Understanding the reporting data model: Facts
See related sections:
The following facts are provided by the Reporting Data Model. Each fact table provides access to only information allowed by the configuration of the report. Any vulnerability status, severity or category filters will be applied in the facts, only allowing those results, findings, and counts for vulnerabilities in the scope to be exposed. Similarly, only assets within the scope of the report configuration are made available in the fact tables. By default, all facts are interpreted to be asset-centric, and therefore expose information for all assets in the scope of the report, regardless as to whether they were configured to be in scope with the use of an asset, scan, asset group, or site selection.
Note: Data model 2.0.0 exposes information about linking assets across sites. All previous information is still available, and in the same format. As of data model 2.0.0, there is a sites column in the dim_asset dimension that lists the sites to which an asset belongs.
For each fact, a dimensional star or snowflake schema is provided. For brevity and readability, only one level in a snowflake schema is detailed, and only two levels of dimensions are displayed. For more information on the attributes of these dimensions, refer to the Dimensions section below.
When dates are displayed as measures of facts, they will always be converted to match the time zone specified in the report configuration.
Only data from fully completed scans of assets are included in the facts. Results from aborted or interrupted scans will not be included.
Common measures
It will be helpful to keep in mind some characteristics of certain measures that appear in the following tables.
asset_compliance
This attribute measures the ratio of assets that are compliant with the policy rule to the total number of assets that were tested for the policy rule.
assets
This attribute measures the number of assets within a particular level of aggregation.
compliant_assets
This attribute measures the number of assets that are compliant with the policy rule (taking into account policy rule overrides.)
exploits
This attribute measures the number of distinct exploit modules that can be used exploit vulnerabilities on each asset. When the level of grain aggregates multiple assets, the total is the summation of the exploits value for each asset. If there are no vulnerabilities found on the asset or there are no vulnerabilities that can be exploited with a exploit module, the count will be zero.
malware_kits
This attribute measures the number of distinct malware kits that can be used exploit vulnerabilities on each asset. When the level of grain aggregates multiple assets, the total is the summation of the malware kits value for each asset. If there are no vulnerabilities found on the asset or there are no vulnerabilities that can be exploited with a malware kit, the count will be zero.
noncompliant_assets
This attribute measures the number of assets that are not compliant with the policy rule (taking into account policy rule overrides.)
not_applicable_assets
This attribute measures the number of assets that are not applicable for the policy rule (taking into account policy rule overrides.)
riskscore
This attribute measures the risk score of each asset, which is based on the vulnerabilities found on that asset. When the level of grain aggregates multiple assets, the total is the summation of the riskscore value for each asset.
rule_compliance
This attribute measures the ratio of policy rule test result that are compliant or not applicable to the total number of rule test results.
vulnerabilities
This attribute measures the number of vulnerabilities discovered on each asset. When the level of grain aggregates multiple assets, the total is the summation of the vulnerabilities on each asset.
If a vulnerability was discovered multiple times on the same asset, it will only be counted once per asset. This count may be zero if no vulnerabilities were found vulnerable on any asset in the latest scan, or if the scan was not configured to perform vulnerability checks (as in the case of discovery scans).
The vulnerabilities count is also provided for each severity level:
- Critical: The number of vulnerabilities that are critical.
- Severe: The number of vulnerabilities that are severe.
- Moderate: The number of vulnerabilities that are moderate.
vulnerabilities_with_exploit
This attribute measures the total number of a vulnerabilities on all assets that can be exploited with a published exploit module. When the level of grain aggregates multiple assets, the total is the summation of the vulnerabilities_with_exploit value for each asset. This value is guaranteed to be less than the total number of vulnerabilities. If no vulnerabilities are present, or none are subject to an exploit, the value will be zero.
vulnerabilities_with_malware_kit
This attribute measures the number of vulnerabilities on each asset that are exploitable with a malware kit. When the level of grain aggregates multiple assets, the total is the summation of the vulnerabilities_with_malware_kit value for each asset. This value is guaranteed to be less than the total number of vulnerabilities. If no vulnerabilities are present, or none are subject to a malware kit, the value will be zero.
vulnerability_instances
This attribute measures the number of occurrences of all vulnerabilities found on each asset.
When the level of grain aggregates multiple assets, the total is the summation of the vulnerability_instances value for each asset. This value will count each instance of a vulnerability on each asset. This value may be zero if no instances were tested or found vulnerable (e.g. discover scans).
Attributes with a timestamp datatype, such as a first_discovered, honor the time zone specified in the report configuration.
fact_all
added in version 1.1.0
Level of Grain:
The summary of the current state of all assets within the scope of the report.
Fact Type:
accumulating snapshot
Description:
Summaries of the latest vulnerability details across the entire report. This is an accumulating snapshot fact that updates after every scan of any asset within the report completes. This fact will include the data for the most recent scan of each asset that is contained within the scope of the report. As the level of aggregation is all assets in the report, this fact table is guaranteed to return one and only one row always.
Columns
|
Column |
Data type |
Nullable |
Description |
Associated dimension |
|
vulnerabilities |
bigint |
No |
The number of vulnerabilities across all assets. |
|
|
critical_vulnerabilities |
bigint |
No |
The number of critical vulnerabilities across all assets. |
|
|
severe_vulnerabilities |
bigint |
No |
The number of severe vulnerabilities across all assets. |
|
|
moderate_vulnerabilities |
bigint |
No |
The number of moderate vulnerabilities across all assets. |
|
|
malware_kits |
integer |
No |
The number of malware kits across all assets. |
|
|
exploits |
integer |
No |
The number of exploit modules across all assets. |
|
|
vulnerabilities_with_malware_kit |
integer |
No |
The number of vulnerabilities with a malware kit across all assets. |
|
|
vulnerabilities_with_exploit |
integer |
No |
The number of vulnerabilities with an exploit module across all assets. |
|
|
vulnerability_instances |
bigint |
No |
The number of vulnerability instances across all assets. |
|
|
riskscore |
double precision |
No |
The risk score across all assets. |
|
|
pci_status |
text |
No |
The PCI compliance status; either
Pass
or
Fail. |
|
Dimensional model
Dimensional model for fact_all
fact_asset
Level of Grain: An asset and its current summary information.
Fact Type: accumulating snapshot
Description: The fact_asset fact table provides the most recent information for each asset within the scope of the report. For every asset in scope there will be one record in the fact table.
Columns
|
Column |
Data type |
Nullable |
Description |
Associated dimension |
| asset_id
|
bigint
|
No |
The identifier of the asset. |
dim_asset
|
| last_scan_id
|
bigint
|
No |
The identifier of the scan with the most recent information being summarized. |
dim_scan
|
| scan_started
|
timestamp with time zone
|
No |
The date and time at which the latest scan for the asset started. |
|
| scan_finished
|
timestamp with time zone
|
No |
The date and time at which the latest scan for the asset completed. |
|
| vulnerabilities
|
bigint
|
No |
The number of all distinct vulnerabilities on the asset |
|
| critical_vulnerabilities
|
bigint
|
No |
The number of critical vulnerabilities on the asset. |
|
| severe_vulnerabilities
|
bigint
|
No |
The number of severe vulnerabilities on the asset. |
|
| moderate_vulnerabilities
|
bigint
|
No |
The number of moderate vulnerabilities on the asset. |
|
| malware_kits
|
integer
|
No |
The number of malware kits associated with any vulnerabilities discovered on the asset. |
|
| exploits
|
integer
|
No |
The number of exploits associated with any vulnerabilities discovered on the asset. |
|
| vulnerabilities_with_malware_kit
|
integer
|
No |
The number of vulnerabilities with a known malware kit discovered on the asset. |
|
| vulnerabilities_with_exploit
|
integer
|
No |
The number of vulnerabilities with a known exploit discovered on the asset. |
|
| vulnerability_instances
|
bigint |
No |
The number of vulnerability instances discovered on the asset |
|
| riskscore
|
double precision
|
No |
The risk score of the asset. |
|
|
pci_status |
text |
No |
The PCI compliance status; either Pass or Fail. |
|
| aggregated_credential_status_id |
integer |
No |
The status aggregated across all available services for the given asset in the given scan. |
dim_aggregated_credential_status |
Dimensional model
Dimensional model for fact_asset
fact_asset_date (startDate, endDate, dateInterval)
Added in version 1.1.0
Level of Grain: An asset and its summary information on a specific date.
Fact Type: periodic snapshot
Description: This fact table provides a periodic snapshot for summarized values on an asset by date. The fact table takes three dynamic arguments, which refine what data is returned. Starting from startDate and ending on endDate, a summarized value for each asset in the scope of the report will be returned for every dateInterval period of time. This will allow trending on asset information by a customizable interval of time. In terms of a chart, startDate represents the lowest value in the range, the endDate the largest value in the range, and the dateInterval is the separation of the ticks of the range axis. If an asset did not exist prior to a summarization date, it will have no record for that date value. The summarized values of an asset represent the state of the asset in the most recent scan prior to the date being summarized; therefore, if an asset has not been scanned before the next summary interval, the values for the asset will remain the same.
For example, fact_asset_date(‘2013-01-01’, ‘2014-01-01’, INTERVAL ‘1 month’) will return a row for each asset for every month in the year 2013.
