Guides

Finding

Suggest Edits

🚧 WARNING: DEPRECATED

Finding has been deprecated since 1.0.0. Use the new finding_info object.

The Finding object describes metadata related to a security finding generated by a security tool or system.

Attributes

CaptionNameTypeDescription
Created Time created_time Timestamp The time when the finding was created.
Description desc String The description of the reported finding.
First Seen first_seen_time Timestamp The time when the finding was first observed.
Last Seen last_seen_time Timestamp The time when the finding was most recently observed.
Modified Time modified_time Timestamp The time when the finding was last modified.
Product Identifier product_uid String The unique identifier of the product that reported the finding.
Raw Data raw_data JSON The event data as received from the event source.
Record ID record_id String Unique identifier for the object
Remediation Guidance remediation Remediation[] Describes the recommended remediation steps to address identified issue(s).
Source URL src_url String The URL pointing to the source of the finding.
Supporting Data supporting_data JSON[] Additional data supporting a finding as provided by security tool
Title title String A title or a brief phrase summarizing the reported finding.
Types types String[] One or more types of the reported finding.
Unique ID uid String The unique identifier of the reported finding.
Unmapped Data unmapped Unmapped[] The attributes that are not mapped to the event schema. The names and values of those attributes are specific to the event source.

Relationships

Finding shown in context

Outbound Relationships

Finding references the following objects and events in its attributes:

This page describes qdm-1.3.2+ocsf-1.3.0

Updated 5 months ago