Skip to content

Managed Entity

The Managed Entity object describes the type and version of an entity, such as a user, device, or policy. For types in the type_id enum list, an associated attribute should be populated. If the type of entity is not in the type_id list, information can be put into the data attribute and the type attribute should identify the entity.

  • Extends: _entity

Attributes

Section titled “Attributes”

device

  • Type: device
  • Requirement: recommended

An addressable device, computer system or host.

email

  • Type: email
  • Requirement: recommended

The email object.

group

  • Type: group
  • Requirement: recommended

The group object associated with an entity such as user, policy, or rule.

name

  • Type: string_t
  • Requirement: recommended

The name of the managed entity.

org

Organization and org unit relevant to the event or object.

policy

  • Type: policy
  • Requirement: recommended

Describes details of a managed policy.

type

  • Type: string_t
  • Requirement: recommended

The managed entity type. For example: policy, user, organizational unit, device.

type_id

  • Type: integer_t
  • Requirement: recommended
  • Values:
    • 0 - Unknown: The type is unknown.
    • 1 - Device: A managed Device entity. This item corresponds to population of the device attribute.
    • 2 - User: A managed User entity. This item corresponds to population of the user attribute.
    • 3 - Group: A managed Group entity. This item corresponds to population of the group attribute.
    • 4 - Organization: A managed Organization entity. This item corresponds to population of the org attribute.
    • 5 - Policy: A managed Policy entity. This item corresponds to population of the policy attribute.
    • 6 - Email: A managed Email entity. This item corresponds to population of the email attribute.
    • 99 - Other: The type is not mapped. See the type attribute, which contains a data source specific value.

The type of the Managed Entity. It is recommended to also populate the type attribute with the associated label, or the source specific name if Other.

uid

  • Type: string_t
  • Requirement: recommended

The identifier of the managed entity.

user

  • Type: user
  • Requirement: recommended

The user that pertains to the event or object.

version

  • Type: string_t
  • Requirement: recommended

The version of the managed entity. For example: 1.2.3.

data

  • Type: json_t
  • Requirement: optional

The managed entity content as a JSON object.

location

The detailed geographical location usually associated with an IP address.

Constraints

Section titled “Constraints”

At least one of: name, uid, device, group, org, policy, user

Used By

Section titled “Used By”