Overview

The Dimensional Data Warehouse is a data warehouse that uses a Dimensional Modeling technique for structuring data for querying. Dimensional modeling is a data warehousing technique that exposes a model of information around business processes while providing flexibility to generate reports.

Documentation

The schema for this dimensional model is self-documenting. Inspecting the table, function, and aggregate schemas allow you to inspect the documentation of each entity. This document mirrors that documentations.

Dimensional Model

Dimensional Modeling presents information through a combination of facts and dimensions. A fact is a table that stores measured data, typically numerical and with additive properties. Fact tables are named with the prefix “fact_” to indicate they store factual data. Each fact table record is defined at the same level of grain, which is the level of granularity of the fact. The grain specifies the level at which the measure is recorded. A dimension is the context that accompanies measured data and is typically textual. Dimension tables are named with the prefix “dim_” to indicate that they store context data. Dimensions allow facts to be sliced and aggregated in ways meaningful to the business. Each record in the fact table does not specify a primary key but rather defines a one-to-many set of foreign keys that link to one or more dimensions. Each dimension has a primary key that identifies the associated data that may be joined on. In some cases the primary key of the dimension is a composite of multiple columns. Every primary key and foreign key in the fact and dimension tables are surrogate identifiers. Unlike traditional relational models, dimensional models favor denormalization to ease the burden on query designers and improve performance. Each fact and its associated dimensions comprise what is commonly referred to as a “star schema”. Visually a fact table is surrounded by multiple dimension tables that can be used to slice or join on the fact. In a fully denormalized dimensional model that uses the star schema style there will only be a relationship between the fact and a dimension, but the dimension is fully self-contained. When the dimensions are not fully denormalized they may have relationships to other dimensions, which can be common when there are one-to-many relationships within a dimension. When this structure exists, the fact and dimensions comprise a “snowflake schema”. Both models share a common pattern which is a single, central fact table. When designing a query to solve a business question, only one schema (and thereby one fact) should be used.

Fact Types

There exist three different types of fact tables: (1) transaction (2) accumulating snapshot and (3) periodic snapshot. The level of grain of a transaction fact is an event that takes place at a certain point in time. Transaction facts identify measurements that accompany a discrete action, process, or activity that is performed on a non-regular interval or schedule. Accumulating snapshot facts aggregate information that is measured over time or multiple events into a single consolidated measurement. The measurement shows the current state at a certain level of grain. The periodic snapshot fact table provides measurements that are recorded on a regular interval, typically by day or date. Each record measures the state at a discrete moment in time.

Dimension Types

Dimension tables are often classified based on the nature of the dimensional data they provided, or to indicate the frequency (if any) with which they are updated. Following are the types of dimensions frequently encountered in a dimensional model, and those used by the Reporting Data Model:

Dates & Times

Any timestamps in the warehouse use the TIMESTAMP WITHOUT TIME ZONE data type and are defined in the local time (and timezone) of the console that performed the export into the warehouse.

TRIAL Move the mouse over tables to read the comments 1 Asset Site Asset Group Tag Solution Vulnerability Junk Dimensions Remediation Scan Policy Container Fk asset_id_fk dim_asset_user_account ref dim_asset ( asset_id ) asset_id Fk asset_id_fk dim_asset_group_asset ref dim_asset ( asset_id ) asset_id Fk asset_group_id_fk dim_asset_group_asset ref dim_asset_group ( asset_group_id ) asset_group_id Fk required_solution_id_fk dim_solution_prerequisite ref dim_solution ( required_solution_id -> solution_id ) required_solution_id Fk solution_id_fk dim_solution_prerequisite ref dim_solution ( solution_id ) solution_id Fk solution_id_fk dim_solution_highest_supercedence ref dim_solution ( solution_id ) solution_id Fk superceding_solution_id_fk dim_solution_highest_supercedence ref dim_solution ( superceding_solution_id -> solution_id ) superceding_solution_id Fk asset_id_fk dim_asset_software ref dim_asset ( asset_id ) asset_id Fk scan_id_fk fact_scan ref dim_scan ( scan_id ) scan_id Fk asset_id_fk dim_asset_group_account ref dim_asset ( asset_id ) asset_id Fk scan_engine_id_fk dim_site ref dim_scan_engine ( scan_engine_id ) scan_engine_id Fk scan_template_id_fk dim_site ref dim_scan_template ( scan_template_id ) scan_template_id Fk site_id_fk dim_scan ref dim_site ( site_id ) site_id Fk asset_group_id_fk dim_asset_group_tag ref dim_asset_group ( asset_group_id ) asset_group_id Fk tag_id_fk dim_asset_group_tag ref dim_tag ( tag_id ) tag_id Fk asset_id_fk dim_asset_vulnerability_finding_rollup_solution ref dim_asset ( asset_id ) asset_id Fk solution_id_fk dim_asset_vulnerability_finding_rollup_solution ref dim_solution ( solution_id ) solution_id