An Entity provides additional context about an item in a UDM event. For example, a PROCESS_LAUNCH event describes that user 'abc@example.corp' launched process 'shady.exe'. The event does not include information that user 'abc@example.com' is a recently terminated employee who administers a server storing finance data. Information stored in one or more Entities can add this additional context.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-25 UTC."],[[["\u003cp\u003eEntities in UDM provide crucial context to events, enriching the information beyond the event's basic details, like adding that a user is a terminated employee with server access.\u003c/p\u003e\n"],["\u003cp\u003eThe JSON representation of an Entity includes fields like \u003ccode\u003emetadata\u003c/code\u003e, \u003ccode\u003eentity\u003c/code\u003e, \u003ccode\u003erelations\u003c/code\u003e, \u003ccode\u003eadditional\u003c/code\u003e, \u003ccode\u003emetric\u003c/code\u003e, and \u003ccode\u003erisk_score\u003c/code\u003e for a comprehensive description.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003emetadata\u003c/code\u003e field within an Entity stores data such as timestamps and the product associated with the entity, offering essential background information.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003erelations\u003c/code\u003e field captures the connections between the main entity and other related entities, detailing the nature of these relationships.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003eadditional\u003c/code\u003e field allows for storing important data that does not fit in the defined sections.\u003c/p\u003e\n"]]],[],null,[]]
