REST Resource: projects.locations.instances.entities

Resource: Entity

An Entity provides additional context about an entity in a UDM event (asset, user, etc.). For example, a PROCESS_LAUNCH event describes that user 'abc@example.corp' launched process 'shady.exe'. The event does not include information that user 'abc@example.com' is a recently terminated employee who administers a server storing finance data. Information stored in one or more Entities can add this additional context.

JSON representation 
{
  "name": string,
  "metadata": {
    object (EntityMetadata)
  },
  "entity": {
    object (Noun)
  },
  "additional": {
    object
  },
  "risk_score": {
    object (EntityRisk)
  },
  "metric": {
    object (Metric)
  },
  "relations": [
    {
      object (Relation)
    }
  ]
}
Fields
name

string

The resource name of the entity. Format: projects/{project}/locations/{location}/instances/{instance}/entities/{entity} projects/{project}/locations/{location}/instances/{instance}/analytics/{analytic}/entities/{entity} projects/{project}/locations/{location}/instances/{instance}/watchlists/{watchlist}/entities/{entity}
metadata

object (EntityMetadata)

Entity metadata such as timestamp, product, etc.
entity

object (Noun)

Noun in the UDM event that this entity represents.
additional

object (Struct format)

Important entity data that cannot be adequately represented within the formal sections of the Entity.
risk_score

object (EntityRisk)

Represents the entity risk scores resource
metric

object (Metric)

Metric details of the entity. Used if EntityType is METRIC.
relations[]

object (Relation)

One or more relationships between the entity (a) and other entities, including the relationship type and related entity.

Methods

get

 Gets an entity by name.

import

 ImportEntities import the entities.

modifyEntityRiskScore

 Modify base entity risk score for an entity.

queryEntityRiskScoreModifications

 Query modifications to base entity risk score for an entity.