Skip to main content

Unified Data Model (UDM) Reference

The Brinqa Platform includes unified data models (UDM) that all Brinqa applications can access. UDMs are the most central elements in the Brinqa Platform, structuring and determining relationships between all data and objects in the system. Data models define schema for data sets, automate data inputs, and normalize data from different sources. The following table provides details about each model and links to its respective attributes:

NameDescriptionParent Data ModelDefault Clusters
AccountA user's access to a service.AssetEnvironments, Informed users, Profiles, Remediation owner, Risk owner, Technologies, Type
Affected technologyA cluster type based on technologies that are affected by a finding, such as Java, Mozilla, or Windows.One to many cluster modelNone
AlertA security finding for a special, urgent notification about the occurrence of a specific event.FindingInformed users, uid
Alert definitionA definition that contains all common attributes for any given alert.Finding definitionFinding type, Profiles, Technologies
Alert ticketA record that documents the interactions and progress made on a single or group of findings.TicketNone
API endpointAn application programming interface (API) endpoint.AssetEnvironments, Informed users, Profiles, Remediation owner, Risk owner, Technologies, Type
ApplicationA software application.AssetEnvironments, Informed users, Profiles, Remediation owner, Risk owner, Technologies, Type
AssessmentAn assessment performed against an asset.Entity modelNone
AssetThe base model for various asset categories.Entity modelEnvironments, Informed users, Profiles, Remediation owner, Risk owner, Technologies, Type
Asset profileA cluster type that enables meaningful, business oriented grouping of assets, such as Payment Card Industry (PCI) compliance or the Federal Risk and Authorization Management Program (FedRAMP) compliance.One to many cluster modelNone
Asset technologyA cluster type that identifies the type of technology associated with an asset. An asset can be linked to multiple technology categories, such as operating systems or cloud platforms.One to many cluster modelNone
Asset typeA cluster type that determines the identity of an asset. Various tools may have their unique categorizations that could vary slightly. For example, Mobile phone vs. Cell phone. Clustering the assets based on Asset Type enables you to standardize these identities dynamically.One to one cluster modelNone
Attack vectorThe path a vulnerability takes to exploit a system.Entity modelNone
Base modelThe base model that defines characteristics many other data models may have by acting as a parent model to other data models. Child data models inherit the parent model’s attributes, so the base model saves administrators the time of repeatedly adding the same attributes to many different data models.NoneNone
Business serviceA function performed by a business unit.Entity modelNone
Business unitA group of assets that belong to the same business ownership group.Entity modelNone
CertificationA certification a user receives upon completing a course or taking an exam.AssetEnvironments, Informed users, Profiles, Remediation owner, Risk owner, Technologies, Type
Cloud resourceA resource from a cloud provider and can be anything from a VPC (virtual private cloud) to an individual user in your system.AssetEnvironments, Informed users, Profiles, Remediation owner, Risk owner, Technologies, Type
Cluster modelA built-in data model that defines common attributes for grouping entities.Config modelNone
Code projectA collection of files scanned by a static code scanner.AssetEnvironments, Informed users, Profiles, Remediation owner, Risk owner, Technologies, Type
Code repositoryAn archive of a code base.AssetEnvironments, Informed users, Profiles, Remediation owner, Risk owner, Technologies, Type
CompanyA business organization.Entity modelNone
ContainerA package of all dependencies related to a software component that is run in an isolated environment.AssetEnvironments, Informed users, Profiles, Remediation owner, Risk owner, Technologies, Type
Container imageAn immutable package of everything that a container needs to run.AssetEnvironments, Informed users, Profiles, Remediation owner, Risk owner, Technologies, Type
CPE recordThe National Vulnerability Database (NVD) Common Platform Enumeration (CPE) dictionary.Entity modelNone
CVE recordThe descriptive data about a vulnerability associated with a Common Vulnerabilities and Exposures (CVE) ID.Entity modelNone
DeviceAny piece of hardware on a network that may be susceptible to a vulnerabilityAssetEnvironments, Informed users, Profiles, Remediation owner, Risk owner, Technologies, Type
Dynamic code findingA security finding identified using the Dynamic Application Security Testing (DAST) methodology.FindingInformed users, Remediation owner, Risk owner
Dynamic code finding definitionA definition that contains all common attributes for any given dynamic code finding.Finding definitionFinding type, Profiles, Technologies
Dynamic code ticketA record that documents the interactions and progress made on a single or group of dynamic code findings.TicketNone
Entity modelA built-in entity model that defines common attributes and relationships between entities.Base modelNone
EnvironmentThe business environment an asset is found on.One to many cluster modelNone
Exception requestA request to have additional time to remediate a finding.RequestNone
False positive requestA request to mark a finding as a false positive.RequestNone
FindingA security finding, which may be a vulnerability, policy violation, an alert, or code issue.Entity modelInformed users, Remediation owner, Risk owner
Finding definitionA definition that contains all common attributes for any given finding.Entity modelFinding type, Profiles, Technologies
Finding profileA cluster type that enables meaningful, business oriented grouping of findings, such as Open Worldwide Application Security Project (OWASP) Top 10.One to many cluster modelNone
Finding typeA cluster type that provides definition of a finding category. Various tools may have their unique categorizations that could vary slightly. For example, cross-site scripting (XSS) vs. pentest. Clustering the findings based on Finding Type enables you to standardize these identities dynamically.One to one cluster modelNone
HostA computer that serves as a container for workloads. It typically runs an operating system and has an IP address.AssetEnvironments, Informed users, Profiles, Remediation owner, Risk owner, Technologies, Type
Host imageAn immutable package of everything that a host needs to run.AssetEnvironments, Informed users, Profiles, Remediation owner, Risk owner, Technologies, Type
