Skip to main content

Security ContentExabeam Security Content in the Common Information Model

Numerical Time of Week Models

The following user-based example models the time at which print activity took place for a specific user. The user-based nature of the model is clear from the value for the Scope attribute. For more information about the model attributes, see the table below the example.

PR-UT-TOW {
  ModelTemplate = "Print activity time for user"
  Description = "Models the times of day that this user performs print activity"
  Category = "Print Activity"
  IconName = "user"
  ScopeType = "USER"
  Scope = "user"
  Feature = "TimeOfWeek()"
  FeatureName = "Time"
  FeatureType = "Time"
  TrainIf = """TRUE"""
  ModelType = "NUMERICAL_TIME_OF_WEEK"
  AgingWindow = ""
  CutOff = "10"
  Alpha = "1"
  ConvergenceFilter = "confidence_factor>=0.8"
  HistogramEventTypes = [  "print-activity"  ]
  Disabled = "FALSE"}
 // End of PR-UT-TOW

Model Attribute

Description

Category

Helps define the scope of a model. This model tracks the time at which print activity took place, so the Category value is Print Activity.

For a list of Exabeam Category values, see Model Categories.

Scope

Specifies the field for which the model is collecting data. The Scope for this model is a specific user. In this example, the user is a parsed field in print-activity events.

Feature

The data object for which values are being collected. This example models the time of print activity by a specific user. The Feature value is TimeOfWeek(), which fetches the day of the week the print activity occurs.

TrainIf

The expression TRUE tells the model to train on the specified feature data whenever the activity included in the HistogramEventTypes array occurs. In this sample model, TRUE means – whenever print-activity occurs for a specific user, model the time information for the occurrence.

ModelType

This example models time, so the value is NUMERICAL_TIME_OF_WEEK.

HistogramEvent

A histogram for this model displays print activity times by the user in a specific range of time.

For definitions and examples of other Exabeam model attributes, see Model Attributes.