Finding Definition Data Model
The Finding Definition data model is a definition that contains all common attributes for any given finding. It extends the Entity Model data model.
The following table details the default attributes of the Finding Definition data model:
| Order | Attribute Name | Attribute Type | Relationship Type | Required |
|---|---|---|---|---|
| 1 | cveIds | Text (Multivalued) | N/A | No |
| 2 | cweIds | Text (Multivalued) | N/A | No |
| 3 | cvssV2BaseScore | Number | N/A | No |
| 4 | cvssV2TemporalScore | Number | N/A | No |
| 5 | cvssV2Severity | Text | N/A | No |
| 6 | cvssV2Vector | Text | N/A | No |
| 7 | cvssV2AttackVector | Text | N/A | No |
| 8 | cvssV2AccessComplexity | Text | N/A | No |
| 9 | cvssV2Authentication | Text | N/A | No |
| 10 | cvssV2ConfidentialityImpact | Text | N/A | No |
| 11 | cvssV2IntegrityImpact | Text | N/A | No |
| 12 | cvssV2AvailabilityImpact | Text | N/A | No |
| 13 | cvssV2Exploitability | Text | N/A | No |
| 14 | cvssV2RemediationLevel | Text | N/A | No |
| 15 | cvssV2ReportConfidence | Text | N/A | No |
| 16 | cvssV3BaseScore | Number | N/A | No |
| 17 | cvssV3TemporalScore | Number | N/A | No |
| 18 | cvssV3Severity | Text | N/A | No |
| 19 | cvssV3Vector | Text | N/A | No |
| 20 | cvssV3AttackVector | Text | N/A | No |
| 21 | cvssV3AttackComplexity | Text | N/A | No |
| 22 | cvssV3PrivilegesRequired | Text | N/A | No |
| 23 | cvssV3UserInteraction | Text | N/A | No |
| 24 | cvssV3ConfidentialityImpact | Text | N/A | No |
| 25 | cvssV3IntegrityImpact | Text | N/A | No |
| 26 | cvssV3AvailabilityImpact | Text | N/A | No |
| 27 | cvssV3ExploitCodeMaturity | Text | N/A | No |
| 28 | cvssV3RemediationLevel | Text | N/A | No |
| 29 | cvssV3ReportConfidence | Text | N/A | No |
| 30 | category | Text | N/A | No |
| 31 | severity | Single Choice | N/A | No |
| 32 | severityNumber | Number | N/A | No |
| 33 | source | Text | N/A | No |
| 34 | patchAvailable | True False | N/A | No |
| 35 | recommendation | Text | N/A | No |
| 36 | affected | Text (Multivalued) | N/A | No |
| 37 | weaknesses | Reference (Weakness) | EXPLOITS | No |
| 38 | cveRecords | Reference (CVE record) | RELATES_TO | No |
| 39 | references | Text (Multivalued) | N/A | No |
| 40 | exploits | Text (Multivalued) | N/A | No |
| 41 | malware | Text (Multivalued) | N/A | No |
| 42 | publishedDate | Date Time | N/A | No |
| 43 | patchPublishedDate | Date Time | N/A | No |
| 44 | sourceCreatedDate | Date Time | N/A | No |
| 45 | sourceLastModified | Date Time | N/A | No |
| 46 | baseRiskScore | Number | N/A | No |
| 47 | riskFactorOffset | Number | N/A | No |
| 48 | riskScore | Number | N/A | No |
| 49 | riskRating | Single Choice | N/A | No |
| 50 | percentageImpacted | Number | N/A | No |
| 51 | firstDetected | Date Time | N/A | No |
| 52 | daysToFirstDetection | Number | N/A | No |
| 53 | openFindingCount | Number | N/A | No |
| 54 | maximumCveRiskScore | Number | N/A | No |
| 55 | associatedCvesIsCisaExploitable | True False | N/A | No |
| 56 | associatedCvesMaximumEpssLikelihood | Number | N/A | No |
| 57 | numberOutOfCompliance | Number | N/A | No |
| 58 | complianceStatus | Single Choice | N/A | No |
| 59 | findingType | Category | N/A | No |
| 60 | profiles | Category | N/A | No |
| 61 | technologies | Category | N/A | No |
| 62 | riskScoringModel | Risk Scoring Model | N/A | No |
| 63 | riskFactors | Risk Factors | N/A | No |
| 64 | uid | Text | N/A | Yes |
| 65 | dataModelName | Calculated (Text) | N/A | No |
| 66 | sourceUids | Text (Multivalued) | N/A | No |
| 67 | connectorCategories | Text (Multivalued) | N/A | No |
| 68 | connectorNames | Text (Multivalued) | N/A | No |
| 69 | dataIntegrationTitles | Text (Multivalued) | N/A | No |
| 70 | sourcesIcons | Source data models icons | N/A | No |
| 71 | name | Text | N/A | No |
| 72 | displayName | Text | N/A | Yes |
| 73 | summary | Text | N/A | No |
| 74 | description | Text | N/A | No |
| 75 | categories | Text (Multivalued) | N/A | No |
| 76 | flowState | Text | N/A | No |
| 77 | sources | Reference (Base model) | SOURCED_FROM | No |
| 78 | dateCreated | Date Time | N/A | No |
| 79 | lastUpdated | Date Time | N/A | No |
| 80 | createdBy | Text | N/A | No |
| 81 | updatedBy | Text | N/A | No |
FOOTNOTES
- The Order column specifies the order of attributes being calculated in data computation.
- The attribute names are used in Brinqa Query Language (BQL) queries and Brinqa Condition Language (BCL) predicates.
- In the Type column, Calculated means that the value of the attribute is computed by executing a script. The text in the parentheses after Calculated denotes the type of the outcome.
- In the Type column, Reference means that two data models are related. The name in the parentheses after Reference indicates the other data model.
- The Relationship Type column only applies to the Reference type attributes. You can use the relationship type keyword in BQL queries.