An entity is an organizational unit mostly used for configuration and reporting easiness. Entities allow a logical grouping of your data sources and the associated alerts. It can be a company site, network zone, or any other grouping that you think is relevant.
An entity is denoted by a number of fields:
- a name
- an entity ID
- a description
- a default alert generation mode
All fields of entities are editable and mandatory.
Alert generation mode
The Alert generation mode affects the alert processing workflow. There are two generation modes:
automatic: for which the alerts proceed to the status
Ongoingimmediately after their creation
manual: for which the alerts remain in the status
Pendinguntil a manual action.
On the listing page of entities, you can find:
- Name of all your entities
- A description for each entity
- The number of intakes linked to each entity
Under the entity details, you will find the associated data sources.
To activate a new intake for your entity, please refer to the intakes documentation.
Create an entity
To create a new entity:
- Go the the Entities page in the menu
- Click on the
+ New Entitybutton
- Give your entity a name, an entity ID and a description. All these fields are mandatory
- Choose your Alert generation mode (A default value for alert generation mode is defined for each entity but can be overrided in each detection rule)
- Save your settings
On the details view of an entity, you can find:
- The name of the entity
- A description of the entity
- A table that lists all intakes related to this entity
This detailed view allows you to edit the entity or delete it if needed.
You can also add intakes to it by clicking on the
+ Add Intake button on the upper right side of the table.
One entity can have as many intakes in different formats as it requires.