Connection Manager

ueba train

Download Spec

get/connection-manager/api/v1/ueba/datasets

Get dataset object list, possibility to filter training history

Authorizationstring

required

OAuth2 token

Default: "Bearer a-proper-token-goes-here"

Responses

Response examples

Successful request, respond with a list of dataset objects

{
  "count": 123,
  "items": [
    {
      "id": "5bf77342-221c-11ee-be56-0242ac120002",
      "last_training": "2023-06-07T17:32:28Z",
      "is_active": true,
      "use_for_inference_once_trained": true,
      "time_range_settings": {
        "start": "2023-06-07T17:32:28Z",
        "end": "2023-06-07T17:32:28Z",
        "exclude": [
          {
            "start": "2023-06-07T17:32:28Z",
            "end": "2023-06-07T17:32:28Z"
          }
        ]
      },
      "training_results": [
        {
          "created": "2023-06-07T17:32:28Z",
          "feature_config_name": "string",
          "status": "TRAINING",
          "error_code": "string",
          "error_details": "string",
          "num_connections": 123,
          "mean": 123.0,
          "std": 123.0,
          "quantile_99": 123.0,
          "quantile_999": 123.0,
          "training_log": "string",
          "training_dataset_loss": [
            123.0
          ],
          "validation_dataset_loss": [
            123.0
          ],
          "validation_dataset_histogram": {
            "hist": [
              123.0
            ],
            "bin_edges": [
              123.0
            ]
          }
        }
      ],
      "comment": "string",
      "created": "2023-06-07T17:32:28Z",
      "created_by": "string",
      "updated": "2023-06-07T17:32:28Z",
      "updated_by": "string"
    }
  ]
}

post/connection-manager/api/v1/ueba/datasets

Save new dataset definition. Note training requires separate action.

idstring

Format: uuid

last_trainingstring

last successful training reported from ueba server

Format: date-time

is_activeboolean

if set, dataset based on which inference is done.

use_for_inference_once_trainedboolean

admin can set ueba to take results into use automatically after training completed. Note will toggle is_active bits once training done, as needed.

Default: false

time_range_settingsobject (training_period)

required

Definition of time interval(s) from where connections data is fetched from db for training

startstring

Format: date-time

endstring

Format: date-time

excludearray

time ranges to exclude

training_resultsarray

createdstring

when training entry in ueba server created

Format: date-time

feature_config_namestring

required

statusstring

required

Enum: TRAINING
SUCCESS
FAILURE

error_codestring

error_detailsstring

num_connectionsint

meannumber

stdnumber

quantile_99number

quantile_999number

training_logstring

training_dataset_lossarray

validation_dataset_lossarray

validation_dataset_histogramobject

commentstring

A comment describing the dataset

createdstring

Format: date-time

created_bystring

updatedstring

Format: date-time

updated_bystring

Responses

Request examples

{
  "id": "5bf77342-221c-11ee-be56-0242ac120002",
  "last_training": "2023-06-07T17:32:28Z",
  "is_active": true,
  "use_for_inference_once_trained": true,
  "time_range_settings": {
    "start": "2023-06-07T17:32:28Z",
    "end": "2023-06-07T17:32:28Z",
    "exclude": [
      {
        "start": "2023-06-07T17:32:28Z",
        "end": "2023-06-07T17:32:28Z"
      }
    ]
  },
  "training_results": [
    {
      "created": "2023-06-07T17:32:28Z",
      "feature_config_name": "string",
      "status": "TRAINING",
      "error_code": "string",
      "error_details": "string",
      "num_connections": 123,
      "mean": 123.0,
      "std": 123.0,
      "quantile_99": 123.0,
      "quantile_999": 123.0,
      "training_log": "string",
      "training_dataset_loss": [
        123.0
      ],
      "validation_dataset_loss": [
        123.0
      ],
      "validation_dataset_histogram": {
        "hist": [
          123.0
        ],
        "bin_edges": [
          123.0
        ]
      }
    }
  ],
  "comment": "string",
  "created": "2023-06-07T17:32:28Z",
  "created_by": "string",
  "updated": "2023-06-07T17:32:28Z",
  "updated_by": "string"
}

