Device
  • 31 May 2024
  • 6 Minutes to read
  • Contributors
  • Dark
    Light

Device

  • Dark
    Light

Article summary

Caption
Name
Requirement
Type
Description
End Timeactiverecommended:ref:`boolean_t <boolean_t>`| Derived from OCSF Device.end_time.
 Device.end_time: The end time of when a particular state of the user was valid. Using the ``start_time`` and ``end_time`` together bound the time when a particular user state was valid. If there is no ``end_time`` it tells the analyst that this is the current state of the user as DataBee understands it. There will ever only be a single user for which the ``end_time`` is ``null``.
Created Timecreated_timeoptional:ref:`timestamp_t <timestamp_t>`| Derived from OCSF Device.created_time.
 Device.created_time: The time when the device was known to have been created.
IDdevice_idrequired:ref:`integer_t <integer_t>`| Derived from OCSF Device.id.
 Device.id: The unique identifier used by DataBee for a specific device. This will be logged as ``device_id`` in activity tables to link to a particular device in this table. This field should not be mapped manually as the DataBee product populates this field itself.
Domaindomainoptional:ref:`string_t <string_t>`| Derived from OCSF Device.domain.
 Device.domain: The network domain where the device resides. For example: ``work.example.com``.
End Timeend_timerecommended:ref:`timestamp_t <timestamp_t>`| Derived from OCSF Device.end_time.
 Device.end_time: The end time of when a particular state of the user was valid. Using the ``start_time`` and ``end_time`` together bound the time when a particular user state was valid. If there is no ``end_time`` it tells the analyst that this is the current state of the user as DataBee understands it. There will ever only be a single user for which the ``end_time`` is ``null``.
Environmentenvironmentoptional:ref:`string_t <string_t>`| Derived from OCSF Device.environment.
 Device.environment: The operational environment in which the device exists. For example: Production, Development, QA
First Seenfirst_seen_timeoptional:ref:`timestamp_t <timestamp_t>`| Derived from OCSF Device.first_seen_time.
 Device.first_seen_time: The initial discovery time of the device.
Groups Namegroup_namesoptional:ref:`string_t Array <string_t>`| Derived from OCSF Device.groups.name.
 Device.groups: The group names to which the device belongs. For example: ``['Windows Laptops', 'Engineering']``
 Group.name: The group name.
Hostnamehostnamerecommended:ref:`string_t <string_t>`| Derived from OCSF Device.hostname.
 Device.hostname: The device hostname.
Hardware Info BIOS Manufacturerhw_info_bios_manufactureroptional:ref:`string_t <string_t>`| Derived from OCSF Device.hw_info.bios_manufacturer.
 Device.hw_info: The endpoint hardware information.
 DeviceHwInfo.bios_manufacturer: The BIOS manufacturer. For example: ``LENOVO``.
Hardware Info Serial Numberhw_info_serial_numberoptional:ref:`string_t <string_t>`| Derived from OCSF Device.hw_info.serial_number.
 Device.hw_info: The endpoint hardware information.
 DeviceHwInfo.serial_number: The device manufacturer serial number.
Hypervisorhypervisoroptional:ref:`string_t <string_t>`| Derived from OCSF Device.hypervisor.
 Device.hypervisor: The name of the hypervisor running on the device. For example, ``Xen``, ``VMware``, ``Hyper-V``, ``VirtualBox``, etc.
Image Nameimage_nameoptional:ref:`string_t <string_t>`| Derived from OCSF Device.image.name.
 Device.image: The image used as a template to run the virtual machine.
 Image.name: The image name. For example: ``elixir``.
IMEIimeioptional:ref:`string_t <string_t>`| Derived from OCSF Device.imei.
 Device.imei: The International Mobile Station Equipment Identifier that is associated with the device. For example: ``123456789012345``
Instance IDinstance_uidrecommended:ref:`string_t <string_t>`| Derived from OCSF Device.instance_uid.
 Device.instance_uid: The unique identifier of a VM instance. For example: ``56 4d ef 2d 3f d4 14 e2-2e 04 c5 34 3a ec ee 65`` for a VMWare UUIDE
IP Addressiprecommended:ref:`string_t <string_t>`| Derived from OCSF Device.ip.
 Device.ip: The device IP address, in either IPv4 or IPv6 format.
