Skip to main content

Open Source Finding Definition Data Model

The Open Source Finding Definition data model is a definition that contains all common attributes for any given open source findings. It extends the Finding definition data model.

The following table details the default attributes of the Open Source Finding Definition data model:

Attribute NameAttribute TypeRelationship TypeRequired
affectedText (Multivalued)N/ANo
associatedCvesIsCisaExploitableCalculated (True False)N/ANo
associatedCvesMaximumEpssLikelihoodCalculated (Number)N/ANo
baseRiskScoreCalculated (Number)N/ANo
categoriesText (Multivalued)N/ANo
categoryTextN/ANo
complianceStatusCalculated (Single Choice)N/ANo
connectorCategoriesText (Multivalued)N/ANo
connectorNamesText (Multivalued)N/ANo
cpeRecordsReference (CPE record)AFFECTSNo
createdByTextN/ANo
cveIdsText (Multivalued)N/ANo
cveRecordsReference (CVE record)RELATES_TONo
cvssV2AccessComplexityTextN/ANo
cvssV2AccessVectorTextN/ANo
cvssV2AuthenticationTextN/ANo
cvssV2AvailabilityImpactTextN/ANo
cvssV2BaseScoreNumberN/ANo
cvssV2ConfidentialityImpactTextN/ANo
cvssV2ExploitabilityTextN/ANo
cvssV2IntegrityImpactTextN/ANo
cvssV2RemediationLevelTextN/ANo
cvssV2ReportConfidenceTextN/ANo
cvssV2SeverityTextN/ANo
cvssV2TemporalScoreNumberN/ANo
cvssV2VectorTextN/ANo
cvssV3AttackComplexityTextN/ANo
cvssV3AttackVectorTextN/ANo
cvssV3AvailabilityImpactTextN/ANo
cvssV3BaseScoreNumberN/ANo
cvssV3ConfidentialityImpactTextN/ANo
cvssV3ExploitCodeMaturityTextN/ANo
cvssV3IntegrityImpactTextN/ANo
cvssV3PrivilegesRequiredTextN/ANo
cvssV3RemediationLevelTextN/ANo
cvssV3ReportConfidenceTextN/ANo
cvssV3SeverityTextN/ANo
cvssV3TemporalScoreNumberN/ANo
cvssV3UserInteractionTextN/ANo
cvssV3VectorTextN/ANo
cweIdsText (Multivalued)N/ANo
dataIntegrationTitlesText (Multivalued)N/ANo
dataModelNameCalculated (Text)N/ANo
dateCreatedDate TimeN/ANo
daysToFirstDetectionCalculated (Number)N/ANo
descriptionText AreaN/ANo
displayNameCalculated (Text)N/AYes
exploitedInTheWildCalculated (True False)N/ANo
exploitsText (Multivalued)N/ANo
exploitsExistsCalculated (True False)N/ANo
findingTypeCategory (Finding type)ISNo
firstdetectedCalculated (Date Time)N/ANo
flowStateTextN/ANo
lastUpdatedDate TimeN/ANo
lifecycleInactiveDateDate TimeN/ANo
lifecyclePurgeDateDate TimeN/ANo
lifecycleStatusSingle ChoiceN/ANo
malwareText (Multivalued)N/ANo
maximumCveRiskScoreCalculated (Number)N/ANo
nameTextN/ANo
normalizedCweIdsCalculated (Text, Multivalued)N/AYes
normalizedAffectedProductsCalculated (Text, Multivalued)N/AYes
numberOutOfComplianceCalculated (Number)N/ANo
openFindingCountCalculated (Number)N/ANo
patchAvailableTrue FalseN/ANo
patchPublishedDateDate TimeN/ANo
percentageImpactedCalculated (Number)N/ANo
profilesCategory (Finding profile)ISNo
publishedDateDate TimeN/ANo
recommendationTextN/ANo
referencesText (Multivalued)N/ANo
riskFactorOffsetCalculated (Number)N/ANo
riskFactorsRisk FactorsN/ANo
riskRatingCalculated (Single Choice)N/ANo
riskScoreCalculated (Number)N/ANo
riskScoringModelRisk Scoring ModelN/ANo
severitySingle ChoiceN/ANo
severityScoreNumberN/ANo
sourceTextN/ANo
sourceCreatedDateDate TimeN/ANo
sourceLastModifiedDate TimeN/ANo
sourceStatusTextN/ANo
sourceUidsText (Multivalued)N/ANo
sourcesReference (Source model)SOURCED_FROMNo
sourcesIconsSource data models iconsN/ANo
summaryTextN/ANo
tagsText (Multivalued)N/ANo
technologiesCategory (Affected technology)ISNo
uidTextN/AYes
updatedByTextN/ANo
weaknessesReference (Weakness)EXPLOITSNo
FOOTNOTES
  • The attribute names are used in Brinqa Query Language (BQL) queries and Brinqa Condition Language (BCL) predicates.
  • In the Type column, Calculated means that the value of the attribute is computed by executing a script. The text in the parentheses after Calculated denotes the type of the outcome. For additional information, see Calculated attributes.
  • In the Type column, Reference means that two data models are related. The name in the parentheses after Reference indicates the other data model.
  • The Relationship Type column only applies to the Category and Reference type attributes. You can use the relationship type keyword in BQL queries.