- Print
- DarkLight
Article summary
Did you find this summary helpful?
Thank you for your feedback
Caption | Name | Requirement | Type | Description |
---|---|---|---|---|
End Time | active | optional | :ref:`boolean_t <boolean_t>` | | Derived from OCSF SecurityFinding.end_time. SecurityFinding.end_time: The end time of a time period, or the time of the most recent event included in the aggregate event. |
Start Time | created_time | optional | :ref:`timestamp_t <timestamp_t>` | | Derived from OCSF SecurityFinding.start_time. SecurityFinding.start_time: The start time of a time period, or the time of the least recent event included in the aggregate event. |
Malware CVE List/Vulnerabilities CVE | cve_cvss_base_score | optional | :ref:`float_t <float_t>` | | Derived from OCSF SecurityFinding.malware.cves or OCSF SecurityFinding.vulnerabilities.cve. SecurityFinding.malware: A list of Malware objects, describing details about the identified malware. Malware.cves: List of Common Vulnerabilities and Exposures (`CVE <https://cve.mitre.org/>`_). SecurityFinding.vulnerabilities: This object describes vulnerabilities reported in a security finding. Vulnerability.cve: The Common Vulnerabilities and Exposures (`CVE <https://cve.mitre.org/>`_). |
Malware CVE List/Vulnerabilities CVE | cve_cvss_severity | optional | :ref:`string_t <string_t>` | | Derived from OCSF SecurityFinding.malware.cves or OCSF SecurityFinding.vulnerabilities.cve. SecurityFinding.malware: A list of Malware objects, describing details about the identified malware. Malware.cves: List of Common Vulnerabilities and Exposures (`CVE <https://cve.mitre.org/>`_). SecurityFinding.vulnerabilities: This object describes vulnerabilities reported in a security finding. Vulnerability.cve: The Common Vulnerabilities and Exposures (`CVE <https://cve.mitre.org/>`_). |
Malware CVE List/Vulnerabilities CVE | cve_cvss_version | optional | :ref:`string_t <string_t>` | | Derived from OCSF SecurityFinding.malware.cves or OCSF SecurityFinding.vulnerabilities.cve. SecurityFinding.malware: A list of Malware objects, describing details about the identified malware. Malware.cves: List of Common Vulnerabilities and Exposures (`CVE <https://cve.mitre.org/>`_). SecurityFinding.vulnerabilities: This object describes vulnerabilities reported in a security finding. Vulnerability.cve: The Common Vulnerabilities and Exposures (`CVE <https://cve.mitre.org/>`_). |
Malware CVE List/Vulnerabilities CVE | cve_type | optional | :ref:`string_t <string_t>` | | Derived from OCSF SecurityFinding.malware.cves or OCSF SecurityFinding.vulnerabilities.cve. SecurityFinding.malware: A list of Malware objects, describing details about the identified malware. Malware.cves: List of Common Vulnerabilities and Exposures (`CVE <https://cve.mitre.org/>`_). SecurityFinding.vulnerabilities: This object describes vulnerabilities reported in a security finding. Vulnerability.cve: The Common Vulnerabilities and Exposures (`CVE <https://cve.mitre.org/>`_). |
Malware CVE List/Vulnerabilities CVE | cve_uid | required | :ref:`string_t <string_t>` | | Derived from OCSF SecurityFinding.malware.cves or OCSF SecurityFinding.vulnerabilities.cve. SecurityFinding.malware: A list of Malware objects, describing details about the identified malware. Malware.cves: List of Common Vulnerabilities and Exposures (`CVE <https://cve.mitre.org/>`_). SecurityFinding.vulnerabilities: This object describes vulnerabilities reported in a security finding. Vulnerability.cve: The Common Vulnerabilities and Exposures (`CVE <https://cve.mitre.org/>`_). |
DataBee Device ID | device_id | required | :ref:`integer_t <integer_t>` | | Derived from OCSF SecurityFinding.device_id. SecurityFinding.device_id: This is the id that DataBee uses to link this to a specific device. |
End Time | due_date | optional | :ref:`timestamp_t <timestamp_t>` | | Derived from OCSF SecurityFinding.end_time. SecurityFinding.end_time: The end time of a time period, or the time of the most recent event included in the aggregate event. |
