Finding
finding
🚧 WARNING: DEPRECATED
Finding has been deprecated since 1.0.0. Use the new finding_info object.
The Finding object describes metadata related to a security finding generated by a security tool or system.
Attributes
| Caption | Name | Type | Description |
|---|---|---|---|
| Created Time | created_time | Timestamp | The time when the finding was created. |
| Description | desc | String | The description of the reported finding. |
| First Seen | first_seen_time | Timestamp | The time when the finding was first observed. |
| Last Seen | last_seen_time | Timestamp | The time when the finding was most recently observed. |
| Modified Time | modified_time | Timestamp | The time when the finding was last modified. |
| Product | product | Product[] | Details about the product that reported the finding. |
| Product Identifier | product_uid | String | The unique identifier of the product that reported the finding.
|
| Raw Data | raw_data | JSON | Group: |
| Record ID | record_id | String | Group: |
| Related Events/Findings | related_events | Related Event/Finding[] | Describes events and/or other findings related to the finding as identified by the security product. Note that these events may or may not be in OCSF. |
| Remediation Guidance | remediation | Remediation[] | Describes the recommended remediation steps to address identified issue(s). |
| Source URL | src_url | URL String | Entity: |
| Supporting Data | supporting_data | JSON | Additional data supporting a finding as provided by security tool |
| Title | title | String | A title or a brief phrase summarizing the reported finding. |
| Types | types | String[] | One or more types of the reported finding. |
| Unique ID | uid | String | The unique identifier of the reported finding. |
| Unmapped | unmapped | Unmapped[] | Data from the source that was not mapped into the schema. |
Relationships
Inbound Relationships
These objects and events reference Finding in their attributes:
- Security Finding
- IP Threat Intelligence
- File Threat Intelligence
- URL Threat Intelligence
- Domain Threat Intelligence
Outbound Relationships
Finding references the following objects and events in its attributes:
This page describes qdm-1.5.1+ocsf-1.6.0
Updated 1 day ago