Alert Data Model
The Alert data model is a security finding that serves as a notification of potential risks identified within your organization’s environments. It includes details on the affected resources and the nature of the risk. It extends the Finding data model.
The following table details the default attributes of the Alert data model:
| Attribute Name | Attribute Type | Relationship Type | Required |
|---|---|---|---|
ageInDays | Calculated (Number) | N/A | No |
assessment | Reference (Assessment) | DISCOVERED_IN | No |
baseRiskScore | Calculated (Number) | N/A | No |
categories | Text (Multivalued) | N/A | No |
complianceStatus | Single Choice | N/A | No |
confidence | Single Choice | N/A | No |
connectorCategories | Text (Multivalued) | N/A | No |
connectorNames | Text (Multivalued) | N/A | No |
createdBy | Text | N/A | No |
dataIntegrationTitles | Text (Multivalued) | N/A | No |
dataModelName | Calculated (Text) | N/A | No |
dateCreated | Date Time | N/A | No |
daysToFix | Calculated (Number) | N/A | No |
description | Text | N/A | No |
displayName | Calculated (Text) | N/A | Yes |
dueDate | Calculated (Date Time) | N/A | No |
extendedDueDate | Date Time | N/A | No |
firstFound | Date Time | N/A | No |
flowState | Text | N/A | No |
informedUsers | Category | N/A | No |
lastFixed | Date Time | N/A | No |
lastFound | Date Time | N/A | No |
lastUpdated | Date Time | N/A | No |
name | Text | N/A | No |
remediationOwner | Category | N/A | No |
remediationSLA | Number | N/A | No |
results | Text | N/A | No |
riskFactorOffset | Calculated (Number) | N/A | No |
riskFactors | Risk Factors | N/A | No |
riskOwner | Category | N/A | No |
riskRating | Calculated (Single Choice) | N/A | No |
riskScore | Calculated (Number) | N/A | No |
riskScoringModel | Risk Scoring Model | N/A | No |
severity | Single Choice | N/A | No |
sla | Calculated (Number) | N/A | No |
slaDefinition | SLA | N/A | No |
slaLevel | Calculated (Text) | N/A | No |
sources | Reference (Base model) | SOURCED_FROM | No |
sourcesIcons | Source data models icons | N/A | No |
sourceUids | Text (Multivalued) | N/A | No |
status | Status | N/A | No |
statusCategory | Single Choice | N/A | No |
summary | Text | N/A | No |
targets | Reference (Asset) | HAS | No |
type | Reference (Alert definition) | IS | No |
uid | Text | N/A | Yes |
updatedBy | Text | N/A | No |
FOOTNOTES
- The attribute names are used in Brinqa Query Language (BQL) queries and Brinqa Condition Language (BCL) predicates.
- In the Type column, Calculated means that the value of the attribute is computed by executing a script. The text in the parentheses after Calculated denotes the type of the outcome.
- In the Type column, Reference means that two data models are related. The name in the parentheses after Reference indicates the other data model.
- The Relationship Type column only applies to the Reference type attributes. You can use the relationship type keyword in BQL queries.