Arguments
|
Column |
Data type |
Description |
| startDate
|
date
|
The first date to return summarizations for. |
| endDate
|
date
|
The last date to return summarizations for. |
| dateInterval
|
interval
|
The interval between the start and end date to return summarizations for. |
Columns
|
Column |
Data type |
Nullable |
Description |
Associated dimension |
| asset_id
|
bigint
|
No |
The identifier of the asset. |
dim_asset
|
| last_scan_id
|
bigint
|
No |
The identifier of the scan with the most recent information being summarized. |
dim_scan
|
| scan_started
|
timestamp with time zone
|
No |
The date and time at which the latest scan for the asset started. |
|
| scan_finished
|
timestamp with time zone
|
No |
The date and time at which the latest scan for the asset completed. |
|
| vulnerabilities
|
bigint
|
No |
The number of all distinct vulnerabilities on the asset |
|
| critical_vulnerabilities
|
bigint
|
No |
The number of critical vulnerabilities on the asset. |
|
| severe_vulnerabilities
|
bigint
|
No |
The number of severe vulnerabilities on the asset. |
|
| moderate_vulnerabilities
|
bigint
|
No |
The number of moderate vulnerabilities on the asset. |
|
| malware_kits
|
integer
|
No |
The number of malware kits associated with any vulnerabilities discovered on the asset. |
|
| exploits
|
integer
|
No |
The number of exploits associated with any vulnerabilities discovered on the asset. |
|
| vulnerabilities_with_malware_kit
|
integer
|
No |
The number of vulnerabilities with a known malware kit discovered on the asset. |
|
| vulnerabilities_with_exploit
|
integer
|
No |
The number of vulnerabilities with a known exploit discovered on the asset. |
|
| vulnerability_instances
|
bigint |
No |
The number of vulnerability instances discovered on the asset |
|
| riskscore
|
double precision
|
No |
The risk score of the asset. |
|
|
pci_status |
text |
No |
The PCI compliance status; either Pass or Fail. |
|
|
day |
date |
No |
The date of the summarization of the asset. |
|
Dimensional model
Dimensional model for fact_asset_date(startDate, endDate, dateInterval)
fact_asset_discovery
Level of Grain: A snapshot of the discovery dates for an asset.
Fact Type: accumulating snapshot
Description: The fact_asset_discovery fact table provides an accumulating snapshot for each asset within the scope of the report and details when the asset was first and last discovered. The discovery date is interpreted as the precise time that the asset was first communicated with during a scan, during the discovery phase of the scan. If an asset has only been scanned once both the first_discovered and last_discovered dates will be the same.
Columns
|
Column |
Data type |
Nullable |
Description |
Associated dimension |
|
asset_id |
big_int |
No |
The identifier of the asset. |
dim_asset |
|
first_discovered |
timestamp without time zone |
No |
The date and time the asset was first discovered during any scan. |
|
|
last_discovered |
timestamp without time zone |
No |
The date and time the asset was last discovered during any scan. |
|
Dimensional model
Dimensional model for fact_asset_discovery
fact_asset_group
Level of Grain: An asset group and its current summary information.
Fact Type: accumulating snapshot
Description: The fact_asset_group fact table provides the most recent information for each asset group within the scope of the report. Every asset group that any asset within the scope of the report is currently a member of will be available within the scope (not just those specified in the configuration of the report). There will be one fact record for every asset group in the scope of the report. As scans are performed against assets, the information in the fact table will accumulate the most recent information for the asset group (including discovery scans).
Columns
|
Column |
Data type |
Nullable |
Description |
Associated dimension |
asset_group_id
(as named in versions 1.2.0
and later of the data model) group_id
(as named in version 1.1.0) |
bigint
|
No |
The identifier of the asset group. |
dim_asset_group
|
| assets
|
bigint
|
No |
The number of distinct assets associated to the asset group. If the asset group contains no assets, the count will be zero. |
|
| vulnerabilities
|
bigint
|
No |
The number of all vulnerabilities discovered on assets in the asset group. |
|
| critical_vulnerabilities |
bigint
|
No |
The number of all critical vulnerabilities discovered on assets in the asset group. |
|
| severe_vulnerabilities
|
bigint
|
No |
The number of all severe vulnerabilities discovered on assets in the asset group. |
|
| moderate_vulnerabilities
|
bigint
|
No |
The number of all moderate vulnerabilities discovered on assets in the asset group. |
|
| malware_kits
|
integer
|
No |
The number of malware kits associated with vulnerabilities discovered on assets in the asset group. |
|
| exploits
|
integer
|
No |
The number of exploits associated with vulnerabilities discovered on assets in the asset group. |
|
| vulnerabilities_with_malware_kit
|
integer
|
No |
The number of vulnerabilities with a known malware kit discovered on assets in the asset group. |
|
| vulnerabilities_with_exploit
|
integer
|
No |
The number of vulnerabilities with a known exploit discovered on assets in the asset group. |
|
| vulnerability_instances
|
bigint
|
No |
The number of vulnerability instances discovered on assets in the asset group. |
|
| riskscore
|
double precision
|
No |
The risk score of the asset group. |
|
|
pci_status |
text |
No |
The PCI compliance status; either Pass or Fail. |
|
Dimensional model
Dimensional model for fact_asset_group
fact_asset_group_date (startDate, endDate, dateInterval)
Added in version 1.1.0
Level of Grain: An asset group and its summary information on a specific date.
Fact Type: periodic snapshot
Description: This fact table provides a periodic snapshot for summarized values on an asset group by date. The fact table takes three dynamic arguments, which refine what data is returned. Starting from startDate and ending on endDate, a summarized value for each asset group in the scope of the report will be returned for every dateInterval period of time. This will allow trending on asset group information by a customizable interval of time. In terms of a chart, startDate represents the lowest value in the range, the endDate the largest value in the range, and the dateInterval is the separation of the ticks of the range axis. If an asset group did not exist prior to a summarization date, it will have no record for that date value. The summarized values of an asset group represent the state of the asset group prior to the date being summarized; therefore, if the assets in an asset group have not been scanned before the next summary interval, the values for the asset group will remain the same.
For example, fact_asset_group_date(‘2013-01-01’, ‘2014-01-01’, INTERVAL ‘1 month’) will return a row for each asset group for every month in the year 2013.
Arguments
|
Column |
Data type |
Description |
| startDate
|
date
|
The first date to return summarizations for. |
| endDate
|
date
|
The last date to return summarizations for. |
| dateInterval
|
interval
|
The interval between the start and end date to return summarizations for. |
Columns
|
Column |
Data type |
Nullable |
Description |
Associated dimension |
| group_id
|
bigint
|
No |
The identifier of the asset group. |
dim_asset_group
|
| assets
|
bigint
|
No |
The number of distinct assets associated to the asset group. If the asset group contains no assets, the count will be zero. |
|
| vulnerabilities
|
bigint
|
No |
The number of all vulnerabilities discovered on assets in the asset group. |
|
| critical_vulnerabilities |
bigint
|
No |
The number of all critical vulnerabilities discovered on assets in the asset group. |
|
| severe_vulnerabilities
|
bigint
|
No |
The number of all severe vulnerabilities discovered on assets in the asset group. |
|
| moderate_vulnerabilities
|
bigint
|
No |
The number of all moderate vulnerabilities discovered on assets in the asset group. |
|
| malware_kits
|
integer
|
No |
The number of malware kits associated with vulnerabilities discovered on assets in the asset group. |
|
| exploits
|
integer
|
No |
The number of exploits associated with vulnerabilities discovered on assets in the asset group. |
|
| vulnerabilities_with_malware_kit
|
integer
|
No |
The number of vulnerabilities with a known malware kit discovered on assets in the asset group. |
|
| vulnerabilities_with_exploit
|
integer
|
No |
The number of vulnerabilities with a known exploit discovered on assets in the asset group. |
|
| vulnerability_instances
|
bigint
|
No |
The number of vulnerability instances discovered on assets in the asset group. |
|
| riskscore
|
double precision
|
No |
The risk score of the asset group. |
|
|
pci_status |
text |
No |
The PCI compliance status; either Pass or Fail. |
|
|
day |
date |
No |
The date of the summarization of the asset. |
|
Dimensional model
Dimensional model for fact_asset_group_date
fact_asset_group_policy_date
added in version 1.3.0
Type: Periodic snapshot
Description: This fact table provides a periodic snapshot for summarized policy values on an asset group by date. The fact table takes three dynamic arguments, which refine what data is returned. Starting from startDate and ending on endDate, the summarized policy value for each asset group in the scope of the report will be returned for every dateInterval period of time. This will allow trending on asset group information by a customizable interval of time. In terms of a chart, startDate represents the lowest value in the range, the endDate the largest value in the range, and the dateInterval is the separation of the ticks of the range axis. If an asset group did not exist prior to a summarization date, it will have no record for that date value. The summarized policy values of an asset group represent the state of the asset group prior to the date being summarized; therefore, if the assets in an asset group have not been scanned before the next summary interval, the values for the asset group will remain the same.
