Unified Data Model (UDM) Reference
Brinqa Platform includes a Unified Data Model (UDM) that is available to all Brinqa applications. The following table details each models and its attributes:
Name | Description | Parent data model | Default categories |
---|---|---|---|
Account | A user's access to a service. | Asset | Classification, Environment, Profile, Risk score definition, Technology |
Application | A software application. | Asset | Classification, Environment, Profile, Risk score definition, Technology |
Assessment | An assessment performed against an asset. | Entity model | None |
Asset | The base model for various asset categories. | Entity model | Classification, Environment, Profile, Risk score definition, Technology |
Attack vector | The path a vulnerability takes to exploit a system. | Entity model | None |
Base model | The base model that defines characteristics many other data models may have by acting as a parent model to other data models. Child data models inherit the parent model’s attributes, so the base model saves administrators the time of repeatedly adding the same attributes to many different data models. | None | None |
Business service | A function performed by a business unit. | Entity model | None |
Business unit | A group of assets that belong to the same business ownership group. | Entity model | None |
Certification | A certification a user receives upon completing a course or taking an exam. | Asset | Classification, Environment, Profile, Risk score definition, Technology |
Cluster | A group of servers or cloud resources acting as a single system. | Asset | Classification, Environment, Profile, Risk score definition, Technology |
Code project | A collection of files scanned by a static code scanner. | Asset | Classification, Environment, Profile, Risk score definition, Technology |
Code repository | An archive of a code base. | Asset | None |
Company | A business organization. | Entity model | None |
Container | A package of all dependencies related to a software component that is run in an isolated environment. | Asset | Classification, Environment, Profile, Risk score definition, Technology |
Container image | An immutable package of everything that a container needs to run. | Asset | Classification, Environment, Profile, Risk score definition, Technology |
CPE record | The National Vulnerability Database (NVD) Common Platform Enumeration (CPE) dictionary. | Entity model | None |
CVE record | The descriptive data about a vulnerability associated with a Common Vulnerabilities and Exposures (CVE) ID. | Entity model | None |
Device | Any piece of hardware on a network that may be susceptible to a vulnerability | Asset | Classification, Environment, Profile, Risk score definition, Technology |
Dynamic code finding | A security finding identified using the Dynamic Application Security Testing (DAST) methodology. | Finding | Remediation owner, Risk owner, Risk score definition |
Dynamic code finding definition | A definition that contains all common attributes for any given dynamic code finding. | Finding definition | Classification, Profile, Risk score definition, Technology |
Dynamic code ticket | A record that documents the interactions and progress made on a single or group of dynamic code findings. | Ticket | None |
Entity model | A built-in entity model that defines common attributes and relationships between entities. | Base model | None |
Environment | The business environment an asset is found on. | One to one category model | None |
Exception request | A request to have additional time to remediate a finding. | Request | None |
False positive request | A request to mark a finding as a false positive. | Request | None |
Finding | A security finding, which may be a vulnerability, policy violation, an alert, or code issue. | Entity model | Remediation owner, Risk owner, Risk score definition |
Finding definition | A definition that contains all common attributes for any given finding. | Entity model | Classification, Profile, Risk score definition, Technology |
Host | A computer that serves as a container for workloads. It typically runs an operating system and has an IP address. | Asset | Classification, Environment, Profile, Risk score definition, Technology |
Host image | An immutable package of everything that a host needs to run. | Asset | Classification, Environment, Profile, Risk score definition, Technology |
IP range | A range of IP addresses in a network. | Asset | Classification, Environment, Profile, Risk score definition, Technology |
Manual finding | A security finding discovered through manual testing. | Finding | Remedation owner, Risk owner, Risk score definition |
Manual finding definition | A definition that contains all common attributes for any given manual finding. | Finding definition | Classification, Profile, Risk score definition, Technology |
Manual ticket | A record that documents the interactions and progress made on a single or group of manual findings. | Ticket | None |
Network segment | A group of subnets. | Asset | Classification, Environment, Profile, Risk score definition, Technology |