End Time | end_time | optional | :ref:`timestamp_t <timestamp_t>` | | Derived from OCSF SecurityFinding.end_time. SecurityFinding.end_time: The end time of a time period, or the time of the most recent event included in the aggregate event. |
Malware CVE List/Vulnerabilities CVE | id | required | :ref:`integer_t <integer_t>` | | Derived from OCSF SecurityFinding.malware.cves and OCSF SecurityFinding.vulnerabilities.cve. SecurityFinding.malware: A list of Malware objects, describing details about the identified malware. Malware.cves: List of Common Vulnerabilities and Exposures (`CVE <https://cve.mitre.org/>`_). SecurityFinding.vulnerabilities: This object describes vulnerabilities reported in a security finding. Vulnerability.cve: The Common Vulnerabilities and Exposures (`CVE <https://cve.mitre.org/>`_). |
Record Created At | record_created_at | required | :ref:`timestamp_t <timestamp_t>` | | CDPs generated timestamp when record was created. |
Record Updated At | record_updated_at | required | :ref:`timestamp_t <timestamp_t>` | | CDPs generated timestamp when record was last updated. |
Malware CVE List | software_application | optional | :ref:`json_t <json_t>` | | Derived from OCSF SecurityFinding.malware.cves. SecurityFinding.malware: A list of Malware objects, describing details about the identified malware. Malware.cves: List of Common Vulnerabilities and Exposures (`CVE <https://cve.mitre.org/>`_). |
Application Vendor Name/Application Version/Application Name/Application Unique ID | application_id | required | :ref:`integer_t <integer_t>` | | Derived from CORE_DATA SoftwareApplication.id. SoftwareApplication.id: Derived from OCSF ApplicationLifecycle.app.vendor_name and OCSF ApplicationLifecycle.app.version and OCSF ApplicationLifecycle.app.name and OCSF ApplicationLifecycle.app.uid. ApplicationLifecycle.app: The application that was affected by the lifecycle event. This also applies to self-updating application systems. Product.vendor_name: The name of the vendor of the product. ApplicationLifecycle.app: The application that was affected by the lifecycle event. This also applies to self-updating application systems. Product.version: The version of the product, as defined by the event source. For example: ``2013.1.3-beta``. ApplicationLifecycle.app: The application that was affected by the lifecycle event. This also applies to self-updating application systems. Product.name: The name of the product. ApplicationLifecycle.app: The application that was affected by the lifecycle event. This also applies to self-updating application systems. Product.uid: The unique identifier of the product. |
Data Sources/Metadata Product | sources | optional | :ref:`string_t Array <string_t>` | | Derived from OCSF SecurityFinding.data_sources or OCSF SecurityFinding.metadata_.product. SecurityFinding.data_sources: A list of data sources utilized in generation of the finding. SecurityFinding.metadata_: The metadata associated with the event or a finding. Metadata.product: The product that reported the event. |
Finding Unique ID | uid | required | :ref:`string_t <string_t>` | | Derived from OCSF SecurityFinding.finding.uid. SecurityFinding.finding: The Finding object provides details about a finding/detection generated by a security tool. Finding.uid: The unique identifier of the reported finding. |
Vulnerabilities Severity | vulnerability_severity | optional | :ref:`string_t <string_t>` | | Derived from OCSF SecurityFinding.vulnerabilities.severity. SecurityFinding.vulnerabilities: This object describes vulnerabilities reported in a security finding. Vulnerability.severity: The Common Vulnerability Scoring System (CVSS) Qualitative Severity Rating. A textual representation of the numeric score. | **CVSS v2.0** | * Low (0.0 – 3.9) | * Medium (4.0 – 6.9) | * High (7.0 – 10.0) | | **CVSS v3.0** | * None (0.0) | * Low (0.1 - 3.9) | * Medium (4.0 - 6.9) | * High (7.0 - 8.9) | * Critical (9.0 - 10.0) | |
Was this article helpful?