Arguments
|
Column |
Data type |
Nullable |
Description |
| startDate |
date |
No |
The first date to return summarizations for. |
| endDate |
date |
No |
The last date to return summarizations for. |
| dateInterval |
interval |
No |
The interval between the start and end date to return summarizations for. |
Columns
|
Column |
Data type |
Nullable |
Description |
Associated Dimension |
| group_id |
bigint |
Yes |
The unique identifier of the asset group. |
dim_asset |
| day |
date |
No |
The date which the summarized policy scan results snapshot is taken. |
|
| policy_id |
bigint |
Yes |
The unique identifier of the policy within a scope. |
dim_scan |
| scope |
text |
Yes |
The identifier for scope of policy. Policies that are automatically available have "Built-in" scope, whereas policies created by users have scope as "Custom". |
dim_policy |
| assets |
integer |
Yes |
The total number of assets that are in the scope of the report and associated to the asset group. |
|
| compliant_assets |
integer |
Yes |
The number of assets associated to the asset group that have not failed any while passed at least one policy rule test. |
|
| noncompliant_assets |
integer |
Yes |
The number of assets associated to the asset group that have failed at least one policy rule test. |
|
| not_applicable_assets |
integer |
Yes |
The number of assets associated to the asset group that have neither failed nor passed at least one policy rule test. |
|
| rule_compliance |
numeric |
Yes |
The ratio of rule test results that are compliant with or not applicable to the total number of rule test results. |
|
fact_asset_policy
added in version 1.2.0
Level of Grain: A policy result on an asset
Fact Type: accumulating snapshot
Description: This table provides an accumulating snapshot of policy test results on an asset. It displays a record for each policy that was tested on an asset in its most recent scan. Only policies scanned within the scope of report are included.
Columns
|
Column |
Data type |
Nullable |
Description |
Associated dimension |
|
asset_id |
bigint |
No |
The identifier of the asset |
dim_asset |
|
last_scan_id |
bigint |
No |
The identifier of the scan |
dim_scan |
|
policy_id |
bigint |
No |
The identifier of the policy |
dim_policy |
|
scope |
text |
No |
The identifier for scope of policy. Policies that are automatically available have "Built-in" scope, whereas policies created by users have scope as "Custom". |
|
|
date_tested |
timestamp without timezone |
|
The end date and time for the scan of the asset that was tested for the policy, in the time zone specified in the report configuration. |
|
| compliant_rules |
bigint |
|
The total number of each policy's rules in which all assets are compliant with the most recent scan. |
|
|
noncompliant_rules |
bigint |
|
The total number of each policy's rules which at least one asset failed in the most recent scan. |
|
|
not_applicable_rules |
bigint |
|
The total number of each policy's rules that were not applicable to the asset in the most recent scan. |
|
|
rule_compliance |
numeric |
|
The ratio of policy rule test result that are compliant or not applicable to the total number of rule test results. |
|
Dimensional model
Dimensional model for fact_asset_policy
fact_asset_policy_date
added in version 1.3.0
Type: Periodic snapshot
Description: This fact table provides a periodic snapshot for summarized policy values on an asset by date. The fact table takes three dynamic arguments, which refine what data is returned. Starting from startDate and ending on endDate, the summarized policy value for each asset in the scope of the report will be returned for every dateInterval period of time. This will allow trending on asset information by a customizable interval of time. In terms of a chart, startDate represents the lowest value in the range, the endDate the largest value in the range, and the dateInterval is the separation of the ticks of the range axis. If an asset did not exist prior to a summarization date, it will have no record for that date value. The summarized policy values of an asset represent the state of the asset prior to the date being summarized; therefore, if the assets in an asset group have not been scanned before the next summary interval, the values for the asset will remain the same.
Arguments
|
Column |
Data type |
Nullable |
Description |
| startDate |
date |
No |
The first date to return summarizations for. |
| endDate |
date |
No |
The last date to return summarizations for. |
| dateInterval |
interval |
No |
The interval between the start and end date to return summarizations for. |
Columns
|
Column |
Data type |
Nullable |
Description |
Associated Dimension |
|
asset_id |
bigint |
Yes |
The unique identifier of the asset. |
dim_asset |
| day |
date |
No |
The date which the summarized policy scan results snapshot is taken. |
|
| scan_id |
bigint |
Yes |
The unique identifier of the scan. |
dim_scan |
| policy_id |
bigint |
Yes |
The unique identifier of the policy within a scope. |
dim_policy |
| scope |
text |
Yes |
The identifier for scope of policy. Policies that are automatically available have "Built-in" scope, whereas policies created by users have scope as "Custom". |
|
| date_tested |
timestamp without time zone |
Yes |
The time the asset was tested with the policy rules. |
|
| compliant_rules |
integer |
Yes |
The number of rules that all assets are compliant with in the scan. |
|
| noncompliant_rules |
integer |
Yes |
The number of rules that at least one asset failed in the scan. |
|
| not_applicable_rules |
integer |
Yes |
The number of rules that are not applicable to the asset. |
|
| rule_compliance |
numeric |
Yes |
The ratio of rule test results that are compliant or not applicable to the total number of rule test results. |
|
fact_asset_policy_rule
added in version 1.3.0
Level of Grain: A policy rule result on an asset
Fact Type: accumulating snapshot
Description: This table provides the rule results of the most recent policy scan for an asset within the scope of the report. For each rule, only assets that are subject to that rule and that have a result in the most recent scan are counted.
Columns
|
Column |
Data type |
Nullable |
Description |
Associated dimension |
|
asset_id |
bigint |
No |
The identifier of the asset |
dim_asset |
|
policy_id |
bigint |
No |
The identifier of the policy |
dim_policy |
|
scope |
text |
No |
The identifier for scope of policy. Policies that are automatically available have "Built-in" scope, whereas policies created by users have scope as "Custom". |
|
| rule_id |
bigint |
No |
The identifier of the policy rule. |
dim_policy_rule |
| scan_id |
bigint |
No |
The identifier of the scan |
dim_scan |
| date_tested |
timestamp without timezone |
|
The end date and time for the scan of the asset that was tested for the policy, in the time zone specified in the report configuration. |
|
| status_id |
character(1) |
No |
The identifier of the status for the policy rule finding on the asset (taking into account policy rule overrides.) |
dim_policy_rule_status |
| compliance |
boolean |
No |
Whether the asset is compliant with the rule. True if and only if all of the policy checks for this rule have not failed, or the rule is overridden with the value true on the asset. |
|
| proof |
text |
Yes |
The proof of the policy checks on the asset. |
|
| override_id |
bigint |
Yes |
The unique identifier of the policy rule override that is applied to the rule on an asset. If multiple overrides apply to the rule at different levels of scope, the identifier of the override having the true effect on the rule (latest override) is returned. |
dim_policy_rule_override |
| override_ids |
bigint[] |
Yes |
The unique identifiers of the policy rule override that are applied to the rule on an asset. If multiple overrides apply to the rule at different levels of scope,
the identifier of each override is returned in a comma-separated list. |
dim_policy_rule_override |
Dimensional model
Dimensional model for fact_policy_rule
fact_asset_scan
Level of Grain: A summary of a completed scan of an asset.
Fact Type: transaction
Description: The fact_asset_scan transaction fact provides summary information of the results of a scan for an asset. A fact record will be present for every asset and scan in which the asset was fully scanned in. Only assets configured within the scope of the report and vulnerabilities filtered within the report will take part in the accumulated totals. If no vulnerabilities checks were performed during the scan, for example as a result of a discovery scan, the vulnerability related counts will be zero.
Columns
|
Column |
Data type |
Nullable |
Description |
Associated dimension |
|
scan_id |
bigint |
No |
The identifier of the scan. |
dim_scan |
|
asset_id |
bigint |
No |
The identifier of the asset. |
dim_asset |
|
scan_started |
timestamp without time zone |
No |
The time at which the scan for the asset was started. |
|
| scan_finished
|
timestamp without time zone |
No |
The time at which the scan for the asset completed. |
|
| vulnerabilities
|
bigint
|
No |
The number of vulnerabilities found on the asset during the scan. |
|
| critical_vulnerabilities
|
bigint
|
No |
The number of critical vulnerabilities found on the asset during the scan. |
|
| severe_vulnerabilities
|
bigint
|
No |
The number of severe vulnerabilities found on the asset during the scan. |
|
| moderate_vulnerabilities
|
bigint
|
No |
The number of moderate vulnerabilities found on the asset during the scan. |
|
| malware_kits
|
integer
|
No |
The number of malware kits associated with vulnerabilities discovered during the scan. |
|
|
exploits |
integer |
No |
The number of exploits associated with vulnerabilities discovered during the scan. |
|
| vulnerabilities_with_malware_kit
|
integer |
No |
The number of vulnerabilities with a known malware kit discovered during the scan. |
|
| vulnerabilities_with_exploit
|
integer |
No |
The number of vulnerabilities with a known exploit discovered during the scan. |
|
| vulnerability_instances
|
bigint |
No |
The number of vulnerability instances found discovered during the scan. |
|
|
riskscore |
double precision |
No |
The risk score for the scan. |
|
|
pci_status |
text |
No |
The PCI compliance status; either Pass or Fail. |
|
| aggregated_credential_status_id |
integer |
No |
The status aggregated across all available services for the given asset in the given scan. |
dim_aggregated_credential_status |
Dimensional model
Dimensional model for fact_asset_scan
fact_asset_scan_operating_system
Level of Grain: An operating system fingerprint on an asset in a scan.
