finding

🚧 WARNING: DEPRECATED

Finding has been deprecated since 1.0.0. Use the new finding_info object.

The Finding object describes metadata related to a security finding generated by a security tool or system.

Attributes

CaptionNameTypeDescription
Created Time created_time Timestamp The time when the finding was created.
Description desc String The description of the reported finding.
First Seen first_seen_time Timestamp The time when the finding was first observed.
Last Seen last_seen_time Timestamp The time when the finding was most recently observed.
Modified Time modified_time Timestamp The time when the finding was last modified.
Product product Product[] Details about the product that reported the finding.
Product Identifier product_uid String The unique identifier of the product that reported the finding.

🚧 WARNING: DEPRECATED

Product Identifier has been deprecated since 1.4.0. Use the uid attribute in the product object instead. See specific usage.

Raw Data raw_data JSON Group:context
The event data as received from the event source.
Record ID record_id String Group:primary
Unique identifier for the object
Remediation Guidance remediation Remediation[] Describes the recommended remediation steps to address identified issue(s).
Source URL src_url URL String Entity:URL_STRING
The URL pointing to the source of the finding.
Supporting Data supporting_data JSON Additional data supporting a finding as provided by security tool
Title title String A title or a brief phrase summarizing the reported finding.
Types types String[] One or more types of the reported finding.
Unique ID uid String The unique identifier of the reported finding.
Unmapped unmapped Unmapped[] Data from the source that was not mapped into the schema.

Relationships

Finding shown in context

Outbound Relationships

Finding references the following objects and events in its attributes:

This page describes ocsf-1.4.0