advisory

The Advisory object represents publicly disclosed cybersecurity vulnerabilities defined in a Secruity advisory. e.g. Microsoft KB Article, Apple Security Advisory

Attributes

CaptionNameTypeDescription
Average Timespan avg_timespan Time Span[] The average time to patch.
Patch Bulletin bulletin String The Advisory bulletin identifier.
Classification classification String The vendors classification of the Advisory.
Created Time created_time Timestamp The time when the Advisory record was created.
Description desc String A brief description of the Advisory Record.
Install State install_state String The install state of the Advisory.
Install State ID install_state_id Integer The normalized install state ID of the Advisory.
  • 0: Unknown (UNKNOWN)
  • 1: Installed (INSTALLED)
  • 2: Not Installed (NOT_INSTALLED)
  • 3: Installed Pending Reboot (INSTALLED_PENDING_REBOOT)
  • 99: Other (OTHER)
The patch is superseded. is_superseded Boolean The Advisory has been replaced by another.
Modified Time modified_time Timestamp The time when the Advisory record was last updated.
OS os Operating System (OS)[] The operating system the Advisory applies to.
Product product Product[] The product where the vulnerability was discovered.
Raw Data raw_data JSON Group:context
The event data as received from the event source.
Record ID record_id String Group:primary
Unique identifier for the object
References references String[] A list of reference URLs with additional information about the vulnerabilities disclosed in the Advisory.
Size size Long The size in bytes for the Advisory. Usually populated for a KB Article patch.
Source URL src_url URL String Entity:URL_STRING
The Advisory link from the source vendor.
Title title String A title or a brief phrase summarizing the Advisory.
Advisory ID uid String The unique number assigned to the disclosed vulnerability.
Unmapped unmapped Unmapped[] Data from the source that was not mapped into the schema.

Relationships

Advisory shown in context

Inbound Relationships

These objects and events reference Advisory in their attributes:

Outbound Relationships

Advisory references the following objects and events in its attributes:

This page describes ocsf-1.4.0