A mature User and Entity Behavior Analytics (UEBA) solution integrates with as many of your enterprise applications as possible. You want to ingest data feeds from applications, infrastructure (Systems, AD/LDAP, Devices, etc.), and cyber security feeds (threat intelligence, DLP, Firewall, etc.). You also want to integrate UEBA with relevant applications to facilitate security orchestration – like ticketing systems to automatically open service tickets to investigate risky behavior. One of the primary formats for UEBA data ingestion and integration is JSON (JavaScript Object Notation), the lightweight data-interchange format.
JSON has a more compact style than XML. With JSON, it is very easy to transform data from UEBA solutions to other applications with little overhead. It has become the standard for UEBA API integrations.
Data ingestion is key for a successful UEBA deployment. Gurucul’s advanced analytics engine ingests a range of data types from various enterprise and cloud applications and platforms. This includes identity, access, activity logs, transactions, communication logs (voice, chat, SMS), flow data (NetFlow / PCap), external Threat Intelligence feeds, social media, device allocations, and more.
Gurucul provides more than 300 out-of-the-box connectors for a majority of standard Commercial Off The Shelf (COTS) platforms. It also provides a native Flex-Connector Framework which allows customers to quickly build and configure a generic connector.
Gurucul UEBA supports stream, flat file (CSV, XML, JSON), database, LDAP and API connections, allowing customers to connect to virtually any data source. Our APIs utilize the JSON lightweight data-interchange format because JSON offers open, standards based data portability.
Gurucul UEBA provides a collection of REST Application Programming Interfaces (APIs) which allow external programs to use the core product functionality by integrating the APIs with existing IT infrastructures and third-party applications. The API output is in JSON format, and the key here is that the integration is open. Gurucul offers open analytics on open choice of big data using open APIs for data ingestion and integration. Not all UEBA products offer APIs based on JSON. This is a clear differentiator in easily connecting UEBA to all your applications, infrastructure, and cyber logs using an open, standard format.
Following are some of the key use cases and business processes executed by existing customers using Gurucul JSON APIs:
The Gurucul REST API conforms to the Representational State Transfer (REST) architectural style that essentially exploits the existing technology and protocols of the Web. REST architecture has the following properties:
These architectural properties align with a REST API implementation that accesses domain resources with corresponding endpoints, using the HTTP and HTTPS protocol.
The Gurucul UEBA API categories include:
Coding languages oriented to network based resources provide libraries supporting HTTP GET/POST protocols, most commonly JAVA and Python. Typical implementations may begin as UNIX shell scripts or on the command-line. A single command-line call to ‘curl’ can invoke the API. Our API guide provides interesting examples. The UI uses the API to interact with the backend. All application functions can be built using the API.
In addition, Gurucul supports range of Hadoop Big Data distributions which can be queried programmatically to access raw data stored in HDFS/HBase using standard interfaces like Phoenix, Impala, Hive, etc.
Prev: ABCs of UEBA: I is for Insider Threat Next: ABCs of UEBA: K is for Known