpful?