Entity

JSON representation

An Entity provides additional context about an item in a UDM event. For example, a PROCESS_LAUNCH event describes that user 'abc@example.corp' launched process 'shady.exe'. The event does not include information that user 'abc@example.com' is a recently terminated employee who administers a server storing finance data. Information stored in one or more Entities can add this additional context.

JSON representation

JSON representation
{ "metadata": { object (`EntityMetadata`) }, "entity": { object (`Noun`) }, "relations": [ { object (`Relation`) } ], "additional": { object }, "metric": { object (`Metric`) }, "risk_score": { object (`EntityRisk`) } }

{
  "metadata": {
    object (EntityMetadata)
  },
  "entity": {
    object (Noun)
  },
  "relations": [
    {
      object (Relation)
    }
  ],
  "additional": {
    object
  },
  "metric": {
    object (Metric)
  },
  "risk_score": {
    object (EntityRisk)
  }
}

Fields
`metadata`	`object (EntityMetadata)` Entity metadata such as timestamp, product, etc.
`entity`	`object (Noun)` Noun in the UDM event that this entity represents.
`relations[]`	`object (Relation)` One or more relationships between the entity (a) and other entities, including the relationship type and related entity.
`additional`	`object (Struct format)` Important entity data that cannot be adequately represented within the formal sections of the Entity.
`metric`	`object (Metric)` Stores statistical metrics about the entity. Used if metadata.entity_type is METRIC.
`risk_score`	`object (EntityRisk)` Stores information related to the entity's risk score.