KB Article

kb_article

The KB Article object contains metadata that describes the patch or update.

Attributes

Caption	Name	Type	Description
Average Timespan	`avg_timespan`	Time Span[]	The average time to patch.
Patch Bulletin	`bulletin`	String	The kb article bulletin identifier.
Classification	`classification`	String	The vendors classification of the kb article.
Created Time	`created_time`	Timestamp	The date the kb article was released by the vendor.
Install State	`install_state`	String	The install state of the kb article.
Install State ID	`install_state_id`	Integer	The normalized install state ID of the kb article. `0`: Unknown (`UNKNOWN`) `1`: Installed (`INSTALLED`) `2`: Not Installed (`NOT_INSTALLED`) `3`: Installed Pending Reboot (`INSTALLED_PENDING_REBOOT`) `99`: Other (`OTHER`)
The patch is superseded.	`is_superseded`	Boolean	The kb article has been replaced by another.
OS	`os`	Operating System (OS)[]	The operating system the kb article applies.
Product	`product`	Product[]	The product details the kb article applies.
Raw Data	`raw_data`	JSON	Group:`context` The event data as received from the event source.
Record ID	`record_id`	String	Group:`primary` Unique identifier for the object
Severity	`severity`	String	The severity of the kb article.
Size	`size`	Long	The size in bytes for the kb article.
Source URL	`src_url`	URL String	Entity:`URL_STRING` The kb article link from the source vendor.
Title	`title`	String	The title of the kb article.
Unique ID	`uid`	String	The unique identifier for the kb article.
Unmapped	`unmapped`	Unmapped[]	Data from the source that was not mapped into the schema.

These objects and events reference KB Article in their attributes:

KB Article references the following objects and events in its attributes:

This page describes ocsf-1.4.0