Skip to main content
All CollectionsReports
CSV security behavior event upload
CSV security behavior event upload
Ben Chadfield avatar
Written by Ben Chadfield
Updated over 6 months ago

The CSV security behavior upload allows you to upload events for security behaviors. These events are used to calculate security behavior and risk scores.

The CSV upload replicates the functionality available in the API, making it accessible to anyone.

Uploads aren’t reversible so make sure you test with limited impact before committing to large volume uploads.

Preparing the CSV

Each security behaviour is uploaded separately. You’ll need to prepare a CSV for each security behavior you want to upload data for.

CSV fields

  • email (required) - the email address for the user the event is associated with. There must be a user with that email address in CybSafe for the email to be valid.

  • sebdb_uid (required) - SebDB reference ID for the security behaviour, e.g. SB087. This must match the SebDB ID for the security behavior you are uploading to.

  • event_name (required) - reference API docs for valid event names.

  • event_action (required) - reference API docs for valid event actions.

  • event_type (required) - reference API docs for valid event types.

  • event_datetime (optional) - datetime the event occurred in the format "YYYY-MM-DD HH:MM:SS" If not provided then the upload time will with used.

  • event_source (optional) - CybSafe will record the source as CybSafe CSV upload so this is additional optional metadata.

  • event_metadata (optional) - add optional metadata for the event in json format. E.g. { id: UUID, tag: "system tag" }

CSV requirements

  • Header row is required with field names (order doesn’t matter)

  • Comma separated values

  • New line for each event

Example CSV

event_datetime,email,event_name,event_action,event_type,sebdb_uid
2024-06-09 14:15:00,[email protected],PHISHING,EMAIL_REPORTED,POSITIVE,SB087
2024-06-05 14:15:00,[email protected],PHISHING,EMAIL_REPORTED,POSITIVE,SB087

Upload the CSV

  1. Navigate to the security behavior page which can be found in Reports > Behaviors > Behavior comparison and searching for the SebDB ID in the table of behaviors.

  2. Find the CSV upload tab in the page and click on it.

  3. Click the Choose CSV file button.

  4. Select the relevant CSV file for the security.

  5. Click Upload CSV.

  6. If there are no errors then the events will be uploaded and a new successful upload entry is shown in the uploads table for that security behavior. If there are errors those errors are shown and a new failed upload entry is shown in the uploads table for that security behavior.

Troubleshooting upload errors

Check the CSV fields section for formats and requirements for each field.

After events are uploaded

Once processed events will display in activity logs for that security behavior, in the risk reports and in the user risk page. Reload the page to refresh the activity data.

Overnight the scores for security behaviors and risks will be calculated using the new behavior event data.

Deleting or editing uploaded behavior events

Once uploaded behavior events can’t be deleted or edited.

Did this answer your question?