Unified Data Model (UDM) Reference
The Brinqa Platform includes unified data models (UDM) that all Brinqa applications can access. UDMs are the most central elements in the Brinqa Platform, structuring and determining relationships between all data and objects in the system. Data models define schema for datasets, automate data inputs, and normalize data from different sources. The following table provides details about each model and links to its respective attributes:
| Name | Description | Parent Data Model | Default Clusters |
|---|---|---|---|
| Account | A user's access to a service. | Asset | Environments, Informed users, Profiles, Remediation owner, Risk owner, Technologies, Type |
| Affected technology | A cluster type based on technologies that are affected by a finding, such as Java, Mozilla, or Windows. | One to many cluster model | None |
| Alert | A security finding for a special, urgent notification about the occurrence of a specific event. | Finding | Informed users, uid |
| Alert definition | A definition that contains all common attributes for any given alert. | Finding definition | Finding type, Profiles, Technologies |
| Alert ticket | A record that documents the interactions and progress made on a single or group of findings. | Ticket | None |
| API endpoint | An application programming interface (API) endpoint. | Asset | Environments, Informed users, Profiles, Remediation owner, Risk owner, Technologies, Type |
| Application | A software application. | Asset | Environments, Informed users, Profiles, Remediation owner, Risk owner, Technologies, Type |
| Assessment | An assessment performed against an asset. | Entity model | None |
| Asset | The base model for various asset categories. | Entity model | Environments, Informed users, Profiles, Remediation owner, Risk owner, Technologies, Type |
| Asset profile | A cluster type that enables meaningful, business oriented grouping of assets, such as Payment Card Industry (PCI) compliance or the Federal Risk and Authorization Management Program (FedRAMP) compliance. | One to many cluster model | None |
| Asset technology | A cluster type that identifies the type of technology associated with an asset. An asset can be linked to multiple technology categories, such as operating systems or cloud platforms. | One to many cluster model | None |
| Asset type | A cluster type that determines the identity of an asset. Various tools may have their unique categorizations that could vary slightly. For example, Mobile phone vs. Cell phone. Clustering the assets based on Asset Type enables you to standardize these identities dynamically. | One to one cluster model | None |
| Attack mitigation | The security concepts and classes of technologies that can be used to prevent a technique or sub-technique from being successfully executed. | Entity model | None |
| Attack pattern | The patterns of attack employed by adversaries to exploit known weaknesses in cyber-enabled capabilities. | Entity model | None |
| Attack tactic | The common attributes and approaches employed by adversaries to exploit known weaknesses in cyber-enabled capabilities. | Entity model | None |
| Attack technique | The methods and tactics utilized by adversaries in various stages of cyber attacks. | Entity model | None |
| Attack vector | The path a vulnerability takes to exploit a system. | Entity model | None |
| Base model | The base model that defines characteristics many other data models may have by acting as a parent model to other data models. Child data models inherit the parent model’s attributes, so the base model saves administrators the time of repeatedly adding the same attributes to many different data models. | None | None |
| Business service | A function performed by a business unit. | Entity model | None |
| Business unit | A group of assets that belong to the same business ownership group. | Entity model | None |
| Certification | A certification a user receives upon completing a course or taking an exam. | Asset | Environments, Informed users, Profiles, Remediation owner, Risk owner, Technologies, Type |
| Cloud resource | A resource from a cloud provider and can be anything from a VPC (virtual private cloud) to an individual user in your system. | Asset | Environments, Informed users, Profiles, Remediation owner, Risk owner, Technologies, Type |
| Cluster model | A built-in data model that defines common attributes for grouping entities. | Config model | None |
| Code project | A collection of files scanned by a static code scanner. | Asset | Environments, Informed users, Profiles, Remediation owner, Risk owner, Technologies, Type |
| Code repository | An archive of a code base. | Asset | Environments, Informed users, Profiles, Remediation owner, Risk owner, Technologies, Type |
| Company | A business organization. | Entity model | None |
| Container | A package of all dependencies related to a software component that is run in an isolated environment. | Asset | Environments, Informed users, Profiles, Remediation owner, Risk owner, Technologies, Type |
| Container image | An immutable package of everything that a container needs to run. | Asset | Environments, Informed users, Profiles, Remediation owner, Risk owner, Technologies, Type |
