Unified Data Model (UDM) Reference
Brinqa Platform includes a Unified Data Model (UDM) that is available to all Brinqa applications. The following table details each models and its attributes:
| Name | Description | Parent data model | Default categories |
|---|---|---|---|
| Account | A user's access to a service. | Asset | Environments, Profiles, Remediation owner, Risk owner, Technologies, Type |
| Affected technology | A cluster type based on technologies that are affected by a finding, such as Java, Mozilla, or Windows. | One to many cluster model | None |
| Application | A software application. | Asset | Environments, Profiles, Remediation owner, Risk owner, Technologies, Type |
| Assessment | An assessment performed against an asset. | Entity model | None |
| Asset | The base model for various asset categories. | Entity model | Environments, Profiles, Remediation owner, Risk owner, Technologies, Type |
| Asset profile | A cluster type that enables meaningful, business oriented grouping of assets, such as Payment card industry (PCI) compliance or the Federal Risk and Authorization Management Program (FedRAMP) compliance. | One to many cluster model | None |
| Asset technology | A cluster type that identifies the type of technology associated with an asset. An asset can be linked to multiple technology categories, such as operating systems or cloud platforms. | One to many cluster model | None |
| Asset type | A cluster type that determines the identity of an asset. Various tools may have their unique categorizations that could vary slightly. For example, Mobile phone vs. Cell phone. Clustering the assets based on Asset Type enables you to standardize these identities dynamically. | One to one cluster model | None |
| Attack vector | The path a vulnerability takes to exploit a system. | Entity model | None |
| Base model | The base model that defines characteristics many other data models may have by acting as a parent model to other data models. Child data models inherit the parent model’s attributes, so the base model saves administrators the time of repeatedly adding the same attributes to many different data models. | None | None |
| Business service | A function performed by a business unit. | Entity model | None |
| Business unit | A group of assets that belong to the same business ownership group. | Entity model | None |
| Certification | A certification a user receives upon completing a course or taking an exam. | Asset | Environments, Profiles, Remediation owner, Risk owner, Technologies, Type |
| Cloud resource | A resource from a cloud provider and can be anything from a VPC (virtual private cloud) to an individual user in your system. | Asset | Environments, Profiles, Remediation owner, Risk owner, Technologies, Type |
| Cluster model | A built-in data model that defines common attributes for grouping entities. | Base model | None |
| Code project | A collection of files scanned by a static code scanner. | Asset | Environments, Profiles, Remediation owner, Risk owner, Technologies, Type |
| Code repository | An archive of a code base. | Asset | Environments, Profiles, Remediation owner, Risk owner, Technologies, Type |
| Company | A business organization. | Entity model | None |
| Container | A package of all dependencies related to a software component that is run in an isolated environment. | Asset | Environments, Profiles, Remediation owner, Risk owner, Technologies, Type |
| Container image | An immutable package of everything that a container needs to run. | Asset | Environments, Profiles, Remediation owner, Risk owner, Technologies, Type |
| CPE record | The National Vulnerability Database (NVD) Common Platform Enumeration (CPE) dictionary. | Entity model | None |
| CVE record | The descriptive data about a vulnerability associated with a Common Vulnerabilities and Exposures (CVE) ID. | Entity model | None |
| Device | Any piece of hardware on a network that may be susceptible to a vulnerability | Asset | Environments, Profiles, Remediation owner, Risk owner, Technologies, Type |
| Dynamic code finding | A security finding identified using the Dynamic Application Security Testing (DAST) methodology. | Finding | Remediation owner, Risk owner |
| Dynamic code finding definition | A definition that contains all common attributes for any given dynamic code finding. | Finding definition | Finding type, Profiles, Technologies |
| Dynamic code ticket | A record that documents the interactions and progress made on a single or group of dynamic code findings. | Ticket | None |
| Entity model | A built-in entity model that defines common attributes and relationships between entities. | Base model | None |
| Environment | The business environment an asset is found on. | One to one cluster model | None |
| Exception request | A request to have additional time to remediate a finding. | Request | None |
| False positive request | A request to mark a finding as a false positive. | Request | None |
| Finding | A security finding, which may be a vulnerability, policy violation, an alert, or code issue. | Entity model | Remediation owner, Risk owner |
| Finding definition | A definition that contains all common attributes for any given finding. | Entity model | Finding type, Profiles, Technologies |
| Finding profile | A cluster type that enables meaningful, business oriented grouping of findings, such as Open Worldwide Application Security Project (OWASP) Top 10. | One to many cluster model | None |
| Finding type | A cluster type that provides definition of a finding category. Various tools may have their unique categorizations that could vary slightly. For example, cross-site scripting (XSS) vs. pentest. Clustering the findings based on Finding Type enables you to standardize these identities dynamically. | One to one cluster model | None |
| Host | A computer that serves as a container for workloads. It typically runs an operating system and has an IP address. | Asset | Environments, Profiles, Remediation owner, Risk owner, Technologies, Type |
| Host image | An immutable package of everything that a host needs to run. | Asset | Environments, Profiles, Remediation owner, Risk owner, Technologies, Type |
| IP range | A range of IP addresses in a network. | Asset | Environments, Profiles, Remediation owner, Risk owner, Technologies, Type |
| Manual finding | A security finding discovered through manual testing. | Finding | Remedation owner, Risk owner |
| Manual finding definition | A definition that contains all common attributes for any given manual finding. | Finding definition | Finding type, Profiles, Technologies |
| Manual ticket | A record that documents the interactions and progress made on a single or group of manual findings. | Ticket | None |
| Network segment | A group of subnets. | Asset | Environments, Profiles, Remediation owner, Risk owner, Technologies, Type |
| Open source finding | A security finding in the open-source software or library. | Finding | Remediation owner, Risk owner |
| Open source finding definition | A definition that contains all common attributes for any given open source finding. | Finding definition | Finding type, Profiles, Technologies |
| Open source ticket | A record that documents the interactions and progress made on a single or group of open source findings. | Ticket | None |
| Package | An assemblage of files and information about those files. A package can represent software components, applications from a package manager, and more. | Asset | Environments, Profiles, Remediation owner, Risk owner, Technologies, Type |
| Pentest finding | A security finding discovered through a penetration test. | Finding | Remedation owner, Risk owner |
| Pentest finding definition | A definition that contains all common attributes for any given pentest finding. | Finding definition | Finding type, Profiles, Technologies |
| Pentest ticket | A record that documents the interactions and progress made on a single or group of pentest findings. | Ticket | None |
| Person | A data model representing a person. | Entity model | Environments, Profiles, Remediation owner, Risk owner, Technologies, Type |
| Remediation owner | A cluster type used to identify a person or a group of people responsible for remediating findings. | One to one cluster model | None |
| Request | The parent data model for requests. | Base model | None |
| Risk acceptance request | A request to not remediate but assume the risk for a finding. | Request | None |
| Risk factor | A condition that increases or decreases the overall risk score of an entity by a given value. | One to many cluster model | None |
| Risk level | A built-in model that represents the range used for determining risk rating from a risk score. | Base model | None |
| Risk owner | A cluster type used to identify a person or a group of people who own the risk associated with findings. | One to one cluster model | None |
| Risk scoring model | A built-in model that defines how to compute base risk score, risk score, and risk rating for a data model. | One to one cluster model | None |
| Role | A built-in model that defines characteristics of user roles within the system. | Base model | None |
| Service | A service used by an organization. | Asset | Environments, Profiles, Remediation owner, Risk owner, Technologies, Type |
| Service level | A built-in model to represent a range for a service level to be applied. | Base model | None |
| SLA definition | A built-in model used to calculate the due date or compliance date of another data model, such as findings or tickets. | One to one cluster model | None |
| Site | A built-in model to represent a website or web application. | Asset | Environments, Profiles, Remediation owner, Risk owner, Technologies, Type |
| Site certificate | A built-in model to represent a site's certificate. | Asset | Environments, Profiles, Remediation owner, Risk owner, Technologies, Type |
| Software | A computer program developed outside of the organization whose code is not managed by AppSec. | Asset | Environments, Profiles, Remediation owner, Risk owner, Technologies, Type |
| Software install | A computer program whose code is not managed by AppSec that is installed on an asset. | Asset | Environments, Profiles, Remediation owner, Risk owner, Technologies |
| Source model | A built-in model that defines common attributes for data sources. | Base model | None |
| Sprint model | A data model that represents a short, time-boxed period for scheduling tickets. | Entity model | None |
| Static code finding | A security finding identified using the Static Application Security Testing (SAST) methodology. | Finding | Remediation owner, Risk owner |
| Static code finding definition | A definition that contains all common attributes for any given static code finding. | Finding definition | Finding type, Profiles, Technologies |
| Static code ticket | A record that documents the interactions and progress made on a single or group of static code findings. | Ticket | None |
| Subnet | A subnet in a network. | Asset | Environments, Profiles, Remediation owner, Risk owner, Technologies, Type |
| Threat Intelligence | Information about cyber threats to help mitigate potential attacks. | Entity model | None |
| Ticket | A record that documents the interactions and progress made on a single or group of findings. | Entity model | None |
| User | A data model that defines characteristics of individual users of the system. | Base model | None |
| Violation | A finding that is not following best practice policy. | Finding | Remediation owner, Risk owner |
| Violation definition | A definition that contains all common attributes for any given violation. | Finding definition | Finding type, Profiles, Technologies |
| Violation ticket | A record that documents the interactions and progress made on a single or group of violations. | Ticket | None |
| Vulnerability | A security vulnerability that impacts a network asset or host. | Finding | Remediation owner, Risk owner |
| Vulnerability definition | A definition that contains all common attributes for any given vulnerability. | Finding definition | Finding type, Profiles, Technologies |
| Vulnerability ticket | A record that documents the interactions and progress made on a single or group of vulnerabilities. | Ticket | None |
| Weakness | A type of software and hardware weakness or flaw. | Entity model | None |