Finding Definition Data Model
The Finding Definition data model is a definition that contains all common attributes for any given finding. It extends the Entity Model data model.
The following table details the default attributes of the Finding Definition data model:
Order | Attribute Name | Attribute Type | Relationship Type | Required |
---|---|---|---|---|
1 | cveIds | Text (Multivalued) | N/A | No |
2 | cweIds | Text (Multivalued) | N/A | No |
3 | cvssV2BaseScore | Number | N/A | No |
4 | cvssV2TemporalScore | Number | N/A | No |
5 | cvssV2Severity | Text | N/A | No |
6 | cvssV2Vector | Text | N/A | No |
7 | cvssV2AttackVector | Text | N/A | No |
8 | cvssV2AccessComplexity | Text | N/A | No |
9 | cvssV2Authentication | Text | N/A | No |
10 | cvssV2ConfidentialityImpact | Text | N/A | No |
11 | cvssV2IntegrityImpact | Text | N/A | No |
12 | cvssV2AvailabilityImpact | Text | N/A | No |
13 | cvssV2Exploitability | Text | N/A | No |
14 | cvssV2RemediationLevel | Text | N/A | No |
15 | cvssV2ReportConfidence | Text | N/A | No |
16 | cvssV3BaseScore | Number | N/A | No |
17 | cvssV3TemporalScore | Number | N/A | No |
18 | cvssV3Severity | Text | N/A | No |
19 | cvssV3Vector | Text | N/A | No |
20 | cvssV3AttackVector | Text | N/A | No |
21 | cvssV3AttackComplexity | Text | N/A | No |
22 | cvssV3PrivilegesRequired | Text | N/A | No |
23 | cvssV3UserInteraction | Text | N/A | No |
24 | cvssV3ConfidentialityImpact | Text | N/A | No |
25 | cvssV3IntegrityImpact | Text | N/A | No |
26 | cvssV3AvailabilityImpact | Text | N/A | No |
27 | cvssV3ExploitCodeMaturity | Text | N/A | No |
28 | cvssV3RemediationLevel | Text | N/A | No |
29 | cvssV3ReportConfidence | Text | N/A | No |
30 | category | Text | N/A | No |
31 | severity | Single Choice | N/A | No |
32 | severityNumber | Number | N/A | No |
33 | source | Text | N/A | No |
34 | patchAvailable | True False | N/A | No |
35 | recommendation | Text | N/A | No |
36 | affected | Text (Multivalued) | N/A | No |
37 | weaknesses | Reference (Weakness) | EXPLOITS | No |
38 | cveRecords | Reference (CVE record) | RELATES_TO | No |
39 | references | Text (Multivalued) | N/A | No |
40 | exploits | Text (Multivalued) | N/A | No |
41 | malware | Text (Multivalued) | N/A | No |
42 | publishedDate | Date Time | N/A | No |
43 | patchPublishedDate | Date Time | N/A | No |
44 | sourceCreatedDate | Date Time | N/A | No |
45 | sourceLastModified | Date Time | N/A | No |
46 | baseRiskScore | Number | N/A | No |
47 | riskFactorOffset | Number | N/A | No |
48 | riskScore | Number | N/A | No |
49 | riskRating | Single Choice | N/A | No |
50 | percentageImpacted | Number | N/A | No |
51 | firstDetected | Date Time | N/A | No |
52 | daysToFirstDetection | Number | N/A | No |
53 | openFindingCount | Number | N/A | No |
54 | maximumCveRiskScore | Number | N/A | No |
55 | associatedCvesIsCisaExploitable | True False | N/A | No |
56 | associatedCvesMaximumEpssLikelihood | Number | N/A | No |
57 | numberOutOfCompliance | Number | N/A | No |
58 | complianceStatus | Single Choice | N/A | No |
59 | findingType | Category | N/A | No |
60 | profiles | Category | N/A | No |
61 | technologies | Category | N/A | No |
62 | riskScoringModel | Risk Scoring Model | N/A | No |
63 | riskFactors | Risk Factors | N/A | No |
64 | uid | Text | N/A | Yes |
65 | dataModelName | Calculated (Text) | N/A | No |
66 | sourceUids | Text (Multivalued) | N/A | No |
67 | connectorCategories | Text (Multivalued) | N/A | No |
68 | connectorNames | Text (Multivalued) | N/A | No |
69 | dataIntegrationTitles | Text (Multivalued) | N/A | No |
70 | sourcesIcons | Source data models icons | N/A | No |
71 | name | Text | N/A | No |
72 | displayName | Text | N/A | Yes |
73 | summary | Text | N/A | No |
74 | description | Text | N/A | No |
75 | categories | Text (Multivalued) | N/A | No |
76 | flowState | Text | N/A | No |
77 | sources | Reference (Base model) | SOURCED_FROM | No |
78 | dateCreated | Date Time | N/A | No |
79 | lastUpdated | Date Time | N/A | No |
80 | createdBy | Text | N/A | No |
81 | updatedBy | Text | N/A | No |
FOOTNOTES
- The Order column specifies the order of attributes being calculated in data computation.
- The attribute names are used in Brinqa Query Language (BQL) queries and Brinqa Condition Language (BCL) predicates.
- In the Type column, Calculated means that the value of the attribute is computed by executing a script. The text in the parentheses after Calculated denotes the type of the outcome.
- In the Type column, Reference means that two data models are related. The name in the parentheses after Reference indicates the other data model.
- The Relationship Type column only applies to the Reference type attributes. You can use the relationship type keyword in BQL queries.