- Print
- DarkLight
Article summary
Did you find this summary helpful?
Thank you for your feedback
Caption | Name | Requirement | Type | Description |
---|---|---|---|---|
ID | device_id | required | :ref:`integer_t <integer_t>` | | Derived from OCSF Device.id. Device.id: The unique identifier used by DataBee for a specific device. This will be logged as ``device_id`` in activity tables to link to a particular device in this table. This field should not be mapped manually as the DataBee product populates this field itself. |
End Time | end_time | recommended | :ref:`timestamp_t <timestamp_t>` | | Derived from OCSF Device.end_time. Device.end_time: The end time of when a particular state of the user was valid. Using the ``start_time`` and ``end_time`` together bound the time when a particular user state was valid. If there is no ``end_time`` it tells the analyst that this is the current state of the user as DataBee understands it. There will ever only be a single user for which the ``end_time`` is ``null``. |
Selected Owner | is_selected_owner | required | :ref:`boolean_t <boolean_t>` | | Derived from OCSF Device.selected_owner. Device.selected_owner: The owner selected by a DataBee user to assign to a device. Keys in object are user_id an integer, user_email a string and selected_on a datetime. |
Key | key | required | :ref:`string_t <string_t>` | | The group of the owner, e.g., 'BU_OWNER', 'IT_OWNER', 'ORG_OWNER'. |
Record Created At | record_created_at | required | :ref:`timestamp_t <timestamp_t>` | | CDPs generated timestamp when record was created. |
Record Updated At | record_updated_at | required | :ref:`timestamp_t <timestamp_t>` | | CDPs generated timestamp when record was last updated. |
Backtrace | sources | recommended | :ref:`string_t Array <string_t>` | | Derived from OCSF Device.backtrace. Device.backtrace: This object is a key value set that relates each field in the user to the earliest raw event that gave DataBee that particular value in the correlation. For example, ``{'email_addr': 'email_activity.key=123456'}`` |
Start Time | start_time | required | :ref:`timestamp_t <timestamp_t>` | | Derived from OCSF Device.start_time. Device.start_time: The start time when a particular state of the user became valid |
Unique ID | value | required | :ref:`string_t <string_t>` | | Derived from OCSF Device.uid. Device.uid: A universally unique identifier of the device. For example the Windows TargetSID or AWS EC2 ARN. |
Was this article helpful?