| CPE record | The National Vulnerability Database (NVD) Common Platform Enumeration (CPE) dictionary. | Entity model | None |
| CVE record | The descriptive data about a vulnerability associated with a Common Vulnerabilities and Exposures (CVE) ID. | Entity model | None |
| Device | Any piece of hardware on a network that may be susceptible to a vulnerability | Asset | Environments, Informed users, Profiles, Remediation owner, Risk owner, Technologies, Type |
| Dynamic code finding | A security finding identified using the Dynamic Application Security Testing (DAST) methodology. | Finding | Informed users, Remediation owner, Risk owner |
| Dynamic code finding definition | A definition that contains all common attributes for any given dynamic code finding. | Finding definition | Finding type, Profiles, Technologies |
| Dynamic code ticket | A record that documents the interactions and progress made on a single or group of dynamic code findings. | Ticket | None |
| Entity model | A built-in entity model that defines common attributes and relationships between entities. | Base model | None |
| Environment | The business environment an asset is found on. | One to many cluster model | None |
| EOL advisory | The announcement or update to a product's end of life. | Entity model | None |
| Exception request | A request to have additional time to remediate a finding. | Request | None |
| False positive request | A request to mark a finding as a false positive. | Request | None |
| Finding | A security finding, which may be a vulnerability, policy violation, an alert, or code issue. | Entity model | Informed users, Remediation owner, Risk owner |
| Finding definition | A definition that contains all common attributes for any given finding. | Entity model | Finding type, Profiles, Technologies |
| Finding profile | A cluster type that enables meaningful, business oriented grouping of findings, such as Open Worldwide Application Security Project (OWASP) Top 10. | One to many cluster model | None |
| Finding type | A cluster type that provides definition of a finding category. Various tools may have their unique categorizations that could vary slightly. For example, cross-site scripting (XSS) vs. pentest. Clustering the findings based on Finding Type enables you to standardize these identities dynamically. | One to one cluster model | None |
| Host | A computer that serves as a container for workloads. It typically runs an operating system and has an IP address. | Asset | Environments, Informed users, Profiles, Remediation owner, Risk owner, Technologies, Type |
| Host image | An immutable package of everything that a host needs to run. | Asset | Environments, Informed users, Profiles, Remediation owner, Risk owner, Technologies, Type |
| Incident | A finding that represents a security incident, which may be a vulnerability, a policy violation, an alert, or a code issue.. | Finding | Informed users, Remediation owner, Risk owner |
| Incident definition | A definition that contains all common attributes for any given incident. | Finding definition | Finding type, Profiles, Technologies |
| Incident ticket | A record that documents the interactions and progress made on a single or group of incidents. | Ticket | None |
| Informed user | A cluster type used to identify a person or a group of people who need to stay informed for a given finding or asset. | One to many cluster model | None |
| Installed package | A computer program whose code is not managed by AppSec that is installed on an asset. | Entity model | Environments, Informed users, Profiles, Remediation owner, Risk owner, Technologies |
| IP range | A range of IP addresses in a network. | Asset | Environments, Informed users, Profiles, Remediation owner, Risk owner, Technologies, Type |
| Manual finding | A security finding discovered through manual testing. | Finding | Informed users, uid |
| Manual finding definition | A definition that contains all common attributes for any given manual finding. | Finding definition | Finding type, Profiles, Technologies |
| Manual ticket | A record that documents the interactions and progress made on a single or group of manual findings. | Ticket | None |
| Network segment | A group of subnets. | Asset | Environments, Informed users, Profiles, Remediation owner, Risk owner, Technologies, Type |
| Open source finding | A security finding in the open-source software or library. | Finding | Informed users, Remediation owner, Risk owner |
| Open source finding definition | A definition that contains all common attributes for any given open source finding. | Finding definition | Finding type, Profiles, Technologies |
| Open source ticket | A record that documents the interactions and progress made on a single or group of open source findings. | Ticket | None |
| OS family | A cluster type that refers to a group of closely related operating systems (OS) that share a common ancestry, core design principles, and software components. They typically have similar underlying architecture, programming interfaces, and user interfaces, although they may diverge in features and functionality. | One to one cluster model | None |