Fact Type: transaction
Description: The fact_asset_operating_system fact table provides the operating systems fingerprinted on an asset in a scan. The operating system fingerprints represent all the potential fingerprints collected during a scan that can be chosen as the primary or best operating system fingerprint on the asset. If an asset had no fingerprint acquired during a scan, it will have a record with values indicating an unknown fingerprint.
Columns
|
Column |
Data type |
Nullable |
Description |
Associated dimension |
|
asset_id |
bigint |
No |
The identifier of the asset the operating system is associated to. |
dim_asset |
|
scan_id |
bigint |
No |
The identifier of the scan the asset was fingerprinted in. |
dim_scan |
|
operating_system_id |
bigint |
No |
The identifier of the operating system that was fingerprinted on the asset in the scan. If a fingerprint was not found, the value will be -1. |
dim_operating_system |
|
fingerprint_source_id |
integer |
No |
The identifier of the source that was used to acquire the fingerprint. If a fingerprint was not found, the value will be -1. |
dim_fingerprint_source |
|
certainty |
real |
No |
A value between 0 and 1 that represents the confidence level of the fingerprint. If a fingerprint was not found, the value will be 0. |
|
Dimensional model
Dimensional model for fact_asset_scan_operating_system
fact_asset_scan_policy
Available in version 1.2.0
Level of Grain: A policy result for an asset in a scan
Fact Type: transaction
Description: This table provides the details of policy test results on an asset during a scan. Each record provides the policy test results for an asset for a specific scan. Only policies within the scope of report are included.
Columns
Note: As of version 1.3.0, passed_rules and failed_rules are now called compliant_rules and noncompliant_rules.
|
Column |
Data Type |
Nullable |
Description |
Associated Dimension |
|
asset_id |
bigint |
No |
The identifier of the asset |
dim_asset |
|
scan_id |
bigint |
No |
The identifier of the scan |
dim_scan |
|
policy_id |
bigint |
No |
The identifier of the policy |
dim_policy |
|
scope |
text |
No |
The identifier for scope of policy. Policies that are automatically available have "Built-in" scope, whereas policies created by users have scope as "Custom". |
|
|
date_tested |
timestamp without timezone |
|
The end date and time for the scan of the asset that was tested for the policy, in the time zone specified in the report configuration. |
|
|
compliant_rules |
bigint |
|
The total number of each policy's rules for which the asset passed in the most recent scan. |
|
|
noncompliant_rules |
bigint |
|
The total number of each policy's rules for which the asset failed in the most recent scan. |
|
|
not_applicable_rules |
bigint |
|
The total number of each policy's rules that were not applicable to the asset in the most recent scan. |
|
|
rule_compliance |
numeric |
|
The ratio of policy rule test result that are compliant or not applicable to the total number of rule test results. |
|
Dimensional model
Dimensional model for fact_asset_scan_policy
fact_asset_scan_software
Level of Grain: A fingerprint for an installed software on an asset in a scan.
Fact Type: transaction
Description: The fact_asset_scan_software fact table provides the installed software packages enumerated or detected during a scan of an asset. If an asset had no software packages enumerated in a scan there will be no records in this fact.
Columns
|
Column |
Data type |
Nullable |
Description |
Associated dimension |
|
asset_id |
bigint |
No |
The identifier of the asset |
dim_asset
|
|
scan_id |
bigint |
No |
The identifier of the scan . |
dim_scan
|
|
software_id |
bigint |
No |
The identifier of the software fingerprinted. |
dim_software
|
|
fingerprint_source_id |
bigint |
No |
The identifier of the source used to fingerprint the software. |
dim_fingerprint_source
|
Dimensional model
Dimensional model for fact_asset_scan_software
fact_asset_scan_service
Level of Grain: A service detected on an asset in a scan.
Fact Type: transaction
Description: The fact_asset_scan_service fact table provides the services detected during a scan of an asset. If an asset had no services enumerated in a scan there will be no records in this fact.
Columns
|
Column |
Data type |
Nullable |
Description |
Associated dimension |
|
asset_id |
bigint |
No |
The identifier of the asset. |
dim_asset
|
|
scan_id |
bigint |
No |
The identifier of the scan. |
dim_scan
|
|
date |
timestamp without time zone |
No |
The date and time at which the service was enumerated. |
|
|
service_id |
integer |
No |
The identifier of the service. |
dim_service
|
|
protocol_id |
smallint |
No |
The identifier of the protocol the service was utilizing. |
dim_protocol
|
|
port |
integer |
No |
The port the service was running on. |
|
|
service_fingerprint_id |
bigint |
No |
The identifier of the fingerprint of the service describing the configuration of the service. |
dim_service_fingerprint
|
| credential_status_id |
smallint |
No |
The result of the user-provided credentials per asset per scan
per service. Services for which credential status is assessed are: SNMP, SSH, Telnet and CIFS. |
dim_credential_status |
Dimensional model
Dimensional model for fact_asset_scan_service
fact_asset_scan_vulnerability_finding
Added in version 1.1.0
Level of Grain: A vulnerability finding on an asset in a scan.
Fact Type: transaction
Description: This fact tables provides an accumulating snapshot for all vulnerability findings on an asset in every scan of the asset. This table will display a record for each unique vulnerability discovered on each asset in the every scan of the asset. If multiple occurrences of the same vulnerability are found on the asset, they will be rolled up into a single row with a vulnerability_instances count greater than one. Only vulnerabilities with no active exceptions applies will be displayed.
Dimensional model
Dimensional model for fact_asset_scan_vulnerability_finding
fact_asset_scan_vulnerability_instance
added in version 1.1.0
Level of Grain: A vulnerability instance on an asset in a scan.
Fact Type: transaction
Description: The > fact_asset_scan_vulnerability_instance fact table provides the details of a vulnerability instance discovered during a scan of an asset. Only vulnerability instances found to be vulnerable and with no exceptions actively applied will be present within the fact table. A vulnerability instance is a unique vulnerability result found discovered on the asset. If the multiple occurrences of the same vulnerability are found on the asset, one row will be present for each instance.
Columns
|
Column |
Data type |
Nullable |
Description |
Associated dimension |
|
asset_id |
bigint |
No |
The identifier of the asset . |
dim_asset
|
|
scan_id |
bigint |
No |
The identifier of the scan. |
dim_scan
|
|
vulnerability_id |
integer |
No |
The identifier of the vulnerability the finding is for. |
dim_vulnerability
|
|
date |
timestamp without time zone |
No |
The date and time at which the vulnerability finding was detected. This time is the time at which the asset completed scanning during the scan. |
|
|
status_id |
character(1) |
No |
The identifier of the status of the vulnerability finding that indicates the level of confidence of the finding. |
dim_vulnerability_status
|
|
proof |
text |
No |
The proof indicating the reason that the vulnerability exists. The proof is exposed in formatting markup that can be striped using the function
proofAsText . |
|
|
key |
text |
Yes |
The secondary identifier of the vulnerability finding that discriminates the result from similar results of the same vulnerability on the same asset. This value is optional and will be null when a vulnerability does not need a secondary discriminator. |
|
|
service_id |
integer |
No |
The service the vulnerability was discovered on, or -1 if the vulnerability is not associated with a service. |
dim_service
|
|
port |
integer |
No |
The port on which the vulnerable service was running, or -1 if the vulnerability is not associated with a service. |
|
|
protocol_id |
integer |
No |
The protocol the vulnerable service was running, or -1 if the vulnerability is not associated with a service. |
dim_protocol
|
Dimensional model
Dimensional model for fact_asset_scan_vulnerability_instance
fact_asset_scan_vulnerability_instance_excluded
added in version 1.1.0
Level of Grain: A vulnerability instance on an asset in a scan with an active vulnerability exception applied.
Fact Type: transaction
Description: The fact_asset_scan_vulnerability_instance_excluded fact table provides the details of a vulnerability instance discovered during a scan of an asset with an exception applied. Only vulnerability instances found to be vulnerable and with exceptions actively applied will be present within the fact table. If the multiple occurrences of the same vulnerability are found on the asset, one row will be present for each instance.
Columns
|
Column |
Data type |
Nullable |
Description |
Associated dimension |
| asset_id
|
bigint
|
No |
The identifier of the asset. |
dim_asset
|
| scan_id
|
bigint
|
No |
The identifier of the scan. |
dim_scan
|
| vulnerability_id
|
integer
|
No |
The identifier of the vulnerability. |
dim_vulnerability
|
| date
|
timestamp without time zone
|
No |
The date and time at which the vulnerability finding was detected. This time is the time at which the asset completed scanning during the scan. |
|
| status_id
|
character(1)
|
No |
The identifier of the status of the vulnerability finding that indicates the level of confidence of the finding. |
dim_vulnerability_status
|
| proof
|
text
|
No |
The proof indicating the reason that the vulnerability exists. The proof is exposed in formatting markup that can be striped using the function
proofAsText . |
|
| key
|
text
|
Yes |
The secondary identifier of the vulnerability finding that discriminates the result from similar results of the same vulnerability on the same asset. This value is optional and will be null when a vulnerability does not need a secondary discriminator. |
|
| service_id
|
integer
|
No |
The service the vulnerability was discovered on, or -1 if the vulnerability is not associated with a service. |
dim_service
|
| port
|
integer
|
No |
The port on which the vulnerable service was running, or -1 if the vulnerability is not associated with a service. |
|
| protocol_id
|
integer
|
No |
The protocol the vulnerable service was running, or -1 if the vulnerability is not associated with a service. |
dim_protocol
|
Dimensional model
Dimensional model for fact_asset_scan_vulnerability_instance_excluded
fact_asset_vulnerability_age
Added in version 1.2.0
Level of Grain: A vulnerability on an asset.
Fact Type: accumulating snapshot
Description: This fact table provides an accumulating snapshot for vulnerability age and occurrence information on an asset. For every vulnerability to which an asset is currently vulnerable, there will be one fact record. The record indicates when the vulnerability was first found, last found, and its current age. The age is computed as the difference between the time the vulnerability was first discovered on the asset, and the current time. If the vulnerability was temporarily remediated, but rediscovered, the age will be from the first discovery time. If a vulnerability was found on a service, remediated and discovered on another service, the age is still computed as the first time the vulnerability was found on any service on the asset.
Columns
|
Column |
Data type |
Nullable |
Description |
Associated dimension |
|
asset_id |
bigint |
No |
The unique identifier of the asset. |
dim_asset
|
|
vulnerability_id |
integer |
No |
The unique identifier of the vulnerability. |
dim_vulnerability
|
|
age |
interval |
No |
The age of the vulnerability on the asset, in the interval format. |
|
|
age_in_days |
numeric |
No |
The age of the vulnerability on the asset, specified in days. |
|
|
first_discovered |
timestamp without timezone |
No |
The date on which the vulnerability was first discovered on the asset. |
|
|
most_recently_discovered |
timestamp without timezone |
No |
The date on which the vulnerability was most recently discovered on the asset. |
|
fact_asset_vulnerability_finding
Added in version 1.2.0
Level of Grain: A vulnerability finding on an asset.
Fact Type: accumulating snapshot
Description: This fact tables provides an accumulating snapshot for all current vulnerability findings on an asset. This table will display a record for each unique vulnerability discovered on each asset in the most recent scan of the asset. If multiple occurrences of the same vulnerability are found on the asset, they will be rolled up into a single row with a vulnerability_instances count greater than one. Only vulnerabilities with no active exceptions applies will be displayed.
Columns
|
Column |
Data type |
Nullable |
Description |
Associated dimension |
|
asset_id |
bigint |
No |
The identifier of the asset. |
dim_asset
|
|
scan_id |
bigint |
No |
The identifier of the last scan for the asset in which the vulnerability was detected. |
dim_scan
|
|
vulnerability_id |
integer |
No |
The identifier of the vulnerability. |
dim_vulnerability
|
|
vulnerability_instances |
bigint |
No |
The number of occurrences of the vulnerability detected on the asset, guaranteed to be greater than or equal to one. |
|
|
vulnerability_instances |
bigint |
No |
The number of occurrences of the vulnerability detected on the asset, guaranteed to be greater than or equal to one. |
|
Dimensional model
Dimensional model for fact_asset_vulnerability_finding
fact_asset_vulnerability_instance
Level of Grain: A vulnerability instance on an asset.
Fact Type: accumulating snapshot
Description: This table provides an accumulating snapshot for all current vulnerability instances on an asset. Only vulnerability instance found to be vulnerable and with no exceptions actively applied will be present within the fact table. If the multiple occurrences of the same vulnerability are found on the asset, a row will be present for each instance.
Columns
|
Column |
Data type |
Nullable |
Description |
Associated dimension |
| asset_id
|
bigint
|
No |
The identifier of the asset. |
dim_asset
|
| scan_id
|
bigint |
No |
The identifier of the scan the vulnerability instance was found in. |
dim_scan |
| vulnerability_id
|
integer
|
No |
The identifier of the vulnerability. |
dim_vulnerability
|
| vulnerability_exception_id
|
integer |
Yes |
The unique identifier of a vulnerability exception that is
pending for the vulnerability instance. If a vulnerability instance has no pending exceptions, this value will
be null. If multiple pending exceptions apply to the vulnerability at different levels of scope, the identifier
of the exception at the lowest (most fine-grained) level is returned. |
dim_vulnerability_exception |
| vulnerability_exception_ids
|
text |
Yes |
The unique identifiers of all vulnerability exceptions that are
pending for the vulnerability instance. If a vulnerability instance has no pending exceptions, this value will
be null. If multiple pending exceptions apply to the vulnerability at different levels of scope, then the
the identifier of all exceptions will be returned in a comma-separated value string. |
dim_vulnerability_exception
|
| date
|
timestamp without time zone
|
No |
The date and time at which the vulnerability finding was detected. This time is the time at which the asset completed scanning during the scan. |
|
| status_id
|
character(1)
|
No |
The identifier of the status of the vulnerability finding that indicates the level of confidence of the finding. |
dim_vulnerability_status
|
| proof
|
text
|
No |
The proof indicating the reason that the vulnerability exists. The proof is exposed in formatting markup that can be striped using the function proofAsText . |
|
| key
|
text
|
Yes |
The secondary identifier of the vulnerability finding that discriminates the result from similar results of the same vulnerability on the same asset. This value is optional and will be null when a vulnerability does not need a secondary discriminator. |
|
| service_id
|
integer
|
No |
The service the vulnerability was discovered on, or -1 if the vulnerability is not associated with a service. |
dim_service
|
| port
|
integer
|
No |
The port on which the vulnerable service was running, or -1 if the vulnerability is not associated with a service. |
|
| protocol_id
|
integer
|
No |
The protocol the vulnerable service was running, or -1 if the vulnerability is not associated with a service. |
dim_protocol
|
Dimensional model
Dimensional model for fact_asset_vulnerability
fact_asset_vulnerability_instance_excluded
Level of Grain: A vulnerability instance on an asset with an active vulnerability exception applied.
Fact Type: accumulating snapshot
Description: The fact_asset_vunerability_instance_excluded fact table provides an accumulating snapshot for all current vulnerability instances on an asset. If the multiple occurrences of the same vulnerability are found on the asset, a row will be present for each instance.
Columns
|
Column |
Data type |
Nullable |
Description |
Associated dimension |
| asset_id
|
bigint
|
No |
The identifier of the asset. |
dim_asset
|
| vulnerability_id
|
integer
|
No |
The identifier of the vulnerability. |
dim_vulnerability
|
| date_tested
|
timestamp without time zone
|
No |
The date and time at which the vulnerability finding was detected. This time is the time at which the asset completed scanning during the scan. |
|
| status_id
|
character(1)
|
No |
The identifier of the status of the vulnerability finding that indicates the level of confidence of the finding. |
dim_vulnerability_status
|
| proof
|
text
|
No |
The proof indicating the reason that the vulnerability exists. The proof is exposed in formatting markup that can be striped using the function proofAsText . |
|
| key
|
text
|
Yes |
The secondary identifier of the vulnerability finding that discriminates the result from similar results of the same vulnerability on the same asset. This value is optional and will be null when a vulnerability does not need a secondary discriminator. |
|
| service_id
|
integer
|
No |
The service the vulnerability was discovered on, or -1 if the vulnerability is not associated with a service. |
dim_service
|
| port
|
integer
|
No |
The port on which the vulnerable service was running, or -1 if the vulnerability is not associated with a service. |
|
| protocol_id
|
integer
|
No |
The protocol the vulnerable service was running, or -1 if the vulnerability is not associated with a service. |
dim_protocol
|
Dimensional model
Dimensional model for fact_asset_vulnerability_exception
fact_pci_asset_scan_service_finding
added in version 1.3.2
Level of Grain: A service finding on an asset in a scan.
Fact Type: Transaction
Description: The fact_pci_asset_scan_service_finding table is the transaction fact for a service finding on an asset for a scan. This fact provides a record for each service on every asset within the scope of the report for every scan it was included in. The level of grain is a unique service finding. If no services were found on an asset in a scan, it will have no records in this fact table. For PCI purposes, each service finding is mapped to a vulnerability. Services for which a version was fingerprinted are mapped to an additional vulnerability.
Columns
| Column |
Data type |
Nullable |
Description |
Associated dimension |
|
asset_id |
bigint |
No |
The unique identifier of the asset. |
dim_asset
|
|
scan_id |
bigint |
No |
The unique identifier of the scan the service finding was found in. |
dim_scan
|
|
service_id |
integer |
No |
The identifier of the definition of the service. |
dim_service
|
| vulnerability_id |
integer |
No |
The unique identifier of the vulnerability. |
dim_vulnerability
|
|
protocol_id |
smallint |
No |
The identifier of the protocol the service was utilizing. |
dim_protocol
|
|
port |
integer |
No |
The port the service was running on. |
|
fact_pci_asset_service_finding
added in version 1.3.2
Level of Grain: A service finding on an asset from the latest scan of the asset.
Fact Type: Accumulating snapshot
Description: The fact_pci_asset_service_finding fact table provides an accumulating snapshot fact for all service findings on an asset for the latest scan of every asset. The level of grain is a unique service finding. If no services were found on an asset in a scan, it will have no records in this fact table. For PCI purposes, each service finding is mapped to a vulnerability. Services for which a version was fingerprinted are mapped to an additional vulnerability.