Compliant Deviceis_compliantoptional:ref:`boolean_t <boolean_t>`| Derived from OCSF Device.is_compliant.
 Device.is_compliant: The event occurred on a compliant device.
Managed Deviceis_managedoptional:ref:`boolean_t <boolean_t>`| Derived from OCSF Device.is_managed.
 Device.is_managed: The event occurred on a managed device.
Personal Deviceis_personaloptional:ref:`boolean_t <boolean_t>`| Derived from OCSF Device.is_personal.
 Device.is_personal: The event occurred on a personal device.
Trusted Deviceis_trustedoptional:ref:`boolean_t <boolean_t>`| Derived from OCSF Device.is_trusted.
 Device.is_trusted: The event occurred on a trusted device.
Last Seenlast_seen_timeoptional:ref:`timestamp_t <timestamp_t>`| Derived from OCSF Device.last_seen_time.
 Device.last_seen_time: The most recent discovery time of the device.
Geo Location Citylocation_cityoptional:ref:`string_t <string_t>`| Derived from OCSF Device.location.city.
 Device.location: The geographical location of the device.
 Location.city: The name of the city. For example: san diego
Geo Location Countrylocation_countryoptional:ref:`string_t <string_t>`| Derived from OCSF Device.location.country.
 Device.location: The geographical location of the device.
 Location.country: The ISO 3166-1 Alpha-2 country code. For the complete list of country codes see `ISO 3166-1 alpha-2 codes <https://www.iso.org/obp/ui/#iso:pub:PUB500001:en>`_.
MAC Addressmacoptional:ref:`string_t <string_t>`| Derived from OCSF Device.mac.
 Device.mac: The Media Access Control (MAC) address of the endpoint.
Modified Timemodified_timeoptional:ref:`timestamp_t <timestamp_t>`| Derived from OCSF Device.modified_time.
 Device.modified_time: The time when the device was last known to have been modified.
Network Interfaces Hostnamenetwork_interfaces_hostnamesoptional:ref:`string_t Array <string_t>`| Derived from OCSF Device.network_interfaces.hostname.
 Device.network_interfaces: The network interfaces that are associated with the device, one for each unique MAC address/IP address/hostname/name combination.
 | **Note:** The first element of the array is the network information that pertains to the event.
 |
 NetworkInterface.hostname: The hostname associated with the network interface.
Network Interfaces IP Addressnetwork_interfaces_ipsoptional:ref:`string_t Array <string_t>`| Derived from OCSF Device.network_interfaces.ip.
 Device.network_interfaces: The network interfaces that are associated with the device, one for each unique MAC address/IP address/hostname/name combination.
 | **Note:** The first element of the array is the network information that pertains to the event.
 |
 NetworkInterface.ip: The IP address associated with the network interface.
Network Interfaces MAC Addressnetwork_interfaces_macsoptional:ref:`string_t Array <string_t>`| Derived from OCSF Device.network_interfaces.mac.
 Device.network_interfaces: The network interfaces that are associated with the device, one for each unique MAC address/IP address/hostname/name combination.
 | **Note:** The first element of the array is the network information that pertains to the event.
 |
 NetworkInterface.mac: The MAC address of the network interface.
Organization Nameorg_nameoptional:ref:`string_t <string_t>`| Derived from OCSF Device.org.name.
 Device.org: Organization and org unit related to the device.
 Organization.name: The name of the organization. For example, Widget, Inc.
Organization Org Unit Nameorg_ou_nameoptional:ref:`string_t <string_t>`| Derived from OCSF Device.org.ou_name.
 Device.org: Organization and org unit related to the device.
 Organization.ou_name: The name of the organizational unit, within an organization.  For example, Finance, IT, R&D
OS Nameos_nameoptional:ref:`string_t <string_t>`| Derived from OCSF Device.os.name.
 Device.os: The endpoint operating system.
 Os.name: The operating system name.
OS Typeos_typeoptional:ref:`string_t <string_t>`| Derived from OCSF Device.os.type.
 Device.os: The endpoint operating system.
 Os.type: The type of the operating system.
OS Versionos_versionoptional:ref:`string_t <string_t>`| Derived from OCSF Device.os.version.
 Device.os: The endpoint operating system.