IncidentA finding that represents a security incident, which may be a vulnerability, a policy violation, an alert, or a code issue..FindingInformed users, Remediation owner, Risk owner
Incident definitionA definition that contains all common attributes for any given incident.Finding definitionFinding type, Profiles, Technologies
Incident ticketA record that documents the interactions and progress made on a single or group of incidents.TicketNone
Informed userA cluster type used to identify a person or a group of people who need to stay informed for a given finding or asset.One to many cluster modelNone
Installed packageA computer program whose code is not managed by AppSec that is installed on an asset.Entity modelEnvironments, Informed users, Profiles, Remediation owner, Risk owner, Technologies
IP rangeA range of IP addresses in a network.AssetEnvironments, Informed users, Profiles, Remediation owner, Risk owner, Technologies, Type
Manual findingA security finding discovered through manual testing.FindingInformed users, uid
Manual finding definitionA definition that contains all common attributes for any given manual finding.Finding definitionFinding type, Profiles, Technologies
Manual ticketA record that documents the interactions and progress made on a single or group of manual findings.TicketNone
Network segmentA group of subnets.AssetEnvironments, Informed users, Profiles, Remediation owner, Risk owner, Technologies, Type
Open source findingA security finding in the open-source software or library.FindingInformed users, Remediation owner, Risk owner
Open source finding definitionA definition that contains all common attributes for any given open source finding.Finding definitionFinding type, Profiles, Technologies
Open source ticketA record that documents the interactions and progress made on a single or group of open source findings.TicketNone
PackageAn assemblage of files and information about those files. A package can represent software components, applications from a package manager, and more.AssetEnvironments, Informed users, Profiles, Remediation owner, Risk owner, Technologies, Type
Pentest findingA security finding discovered through a penetration test.FindingInformed users, uid
Pentest finding definitionA definition that contains all common attributes for any given pentest finding.Finding definitionFinding type, Profiles, Technologies
Pentest ticketA record that documents the interactions and progress made on a single or group of pentest findings.TicketNone
PersonA data model representing a person.Entity modelProfiles, Technologies, Type
Remediation campaignA data model that represents the business objective of grouping remediation tickets.Entity modelInformed users
Remediation ownerA cluster type used to identify a person or a group of people responsible for remediating findings.One to one cluster modelNone
Remediation validation requestA request to mark findings as fixed.RequestNone
RequestThe parent data model for requests.Base modelNone
Risk acceptance requestA request to not remediate but assume the risk for a finding.RequestNone
Risk factorA condition that increases or decreases the overall risk score of an entity by a given value.One to many cluster modelNone
Risk levelA built-in model that represents the range used for determining risk rating from a risk score.Config modelNone
Risk ownerA cluster type used to identify a person or a group of people who own the risk associated with findings.One to one cluster modelNone
Risk scoring modelA built-in model that defines how to compute base risk score, risk score, and risk rating for a data model.One to one cluster modelNone
RoleA built-in model that defines characteristics of user roles within the system.Base modelNone
Security advisoryA built-in model that represents an announcement or update on vulnerabilities by a security vendor.Entity modelNone
ServiceA service used by an organization.AssetEnvironments, Informed users, Profiles, Remediation owner, Risk owner, Technologies, Type
Service levelA built-in model to represent a range for a service level to be applied.Config modelNone
SLA definitionA built-in model used to calculate the due date or compliance date of another data model, such as findings or tickets.One to one cluster modelNone
SiteA built-in model to represent a website or web application.AssetEnvironments, Informed users, Profiles, Remediation owner, Risk owner, Technologies, Type
Site certificateA built-in model to represent a site's certificate.AssetEnvironments, Informed users, Profiles, Remediation owner, Risk owner, Technologies, Type
Source modelA built-in model that defines common attributes for data sources.Base modelNone
Sprint modelA data model that represents a short, time-boxed period for scheduling tickets.Entity modelNone
Static code findingA security finding identified using the Static Application Security Testing (SAST) methodology.FindingInformed users, Remediation owner, Risk owner
Static code finding definitionA definition that contains all common attributes for any given static code finding.Finding definitionFinding type, Profiles, Technologies
Static code ticketA record that documents the interactions and progress made on a single or group of static code findings.TicketNone
SubnetA subnet in a network.AssetEnvironments, Informed users, Profiles, Remediation owner, Risk owner, Technologies, Type
TeamA data model representing a team.Entity modelProfiles, Type
Threat IntelligenceInformation about cyber threats to help mitigate potential attacks.Entity modelNone
TicketA record that documents the interactions and progress made on a single or group of findings.Entity modelNone
UserA data model that defines characteristics of individual users of the system.Base modelNone
ViolationA finding that is not following best practice policy.FindingInformed users, Remediation owner, Risk owner
Violation definitionA definition that contains all common attributes for any given violation.Finding definitionFinding type, Profiles, Technologies
Violation ticketA record that documents the interactions and progress made on a single or group of violations.TicketNone
VulnerabilityA security vulnerability that impacts a network asset or host.FindingInformed users, Remediation owner, Risk owner
Vulnerability definitionA definition that contains all common attributes for any given vulnerability.Finding definitionFinding type, Profiles, Technologies
Vulnerability ticketA record that documents the interactions and progress made on a single or group of vulnerabilities.TicketNone
WeaknessA type of software and hardware weakness or flaw.Entity modelNone