Fk vulnerability_id_fk dim_asset_vulnerability_finding_rollup_solution ref dim_vulnerability ( vulnerability_id ) vulnerability_id Fk asset_id_fk dim_asset_vulnerability_finding_solution ref dim_asset ( asset_id ) asset_id Fk solution_id_fk dim_asset_vulnerability_finding_solution ref dim_solution ( solution_id ) solution_id Fk vulnerability_id_fk dim_asset_vulnerability_finding_solution ref dim_vulnerability ( vulnerability_id ) vulnerability_id Fk tag_id_fk fact_tag_date ref dim_tag ( tag_id ) tag_id Fk tag_id_fk fact_tag ref dim_tag ( tag_id ) tag_id Fk site_id_fk dim_site_target ref dim_site ( site_id ) site_id Fk asset_id_fk fact_asset_vulnerability_finding_exploit_remediation ref dim_asset ( asset_id ) asset_id Fk solution_id_fk fact_asset_vulnerability_finding_exploit_remediation ref dim_solution ( solution_id ) solution_id Fk exploit_id_fk fact_asset_vulnerability_finding_exploit_remediation ref dim_vulnerability_exploit ( exploit_id ) exploit_id Fk malware_kit_id_fk fact_asset_vulnerability_finding_exploit_remediation ref dim_vulnerability_malware_kit ( malware_kit_id ) malware_kit_id Fk vulnerability_id_fk fact_asset_vulnerability_finding_exploit_remediation ref dim_vulnerability ( vulnerability_id ) vulnerability_id Fk asset_id_fk fact_asset_vulnerability_finding_date ref dim_asset ( asset_id ) asset_id Fk vulnerability_id_fk fact_asset_vulnerability_finding_date ref dim_vulnerability ( vulnerability_id ) vulnerability_id Fk asset_id_fk fact_asset_vulnerability_finding_remediation ref dim_asset ( asset_id ) asset_id Fk solution_id_fk fact_asset_vulnerability_finding_remediation ref dim_solution ( solution_id ) solution_id Fk vulnerability_id_fk fact_asset_vulnerability_finding_remediation ref dim_vulnerability ( vulnerability_id ) vulnerability_id Fk solution_id_fk dim_vulnerability_solution ref dim_solution ( solution_id ) solution_id Fk vulnerability_id_fk dim_vulnerability_solution ref dim_vulnerability ( vulnerability_id ) vulnerability_id Fk vulnerability_id_fk dim_vulnerability_exploit ref dim_vulnerability ( vulnerability_id ) vulnerability_id Fk vulnerability_id_fk dim_vulnerability_malware_kit ref dim_vulnerability ( vulnerability_id ) vulnerability_id Fk vulnerability_id_fk dim_vulnerability_reference ref dim_vulnerability ( vulnerability_id ) vulnerability_id Fk vulnerability_id_fk dim_vulnerability_category ref dim_vulnerability ( vulnerability_id ) vulnerability_id Fk asset_id_fk fact_asset_vulnerability_instance ref dim_asset ( asset_id ) asset_id Fk vulnerability_id_fk fact_asset_vulnerability_instance ref dim_vulnerability ( vulnerability_id ) vulnerability_id Fk vulnerability_id_fk fact_vulnerability_date ref dim_vulnerability ( vulnerability_id ) vulnerability_id Fk vulnerability_id_fk fact_vulnerability ref dim_vulnerability ( vulnerability_id ) vulnerability_id Fk asset_id_fk fact_asset_date ref dim_asset ( asset_id ) asset_id Fk asset_id_fk fact_asset ref dim_asset ( asset_id ) asset_id Fk asset_id_fk fact_asset_event ref dim_asset ( asset_id ) asset_id Fk scan_id_fk fact_asset_event ref dim_scan ( scan_id ) scan_id Fk vulnerability_exception_id_fk fact_asset_event ref dim_vulnerability_exception ( vulnerability_exception_id ) vulnerability_exception_id Fk asset_id_fk dim_asset_service ref dim_asset ( asset_id ) asset_id Fk asset_group_id_fk dim_asset_tag ref dim_asset_group ( asset_group_id ) asset_group_id Fk site_id_fk dim_asset_tag ref dim_site ( site_id ) site_id Fk asset_id_fk dim_asset_tag ref dim_asset ( asset_id ) asset_id Fk tag_id_fk dim_asset_tag ref dim_tag ( tag_id ) tag_id Fk asset_id_fk dim_asset_host_name ref dim_asset ( asset_id ) asset_id Fk asset_id_fk dim_asset_address ref dim_asset ( asset_id ) asset_id Fk asset_id_fk dim_asset_operating_system ref dim_asset ( asset_id ) asset_id Fk asset_id_fk dim_asset_service_configuration ref dim_asset ( asset_id ) asset_id Fk asset_id_fk dim_asset_file ref dim_asset ( asset_id ) asset_id Fk asset_id_fk dim_site_asset ref dim_asset ( asset_id ) asset_id Fk site_id_fk dim_site_asset ref dim_site ( site_id ) site_id Fk asset_id_fk dim_asset_unique_id ref dim_asset ( asset_id ) asset_id Fk asset_group_id_fk fact_asset_group_date ref dim_asset_group ( asset_group_id ) asset_group_id Fk asset_group_id_fk fact_asset_group ref dim_asset_group ( asset_group_id ) asset_group_id Fk vulnerability_id_fk dim_vulnerability_exception ref dim_vulnerability ( vulnerability_id ) vulnerability_id Fk site_id_fk fact_site_date ref dim_site ( site_id ) site_id Fk site_id_fk fact_site ref dim_site ( site_id ) site_id Fk policy_id_fk fact_policy_rule_date ref dim_policy ( policy_id ) policy_id Fk rule_id_fk fact_policy_rule_date ref dim_policy_rule ( rule_id ) rule_id Fk policy_id_fk dim_policy_group ref dim_policy ( policy_id ) policy_id Fk asset_id_fk fact_asset_policy_rule ref dim_asset ( asset_id ) asset_id Fk policy_id_fk fact_asset_policy_rule ref dim_policy ( policy_id ) policy_id Fk rule_id_fk fact_asset_policy_rule ref dim_policy_rule ( rule_id ) rule_id Fk override_id_fk fact_asset_policy_rule ref dim_policy_rule_override ( override_id ) override_id Fk scan_id_fk fact_asset_policy_rule ref dim_scan ( scan_id ) scan_id Fk asset_id_fk fact_asset_policy_date ref dim_asset ( asset_id ) asset_id Fk policy_id_fk fact_asset_policy_date ref dim_policy ( policy_id ) policy_id Fk scan_id_fk fact_asset_policy_date ref dim_scan ( scan_id ) scan_id Fk asset_id_fk dim_policy_rule_override ref dim_asset ( asset_id ) asset_id Fk rule_id_fk dim_policy_rule_override ref dim_policy_rule ( rule_id ) rule_id Fk solution_id_fk