An Entity provides additional context about an item in a UDM event. For example, a PROCESS_LAUNCH event describes that user 'abc@example.corp' launched process 'shady.exe'. The event does not include information that user 'abc@example.com' is a recently terminated employee who administers a server storing finance data. Information stored in one or more Entities can add this additional context.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-01-22 UTC."],[[["Entities in UDM provide crucial context to events, enriching the information beyond the event's basic details, like adding that a user is a terminated employee with server access."],["The JSON representation of an Entity includes fields like `metadata`, `entity`, `relations`, `additional`, `metric`, and `risk_score` for a comprehensive description."],["The `metadata` field within an Entity stores data such as timestamps and the product associated with the entity, offering essential background information."],["The `relations` field captures the connections between the main entity and other related entities, detailing the nature of these relationships."],["The `additional` field allows for storing important data that does not fit in the defined sections."]]],[]]