Columns
| Column |
Data type |
Nullable |
Description |
Associated dimension |
|
asset_id |
bigint |
No |
The unique identifier of the asset. |
dim_asset
|
|
scan_id |
bigint |
No |
The unique identifier of the scan the service finding was found in. |
dim_scan
|
|
service_id |
integer |
No |
The identifier of the definition of the service. |
dim_service
|
| vulnerability_id |
integer |
No |
The unique identifier of the vulnerability. |
dim_vulnerability
|
|
protocol_id |
smallint |
No |
The identifier of the protocol the service was utilizing. |
dim_protocol
|
|
port |
integer |
No |
The port the service was running on. |
|
fact_pci_asset_special_note
added in version 1.3.2
Level of Grain: A note finding on a vulnerability or service on an asset (plus port and protocol, if applicable) from the latest scan of the asset.
Fact Type: Accumulating snapshot
Description: The fact_pci_asset_special_note fact table provides an accumulating snapshot fact for all vulnerability or service findings with applied special notes on an asset for the latest scan of every asset. The level of grain is a unique vulnerability or service finding, determined by asset, port and protocol.
Columns
| Column |
Data type |
Nullable |
Description |
Associated dimension |
|
asset_id |
bigint |
No |
The unique identifier of the asset. |
dim_asset
|
|
scan_id |
bigint |
No |
The unique identifier of the scan. |
dim_scan
|
|
service_id |
integer |
No |
The identifier of the definition of the service. |
dim_service
|
|
protocol_id |
smallint |
No |
The identifier of the protocol the service was utilizing. |
dim_protocol
|
|
port |
integer |
No |
The port the service was running on. |
|
| pci_note_id |
integer |
No |
The unique identifier of the pci special note applied to the vulnerability or service finding. |
dim_pci_note
|
| items_noted |
text |
No |
A list of distinct identifiers for findings on a given asset, port, and protocol. |
|
fact_policy
added in version 1.2.0
Level of Grain: A summary of findings related to a policy.
Fact Type: accumulating snapshot
Description: This table provides a summary for the results of the most recent policy scan for assets within the scope of the report. For each policy, only assets that are subject to that policy's rules and that have a result in the most recent scan with no overrides are counted.
Columns
Note: As of version 1.3.0, a separate value has been created for not_applicable_assets and is no longer included in compliant_assets.
|
Column |
Data Type |
Nullable |
Description |
Associated Dimension |
|
policy_id |
bigint |
No |
The identifier of the policy. |
dim_policy |
|
scope |
text |
No |
The identifier for scope of policy. Policies that are automatically available have "Built-in" scope, whereas policies created by users have scope as "Custom". |
|
|
rule_compliance |
numeric |
No |
The ratio of policy rule test result that are compliant or not applicable to the total number of rule test results. |
|
|
total_assets |
bigint |
No |
The number of assets within the scope of the report that were tested for the policy. |
|
|
compliant_assets |
bigint |
No |
The number of assets that did not fail but passed at least a rule within the policy in the last test. |
|
|
non_compliant_assets |
bigint |
No |
The number of assets that failed at least one rule within the policy in the last test. |
|
| not_applicable_assets |
bigint |
No |
The number of assets that neither passed nor failed at least a rule within the policy in the last test. |
|
|
asset_compliance |
numeric |
No |
The ratio of assets that are compliant with the policy to the total number of assets that were tested for the policy. |
|
Dimensional model
Dimensional model for fact_policy
fact_policy_group
added in version 1.3.0
Level of Grain:A summary of findings related to a policy group.
Fact Type: accumulating snapshot
Description: This table provides a summary for the group rules's results of the most recent policy scan for assets within the scope of the report. All rules that are directly or indirectly descend from it and are counted.
Columns
|
Column |
Data Type |
Nullable |
Description |
Associated Dimension |
|
scope |
text |
No |
The identifier for scope of policy. Policies that are automatically available have "Built-in" scope, whereas policies created by users have scope as "Custom". |
|
| policy_id |
bigint |
No |
The identifier of the policy. |
dim_policy |
| group_id |
bigint |
No |
The identifier of the policy group. |
dim_policy_group |
| non_compliant_rules |
integer |
No |
The number of rules that doesn't have 100% asset compliance (taking into account policy rule overrides.) |
|
| compliant_rules |
integer |
No |
The number of rules that have 100% asset compliance (taking into account policy rule overrides.) |
|
|
rule_compliance |
numeric |
True |
The ratio of rule test result that are compliant or not applicable to the total number of rule test results within the policy group. If the group has no rule or no testable rules (rule with no check, hence no result exists), this will have a null value. |
|
Dimensional model
Dimensional model for fact_policy_group
fact_policy_rule
added in version 1.3.0
Level of Grain:A summary of findings related to a policy rule.
Fact Type: accumulating snapshot
Description: This table provides a summary for the rule results of the most recent policy scan for assets within the scope of the report. For each rule, only assets that are subject to that rule and that have a result in the most recent scan are counted.
Columns
|
Column |
Data Type |
Nullable |
Description |
Associated Dimension |
|
scope |
text |
No |
The identifier for scope of policy. Policies that are automatically available have "Built-in" scope, whereas policies created by users have scope as "Custom". |
|
| policy_id |
bigint |
No |
The identifier of the policy. |
dim_policy |
| rule_id |
bigint |
No |
The identifier of the policy rule. |
dim_policy_rule |
| compliant_assets |
integer |
No |
The number of assets that are compliant with the rule (taking into account policy rule overrides.) |
|
| noncompliant_assets |
integer |
No |
The number of assets that are not compliant with the rule (taking into account policy rule overrides.) |
|
| not_applicable_asset |
integer |
No |
The number of assets that are not applicable for the rule (taking into account policy rule overrides.) |
|
| asset_compliance |
numeric |
No |
The ratio of assets that are compliant with the policy rule to the total number of assets that were tested for the policy rule. |
|
Dimensional model
Dimensional model for fact_policy_rule
fact_remediation (count, sort_column)
added in version 1.1.0
Level of Grain: A solution with the highest level of supercedence and the effect applying that solution would have on the scope of the report.
Fact Type: accumulating snapshot
Description: A function which returns a result set of the top "count" solutions showing their impact as specified by the sorting criteria. The criteria can be used to find solutions that have a desirable impact on the scope of the report, and can be limited to a subset of all solutions. The aggregate effect of applying each solution is computed and returned for each record. Only the highest-level superceding solutions will be selected, in other words, only solutions which have no superceding solution.
Arguments
|
Column |
Data type |
Description |
| count
|
integer
|
The number of solutions to limit the output of this function to. The sorting and aggregation are performed prior to the limit. |
| sort_column
|
text
|
The name and sort order of the column to sort results by. Any column within the fact can be used to sort the results prior to them being limited. Multiple columns can be sorted using a traditional SQL fragment (Example: 'assets DESC, exploits DESC'). |
Columns
|
Column |
Data type |
Nullable |
Description |
Associated dimension |
| solution_id
|
integer
|
No |
The identifier of the solution. |
|
| assets
|
bigint
|
No |
The number of assets that require the solution to be applied. If the solution applies to a vulnerability not detected on any asset, the value may be zero. |
|
|
vulnerabilities |
numeric |
No |
The total number of vulnerabilities that would be remediated. |
|
|
critical_vulnerabilities |
numeric |
No |
The total number of critical vulnerabilities that would be remediated. |
|
|
severe_vulnerabilities |
numeric |
No |
The total number of severe vulnerabilities that would be remediated. |
|
|
moderate_vulnerabilities |
numeric |
No |
The total number of moderate vulnerabilities that would be remediated. |
|
|
malware_kits |
integer
|
No |
The total number of malware kits that would no longer be used to exploit vulnerabilities if the solution were applied. |
|
|
exploits |
integer
|
No |
The total number of exploits that could no longer be used to exploit vulnerabilities if the solution were applied. |
|
|
vulnerabilities_with_malware_kit |
integer
|
No |
The total number of vulnerabilities with a known malware kit that would remediated by the solution. |
|
|
vulnerabilities_with_exploit |
integer
|
No |
The total number of vulnerabilities with a published exploit module that would remediated by the solution. |
|
|
vulnerability_instances |
numeric |
No |
The total number of occurrences of any vulnerabilities that are remediated by the solution. |
|
|
riskscore |
double precision |
No |
The risk score that is reduced by performing the remediation. |
|
|
pci_status |
text |
No |
The PCI compliance status; either Pass or Fail. |
|
Dimensional model
Dimensional model for fact_remediation(count, sort_column)
fact_remediation_impact (count, sort_column)
added in version 1.1.0
Level of Grain: A solution with the highest level of supercedence and the affect applying that solution would have on the scope of the report.
Fact Type: accumulating snapshot
Description: Fact that provides a summarization of the impact that applying a subset of all remediations would have on the scope of the report. The criteria can be used to find solutions that have a desirable impact on the scope of the report, and can be limited to a subset of all solutions. The aggregate effect of applying all solutions is computed and returned as a single record. This fact will be guaranteed to return one and only one record.
