Skip to main content

Violation Definition Data Model

The Violation Definition data model is a definition that contains all common attributes for any given violation. It extends the Finding definition data model.

The following table details the default attributes of the Violation Definition data model:

Attribute NameAttribute TypeRelationship TypeRequired
affectedText (Multivalued)N/ANo
associatedCvesIsCisaExploitableTrue FalseN/ANo
associatedCvesMaximumEpssLikelihoodNumberN/ANo
baseRiskScoreNumberN/ANo
categoriesText (Multivalued)N/ANo
categoryTextN/ANo
complianceStatusSingle ChoiceN/ANo
connectorCategoriesText (Multivalued)N/ANo
connectorNamesText (Multivalued)N/ANo
createdByTextN/ANo
cveIdsText (Multivalued)N/ANo
cveRecordsReference (CVE record)RELATES_TONo
cvssV2AccessComplexityTextN/ANo
cvssV2AttackVectorTextN/ANo
cvssV2AuthenticationTextN/ANo
cvssV2AvailabilityImpactTextN/ANo
cvssV2BaseScoreNumberN/ANo
cvssV2ConfidentialityImpactTextN/ANo
cvssV2ExploitabilityTextN/ANo
cvssV2IntegrityImpactTextN/ANo
cvssV2RemediationLevelTextN/ANo
cvssV2ReportConfidenceTextN/ANo
cvssV2SeverityTextN/ANo
cvssV2TemporalScoreNumberN/ANo
cvssV2VectorTextN/ANo
cvssV3AttackComplexityTextN/ANo
cvssV3AttackVectorTextN/ANo
cvssV3AvailabilityImpactTextN/ANo
cvssV3BaseScoreNumberN/ANo
cvssV3ConfidentialityImpactTextN/ANo
cvssV3ExploitCodeMaturityTextN/ANo
cvssV3IntegrityImpactTextN/ANo
cvssV3PrivilegesRequiredTextN/ANo
cvssV3RemediationLevelTextN/ANo
cvssV3ReportConfidenceTextN/ANo
cvssV3SeverityTextN/ANo
cvssV3TemporalScoreNumberN/ANo
cvssV3UserInteractionTextN/ANo
cvssV3VectorTextN/ANo
cweIdsText (Multivalued)N/ANo
dataIntegrationTitlesText (Multivalued)N/ANo
dataModelNameCalculated (Text)N/ANo
dateCreatedDate TimeN/ANo
daysToFirstDetectionNumberN/ANo
descriptionTextN/ANo
displayNameTextN/AYes
exploitsText (Multivalued)N/ANo
findingTypeCategoryN/ANo
firstDetectedDate TimeN/ANo
flowStateTextN/ANo
lastUpdatedDate TimeN/ANo
malwareText (Multivalued)N/ANo
maximumCveRiskScoreNumberN/ANo
nameTextN/ANo
numberOutOfComplianceNumberN/ANo
openFindingCountNumberN/ANo
patchAvailableTrue FalseN/ANo
patchPublishedDateDate TimeN/ANo
percentageImpactedNumberN/ANo
profilesCategoryN/ANo
publishedDateDate TimeN/ANo
recommendationTextN/ANo
referencesText (Multivalued)N/ANo
riskFactorOffsetNumberN/ANo
riskFactorsRisk FactorsN/ANo
riskRatingSingle ChoiceN/ANo
riskScoreNumberN/ANo
riskScoringModelRisk Scoring ModelN/ANo
severitySingle ChoiceN/ANo
severityNumberNumberN/ANo
sourceTextN/ANo
sourceCreatedDateDate TimeN/ANo
sourceLastModifiedDate TimeN/ANo
sourcesReference (Source model)SOURCED_FROMNo
sourcesIconsSource data models iconsN/ANo
sourceUidsText (Multivalued)N/ANo
summaryTextN/ANo
tagsText (Multivalued)N/ANo
technologiesCategoryN/ANo
uidTextN/AYes
updatedByTextN/ANo
weaknessesReference (Weakness)EXPLOITSNo
FOOTNOTES
  • The attribute names are used in Brinqa Query Language (BQL) queries and Brinqa Condition Language (BCL) predicates.
  • In the Type column, Calculated means that the value of the attribute is computed by executing a script. The text in the parentheses after Calculated denotes the type of the outcome.
  • In the Type column, Reference means that two data models are related. The name in the parentheses after Reference indicates the other data model.
  • The Relationship Type column only applies to the Reference type attributes. You can use the relationship type keyword in BQL queries.