Advisory

advisory

The Advisory object represents publicly disclosed cybersecurity vulnerabilities defined in a Secruity advisory. e.g. Microsoft KB Article, Apple Security Advisory

Attributes

CaptionNameTypeDescription
Average Timespanavg_timespanTime Span[]

The average time to patch.

Patch BulletinbulletinString

The Advisory bulletin identifier.

ClassificationclassificationString

The vendors classification of the Advisory.

Created Timecreated_timeTimestamp

The time when the Advisory record was created.

DescriptiondescString

A brief description of the Advisory Record.

Install Stateinstall_stateString

The install state of the Advisory.

Install State IDinstall_state_idInteger

The normalized install state ID of the Advisory.

  • 0: Unknown (UNKNOWN)
  • 1: Installed (INSTALLED)
  • 2: Not Installed (NOT_INSTALLED)
  • 3: Installed Pending Reboot (INSTALLED_PENDING_REBOOT)
  • 99: Other (OTHER)
The patch is superseded.is_supersededBoolean

The Advisory has been replaced by another.

Modified Timemodified_timeTimestamp

The time when the Advisory record was last updated.

OSosOperating System (OS)[]

The operating system the Advisory applies to.

ProductproductProduct[]

The product where the vulnerability was discovered.

Raw Dataraw_dataJSON

Group:context
The event data as received from the event source.

Record IDrecord_idString

Group:primary
Unique identifier for the object

ReferencesreferencesString[]

A list of reference URLs with additional information about the vulnerabilities disclosed in the Advisory.

SizesizeLong

The size in bytes for the Advisory. Usually populated for a KB Article patch.

Source URLsrc_urlURL String

Entity:URL_STRING
The Advisory link from the source vendor.

TitletitleString

A title or a brief phrase summarizing the Advisory.

Advisory IDuidString

The unique number assigned to the disclosed vulnerability.

UnmappedunmappedUnmapped[]

Data from the source that was not mapped into the schema.

Relationships

Advisory shown in context

Inbound Relationships

These objects and events reference Advisory in their attributes:

Outbound Relationships

Advisory references the following objects and events in its attributes:

This page describes ocsf-1.4.0