Finding
The Finding object describes metadata related to a security finding generated by a security tool or system.
🚧 WARNING: DEPRECATEDFinding has been deprecated since 1.0.0. Use the new
finding_info
object.
Attributes
Caption | Name | Type | Description |
---|---|---|---|
Created Time | created_time |
Timestamp | The time when the finding was created. |
Description | desc |
String | The description of the reported finding. |
First Seen | first_seen_time |
Timestamp | The time when the finding was first observed. |
Last Seen | last_seen_time |
Timestamp | The time when the finding was most recently observed. |
Modified Time | modified_time |
Timestamp | The time when the finding was last modified. |
Product Identifier | product_uid |
String | The unique identifier of the product that reported the finding. |
Raw Data | raw_data |
JSON | The event data as received from the event source. |
Record ID | record_id |
String | Unique identifier for the object |
Related Events | related_events |
Related Event[] | Describes events and/or other findings related to the finding as identified by the security product. |
Related Findings | related_findings |
Related Findings[] |
Describes findings related to a finding as identified by the security product.
|
Remediation Guidance | remediation |
Remediation[] | Describes the recommended remediation steps to address identified issue(s). |
Source URL | src_url |
String | The URL pointing to the source of the finding. |
Supporting Data | supporting_data |
JSON[] | Additional data supporting a finding as provided by security tool |
Title | title |
String | A title or a brief phrase summarizing the reported finding. |
Types | types |
String[] | One or more types of the reported finding. |
Unique ID | uid |
String | The unique identifier of the reported finding. |
Unmapped Data | unmapped |
Unmapped[] | The attributes that are not mapped to the event schema. The names and values of those attributes are specific to the event source. |
Relationships
Outbound Relationships
Finding references the following objects and events in its attributes:
This page describes qdm-1.3.2+ocsf-1.3.0
Updated about 2 months ago