Data ingestion is the means through which you can import data from external sources into Security Center without having to develop complex code-based integrations.
The Record Caching Service role
The role that handles data ingestion in Security Center is called the Record Caching Service. To make external data accessible to Security Center applications, the Record Caching Service role keeps a copy of the ingested data in a local database called the record cache. The data format of the cached Records, including their display properties in Security Center, are stored in the Directory database and called the record type.
After a record type is configured, you can use it to ingest external data from a flat file, a REST endpoint, or through custom integration using the Security Center SDK. If you have many different types of records to ingest regularly, you can define multiple Record Caching Service roles to distribute the load.
Any Security Center module can use the ingested data. You can use the Unified report investigation task in Security Desk to view the ingested data and derive new information based on suspected or known correlations. For more information, see Investigating record types.
The Record Fusion Service role
The Record Fusion Service is the central role that provides a unified querying mechanism for data records that come from a wide variety of sources, such as Security Center modules or third-party applications. All record requests go through this role, which then queries their respective record providers.
A record provider is either a Security Center role or an SDK application that connects a data source to the Record Fusion Service role. For example, the Record Caching Service role is the record provider for data imported from third-party sources. The Map Manager role is the record provider for map objects that are used as records. The Access Manager role and the Archiver role are the respective record providers for access control events and camera events used as records. All record providers can be uniformly queried through the Record Fusion Service.
Required software license
If your software license supports Record fusion, the Record Fusion Service is created by default when the Directory starts. The license for Record fusion is included in the Security Center Professional and the Enterprise editions.
If you have external data to ingest, you must create the Record Caching Service role yourself. To create this role, your software license must support Record caching. The number of different record types you create cannot exceed the Number of record types for caching supported by your license.