Open source finding | A security finding in the open-source software or library. | Finding | Remediation owner, Risk owner, Risk score definition |
Open source finding definition | A definition that contains all common attributes for any given open source finding. | Finding definition | Classification, Profile, Risk score definition, Technology |
Open source ticket | A record that documents the interactions and progress made on a single or group of open source findings. | Ticket | None |
Package | An assemblage of files and information about those files. A package can represent software components, applications from a package manager, and more. | Asset | Classification, Environment, Profile, Risk score definition, Technology |
Pentest finding | A security finding discovered through a penetration test. | Finding | Remedation owner, Risk owner, Risk score definition |
Pentest finding definition | A definition that contains all common attributes for any given pentest finding. | Finding definition | Classification, Profile, Risk score definition, Technology |
Pentest ticket | A record that documents the interactions and progress made on a single or group of pentest findings. | Ticket | None |
Person | A data model representing a person. | Entity model | Classification, Environment, Profile, Risk score definition, Technology |
Profile | A type of profile that best categorizes an asset. | One to many category model | None |
Remediation owner | A categorization on findings used to identify what person or groups are responsible for remediating findings. | One to one category model | None |
Request | The parent data model for requests. | Base model | None |
Risk acceptance request | A request to not remediate but assume the risk for a finding. | Request | None |
Risk factor | A condition that increases or decreases the overall risk score of an entity by a given value. | One to many category model | None |
Risk owner | A categorization on findings used to identify what person or groups of people own the risk associated with findings. | One to one category model | None |
Role | A built-in model that defines characteristics of user roles within the system. | Base model | None |
Service | A service used by an organization. | Asset | Classification, Environment, Profile, Risk score definition, Technology |
Site | A website or web application. | Asset | Classification, Environment, Profile, Risk score definition, Technology |
Site certificate | A site's certificate. | Asset | Classification, Environment, Profile, Risk score definition, Technology |
Software | A computer program developed outside of the organization whose code is not managed by AppSec. | Asset | Classification, Environment, Profile, Risk score definition, Technology |
Software install | A computer program whose code is not managed by AppSec that is installed on an asset. | Asset | Classification, Environment, Profile, Risk score definition, Technology |
Source model | A built-in model that defines common attributes for data sources. | Base model | None |
Sprint model | A data model that represents a short, time-boxed period for scheduling tickets. | Entity model | None |
Static code finding | A security finding identified using the Static Application Security Testing (SAST) methodology. | Finding | Remediation owner, Risk owner, Risk score definition |
Static code finding definition | A definition that contains all common attributes for any given static code finding. | Finding definition | Classification, Profile, Risk score definition, Technology |
Static code ticket | A record that documents the interactions and progress made on a single or group of static code findings. | Ticket | None |
Subnet | A subnet in a network. | Asset | Classification, Environment, Profile, Risk score definition, Technology |
Technology | The technologies that categorize an asset. | One to many category model | None |
Threat Intelligence | Information about cyber threats to help mitigate potential attacks. | Entity model | None |
Ticket | A record that documents the interactions and progress made on a single or group of findings. | Entity model | None |
User | A data model that defines characteristics of individual users of the system. | Base model | None |
Violation | A finding that is not following best practice policy. | Finding | Remediation owner, Risk owner, Risk score definition |
Violation definition | A definition that contains all common attributes for any given violation. | Finding definition | Classification, Profile, Risk score definition, Technology |
Violation ticket | A record that documents the interactions and progress made on a single or group of violations. | Ticket | None |
Vulnerability | A security vulnerability that impacts a network asset or host. | Finding | Remediation owner, Risk owner, Risk score definition |
Vulnerability definition | A definition that contains all common attributes for any given vulnerability. | Finding definition | Classification, Profile, Risk score definition, Technology |
Vulnerability ticket | A record that documents the interactions and progress made on a single or group of vulnerabilities. | Ticket | None |
Weakness | A type of software and hardware weakness or flaw. | Entity model | None |