Response examples

Successful request, dataset saved

{
  "id": "5bf77342-221c-11ee-be56-0242ac120002"
}

get/connection-manager/api/v1/ueba/datasets/{dataset_id}

Get dataset by id, possibility to filter training history

dataset_idstring

required

Format: uuid

Responses

Response examples

Successful request, respond with updated dataset

{
  "id": "5bf77342-221c-11ee-be56-0242ac120002",
  "last_training": "2023-06-07T17:32:28Z",
  "is_active": true,
  "use_for_inference_once_trained": true,
  "time_range_settings": {
    "start": "2023-06-07T17:32:28Z",
    "end": "2023-06-07T17:32:28Z",
    "exclude": [
      {
        "start": "2023-06-07T17:32:28Z",
        "end": "2023-06-07T17:32:28Z"
      }
    ]
  },
  "training_results": [
    {
      "created": "2023-06-07T17:32:28Z",
      "feature_config_name": "string",
      "status": "TRAINING",
      "error_code": "string",
      "error_details": "string",
      "num_connections": 123,
      "mean": 123.0,
      "std": 123.0,
      "quantile_99": 123.0,
      "quantile_999": 123.0,
      "training_log": "string",
      "training_dataset_loss": [
        123.0
      ],
      "validation_dataset_loss": [
        123.0
      ],
      "validation_dataset_histogram": {
        "hist": [
          123.0
        ],
        "bin_edges": [
          123.0
        ]
      }
    }
  ],
  "comment": "string",
  "created": "2023-06-07T17:32:28Z",
  "created_by": "string",
  "updated": "2023-06-07T17:32:28Z",
  "updated_by": "string"
}

put/connection-manager/api/v1/ueba/datasets/{dataset_id}

Update dataset. Note this will cause backend to empty training history and delete trained weights in ueba machine. This endpoint will not initiate training.

idstring

Format: uuid

last_trainingstring

last successful training reported from ueba server

Format: date-time

is_activeboolean

if set, dataset based on which inference is done.

use_for_inference_once_trainedboolean

admin can set ueba to take results into use automatically after training completed. Note will toggle is_active bits once training done, as needed.

Default: false

time_range_settingsobject (training_period)

required

Definition of time interval(s) from where connections data is fetched from db for training

startstring

Format: date-time

endstring

Format: date-time

excludearray

time ranges to exclude

training_resultsarray

createdstring

when training entry in ueba server created

Format: date-time

feature_config_namestring

required

statusstring

required

Enum: TRAINING
SUCCESS
FAILURE

error_codestring

error_detailsstring

num_connectionsint

meannumber

stdnumber

quantile_99number

quantile_999number

training_logstring

training_dataset_lossarray

validation_dataset_lossarray

validation_dataset_histogramobject

commentstring

A comment describing the dataset

createdstring

Format: date-time

created_bystring

updatedstring

Format: date-time

updated_bystring

Responses

Request examples

{
  "id": "5bf77342-221c-11ee-be56-0242ac120002",
  "last_training": "2023-06-07T17:32:28Z",
  "is_active": true,
  "use_for_inference_once_trained": true,
  "time_range_settings": {
    "start": "2023-06-07T17:32:28Z",
    "end": "2023-06-07T17:32:28Z",
    "exclude": [
      {
        "start": "2023-06-07T17:32:28Z",
        "end": "2023-06-07T17:32:28Z"
      }
    ]
  },
  "training_results": [
    {
      "created": "2023-06-07T17:32:28Z",
      "feature_config_name": "string",
      "status": "TRAINING",
      "error_code": "string",
      "error_details": "string",
      "num_connections": 123,
      "mean": 123.0,
      "std": 123.0,
      "quantile_99": 123.0,
      "quantile_999": 123.0,
      "training_log": "string",
      "training_dataset_loss": [
        123.0
      ],
      "validation_dataset_loss": [
        123.0
      ],
      "validation_dataset_histogram": {
        "hist": [
          123.0
        ],
        "bin_edges": [
          123.0
        ]
      }
    }
  ],
  "comment": "string",
  "created": "2023-06-07T17:32:28Z",
  "created_by": "string",
  "updated": "2023-06-07T17:32:28Z",
  "updated_by": "string"
}

Response examples

Successful request

Empty response

delete/connection-manager/api/v1/ueba/datasets/{dataset_id}

Delete dataset

dataset_idstring

required

Format: uuid

Responses

Response examples

Successful request

Empty response

post/connection-manager/api/v1/ueba/train/{dataset_id}

Train or retrain a saved dataset.

set_active_after_trainingboolean

start infering with this dataset after training completed

Default: false

Responses

Response examples

Training initiated

{
  "count": 123
}

post/connection-manager/api/v1/ueba/query-connection-count

Get number of connections for dataset with given parameters. All connections, if json empty in body. Enables ui to poll dataset size when user configures period. Note uses post to avoid too long GET url query string.

startstring

Format: date-time

endstring

Format: date-time

excludearray

time ranges to exclude

startstring

Format: date-time

endstring

Format: date-time

Responses

Request examples

{
  "start": "2023-06-07T17:32:28Z",
  "end": "2023-06-07T17:32:28Z",
  "exclude": [
    {
      "start": "2023-06-07T17:32:28Z",
      "end": "2023-06-07T17:32:28Z"
    }
  ]
}

Response examples

Connection count for specified filters

{
  "count": 123
}

Was this page helpful?