| Package | An assemblage of files and information about those files. A package can represent software components, applications from a package manager, and more. | Asset | Environments, Informed users, Profiles, Remediation owner, Risk owner, Technologies, Type |
| Pentest finding | A security finding discovered through a penetration test. | Finding | Informed users, uid |
| Pentest finding definition | A definition that contains all common attributes for any given pentest finding. | Finding definition | Finding type, Profiles, Technologies |
| Pentest ticket | A record that documents the interactions and progress made on a single or group of pentest findings. | Ticket | None |
| Person | A data model representing a person. | Entity model | Profiles, Technologies, Type |
| Remediation campaign | A data model that represents the business objective of grouping remediation tickets. | Entity model | Informed users |
| Remediation owner | A cluster type used to identify a person or a group of people responsible for remediating findings. | One to one cluster model | None |
| Remediation validation request | A request to mark findings as fixed. | Request | None |
| Request | The parent data model for requests. | Base model | None |
| Risk acceptance request | A request to not remediate but assume the risk for a finding. | Request | None |
| Risk factor | A condition that increases or decreases the overall risk score of an entity by a given value. | One to many cluster model | None |
| Risk level | A built-in model that represents the range used for determining risk rating from a risk score. | Config model | None |
| Risk owner | A cluster type used to identify a person or a group of people who own the risk associated with findings. | One to one cluster model | None |
| Risk scoring model | A built-in model that defines how to compute base risk score, risk score, and risk rating for a data model. | One to one cluster model | None |
| Role | A built-in model that defines characteristics of user roles within the system. | Base model | None |
| Security advisory | A built-in model that represents an announcement or update on vulnerabilities by a security vendor. | Entity model | None |
| Service | A service used by an organization. | Asset | Environments, Informed users, Profiles, Remediation owner, Risk owner, Technologies, Type |
| Service level | A built-in model to represent a range for a service level to be applied. | Config model | None |
| SLA definition | A built-in model used to calculate the due date or compliance date of another data model, such as findings or tickets. | One to one cluster model | None |
| Site | A built-in model to represent a website or web application. | Asset | Environments, Informed users, Profiles, Remediation owner, Risk owner, Technologies, Type |
| Site certificate | A built-in model to represent a site's certificate. | Asset | Environments, Informed users, Profiles, Remediation owner, Risk owner, Technologies, Type |
| Source model | A built-in model that defines common attributes for data sources. | Base model | None |
| Sprint model | A data model that represents a short, time-boxed period for scheduling tickets. | Entity model | None |
| Static code finding | A security finding identified using the Static Application Security Testing (SAST) methodology. | Finding | Informed users, Remediation owner, Risk owner |
| Static code finding definition | A definition that contains all common attributes for any given static code finding. | Finding definition | Finding type, Profiles, Technologies |
| Static code ticket | A record that documents the interactions and progress made on a single or group of static code findings. | Ticket | None |
| Subnet | A subnet in a network. | Asset | Environments, Informed users, Profiles, Remediation owner, Risk owner, Technologies, Type |
| Team | A data model representing a team. | Entity model | Profiles, Type |
| Threat Intelligence | Information about cyber threats to help mitigate potential attacks. | Entity model | None |
| Ticket | A record that documents the interactions and progress made on a single or group of findings. | Entity model | None |
| User | A data model that defines characteristics of individual users of the system. | Base model | None |
| Violation | A finding that is not following best practice policy. | Finding | Informed users, Remediation owner, Risk owner |
| Violation definition | A definition that contains all common attributes for any given violation. | Finding definition | Finding type, Profiles, Technologies |
| Violation ticket | A record that documents the interactions and progress made on a single or group of violations. | Ticket | None |
| Vulnerability | A security vulnerability that impacts a network asset or host. | Finding | Informed users, Remediation owner, Risk owner |
| Vulnerability definition | A definition that contains all common attributes for any given vulnerability. | Finding definition | Finding type, Profiles, Technologies |
| Vulnerability ticket | A record that documents the interactions and progress made on a single or group of vulnerabilities. | Ticket | None |
| Weakness | A type of software and hardware weakness or flaw. | Entity model | None |