User
- 20 Nov 2024
- 2 Minutes to read
- Contributors
- Print
- DarkLight
User
- Updated on 20 Nov 2024
- 2 Minutes to read
- Contributors
- Print
- DarkLight
Article summary
Did you find this summary helpful?
Thank you for your feedback
| Caption | Name | Requirement | Type | Description |
|---|---|---|---|---|
| Modified Time | active | optional | boolean_t | User.modified_time: The timestamp when the user entry was last modified. |
| Created Time | created_time | optional | timestamp_t | User.created_time: The timestamp when the user was created. |
| Email Address | email_addr | optional | email_t | User.email_addr: The user's primary email address. For example: noone@nowhere.ru. |
| Email Addresses | email_addrs | optional | email_t Array | User.email_addresses: A list of additional email addresses for the user. |
| Employee ID | employee_uid | optional | string_t | User.employee_uid: The employee identifier assigned to the user by the organization. |
| End Time | end_time | optional | timestamp_t | User.end_time: The end time of when a particular state of the user was valid. Using the start_time and end_time together bound the time when a particular user state was valid. If there is no end_time it tells the analyst that this is the current state of the user as DataBee understands it. There will ever only be a single user for which the end_time is null. |
| Full Name | full_name | optional | string_t | User.full_name: The full name of the person, as per the LDAP Common Name attribute (cn). |
| Given Name | given_name | optional | string_t | User.given_name: The given or first name of the user. |
| Groups Name | group_names | optional | string_t Array | User.groups: The administrative groups to which the user belongs. Group.name: The group name. |
| History ID | hid | required | integer_t | User.hid: The unique DataBee ID to identify a particular history entry in an object table. This field is the PK and should not be mapped manually as the DataBee product populates this field itself. |
| Hire Date | hire_datetime | optional | timestamp_t | User.hire_datetime: The datetime when the user was/will be hired. |
| ID | id | required | integer_t | User.id: The unique identifier used by DataBee for a specific user. This will be logged as user_id in activity tables to link to a particular user in this table. This field should not be mapped manually as the DataBee product populates this field itself. |
| Job Title | job_title | optional | string_t | User.job_title: The user's job title. |
| Leave Date | leave_datetime | optional | timestamp_t | User.leave_datetime: The datetime when the user left/will be leaving the organization. |
| Geo Location City | location_city | optional | string_t | User.location: The detailed geographical location associated with a user. When used with the user_inventory event class, this typically documents the users usual work location.Location.city: The name of the city. For example: san diego. |
| Geo Location Country | location_country | optional | string_t | User.location: The detailed geographical location associated with a user. When used with the user_inventory event class, this typically documents the users usual work location.Location.country: The ISO 3166-1 Alpha-2 country code. For the complete list of country codes see `ISO 3166-1 alpha-2 codes <https://www.iso.org/obp/ui/#iso:pub:PUB500001:en>`_. |
| Manager | manager_id | optional | integer_t | User.manager: The user's manager. This helps in understanding an org hierarchy. This should only ever be populated once in an event. I.e. there should not be a manager's manager in an event. |
| Modified Time | modified_time | optional | timestamp_t | User.modified_time: The timestamp when the user entry was last modified. |
| Name | name | recommended | string_t | User.name: The username. For example, janedoe1. |
| Office Location | office_location | optional | string_t | User.office_location: The primary office location associated with the user. This could be any string and isn't a specific address. For example, South East Virtual. |
| Organization Name | org_name | optional | string_t | User.org: Organization and org unit related to the user. Organization.name: The name of the organization. For example, Widget, Inc. |
| Organization Org Unit Name | org_ou_name | optional | string_t | User.org: Organization and org unit related to the user. Organization.ou_name: The name of the organizational unit, within an organization. For example, Finance, IT, R&D. |
| Record Created At | record_created_at | required | timestamp_t | CDPs generated timestamp when record was created. |
| Record Updated At | record_updated_at | required | timestamp_t | CDPs generated timestamp when record was last updated. |
| Backtrace | sources | recommended | string_t Array | User.backtrace: This object is a key value set that relates each field in the user to the earliest raw event that gave DataBee that particular value in the correlation. For example, {'email_addr': 'email_activity.key=123456'}. |
| Start Time | start_time | optional | timestamp_t | User.start_time: The start time when a particular state of the user became valid. |
| Surname | surname | optional | string_t | User.surname: The last or family name for the user. |
| Type | type | optional | string_t | User.type: The type of the user. For example, System, AWS IAM User, etc. |
| Type ID | type_id | recommended | integer_t | User.type_id: The account type identifier. |
| Unique ID | uid | recommended | string_t | User.uid: The unique user identifier. For example, the Windows user SID, ActiveDirectory DN or AWS user ARN. |
Was this article helpful?