User
  • 31 May 2024
  • 3 Minutes to read
  • Contributors
  • Dark
    Light

User

  • Dark
    Light

Article summary

Caption
Name
Requirement
Type
Description
End Timeactiverecommended:ref:`boolean_t <boolean_t>`| Derived from OCSF User.end_time.
 User.end_time: The end time of when a particular state of the user was valid. Using the ``start_time`` and ``end_time`` together bound the time when a particular user state was valid. If there is no ``end_time`` it tells the analyst that this is the current state of the user as DataBee understands it. There will ever only be a single user for which the ``end_time`` is ``null``.
Created Timecreated_timeoptional:ref:`timestamp_t <timestamp_t>`| Derived from OCSF User.created_time.
 User.created_time: The timestamp when the user was created.
Email Addressemail_addroptional:ref:`email_t <email_t>`| Derived from OCSF User.email_addr.
 User.email_addr: The user's primary email address. For example: ``noone@nowhere.ru``
Email Addressesemail_addrsoptional:ref:`email_t Array <email_t>`| Derived from OCSF User.email_addresses.
 User.email_addresses: A list of additional email addresses for the user.
Employee IDemployee_uidoptional:ref:`string_t <string_t>`| Derived from OCSF User.employee_uid.
 User.employee_uid: The employee identifier assigned to the user by the organization.
End Timeend_timerecommended:ref:`timestamp_t <timestamp_t>`| Derived from OCSF User.end_time.
 User.end_time: The end time of when a particular state of the user was valid. Using the ``start_time`` and ``end_time`` together bound the time when a particular user state was valid. If there is no ``end_time`` it tells the analyst that this is the current state of the user as DataBee understands it. There will ever only be a single user for which the ``end_time`` is ``null``.
Full Namefull_nameoptional:ref:`string_t <string_t>`| Derived from OCSF User.full_name.
 User.full_name: The full name of the person, as per the LDAP Common Name attribute (cn).
Given Namegiven_nameoptional:ref:`string_t <string_t>`| Derived from OCSF User.given_name.
 User.given_name: The given or first name of the user.
Groups Namegroup_namesoptional:ref:`string_t Array <string_t>`| Derived from OCSF User.groups.name.
 User.groups: The administrative groups to which the user belongs.
 Group.name: The group name.
Hire Datehire_datetimeoptional:ref:`timestamp_t <timestamp_t>`| Derived from OCSF User.hire_datetime.
 User.hire_datetime: The datetime when the user was/will be hired
Job Titlejob_titleoptional:ref:`string_t <string_t>`| Derived from OCSF User.job_title.
 User.job_title: The user's job title.
Leave Dateleave_datetimeoptional:ref:`timestamp_t <timestamp_t>`| Derived from OCSF User.leave_datetime.
 User.leave_datetime: The datetime when the user left/will be leaving the organization
Geo Location Citylocation_cityoptional:ref:`string_t <string_t>`| Derived from OCSF User.location.city.
 User.location: The detailed geographical location associated with a user. When used with the ``user_inventory`` event class, this typically documents the users usual work location.
 Location.city: The name of the city. For example: san diego
Geo Location Countrylocation_countryoptional:ref:`string_t <string_t>`| Derived from OCSF User.location.country.
 User.location: The detailed geographical location associated with a user. When used with the ``user_inventory`` event class, this typically documents the users usual work location.
 Location.country: The ISO 3166-1 Alpha-2 country code. For the complete list of country codes see `ISO 3166-1 alpha-2 codes <https://www.iso.org/obp/ui/#iso:pub:PUB500001:en>`_.
Managermanager_idoptional:ref:`integer_t <integer_t>`| Derived from OCSF User.manager.
 User.manager: The user's manager. This helps in understanding an org hierarchy. This should only ever be populated once in an event. I.e. there should not be a manager's manager in an event.
Modified Timemodified_timeoptional:ref:`timestamp_t <timestamp_t>`| Derived from OCSF User.modified_time.
 User.modified_time: The timestamp when the user entry was last modified
Namenamerecommended:ref:`string_t <string_t>`| Derived from OCSF User.name.
 User.name: The username. For example, ``janedoe1``.
Office Locationoffice_locationoptional:ref:`string_t <string_t>`| Derived from OCSF User.office_location.
 User.office_location: The primary office location associated with the user. This could be any string and isn't a specific address. For example, ``South East Virtual``.
Organization Nameorg_nameoptional:ref:`string_t <string_t>`| Derived from OCSF User.org.name.
 User.org: Organization and org unit related to the user.
 Organization.name: The name of the organization. For example, Widget, Inc.
Organization Org Unit Nameorg_ou_nameoptional:ref:`string_t <string_t>`| Derived from OCSF User.org.ou_name.
 User.org: Organization and org unit related to the user.
 Organization.ou_name: The name of the organizational unit, within an organization.  For example, Finance, IT, R&D
Record Created Atrecord_created_atrequired:ref:`timestamp_t <timestamp_t>`| CDPs generated timestamp when record was created.
Record Updated Atrecord_updated_atrequired:ref:`timestamp_t <timestamp_t>`| CDPs generated timestamp when record was last updated.
Backtracesourcesrecommended:ref:`string_t Array <string_t>`| Derived from OCSF User.backtrace.
 User.backtrace: This object is a key value set that relates each field in the user to the earliest raw event that gave DataBee that particular value in the correlation. For example, ``{'email_addr': 'email_activity.key=123456'}``
Start Timestart_timerequired:ref:`timestamp_t <timestamp_t>`| Derived from OCSF User.start_time.
 User.start_time: The start time when a particular state of the user became valid
Surnamesurnameoptional:ref:`string_t <string_t>`| Derived from OCSF User.surname.
 User.surname: The last or family name for the user.
Typetypeoptional:ref:`string_t <string_t>`| Derived from OCSF User.type.
 User.type: The type of the user. For example, System, AWS IAM User, etc.
Type IDtype_idrecommended:ref:`integer_t <integer_t>`| Derived from OCSF User.type_id.
 User.type_id: The account type identifier.
Unique IDuidrecommended:ref:`string_t <string_t>`| Derived from OCSF User.uid.
 User.uid: The unique user identifier. For example, the Windows user SID, ActiveDirectory DN or AWS user ARN.
IDuser_idrequired:ref:`integer_t <integer_t>`| Derived from OCSF User.id.
 User.id: The unique identifier used by DataBee for a specific user. This will be logged as ``user_id`` in activity tables to link to a particular user in this table. This field should not be mapped manually as the DataBee product populates this field itself.

Was this article helpful?

Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.
ESC

Eddy AI, facilitating knowledge discovery through conversational intelligence