dim_solution_supercedence ref dim_solution ( solution_id ) solution_id Fk superceding_solution_id_fk dim_solution_supercedence ref dim_solution ( superceding_solution_id -> solution_id ) superceding_solution_id Fk benchmark_id_fk dim_policy ref dim_policy_benchmark ( benchmark_id ) benchmark_id Fk policy_id_fk fact_policy_date ref dim_policy ( policy_id ) policy_id Fk policy_id_fk fact_policy ref dim_policy ( policy_id ) policy_id Fk policy_id_fk dim_policy_rule ref dim_policy ( policy_id ) policy_id Fk asset_id_fk fact_asset_policy_rule_test ref dim_asset ( asset_id ) asset_id Fk rule_id_fk fact_asset_policy_rule_test ref dim_policy_rule ( rule_id ) rule_id Fk test_key_rule_id_fk fact_asset_policy_rule_test ref dim_policy_rule_test ( test_key, rule_id ) test_key,rule_id Fk asset_id_fk fact_asset_policy_rule_check ref dim_asset ( asset_id ) asset_id Fk policy_id_fk fact_asset_policy_rule_check ref dim_policy ( policy_id ) policy_id Fk rule_id_fk fact_asset_policy_rule_check ref dim_policy_rule ( rule_id ) rule_id Fk override_id_fk fact_asset_policy_rule_check ref dim_policy_rule_override ( override_id ) override_id Fk scan_id_fk fact_asset_policy_rule_check ref dim_scan ( scan_id ) scan_id Fk rule_id_fk dim_policy_rule_test ref dim_policy_rule ( rule_id ) rule_id Fk rule_id_fk dim_policy_rule_cce_platform_nist_control_mapping ref dim_policy_rule ( rule_id ) rule_id Fk policy_id_fk fact_policy_rule ref dim_policy ( policy_id ) policy_id Fk rule_id_fk fact_policy_rule ref dim_policy_rule ( rule_id ) rule_id Fk asset_id_fk fact_asset_policy ref dim_asset ( asset_id ) asset_id Fk policy_id_fk fact_asset_policy ref dim_policy ( policy_id ) policy_id Fk scan_id_fk fact_asset_policy ref dim_scan ( scan_id ) scan_id Fk asset_id_fk dim_asset_container ref dim_asset ( asset_id ) asset_id Fk asset_id_fk dim_asset_validated_vulnerability ref dim_asset ( asset_id ) asset_id Fk vulnerability_id_fk dim_asset_validated_vulnerability ref dim_vulnerability ( vulnerability_id ) vulnerability_id Fk exploit_id_fk dim_asset_validated_vulnerability ref dim_vulnerability_exploit ( exploit_id ) exploit_id Fk asset_id_fk fact_asset_vulnerability_finding ref dim_asset ( asset_id ) asset_id Fk vulnerability_id_fk fact_asset_vulnerability_finding ref dim_vulnerability ( vulnerability_id ) vulnerability_id Fk asset_id_fk fact_asset_vulnerability_finding_exploit ref dim_asset ( asset_id ) asset_id Fk exploit_id_fk fact_asset_vulnerability_finding_exploit ref dim_vulnerability_exploit ( exploit_id ) exploit_id Fk malware_kit_id_fk fact_asset_vulnerability_finding_exploit ref dim_vulnerability_malware_kit ( malware_kit_id ) malware_kit_id Fk vulnerability_id_fk fact_asset_vulnerability_finding_exploit ref dim_vulnerability ( vulnerability_id ) vulnerability_id Fk asset_id_fk fact_asset_vulnerability_remediation_date ref dim_asset ( asset_id ) asset_id Fk vulnerability_id_fk fact_asset_vulnerability_remediation_date ref dim_vulnerability ( vulnerability_id ) vulnerability_id dim_asset_user_account Table public.dim_asset_user_account Dimension for user accounts that have been enumerated on an asset. Each record represents one user account on an asset. If an asset has no user accounts enumerated, there will be no records in this dimension for the asset. dim_asset_user_account_id ( asset_id ) asset_id bigint asset_id * bigint The unique identifier of the asset. References dim_asset ( asset_id ) name text name text The short, login name associated with the user account. This value may be null, but is typically non-null. full_name text full_name text The longer name, or description, of the user account. dim_asset_group_asset Table public.dim_asset_group_asset Dimension for the association between an asset and an asset group. For each asset there will be one record with an association to one asset group. This dimension only provides current associations and does not indicate whether an asset once belonged to a group, but it is no longer. Pk dim_asset_group_asset_pkey ( asset_group_id, asset_id ) asset_group_id integer asset_group_id * integer The unique identifier of the asset group. References dim_asset_group ( asset_group_id ) Pk dim_asset_group_asset_pkey ( asset_group_id, asset_id ) asset_id bigint asset_id * bigint The unique identifier of the asset. References dim_asset ( asset_id ) dim_solution_prerequisite Table public.dim_solution_prerequisite Dimension that provides an association between a solution and all the prerequisite solutions that must be applied before it. If a solution has no prerequisites, it will have no records in this dimension. Pk dim_solution_prerequisite_pkey ( solution_id, required_solution_id ) solution_id integer solution_id * integer The unique identifier of the solution. References dim_solution ( solution_id ) Pk dim_solution_prerequisite_pkey ( solution_id, required_solution_id ) required_solution_id integer required_solution_id * integer The unique identifier of the prerequisite solution. References dim_solution ( required_solution_id -> solution_id ) dim_solution_highest_supercedence Table public.dim_solution_highest_supercedence Dimension that provides access to the highest level superceding solution for every solution. If a solution has multiple superceding solutions that themselves are not superceded, all will be returned. Therefore a single solution may have multiple records returned. If a solution is not superceded by any other solution, it will be marked as being superceded by itself. Pk dim_solution_highest_supercedence_pkey ( solution_id, superceding_solution_id ) solution_id integer solution_id * integer The unique identifier of the solution. References dim_solution ( solution_id ) Pk dim_solution_highest_supercedence_pkey ( solution_id, superceding_solution_id ) dim_solution_highest_supercedence_superceding_solution_id ( superceding_solution_id ) superceding_solution_id integer superceding_solution_id * integer The identifier of a solution that is known to supercede the solution, and which itself is not superceded (the highest level of supercedence). If the solution is not superceded, this is the same identifier as solution_id. References dim_solution ( superceding_solution_id -> solution_id ) dim_asset_software Table public.dim_asset_software Dimension for the software that have been detected on an asset. Each record represents a fingerprint result and multiple software instances can be associated with each asset. If an asset had no installed software detected, there will be no records in this dimension. dim_asset_software_id ( asset_id ) asset_id bigint asset_id * bigint The unique identifier of the asset. References dim_asset ( asset_id ) vendor text vendor text The vendor of the software. family text family text The product family of the software. name text name text The product name of the software. version text version text The version of the software. type text type text The type of the software, indicating its purpose or classification (e.g. 'General', 'Virtualization', 'Database Server', 'Security', etc). cpe text cpe text The common platform enumerate (CPE) value, if applicable, associated to the software. fact_scan Table public.fact_scan Transaction fact table for the results of a scan and all the asset within it. This is a convenience fact to rollup assets by scans. Only scans for assets that completed fully will be included in each fact record, but the scan may be in a non-completed state (such as paused). Pk fact_scan_pkey ( scan_id ) scan_id integer scan_id * integer The unique identifier of the scan. References dim_scan ( scan_id ) assets bigint assets * bigint The total number of assets in the scan. vulnerabilities bigint vulnerabilities * bigint The sum of the count of vulnerabilities on each asset. This value is equal to the sum of the critical_vulnerabilities, severe_vulnerabilities, and moderate_vulnerabilities columns. critical_vulnerabilities bigint critical_vulnerabilities * bigint The sum of the count of critical vulnerabilities on each asset. severe_vulnerabilities bigint severe_vulnerabilities * bigint The sum of the count of severe vulnerabilities on each asset. moderate_vulnerabilities bigint moderate_vulnerabilities * bigint The sum of the count of moderate vulnerabilities on each asset. malware_kits integer malware_kits * integer The sum of the count of malware kits on each asset. exploits integer exploits * integer The sum of the count of exploits on each asset. vulnerabilities_with_malware_kit integer vulnerabilities_with_malware_kit * integer The sum of the count of vulnerabilities with malware on each asset. vulnerabilities_with_exploit integer vulnerabilities_with_exploit * integer The sum of the count of vulnerabilities with exploits on each asset. vulnerability_instances bigint vulnerability_instances * bigint The sum of the vulnerabilities instances on each asset. raw_risk_score float8 raw_risk_score * float8 The sum of the raw risk score of each asset. risk_score float8 risk_score * float8 The sum of the risk score of each asset. pci_status text pci_status * text The overall compliance level ('Pass' or 'Fail') according to PCI standards. The status is only 'Pass' if all assets individually have a status of 'Pass' (e.g. in fact_asset) pci_failures bigint pci_failures * bigint The sum of the total PCI failures on each asset. validated_vulnerabilities bigint validated_vulnerabilities * bigint default 0 The number of vulnerabilities that have been validated. dim_scan_engine Table public.dim_scan_engine Dimensions for the scan engines that may be selected to run scans, including standalone engines or pools. One record is present in this dimension for each scan engine that is defined. Pk dim_scan_engine_pkey ( scan_engine_id ) scan_engine_id integer scan_engine_id * integer The unique identifier of the scan engine. Referred by dim_site ( scan_engine_id ) name text name * text The name of the scan engine. address text address * text The address (either IP or host name) of the scan engine. port integer port * integer The port the scan engine is running on. type text type text The type of the scan engine, one of the values: 'Standard', 'Pool', 'VMWare EPsec', or 'AWS' dim_asset_group_account Table public.dim_asset_group_account Dimension for user group accounts that have been enumerated on an asset. Each record represents one user group account on an asset. If an asset has no user group accounts enumerated, there will be no records in this dimension for the asset. dim_asset_group_account_id ( asset_id ) asset_id bigint asset_id * bigint The unique identifier of the asset. References dim_asset ( asset_id ) name text name text The name of the group account. dim_tag Table public.dim_tag Dimension for all tags that any assets within the scope of the report belong to. Each tag has either a direct association or indirection association to an asset based off site or asset group association or of dynamic membership criteria. Pk dim_tag_pkey ( tag_id ) tag_id integer tag_id * integer The unique identifier of the tag. Referred by dim_asset_group_tag ( tag_id ) Referred by dim_asset_tag ( tag_id ) Referred by fact_tag ( tag_id ) Referred by fact_tag_date ( tag_id ) name text name * text The name of the tags. Tag names are unique for tags of the same type. dim_tag_type ( type ) type text type * text The type of the tag, one of the following values: 'CRITICALITY', 'LOCATION', 'OWNER', or 'CUSTOM'. source text source text The original application that created the tag. created timestamp created * timestamp The creation time. risk_modifier float8 risk_modifier float8 The risk modifier for a CRITICALITY typed tag. color text color text The optional color of the tag, in hexadecimal notation. dim_asset_group Table public.dim_asset_group Dimension for all asset groups that any assets within the scope of the report belong to. Each asset group has metadata that define it and can be based off dynamic membership criteria. Pk dim_asset_group_pkey ( asset_group_id ) asset_group_id integer asset_group_id * integer The unique identifier of the asset group. Referred by dim_asset_group_asset ( asset_group_id ) Referred by dim_asset_group_tag ( asset_group_id ) Referred by dim_asset_tag ( asset_group_id ) Referred by fact_asset_group ( asset_group_id ) Referred by fact_asset_group_date ( asset_group_id ) name text name * text The name of the asset groups which provides a human-readable identifier of the group. Asset groups names are guaranteed to be unique across multiple groups. description text description text A description of the asset group that indicates the content, purpose, or composition of a group. dynamic_membership bool dynamic_membership bool Indicates whether the assets belonging to the group are defined statically by an user, or can change automatically based on asset metadata. If true, the membership of the group is dynamically changed whenever scans are performed on assets and the metadata and vulnerabilities related to the asset change. If false, the membership is static and defined manually by a group administrator. dim_site Table public.dim_site Dimension for all sites. Each site has metadata that define it, including organization information. Pk dim_site_pkey ( site_id ) site_id integer site_id * integer The unique identifier of the site. Referred by dim_asset_tag ( site_id ) Referred by dim_scan ( site_id ) Referred by dim_site_asset ( site_id ) Referred by dim_site_target ( site_id ) Referred by fact_site ( site_id ) Referred by fact_site_date ( site_id ) name text name * text The name of the site which provides a human-readable identifier of the site. Site names are guaranteed to be unique across multiple sites. description text description text An optional description of the site that indicates the content, purpose, or composition of a site. importance text importance text A human-readable description of the importance of site, one of the values: 'Very Low', 'Low', 'Normal', 'High' or 'Very High' dynamic_targets bool dynamic_targets * bool Indicates whether the targets defined within the site are dynamically configured based on a discovery connection. If true, a discovery connection is the means by which the targets of a site are defined and dynamically updated. If false, the target definition is static and manually configured by a site administrator. risk_factor real risk_factor real An adjustment factor for the risk of a site. The weighting factor defaults to 1.0 and can be adjusted up or down as the importance of a site is changed. The higher the importance, the larger the risk factor, and the lower the importance, the lower the risk factor. dim_site_last_scan ( last_scan_id ) last_scan_id bigint last_scan_id bigint The identifier of the scan that last ran for the site. If the site has not had a scan run, the value will be NULL. dim_site_previous_scan ( previous_scan_id ) previous_scan_id bigint previous_scan_id bigint The identifier of the scan that ran prior to the last scan for the site. If the site has not had a scan run, the value will be NULL. scan_template text scan_template * text The name of the scan template the site is currently configured to run scans using. scan_template_id text scan_template_id * text The identifier of the scan template the site is currently configured to run scans using. References dim_scan_template ( scan_template_id ) scan_engine text scan_engine * text The name of the scan engine the site is currently configured to run scans with. scan_engine_id integer scan_engine_id * integer The identifier of the scan engine the site is currently configured to run scans with. References dim_scan_engine ( scan_engine_id ) organization_name text organization_name text The optional name of the organization the site is associated to. organization_url text organization_url text The URL/website of the organization the site is associated to. organization_contact text organization_contact text The contact name for the contact of the organization the site is associated to. organization_job_title text organization_job_title text The job title of the contact of the organization the site isassociated to. organization_email text organization_email text The email address of the contact of the organization the site is associated to. organization_phone text organization_phone text The phone number of the organization the site is associated to. organization_address text organization_address text The address of the organization the site is associated to. organization_city text organization_city text The city/region of the organization the site is associated to. organization_state text organization_state text The state/county/province/territory of the organization of the site. organization_country text organization_country text The country of