Advisory

advisory

The Advisory object represents publicly disclosed cybersecurity vulnerabilities defined in a Secruity advisory. e.g. Microsoft KB Article, Apple Security Advisory

Attributes

Caption	Name	Type	Description
Average Timespan	`avg_timespan`	Time Span[]	The average time to patch.
Patch Bulletin	`bulletin`	String	The Advisory bulletin identifier.
Classification	`classification`	String	The vendors classification of the Advisory.
Created Time	`created_time`	Timestamp	The time when the Advisory record was created.
Description	`desc`	String	A brief description of the Advisory Record.
Install State	`install_state`	String	The install state of the Advisory.
Install State ID	`install_state_id`	Integer	The normalized install state ID of the Advisory. `0`: Unknown (`UNKNOWN`) `1`: Installed (`INSTALLED`) `2`: Not Installed (`NOT_INSTALLED`) `3`: Installed Pending Reboot (`INSTALLED_PENDING_REBOOT`) `99`: Other (`OTHER`)
The patch is superseded.	`is_superseded`	Boolean	The Advisory has been replaced by another.
Modified Time	`modified_time`	Timestamp	The time when the Advisory record was last updated.
OS	`os`	Operating System (OS)[]	The operating system the Advisory applies to.
Product	`product`	Product[]	The product where the vulnerability was discovered.
Raw Data	`raw_data`	JSON	Group:`context` The event data as received from the event source.
Record ID	`record_id`	String	Group:`primary` Unique identifier for the object
References	`references`	String[]	A list of reference URLs with additional information about the vulnerabilities disclosed in the Advisory.
Related CVEs	`related_cves`	CVE[]	A list of Common Vulnerabilities and Exposures (CVE) identifiers related to the vulnerabilities disclosed in the Advisory.
Related CWEs	`related_cwes`	CWE[]	A list of Common Weakness Enumeration (CWE) identifiers related to the vulnerabilities disclosed in the Advisory.
Size	`size`	Long	The size in bytes for the Advisory. Usually populated for a KB Article patch.
Source URL	`src_url`	URL String	Entity:`URL_STRING` The Advisory link from the source vendor.
Title	`title`	String	A title or a brief phrase summarizing the Advisory.
Advisory ID	`uid`	String	The unique number assigned to the disclosed vulnerability.
Unmapped	`unmapped`	Unmapped[]	Data from the source that was not mapped into the schema.

Relationships

Inbound Relationships

These objects and events reference Advisory in their attributes:

Vulnerability Details

Outbound Relationships

Advisory references the following objects and events in its attributes:

This page describes ocsf-1.4.0