Skip to main content

Pentest Finding Definition Data Model

The Pentest Finding Definition data model is a definition that contains all common attributes for any given penetration test findings. It extends the Finding definition data model.

The following table details the default attributes of the Pentest Finding Definition data model:

Attribute NameAttribute TypeRelationship TypeRequired
affectedText (Multivalued)N/ANo
associatedCvesIsCisaExploitableCalculated (True False)N/ANo
associatedCvesMaximumEpssLikelihoodCalculated (Number)N/ANo
baseRiskScoreCalculated (Number)N/ANo
categoriesText (Multivalued)N/ANo
categoryTextN/ANo
complianceStatusCalculated (Single Choice)N/ANo
connectorCategoriesText (Multivalued)N/ANo
connectorNamesText (Multivalued)N/ANo
cpeRecordsReference (CPE record)AFFECTSNo
createdByTextN/ANo
cveIdsText (Multivalued)N/ANo
cveRecordsReference (CVE record)RELATES_TONo
cvssV2AccessComplexitySingle ChoiceN/ANo
cvssV2AccessVectorSingle ChoiceN/ANo
cvssV2AuthenticationSingle ChoiceN/ANo
cvssV2AvailabilityImpactSingle ChoiceN/ANo
cvssV2BaseScoreNumberN/ANo
cvssV2ConfidentialityImpactSingle ChoiceN/ANo
cvssV2ExploitabilitySingle ChoiceN/ANo
cvssV2IntegrityImpactSingle ChoiceN/ANo
cvssV2RemediationLevelSingle ChoiceN/ANo
cvssV2ReportConfidenceSingle ChoiceN/ANo
cvssV2SeverityTextN/ANo
cvssV2TemporalScoreNumberN/ANo
cvssV2VectorTextN/ANo
cvssV3AttackComplexitySingle ChoiceN/ANo
cvssV3AttackVectorSingle ChoiceN/ANo
cvssV3AvailabilityImpactSingle ChoiceN/ANo
cvssV3BaseScoreNumberN/ANo
cvssV3ConfidentialityImpactSingle ChoiceN/ANo
cvssV3ExploitCodeMaturitySingle ChoiceN/ANo
cvssV3IntegrityImpactSingle ChoiceN/ANo
cvssV3PrivilegesRequiredSingle ChoiceN/ANo
cvssV3RemediationLevelSingle ChoiceN/ANo
cvssV3ReportConfidenceSingle ChoiceN/ANo
cvssV3SeverityTextN/ANo
cvssV3TemporalScoreNumberN/ANo
cvssV3UserInteractionSingle ChoiceN/ANo
cvssV3VectorTextN/ANo
cweIdsText (Multivalued)N/ANo
dataIntegrationTitlesText (Multivalued)N/ANo
dataModelNameCalculated (Text)N/ANo
dateCreatedDate TimeN/ANo
daysToFirstDetectionCalculated (Number)N/ANo
descriptionText AreaN/ANo
displayNameCalculated (Text)N/AYes
exploitedInTheWildCalculated (True False)N/ANo
exploitsText (Multivalued)N/ANo
exploitsExistsCalculated (True False)N/ANo
findingTypeCategory (Finding type)ISNo
firstdetectedCalculated (Date Time)N/ANo
flowStateTextN/ANo
lastUpdatedDate TimeN/ANo
lifecycleInactiveDateDate TimeN/ANo
lifecyclePurgeDateDate TimeN/ANo
lifecycleStatusSingle ChoiceN/ANo
malwareText (Multivalued)N/ANo
maximumCveRiskScoreCalculated (Number)N/ANo
nameTextN/ANo
normalizedCweIdsCalculated (Text, Multivalued)N/AYes
normalizedAffectedProductsCalculated (Text, Multivalued)N/AYes
numberOutOfComplianceCalculated (Number)N/ANo
openFindingCountCalculated (Number)N/ANo
patchAvailableTrue FalseN/ANo
patchPublishedDateDate TimeN/ANo
percentageImpactedCalculated (Number)N/ANo
profilesCategory (Finding profile)ISNo
publishedDateDate TimeN/ANo
recommendationTextN/ANo
referencesText (Multivalued)N/ANo
riskFactorOffsetCalculated (Number)N/ANo
riskFactorsRisk FactorsN/ANo
riskRatingCalculated (Single Choice)N/ANo
riskScoreCalculated (Number)N/ANo
riskScoringModelRisk Scoring ModelN/ANo
severitySingle ChoiceN/ANo
severityScoreNumberN/ANo
sourceTextN/ANo
sourceCreatedDateDate TimeN/ANo
sourceLastModifiedDate TimeN/ANo
sourceStatusTextN/ANo
sourceUidsText (Multivalued)N/ANo
sourcesReference (Source model)SOURCED_FROMNo
sourcesIconsSource data models iconsN/ANo
summaryTextN/ANo
tagsText (Multivalued)N/ANo
technologiesCategory (Affected technology)ISNo
uidTextN/AYes
updatedByTextN/ANo
weaknessesReference (Weakness)EXPLOITSNo
FOOTNOTES
  • The attribute names are used in Brinqa Query Language (BQL) queries and Brinqa Condition Language (BCL) predicates.
  • In the Type column, Calculated means that the value of the attribute is computed by executing a script. The text in the parentheses after Calculated denotes the type of the outcome. For additional information, see Calculated attributes.
  • In the Type column, Reference means that two data models are related. The name in the parentheses after Reference indicates the other data model.
  • The Relationship Type column only applies to the Category and Reference type attributes. You can use the relationship type keyword in BQL queries.
Last updated on