Noise-Canceling UEBA

deploy/mariadb/init/001-schema.sql

@@ -1409,16 +1409,15 @@ CREATE TABLE host_risk_scores (
     updated_at TIMESTAMP(6) NOT NULL DEFAULT CURRENT_TIMESTAMP(6) ON UPDATE CURRENT_TIMESTAMP(6)
 );
 
-CREATE TABLE ueba_user_baseline (
-    id BIGINT AUTO_INCREMENT PRIMARY KEY,
+CREATE TABLE IF NOT EXISTS ueba_user_baseline (
     username VARCHAR(255) NOT NULL,
     hostname VARCHAR(255) NOT NULL,
-    src_ip VARCHAR(255) NOT NULL DEFAULT '',
-    workstation VARCHAR(255) NOT NULL DEFAULT '',
-    first_seen TIMESTAMP(6) NOT NULL DEFAULT CURRENT_TIMESTAMP(6),
-    last_seen TIMESTAMP(6) NOT NULL DEFAULT CURRENT_TIMESTAMP(6),
+    src_ip VARCHAR(64) NOT NULL,
+    workstation VARCHAR(255) NOT NULL,
+    first_seen DATETIME(6) NOT NULL DEFAULT UTC_TIMESTAMP(6),
+    last_seen DATETIME(6) NOT NULL DEFAULT UTC_TIMESTAMP(6),
     seen_count BIGINT NOT NULL DEFAULT 1,
-    UNIQUE KEY uniq_user_context (username, hostname, src_ip, workstation)
+    PRIMARY KEY (username, hostname, src_ip, workstation)
 );
 
 CREATE INDEX idx_ueba_user_baseline_user