Skip to main content

Alert Definition Data Model

The Alert Definition data model is a definition that contains all common attributes for any given alert. It extends the Finding definition data model.

The following table details the default attributes of the Alert Definition data model:

Attribute NameAttribute TypeRelationship TypeRequired
affectedText (Multivalued)N/ANo
associatedCvesIsCisaExploitableTrue FalseN/ANo
associatedCvesMaximumEpssLikelihoodNumberN/ANo
baseRiskScoreCalculated (Number)N/ANo
categoriesText (Multivalued)N/ANo
categoryTextN/ANo
complianceStatusCalculated (Single Choice)N/ANo
connectorCategoriesText (Multivalued)N/ANo
connectorNamesText (Multivalued)N/ANo
cpeRecordsReference (CPE record)AFFECTSNo
createdByTextN/ANo
cveIdsText (Multivalued)N/ANo
cveRecordsReference (CVE record)RELATES_TONo
cvssV2AccessComplexityTextN/ANo
cvssV2AccessVectorTextN/ANo
cvssV2AuthenticationTextN/ANo
cvssV2AvailabilityImpactTextN/ANo
cvssV2BaseScoreNumberN/ANo
cvssV2ConfidentialityImpactTextN/ANo
cvssV2ExploitabilityTextN/ANo
cvssV2IntegrityImpactTextN/ANo
cvssV2RemediationLevelTextN/ANo
cvssV2ReportConfidenceTextN/ANo
cvssV2SeverityTextN/ANo
cvssV2TemporalScoreNumberN/ANo
cvssV2VectorTextN/ANo
cvssV3AttackComplexityTextN/ANo
cvssV3AttackVectorTextN/ANo
cvssV3AvailabilityImpactTextN/ANo
cvssV3BaseScoreNumberN/ANo
cvssV3ConfidentialityImpactTextN/ANo
cvssV3ExploitCodeMaturityTextN/ANo
cvssV3IntegrityImpactTextN/ANo
cvssV3PrivilegesRequiredTextN/ANo
cvssV3RemediationLevelTextN/ANo
cvssV3ReportConfidenceTextN/ANo
cvssV3SeverityTextN/ANo
cvssV3TemporalScoreNumberN/ANo
cvssV3UserInteractionTextN/ANo
cvssV3VectorTextN/ANo
cweIdsText (Multivalued)N/ANo
dataIntegrationTitlesText (Multivalued)N/ANo
dataModelNameCalculated (Text)N/ANo
dateCreatedDate TimeN/ANo
daysToFirstDetectionCalculated (Number)N/ANo
descriptionText AreaN/ANo
displayNameCalculated (Text)N/AYes
exploitedInTheWildCalculated (True False)N/ANo
exploitsText (Multivalued)N/ANo
exploitsExistsCalculated (True False)N/ANo
findingTypeCategory (Finding type)ISNo
firstdetectedCalculated (Date Time)N/ANo
flowStateTextN/ANo
lastUpdatedDate TimeN/ANo
lifecycleInactiveDateDate TimeN/ANo
lifecyclePurgeDateDate TimeN/ANo
lifecycleStatusSingle ChoiceN/ANo
malwareText (Multivalued)N/ANo
maximumCveRiskScoreNumberN/ANo
nameTextN/ANo
normalizedCweIdsCalculated (Text, Multivalued)N/AYes
normalizedAffectedProductsCalculated (Text, Multivalued)N/AYes
numberOutOfComplianceCalculated (Number)N/ANo
openFindingCountCalculated (Number)N/ANo
patchAvailableTrue FalseN/ANo
patchPublishedDateDate TimeN/ANo
percentageImpactedCalculated (Number)N/ANo
profilesCategory (Finding profile)ISNo
publishedDateDate TimeN/ANo
recommendationTextN/ANo
referencesText (Multivalued)N/ANo
riskFactorOffsetCalculated (Number)N/ANo
riskFactorsRisk FactorsN/ANo
riskRatingCalculated (Single Choice)N/ANo
riskScoreCalculated (Number)N/ANo
riskScoringModelRisk Scoring ModelN/ANo
severitySingle ChoiceN/ANo
severityScoreNumberN/ANo
sourceTextN/ANo
sourceCreatedDateDate TimeN/ANo
sourceLastModifiedDate TimeN/ANo
sourceStatusTextN/ANo
sourceUidsText (Multivalued)N/ANo
sourcesReference (Source model)SOURCED_FROMNo
sourcesIconsSource data models iconsN/ANo
summaryTextN/ANo
tagsText (Multivalued)N/ANo
technologiesCategory (Affected technology)ISNo
uidTextN/AYes
updatedByTextN/ANo
weaknessesReference (Weakness)EXPLOITSNo
FOOTNOTES
  • The attribute names are used in Brinqa Query Language (BQL) queries and Brinqa Condition Language (BCL) predicates.
  • In the Type column, Calculated means that the value of the attribute is computed by executing a script. The text in the parentheses after Calculated denotes the type of the outcome. For additional information, see Calculated attributes.
  • In the Type column, Reference means that two data models are related. The name in the parentheses after Reference indicates the other data model.
  • The Relationship Type column only applies to the Category and Reference type attributes. You can use the relationship type keyword in BQL queries.