Advisory

advisory

The Advisory object represents publicly disclosed cybersecurity vulnerabilities defined in a Security advisory. e.g. Microsoft KB Article, Apple Security Advisory, or a GitHub Security Advisory (GHSA)

Attributes

CaptionNameTypeDescription
Average Timespanavg_timespanTime Span[]The average time to patch.
Patch BulletinbulletinStringThe Advisory bulletin identifier.
ClassificationclassificationStringThe vendors classification of the Advisory.
Created Timecreated_timeTimestampThe time when the Advisory record was created.
DescriptiondescStringA brief description of the Advisory Record.
Install Stateinstall_stateStringThe install state of the Advisory.
Install State IDinstall_state_idIntegerThe normalized install state ID of the Advisory.
  • 0: Unknown (UNKNOWN)
  • 1: Installed (INSTALLED)
  • 2: Not Installed (NOT_INSTALLED)
  • 3: Installed Pending Reboot (INSTALLED_PENDING_REBOOT)
  • 99: Other (OTHER)
The patch is superseded.is_supersededBooleanThe Advisory has been replaced by another.
Modified Timemodified_timeTimestampThe time when the Advisory record was last updated.
OSosOperating System (OS)[]The operating system the Advisory applies to.
ProductproductProduct[]The product where the vulnerability was discovered.
Raw Dataraw_dataJSONGroup:context

The event data as received from the event source.
Record IDrecord_idStringGroup:primary

Unique identifier for the object
ReferencesreferencesString[]A list of reference URLs with additional information about the vulnerabilities disclosed in the Advisory.
SizesizeLongThe size in bytes for the Advisory. Usually populated for a KB Article patch.
Source URLsrc_urlURL StringEntity:URL_STRING

The Advisory link from the source vendor.
TitletitleStringA title or a brief phrase summarizing the Advisory.
Advisory IDuidStringEntity:ADVISORY_OBJECT_UID

The unique identifier assigned to the advisory or disclosed vulnerability, e.g, GHSA-5mrr-rgp6-x4gr.
UnmappedunmappedUnmapped[]Data from the source that was not mapped into the schema.

Relationships

Advisory shown in context

Inbound Relationships

These objects and events reference Advisory in their attributes:

Outbound Relationships

Advisory references the following objects and events in its attributes:

This page describes qdm-1.5.1+ocsf-1.6.0