organization the site is associated to. organization_zip text organization_zip text The zip-code (if applicable) of the organization the site is associated to. dim_solution Table public.dim_solution Dimension that provides access to all solutions defined. A solution models the information, steps, and background required to remediate a vulnerability. Pk dim_solution_pkey ( solution_id ) solution_id integer solution_id * integer The unique identifier of the solution. Referred by dim_asset_vulnerability_finding_rollup_solution ( solution_id ) Referred by dim_asset_vulnerability_finding_solution ( solution_id ) Referred by dim_solution_highest_supercedence ( solution_id ) Referred by dim_solution_highest_supercedence ( superceding_solution_id -> solution_id ) Referred by dim_solution_prerequisite ( required_solution_id -> solution_id ) Referred by dim_solution_prerequisite ( solution_id ) Referred by dim_solution_supercedence ( solution_id ) Referred by dim_solution_supercedence ( superceding_solution_id -> solution_id ) Referred by dim_vulnerability_solution ( solution_id ) Referred by fact_asset_vulnerability_finding_exploit_remediation ( solution_id ) Referred by fact_asset_vulnerability_finding_remediation ( solution_id ) dim_solution_nexpose_id ( nexpose_id ) nexpose_id text nexpose_id * text The key/identifier of the solution that uniquely identifies it within Nexpose. estimate interval estimate interval The amount of required time estimated to implement this solution on a single asset. This is a heuristic and may not represent the actualy time required to remediate or apply the solution, depending on the environment and tools available for remediation. url text url text An optional URL link defined for getting more information about the solution. When defined, this may be a web page defined by the vendor that provides more details on the solution, or it may be a download link to a patch. dim_solution_solution_type ( solution_type ) solution_type text solution_type * text Type of the solution, one of the values: 'PATCH', 'ROLLUP' or 'WORKAROUND'. fix text fix text The steps that are a part of the fix this solution prescribes. The fix will usually contain a list of procedures that must be followed to remediate the vulnerability. The fix is represented using HTML markup that can be "flattened" using the htmlToText() function. summary text summary * text A short summary of solution which describes the purpose of the solution at a high level and is suitable for use as a summarization of the solution. The summary is represented using HTML markup that can be "flattened" using the htmlToText() function. additional_data text additional_data text Additional information about the solution. The additional data is represented using HTML markup that can be "flattened" using the htmlToText() function. applies_to text applies_to text Textual representation of the types of system, software, and/or services that the solution can be applied to. If the solution is not restricted to a certain type of system, software or service, this field will be NULL. version Table public.version Stores the current version of the schema the warehouse is using. This information is used to perform upgrades over time, and is not a native part of the dimensional model. version integer version * integer The current database schema version of this warehouse. dim_scan_template Table public.dim_scan_template Dimension for all scan templates that are defined. A record is present for each scan template in the system. Pk dim_scan_template_pkey ( scan_template_id ) scan_template_id text scan_template_id * text The unique identifier of the scan template. Referred by dim_site ( scan_template_id ) name text name * text The short, human-readable name of the scan template. description text description text The verbose description of the scan template. dim_scan Table public.dim_scan Dimension for all scans that have been run on any sites within access of the report, not only those within the scope. All scans will be made available, regardless of their scan status, including currently running scans. Pk dim_scan_pkey ( scan_id ) scan_id bigint scan_id * bigint The unique identifier of the scan. Referred by fact_asset_event ( scan_id ) Referred by fact_asset_policy ( scan_id ) Referred by fact_asset_policy_date ( scan_id ) Referred by fact_asset_policy_rule ( scan_id ) Referred by fact_asset_policy_rule_check ( scan_id ) Referred by fact_scan ( scan_id ) dim_scan_site ( site_id ) site_id integer site_id integer The unique identifier of the site. References dim_site ( site_id ) started timestamp started * timestamp The time at which the scan started. finished timestamp finished timestamp The time at which the scan ended, which may be NULL if a scan is still in progress. status text status * text The current status of the scan, one of the values: 'Aborted', 'Successful', 'Running', 'Stopped', 'Failed', or 'Paused'. type text type * text The type of the scan, one of the values: 'Manual' or 'Scheduled'. scan_name text scan_name text The user-driven scan name for the scan. dim_asset_group_tag Table public.dim_asset_group_tag Dimension that demonstrates the relationship between an asset group and a tag. For each tag applied to an asset group there will be one record in this dimension. If an asset group has not associated tags, no records for that group will apear in this dimension. Pk dim_asset_group_tag_pkey ( asset_group_id, tag_id ) asset_group_id bigint asset_group_id * bigint The unique identifier of the asset group. References dim_asset_group ( asset_group_id ) Pk dim_asset_group_tag_pkey ( asset_group_id, tag_id ) tag_id integer tag_id * integer The unique identifier of the tag applied to the asset group. References dim_tag ( tag_id ) dim_asset_vulnerability_finding_rollup_solution Table public.dim_asset_vulnerability_finding_rollup_solution Dimension that provides access to what "best" solutions can be used to remediate a vulnerability on an asset. The solution(s) presented for an asset and vulnerability will be matched on the metadata/fingerprints of the asset and take supercedence and rollup into account. Despite this, multiple solutions may be selected and presented if a single solution cannot be selected. See dim_asset_vulnerability_finding_solution to gain access to the solutions without rollup applied. dim_asset_vulnerability_finding_rollup_solution_id ( asset_id, vulnerability_id ) asset_id bigint asset_id * bigint The unique identifier of the asset. References dim_asset ( asset_id ) dim_asset_vulnerability_finding_rollup_solution_id ( asset_id, vulnerability_id ) vulnerability_id integer vulnerability_id * integer The unique identifier of the vulnerability. References dim_vulnerability ( vulnerability_id ) dim_asset_vulnerability_finding_rollup_solution_solution_id ( solution_id ) solution_id integer solution_id * integer The unique identifier of the rollup solution. References dim_solution ( solution_id ) dim_asset_vulnerability_finding_solution Table public.dim_asset_vulnerability_finding_solution Dimension that provides access to what solutions can be used to remediate a vulnerability on an asset. The solution(s) presented for an asset and vulnerability will be matched on the metadata/fingerprints of the asset. If a single solution cannot be selected based on the fingerprints of an asset, multiple solutions may be selected and presented. The solution(s) provided represent only the most direct/immediate solutions associated with the vulnerability. See dim_asset_vulnerability_finding_rollup_solution for similar information, but with rollups and supercedence applied. dim_asset_vulnerability_finding_solution_id ( asset_id, vulnerability_id ) asset_id bigint asset_id * bigint The unique identifier of the asset. References dim_asset ( asset_id ) dim_asset_vulnerability_finding_solution_id ( asset_id, vulnerability_id ) vulnerability_id integer vulnerability_id * integer The unique identifier of the vulnerability. References dim_vulnerability ( vulnerability_id ) dim_asset_vulnerability_finding_solution_solution_id ( solution_id ) solution_id integer solution_id * integer The unique identifier of the solution. References dim_solution ( solution_id ) fact_tag_date Table public.fact_tag_date Periodic snapshot fact for tags. This fact table is a date-based snapshot of the fact_tag table. During each export process, the current data is appended to this fact table. Pk fact_tag_date_pkey ( day, tag_id ) day date day * date The date the snapshot was recorded. Pk fact_tag_date_pkey ( day, tag_id ) tag_id integer tag_id * integer The unique identifier of the tag. References dim_tag ( tag_id ) assets bigint assets * bigint The total number of accessible assets associated to the tag. If the tag has no accessible assets in the current scope or membership, this value can be zero. vulnerabilities bigint vulnerabilities * bigint The sum of the count of vulnerabilities on each asset. This value is equal to the sum of the critical_vulnerabilities, severe_vulnerabilities, and moderate_vulnerabilities columns. critical_vulnerabilities bigint critical_vulnerabilities * bigint The sum of the count of critical vulnerabilities on each asset. severe_vulnerabilities bigint severe_vulnerabilities * bigint The sum of the count of severe vulnerabilities on each asset. moderate_vulnerabilities bigint moderate_vulnerabilities * bigint The sum of the count of moderate vulnerabilities on each asset. malware_kits integer malware_kits * integer The sum of the count of malware kits on each asset. exploits integer exploits * integer The sum of the count of exploits on each asset. vulnerabilities_with_malware_kit integer vulnerabilities_with_malware_kit * integer The sum of the count of vulnerabilities with malware on each asset. vulnerabilities_with_exploit integer vulnerabilities_with_exploit * integer The sum of the count of vulnerabilities with exploits on each asset. vulnerability_instances bigint vulnerability_instances * bigint The sum of the vulnerabilities instances on each asset. raw_risk_score float8 raw_risk_score * float8 The sum of the raw risk score of each asset in the tag. risk_score float8 risk_score * float8 The sum of the risk score of each asset in the tag. pci_status text pci_status * text The overall compliance level ('Pass' or 'Fail') of the tag according to PCI standards. The status is only 'Pass' if all assets in the tag individually have a status of 'Pass'(e.g. in fact_asset) pci_failures bigint pci_failures * bigint The sum of the total PCI failures on each asset in the group. validated_vulnerabilities bigint validated_vulnerabilities * bigint default 0 The number of vulnerabilities that have been validated. fact_tag Table public.fact_tag Accumulating snapshot fact for the summary information of a tag. This is a convenience fact for rolling up the information for assets that are tagged with a tag. The summary information provided is based on the most recent data for each asset in the membership of the tag. If a tag has no assets, there will be a fact record with zero counts. Pk fact_tag_pkey ( tag_id ) tag_id integer tag_id * integer The unique