Skip to main content

Unified Data Model (UDM) Reference

Brinqa Platform includes a Unified Data Model (UDM) that is available to all Brinqa applications. The following table details each models and its attributes:

NameDescriptionParent data modelDefault categories
AccountA user's access to a service.AssetClassification, Environment, Profile, Risk score definition, Technology
ApplicationA software application.AssetClassification, Environment, Profile, Risk score definition, Technology
AssessmentAn assessment performed against an asset.Entity modelNone
AssetThe base model for various asset categories.Entity modelClassification, Environment, Profile, Risk score definition, Technology
Attack vectorThe path a vulnerability takes to exploit a system.Entity modelNone
Base modelThe base model that defines characteristics many other data models may have by acting as a parent model to other data models. Child data models inherit the parent model’s attributes, so the base model saves administrators the time of repeatedly adding the same attributes to many different data models.NoneNone
Business serviceA function performed by a business unit.Entity modelNone
Business unitA group of assets that belong to the same business ownership group.Entity modelNone
CertificationA certification a user receives upon completing a course or taking an exam.AssetClassification, Environment, Profile, Risk score definition, Technology
ClusterA group of servers or cloud resources acting as a single system.AssetClassification, Environment, Profile, Risk score definition, Technology
Code projectA collection of files scanned by a static code scanner.AssetClassification, Environment, Profile, Risk score definition, Technology
Code repositoryAn archive of a code base.AssetNone
CompanyA business organization.Entity modelNone
ContainerA package of all dependencies related to a software component that is run in an isolated environment.AssetClassification, Environment, Profile, Risk score definition, Technology
Container imageAn immutable package of everything that a container needs to run.AssetClassification, Environment, Profile, Risk score definition, Technology
CPE recordThe National Vulnerability Database (NVD) Common Platform Enumeration (CPE) dictionary.Entity modelNone
CVE recordThe descriptive data about a vulnerability associated with a Common Vulnerabilities and Exposures (CVE) ID.Entity modelNone
DeviceAny piece of hardware on a network that may be susceptible to a vulnerabilityAssetClassification, Environment, Profile, Risk score definition, Technology
Dynamic code findingA security finding identified using the Dynamic Application Security Testing (DAST) methodology.FindingRemediation owner, Risk owner, Risk score definition
Dynamic code finding definitionA definition that contains all common attributes for any given dynamic code finding.Finding definitionClassification, Profile, Risk score definition, Technology
Dynamic code ticketA record that documents the interactions and progress made on a single or group of dynamic code findings.TicketNone
Entity modelA built-in entity model that defines common attributes and relationships between entities.Base modelNone
EnvironmentThe business environment an asset is found on.One to one category modelNone
Exception requestA request to have additional time to remediate a finding.RequestNone
False positive requestA request to mark a finding as a false positive.RequestNone
FindingA security finding, which may be a vulnerability, policy violation, an alert, or code issue.Entity modelRemediation owner, Risk owner, Risk score definition
Finding definitionA definition that contains all common attributes for any given finding.Entity modelClassification, Profile, Risk score definition, Technology
HostA computer that serves as a container for workloads. It typically runs an operating system and has an IP address.AssetClassification, Environment, Profile, Risk score definition, Technology
Host imageAn immutable package of everything that a host needs to run.AssetClassification, Environment, Profile, Risk score definition, Technology
IP rangeA range of IP addresses in a network.AssetClassification, Environment, Profile, Risk score definition, Technology
Manual findingA security finding discovered through manual testing.FindingRemedation owner, Risk owner, Risk score definition
Manual finding definitionA definition that contains all common attributes for any given manual finding.Finding definitionClassification, Profile, Risk score definition, Technology
Manual ticketA record that documents the interactions and progress made on a single or group of manual findings.TicketNone
Network segmentA group of subnets.AssetClassification, Environment, Profile, Risk score definition, Technology
Open source findingA security finding in the open-source software or library.FindingRemediation owner, Risk owner, Risk score definition
Open source finding definitionA definition that contains all common attributes for any given open source finding.Finding definitionClassification, Profile, Risk score definition, Technology
Open source ticketA record that documents the interactions and progress made on a single or group of open source findings.TicketNone
PackageAn assemblage of files and information about those files. A package can represent software components, applications from a package manager, and more.AssetClassification, Environment, Profile, Risk score definition, Technology
Pentest findingA security finding discovered through a penetration test.FindingRemedation owner, Risk owner, Risk score definition
Pentest finding definitionA definition that contains all common attributes for any given pentest finding.Finding definitionClassification, Profile, Risk score definition, Technology
Pentest ticketA record that documents the interactions and progress made on a single or group of pentest findings.TicketNone
PersonA data model representing a person.Entity modelClassification, Environment, Profile, Risk score definition, Technology
ProfileA type of profile that best categorizes an asset.One to many category modelNone
Remediation ownerA categorization on findings used to identify what person or groups are responsible for remediating findings.One to one category modelNone
RequestThe parent data model for requests.Base modelNone
Risk acceptance requestA request to not remediate but assume the risk for a finding.RequestNone
Risk factorA condition that increases or decreases the overall risk score of an entity by a given value.One to many category modelNone
Risk ownerA categorization on findings used to identify what person or groups of people own the risk associated with findings.One to one category modelNone
RoleA built-in model that defines characteristics of user roles within the system.Base modelNone
ServiceA service used by an organization.AssetClassification, Environment, Profile, Risk score definition, Technology
SiteA website or web application.AssetClassification, Environment, Profile, Risk score definition, Technology
Site certificateA site's certificate.AssetClassification, Environment, Profile, Risk score definition, Technology
SoftwareA computer program developed outside of the organization whose code is not managed by AppSec.AssetClassification, Environment, Profile, Risk score definition, Technology
Software installA computer program whose code is not managed by AppSec that is installed on an asset.AssetClassification, Environment, Profile, Risk score definition, Technology
Source modelA built-in model that defines common attributes for data sources.Base modelNone
Sprint modelA data model that represents a short, time-boxed period for scheduling tickets.Entity modelNone
Static code findingA security finding identified using the Static Application Security Testing (SAST) methodology.FindingRemediation owner, Risk owner, Risk score definition
Static code finding definitionA definition that contains all common attributes for any given static code finding.Finding definitionClassification, Profile, Risk score definition, Technology
Static code ticketA record that documents the interactions and progress made on a single or group of static code findings.TicketNone
SubnetA subnet in a network.AssetClassification, Environment, Profile, Risk score definition, Technology
TechnologyThe technologies that categorize an asset.One to many category modelNone
Threat IntelligenceInformation about cyber threats to help mitigate potential attacks.Entity modelNone
TicketA record that documents the interactions and progress made on a single or group of findings.Entity modelNone
UserA data model that defines characteristics of individual users of the system.Base modelNone
ViolationA finding that is not following best practice policy.FindingRemediation owner, Risk owner, Risk score definition
Violation definitionA definition that contains all common attributes for any given violation.Finding definitionClassification, Profile, Risk score definition, Technology
Violation ticketA record that documents the interactions and progress made on a single or group of violations.TicketNone
VulnerabilityA security vulnerability that impacts a network asset or host.FindingRemediation owner, Risk owner, Risk score definition
Vulnerability definitionA definition that contains all common attributes for any given vulnerability.Finding definitionClassification, Profile, Risk score definition, Technology
Vulnerability ticketA record that documents the interactions and progress made on a single or group of vulnerabilities.TicketNone
WeaknessA type of software and hardware weakness or flaw.Entity modelNone