Finding

finding

🚧 WARNING: DEPRECATED

Finding has been deprecated since 1.0.0. Use the new finding_info object.

The Finding object describes metadata related to a security finding generated by a security tool or system.

Attributes

CaptionNameTypeDescription
Created Timecreated_timeTimestampThe time when the finding was created.
DescriptiondescStringThe description of the reported finding.
First Seenfirst_seen_timeTimestampThe time when the finding was first observed.
Last Seenlast_seen_timeTimestampThe time when the finding was most recently observed.
Modified Timemodified_timeTimestampThe time when the finding was last modified.
ProductproductProduct[]Details about the product that reported the finding.
Product Identifierproduct_uidStringThe unique identifier of the product that reported the finding.

🚧 WARNING: DEPRECATED

Product Identifier has been deprecated since 1.4.0. Use the uid attribute in the product object instead. See specific usage.

Raw Dataraw_dataJSONGroup:context

The event data as received from the event source.
Record IDrecord_idStringGroup:primary

Unique identifier for the object
Remediation GuidanceremediationRemediation[]Describes the recommended remediation steps to address identified issue(s).
Source URLsrc_urlURL StringEntity:URL_STRING

The URL pointing to the source of the finding.
Supporting Datasupporting_dataJSONAdditional data supporting a finding as provided by security tool
TitletitleStringA title or a brief phrase summarizing the reported finding.
TypestypesString[]One or more types of the reported finding.
Unique IDuidStringThe unique identifier of the reported finding.
UnmappedunmappedUnmapped[]Data from the source that was not mapped into the schema.

Relationships

Finding shown in context

Inbound Relationships

These objects and events reference Finding in their attributes:

Outbound Relationships

Finding references the following objects and events in its attributes:

This page describes qdm-1.5.1+ocsf-1.6.0