Arguments
|
Column |
Data type |
Description |
| count
|
integer
|
The number of solutions to determine the impact for. The sorting and aggregation are performed prior to the limit. |
| sort_column
|
text
|
The name and sort order of the column to sort results by. Any column within the fact can be used to sort the results prior to them being limited. Multiple columns can be sorted using a traditional SQL fragment (Example: 'assets DESC, exploits DESC'). |
Columns
|
Column |
Data type |
Nullable |
Description |
Associated dimension |
| solutions
|
integer
|
No |
The number of solutions selected and for which the remediation impact is being summarized (will be less than or equal to count). |
|
| assets
|
bigint
|
No |
The total number of assets that require a remediation to be applied. |
|
|
vulnerabilities |
bigint
|
No |
The total number of vulnerabilities that would be remediated. |
|
|
critical_vulnerabilities |
bigint
|
No |
The total number of critical vulnerabilities that would be remediated. |
|
|
severe_vulnerabilities |
bigint
|
No |
The total number of severe vulnerabilities that would be remediated. |
|
|
moderate_vulnerabilities |
bigint
|
No |
The total number of moderate vulnerabilities that would be remediated. |
|
|
malware_kits |
integer
|
No |
The total number of malware kits that would no longer be used to exploit vulnerabilities if all selected remediations were applied. |
|
|
exploits |
integer
|
No |
The total number of exploits that would no longer be used to exploit vulnerabilities if all selected remediations were applied. |
|
|
vulnerabilities_with_malware_kit |
integer
|
No |
The number of vulnerabilities with a known malware kit that would be remediated. |
|
|
vulnerabilities_with_exploit |
integer
|
No |
The number of vulnerabilities with a known exploit that would be remediated. |
|
|
vulnerability_instances |
bigint
|
No |
The total number of occurrences of any vulnerabilities that are remediated by any remediation selected. |
|
|
riskscore |
double precision |
No |
The risk score that is reduced by performing all the selected remediations. |
|
|
pci_status |
text |
No |
The PCI compliance status; either Pass or Fail. |
|
Dimensional model
Dimensional model for fact_remediation_impact(count, sort_column)
fact_scan
Level of Grain: A summary of the results of a scan.
Fact Type: accumulating snapshot
Description: The fact_scan fact provides the summarized information for every scan any asset within the scope of the report was scanned during. For each scan, there will be a record in this fact table with the summarized results.
Columns
|
Column |
Data type |
Nullable |
Description |
Associated dimension |
| scan_id
|
bigint
|
No |
The identifier of the scan. |
dim_scan
|
| assets
|
bigint
|
No |
The number of assets that were scanned |
|
| vulnerabilities
|
bigint
|
No |
The number of all vulnerabilities discovered in the scan. |
|
| critical_vulnerabilities
|
bigint
|
No |
The number of all critical vulnerabilities discovered in the scan. |
|
| severe_vulnerabilities
|
bigint
|
No |
The number of all severe vulnerabilities discovered in the scan. |
|
| moderate_vulnerabilities
|
bigint
|
No |
The number of all moderate vulnerabilities discovered in the scan. |
|
| malware_kits
|
integer
|
No |
The number of malware kits associated with vulnerabilities discovered in the scan. |
|
| exploits
|
integer
|
No |
The number of exploits associated with vulnerabilities discovered in the scan. |
|
| vulnerabilities_with_malware_kit
|
integer
|
No |
The number of vulnerabilities with a malware kit discovered in the scan. |
|
| vulnerabilities_with_exploit
|
integer
|
No |
The number of vulnerabilities with an exploit discovered in the scan. |
|
| vulnerability_instances
|
bigint |
No |
The number of vulnerability instances discovered during the scan. |
|
| riskscore
|
double precision
|
No |
The risk score for the scan results |
|
|
pci_status |
text |
No |
The PCI compliance status; either Pass or Fail. |
|
Dimensional model
Dimensional model for fact_scan
fact_site
Level of Grain: A summary of the current state of a site.
Fact Type: accumulating snapshot
Description: The fact_site table provides a summary record at the level of grain for every site that any asset in the scope of the report belongs to. For each site, there will be a record in this fact table with the summarized results, taking into account any vulnerability filters specified in the report configuration. The summary of each site will display the accumulated information for the most recent scan of each asset, not just the most recent scan of the site.
Columns
|
Column |
Data type |
Nullable |
Description |
Associated dimension |
| site_id
|
bigint
|
No |
The identifier of the site. |
dim_site
|
| assets
|
bigint
|
No |
The total number of assets in the site. |
|
| last_scan_id
|
bigint |
No |
The identifier of the most recent scan for the site. |
|
| vulnerabilities
|
bigint
|
No |
The number of vulnerabilities discovered on assets in the site. |
|
| critical_vulnerabilities
|
bigint
|
No |
The number of critical vulnerabilities discovered on assets in the site. |
|
| severe_vulnerabilities
|
bigint
|
No |
The number of severe vulnerabilities discovered on assets in the site. |
|
| moderate_vulnerabilities
|
bigint
|
No |
The number of moderate vulnerabilities discovered on assets in the site. |
|
| malware_kits
|
integer
|
No |
The number malware kits associated with vulnerabilities discovered on assets in the site. |
|
| exploits
|
integer
|
No |
The number exploits associated with vulnerabilities discovered on assets in the site. |
|
| vulnerabilities_with_malware_kit
|
integer
|
No |
The number of vulnerabilities with a malware kit discovered on assets in the site. |
|
| vulnerabilities_with_exploit
|
integer
|
No |
The number of vulnerabilities with an exploit kit discovered on assets in the site. |
|
| vulnerability_instances
|
bigint |
No |
The number of vulnerability instances discovered on assets in the site. |
|
| riskscore
|
double precision
|
No |
The risk score of the site. |
|
|
pci_status |
text |
No |
The PCI compliance status; either Pass or Fail. |
|
Dimensional model
Dimensional model for fact_site
fact_site_date (startDate, endDate, dateInterval)
Added in version 1.1.0
Level of Grain: A site and its summary information on a specific date.
Fact Type: periodic snapshot
Description: This fact table provides a periodic snapshot for summarized values on a site by date. The fact table takes three dynamic arguments, which refine what data is returned. Starting from startDate and ending on endDate, a summarized value for each site in the scope of the report will be returned for every dateInterval period of time. This will allow trending on site information by a customizable interval of time. In terms of a chart, startDate represents the lowest value in the range, the endDate the largest value in the range, and the dateInterval is the separation of the ticks of the range axis. If a site did not exist prior to a summarization date, it will have no record for that date value. The summarized values of a site represent the state of the site in the most recent scans prior to the date being summarized; therefore, if a site has not been scanned before the next summary interval, the values for the site will remain the same.
For example, fact_site_date(‘2013-01-01’, ‘2014-01-01’, INTERVAL ‘1 month’) will return a row for each site for every month in the year 2013.
Arguments
|
Column |
Data type |
Description |
| startDate
|
date
|
The first date to return summarizations for. |
| endDate
|
date
|
The last date to return summarizations for. |
| dateInterval
|
interval
|
The interval between the start and end date to return summarizations for. |
Columns
|
Column |
Data type |
Nullable |
Description |
Associated dimension |
| site_id
|
bigint
|
No |
The identifier of the site. |
dim_site
|
| assets
|
bigint
|
No |
The total number of assets in the site. |
|
| last_scan_id
|
bigint |
No |
The identifier of the most recent scan for the site. |
|
| vulnerabilities
|
bigint
|
No |
The number of vulnerabilities discovered on assets in the site. |
|
| critical_vulnerabilities
|
bigint
|
No |
The number of critical vulnerabilities discovered on assets in the site. |
|
| severe_vulnerabilities
|
bigint
|
No |
The number of severe vulnerabilities discovered on assets in the site. |
|
| moderate_vulnerabilities
|
bigint
|
No |
The number of moderate vulnerabilities discovered on assets in the site. |
|
| malware_kits
|
integer
|
No |
The number malware kits associated with vulnerabilities discovered on assets in the site. |
|
| exploits
|
integer
|
No |
The number exploits associated with vulnerabilities discovered on assets in the site. |
|
| vulnerabilities_with_malware_kit
|
integer
|
No |
The number of vulnerabilities with a malware kit discovered on assets in the site. |
|
| vulnerabilities_with_exploit
|
integer
|
No |
The number of vulnerabilities with an exploit kit discovered on assets in the site. |
|
| vulnerability_instances
|
bigint |
No |
The number of vulnerability instances discovered on assets in the site. |
|
| riskscore
|
double precision
|
No |
The risk score of the site. |
|
|
pci_status |
text |
No |
The PCI compliance status; either Pass or Fail. |
|
|
day |
date |
No |
The date of the summarization of the asset. |
|
Dimensional model
Dimensional model for fact_site_date(startDate, endDate, dateInterval)
fact_site_policy_date
added in version 1.3.0
Type: Periodic snapshot
Description: This fact table provides a periodic snapshot for summarized policy values on site by date. The fact table takes three dynamic arguments, which refine what data is returned. Starting from startDate and ending on endDate, the summarized policy value for each site in the scope of the report will be returned for every dateInterval period of time. This will allow trending on site information by a customizable interval of time. In terms of a chart, startDate represents the lowest value in the range, the endDate the largest value in the range, and the dateInterval is the separation of the ticks of the range axis. If a site did not exist prior to a summarization date, it will have no record for that date value. The summarized policy values of a site represent the state of the site prior to the date being summarized; therefore, if the site has not been scanned before the next summary interval, the values for the site will remain the same.
