Method: entities.import

Full name: projects.locations.instances.entities.import

entities.import import the entities. Note that, All entities need to be valid for the request to be successful. An error in one entity will cause the entire request to be rejected.

HTTP request


POST https://chronicle.africa-south1.rep.googleapis.com/v1beta/{parent}/entities:import

Path parameters

Parameters
parent

string

Required. The parent, which owns this collection of entities.

Request body

The request body contains data with the following structure:

JSON representation 
{

  // Union field source can be only one of the following:
  "inlineSource": {
    object (EntitiesInlineSource)
  }
  // End of list of possible types for union field source.
}
Fields

Union field source.

source can be only one of the following:
inlineSource

object (EntitiesInlineSource)

Required. Entities to be imported are specified inline.

Response body

If successful, the response body is empty.

Authorization scopes

Requires the following OAuth scope:

  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

IAM Permissions

Requires the following IAM permission on the parent resource:

  • chronicle.entities.import

For more information, see the IAM documentation.

EntitiesInlineSource

An import source with the entities to import included inline.

JSON representation 
{
  "entities": [
    {
      object (Entity)
    }
  ],
  "logType": string
}
Fields
entities[]

object (Entity)

Required. The entities being imported.
logType

string

Required. The logtype of the log this entity is created from.

Entity

An Entity provides additional context about an entity in a UDM event (asset, user, etc.). For example, a PROCESS_LAUNCH event describes that user 'abc@example.corp' launched process 'shady.exe'. The event does not include information that user 'abc@example.com' is a recently terminated employee who administers a server storing finance data. Information stored in one or more Entities can add this additional context.

JSON representation 
{
  "name": string,
  "metadata": {
    object (EntityMetadata)
  },
  "entity": {
    object (Noun)
  },
  "additional": {
    object
  },
  "riskScore": {
    object (EntityRisk)
  },
  "metric": {
    object (Metric)
  },
  "relations": [
    {
      object (Relation)
    }
  ]
}
Fields
name

string

The resource name of the entity. Format: projects/{project}/locations/{location}/instances/{instance}/entities/{entity} projects/{project}/locations/{location}/instances/{instance}/analytics/{analytic}/entities/{entity} projects/{project}/locations/{location}/instances/{instance}/watchlists/{watchlist}/entities/{entity}
metadata

object (EntityMetadata)

Entity metadata such as timestamp, product, etc.
entity

object (Noun)

Noun in the UDM event that this entity represents.
additional

object (Struct format)

Important entity data that cannot be adequately represented within the formal sections of the Entity.
riskScore

object (EntityRisk)

Represents the entity risk scores resource
metric

object (Metric)

Metric details of the entity. Used if EntityType is METRIC.
relations[]

object (Relation)

One or more relationships between the entity (a) and other entities, including the relationship type and related entity.