Skip to main content
Version: 4.3

Main Entities

The main entity that the module operates with is the object. To define the parameters of the object, its type is configured. Scoring types compatible with UBA allow generating score accruals for the object.

UBA Objects and Object Types

An object is a set of characteristics defined according to how the behavior of this object will be analyzed in the future.

List of Objects

An object contains basic and additional fields. These are configured by the object type.

Object Type Settings

Base Fields

This set of fields and their values must uniquely identify the object. For example, this could be a GUID, email address, or phone number. When forming the object's profile, the values of the basic fields will be matched with the fields from the source events.

Additional Fields

Additional fields serve as reference information about the object. They can be used to enrich the incident card, visualizations on dashboards, etc.

Scoring Types

Scoring types support compatibility with the UBA module.

Scoring Type Settings

When compatibility is enabled, three fields are added to the scoring type:

  • UBA Object – used to identify the object
  • UBA object type – indicates the type to which the object belongs
  • Lifespan – used to set the time during which the score is active

By selecting such a scoring type in the task scheduler, you will be prompted to fill in these fields:

Scoring Settings