Arguments
|
Column |
Data type |
Nullable |
Description |
| startDate |
date |
No |
The first date to return summarizations for. |
| endDate |
date |
No |
The end of the period where the scan results of an asset will be returned. If it is later the the current date, it will be replaced by the later. |
| dateInterval |
interval |
No |
The interval between the start and end date to return summarizations for. |
Columns
|
Column |
Data type |
Nullable |
Description |
Associated Dimension |
| site_id |
bigint |
Yes |
The unique identifier of the site. |
dim_site |
| day |
date |
No |
The date when the summarized policy scan results snapshot is taken. |
|
| policy_id |
bigint |
Yes |
The unique identifier of the policy within a scope. |
dim_site |
| scope |
text |
Yes |
The identifier for scope of policy. Policies that are automatically available have "Built-in" scope, whereas policies created by users have scope as "Custom". |
|
| assets |
integer |
Yes |
The total number of assets that are in the scope of the report and associated to the asset group. |
|
| compliant_assets |
integer |
Yes |
The number of assets associated to the asset group that have not failed any while passed at least one policy rule test. |
|
| noncompliant_assets |
integer |
Yes |
The number of assets associated to the asset group that have failed at least one policy rule test. |
|
| not_applicable_assets |
integer |
Yes |
The number of assets associated to the asset group that have neither failed nor passed at least one policy rule test. |
|
| rule_compliance |
numeric |
Yes |
The ratio of policy rule test result that are compliant or not applicable to the total number of rule test results. |
|
fact_tag
added in version 1.2.0
Level of Grain: The current summary information for a tag.
Fact Type: Accumulating snapshot
Description: The fact_tag table provides an accumulating snapshot fact for the summary information of a tag. The summary information provided is based on the most recent scan of every asset associated with the tag. If a tag has no accessible assets, there will be a fact record with zero counts. Only tags associated with assets, sites, or asset groups in the scope of the report will be present in this fact.
Columns
|
Column |
Data type |
Nullable |
Description |
Associated dimension |
| tag_id
|
integer
|
No |
The unique identifier of the tag. |
dim_tag
|
| assets
|
bigint
|
No |
The total number of accessible assets associated with the tag. If the tag has no accessible assets in the current scope or membership, this value can be zero. |
|
| vulnerabilities
|
bigint
|
No |
The sum of the count of vulnerabilities on each asset. This value is equal to the sum of the critical_vulnerabilities, severe_vulnerabilities, and moderate_vulnerabilities columns. |
|
| critical_vulnerabilities
|
bigint
|
No |
The sum of the count of critical vulnerabilities on each asset. |
|
| severe_vulnerabilities
|
bigint
|
No |
The sum of the count of severe vulnerabilities on each asset. |
|
| moderate_vulnerabilities
|
bigint
|
No |
The sum of the count of moderate vulnerabilities on each asset. |
|
| malware_kits
|
integer
|
No |
The sum of the count of malware kits on each asset. |
|
| exploits
|
integer
|
No |
The sum of the count of exploits on each asset. |
|
| vulnerabilities_with_malware_kit
|
integer
|
No |
The sum of the count of vulnerabilities with malware kits on each asset. |
|
| vulnerabilities_with_exploit
|
integer
|
No |
The sum of the count of vulnerabilities with exploits on each asset. |
|
| vulnerability_instances
|
bigint |
No |
The sum of the vulnerability instances on each asset. |
|
| riskscore
|
double precision
|
No |
The sum of the risk score on each asset. |
|
| pci_status
|
text |
No |
The PCI compliance status; either Pass or Fail of the assets that have the tag. |
|
fact_tag_date
added in version 1.2.1
Type: Periodic snapshot
Description: The fact_tag_date table provides a periodic snapshot fact for summarized scan results for a tag over time. Each fact record represents the summary information for a tag in a scan in which the assets associated with that tag were fully and successfully scanned in that day or in the closest prior day.
This function takes a start date, end date and interval as arguments. If the end date is after the current date, then it will be replaced by the current date. Snapshots will be generated from the start date to the end date based on the interval value. If on a certain day no scan data can be found, a record for that day for all fields, except for the day and assets field, will have a null value.
Arguments
| Column |
Data type |
Nullable |
Description |
| startDate |
date |
No |
The first date to return summarizations for. |
| endDate |
date |
No |
The end of the period where the scan results of a tag will be returned. If it is later than the current date, it will be replaced by the current date. |
| dateInterval |
interval |
No |
The interval between the start and end date to return summarizations for. |
Columns
|
Column |
Data type |
Nullable |
Description |
Associated Dimension |
| tag_id |
bigint |
Yes |
The unique identifier of the tag. |
dim_tag |
| day |
date |
No |
The date the summary tag results are for. |
|
| assets |
bigint |
No |
The total number of assets that are in the scope of the report and associated with the
tag. If the tag has no assets in the current scope or membership, this value can be zero. |
|
| vulnerabilities |
bigint |
No |
The sum of the counts of vulnerabilities associated with the tag. This value is equal to
the sum of the critical_vulnerabilities, severe_vulnerabilities, and moderate_vulnerabilities columns. |
|
| critical_vulnerabilities |
bigint |
No |
The sum of the counts of critical vulnerabilities associated with the tag. |
|
| severe_vulnerabilities |
bigint |
No |
The sum of the counts of severe vulnerabilities associated with the tag. |
|
| moderate_vulnerabilities |
bigint |
No |
The sum of the counts of moderate vulnerabilities associated with the tag. |
|
| malware_kits |
integer |
No |
The sum of the counts of malware kits associated with the tag. |
|
| exploits |
integer |
No |
The sum of the counts of exploits associated with the tag. |
|
| vulnerabilities_with_malware_kit |
integer |
No |
The sum of the counts of vulnerabilities with malware kits associated with the tag. |
|
| vulnerabilities_with_exploit |
integer |
No |
The sum of the counts of vulnerabilities with exploits associated with the tag. |
|
| vulnerability_instances |
bigint |
No |
The sum of the instances of vulnerabilities associated with the tag. |
|
| riskscore |
double precision |
No |
The sum of the risk scores associated with the tag. |
|
| pci_status |
text |
No |
The compliance level ('Pass' or 'Fail') of the tag according to PCI standards. |
|
fact_tag_policy_date
added in version 1.3.0
Type: Periodic snapshot
Description: The fact_tag_policy_date table provides an accumulating snapshot fact for summarized policy information of a tag. The summarized policy information provided is based on the most recent scan of every asset associated with the tag. If a tag has no accessible assets, there will be a fact record with zero counts. Only tags associated with assets, sites, or asset groups in the scope of the report will be present in this fact.
Arguments
|
Column |
Data type |
Nullable |
Description |
| startDate |
date |
No |
The first date to return summarizations for. |
| endDate |
date |
No |
The end of the period where the scan results of an asset will be returned. If it is later the the current date, it will be replaced by the later. |
| dateInterval |
interval |
No |
The interval between the start and end date to return summarizations for. |
Columns
|
Column |
Data type |
Nullable |
Description |
Associated Dimension |
| tag_id |
bigint |
Yes |
The unique identifier of the tag. |
dim_tag |
| day |
date |
No |
The date which the summarized policy scan results snapshot is taken. |
|
| policy_id |
bigint |
Yes |
The unique identifier of the policy within a scope. |
dim_policy |
| scope |
text |
Yes |
The identifier for scope of policy. Policies that are automatically available have "Built-in" scope, whereas policies created by users have scope as "Custom". |
|
| assets |
integer |
Yes |
The total number of assets that are in the scope of the report and associated to the asset group. |
|
| compliant_assets |
integer |
Yes |
The number of assets associated to the asset group that have not failed any while passed at least one policy rule test. |
|
| noncompliant_assets |
integer |
Yes |
The number of assets associated to the asset group that have failed at least one policy rule test. |
|
| not_applicable_assets |
integer |
Yes |
The number of assets associated to the asset group that have neither failed nor passed at least one policy rule test. |
|
| rule_compliance |
numeric |
Yes |
The ratio of PASS or NOT APPLICABLE results for the rules to the total number rule results. |
|
fact_vulnerability
added in version 1.1.0
Level of Grain: A summary of findings of a vulnerability.
Fact Type: accumulating snapshot
Description: The fact_vulnerability table provides a summarized record for each vulnerability within the scope of the report. For each vulnerability, the count of assets subject to the vulnerability is measured. Only assets with a finding in their most recent scan with no exception applied are included in the totals.
Columns
|
Column |
Data type |
Nullable |
Description |
Associated dimension |
| vulnerability_id
|
integer
|
No |
The identifier of the vulnerability. |
dim_vulnerability
|
| affected_assets
|
bigint
|
No |
The number of assets that have the vulnerability. This count may be zero if no assets are vulnerable. |
|
| vulnerability_instances
|
bigint
|
No |
The number of instances or occurrences of the vulnerability across all assets. |
|
| most_recently_discovered
|
timestamp without time zone
|
No |
The most recent date and time at which any asset within the scope of the report was discovered to be vulnerable to the vulnerability. |
|
Dimensional model
Dimensional model for fact_vulnerability