 Os.version: The version of the OS running on the device that originated the event. For example: 'Windows 10', 'OS X 10.7', or 'iOS 9'.
Owner Email Addressowner_email_addroptional:ref:`string_t <string_t>`| Derived from OCSF Device.owner.email_addr.
 Device.owner: The primary owner of a device.
 User.email_addr: The user's primary email address. For example: ``noone@nowhere.ru``
Owner Employee IDowner_employee_uidoptional:ref:`string_t <string_t>`| Derived from OCSF Device.owner.employee_uid.
 Device.owner: The primary owner of a device.
 User.employee_uid: The employee identifier assigned to the user by the organization.
Owner Full Nameowner_full_nameoptional:ref:`string_t <string_t>`| Derived from OCSF Device.owner.full_name.
 Device.owner: The primary owner of a device.
 User.full_name: The full name of the person, as per the LDAP Common Name attribute (cn).
Owner Nameowner_nameoptional:ref:`string_t <string_t>`| Derived from OCSF Device.owner.name.
 Device.owner: The primary owner of a device.
 User.name: The username. For example, ``janedoe1``.
Owner IDowner_user_idoptional:ref:`integer_t <integer_t>`| Derived from OCSF Device.owner.id.
 Device.owner: The primary owner of a device.
 User.id: The unique identifier used by DataBee for a specific user. This will be logged as ``user_id`` in activity tables to link to a particular user in this table. This field should not be mapped manually as the DataBee product populates this field itself.
Record Created Atrecord_created_atrequired:ref:`timestamp_t <timestamp_t>`| CDPs generated timestamp when record was created.
Record Updated Atrecord_updated_atrequired:ref:`timestamp_t <timestamp_t>`| CDPs generated timestamp when record was last updated.
Regionregionrecommended:ref:`string_t <string_t>`| Derived from OCSF Device.region.
 Device.region: The region where the virtual machine is located. For example, an AWS Region.
Selected Owner Selected Onselected_onoptional:ref:`timestamp_t <timestamp_t>`| Derived from OCSF Device.selected_owner.selected_on.
 Device.selected_owner: The owner selected by a DataBee user to assign to a device. Keys in object are user_id an integer, user_email a string and selected_on a datetime.
 SelectedOwner.selected_on: The time when the owner selection was made.
Selected Owner User Emailselected_owner_user_emailoptional:ref:`string_t <string_t>`| Derived from OCSF Device.selected_owner.user_email.
 Device.selected_owner: The owner selected by a DataBee user to assign to a device. Keys in object are user_id an integer, user_email a string and selected_on a datetime.
 SelectedOwner.user_email: The email address of the DataBee user that made the selection.
Selected Owner User IDselected_owner_user_idoptional:ref:`integer_t <integer_t>`| Derived from OCSF Device.selected_owner.user_id.
 Device.selected_owner: The owner selected by a DataBee user to assign to a device. Keys in object are user_id an integer, user_email a string and selected_on a datetime.
 SelectedOwner.user_id: This is the id that DataBee uses to link this to a specific user.
Backtracesourcesrecommended:ref:`string_t Array <string_t>`| Derived from OCSF Device.backtrace.
 Device.backtrace: This object is a key value set that relates each field in the user to the earliest raw event that gave DataBee that particular value in the correlation. For example, ``{'email_addr': 'email_activity.key=123456'}``
Start Timestart_timerequired:ref:`timestamp_t <timestamp_t>`| Derived from OCSF Device.start_time.
 Device.start_time: The start time when a particular state of the user became valid
Typetypeoptional:ref:`string_t <string_t>`| Derived from OCSF Device.type.
 Device.type: The device type. For example: ``unknown``, ``server``, ``desktop``, ``laptop``, ``tablet``, ``mobile``, ``virtual``, ``browser``, or ``other``.
VPC UIDvpc_uidoptional:ref:`string_t <string_t>`| Derived from OCSF Device.vpc_uid.
 Device.vpc_uid: The unique identifier of the Virtual Private Cloud (VPC). For example: Often the VPC ARN similar to: ``arn:aws:ec2:us-east-1:123456789012:vpc/vpc-1234567890abcdef0``

Was this article helpful?

What's Next
Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.
ESC

Eddy AI, facilitating knowledge discovery through conversational intelligence