identifier of the tag. References dim_tag ( tag_id ) assets bigint assets * bigint The total number of accessible assets associated to the tag. If the tag has no accessible assets in the current scope or membership, this value can be zero. vulnerabilities bigint vulnerabilities * bigint The sum of the count of vulnerabilities on each asset. This value is equal to the sum of the critical_vulnerabilities, severe_vulnerabilities, and moderate_vulnerabilities columns. critical_vulnerabilities bigint critical_vulnerabilities * bigint The sum of the count of critical vulnerabilities on each asset. severe_vulnerabilities bigint severe_vulnerabilities * bigint The sum of the count of severe vulnerabilities on each asset. moderate_vulnerabilities bigint moderate_vulnerabilities * bigint The sum of the count of moderate vulnerabilities on each asset. malware_kits integer malware_kits * integer The sum of the count of malware kits on each asset. exploits integer exploits * integer The sum of the count of exploits on each asset. vulnerabilities_with_malware_kit integer vulnerabilities_with_malware_kit * integer The sum of the count of vulnerabilities with malware on each asset. vulnerabilities_with_exploit integer vulnerabilities_with_exploit * integer The sum of the count of vulnerabilities with exploits on each asset. vulnerability_instances bigint vulnerability_instances * bigint The sum of the vulnerabilities instances on each asset. raw_risk_score float8 raw_risk_score * float8 The sum of the raw risk score of each asset in the tag. risk_score float8 risk_score * float8 The sum of the risk score of each asset in the tag. pci_status text pci_status * text The overall compliance level ('Pass' or 'Fail') of the tag according to PCI standards. The status is only 'Pass' if all assets in the tag individually have a status of 'Pass'(e.g. in fact_asset) pci_failures bigint pci_failures * bigint The sum of the total PCI failures on each asset in the group. validated_vulnerabilities bigint validated_vulnerabilities * bigint default 0 The number of vulnerabilities that have been validated. dim_site_target Table public.dim_site_target Dimension for all the included and excluded targets of a site. For all assets in the scope of the report, a record will be present for each unique IP range and/or host name defined as an included or excluded address in the site configuration. If any global exclusions are applied, these will also be provided at the site level. dim_site_target_id ( site_id ) site_id integer site_id * integer The unique identifier of the site. References dim_site ( site_id ) type text type * text Either 'host' or 'ip' to indicate the type of address. included bool included * bool True if the target is included in the configuration, or false if it is excluded. target text target * text If type is 'host', this is the host name. ip_start inet ip_start inet If type is 'ip', this is the starting IP address of the range (if there is no range, the ip_start is the IP). ip_end inet ip_end inet If type is 'ip', this is the ending IP address of the range (if there is no range, ip_end is the same as the ip_start). scope text scope text The scope of an exclusion, either 'global' if the exclusion is a global exclusion, 'site' if the exclusion is defined on the site, or NULL if included is true. fact_asset_vulnerability_finding_exploit_remediation Table public.fact_asset_vulnerability_finding_exploit_remediation Accumulating snapshot fact for all current vulnerability findings on an asset that are known to be exploitable and the solution(s) that remediate them. This fact is a convenience rollup for the fact_asset_vulnerability_finding_exploit_remediation fact and provides the best solution(s) to remediate an exploitable vulnerability finding. asset_id bigint asset_id * bigint The unique identifier of the asset. References dim_asset ( asset_id ) vulnerability_id integer vulnerability_id * integer The unique identifier of the vulnerability. References dim_vulnerability ( vulnerability_id ) solution_id integer solution_id * integer The unique identifier of the solution. References dim_solution ( solution_id ) exploit_id integer exploit_id integer The unique identifier of the exploit. References dim_vulnerability_exploit ( exploit_id ) malware_kit_id integer malware_kit_id integer The unique identifier of the malware_kit_id. References dim_vulnerability_malware_kit ( malware_kit_id ) fact_asset_vulnerability_finding_date Table public.fact_asset_vulnerability_finding_date Periodic snapshot fact for vulnerability findings on an asset. This fact table is a date-based snapshot of the fact_asset_vulnerability_finding table. During each export process, the current data is appended to this fact table. Pk fact_asset_vulnerability_finding_date_pkey ( day, asset_id ) fact_asset_vulnerability_finding_date_id ( day, asset_id, vulnerability_id ) day date day * date The date the snapshot was recorded. Pk fact_asset_vulnerability_finding_date_pkey ( day, asset_id ) fact_asset_vulnerability_finding_date_id ( day, asset_id, vulnerability_id ) asset_id bigint asset_id * bigint The unique identifier of the asset. References dim_asset ( asset_id ) fact_asset_vulnerability_finding_date_id ( day, asset_id, vulnerability_id ) fact_asset_vulnerability_finding_date_vuln_id ( vulnerability_id ) vulnerability_id integer vulnerability_id * integer The unique identifier of the vulnerability. References dim_vulnerability ( vulnerability_id ) date timestamp date * timestamp The time at which the vulnerability was first found on the asset. This is the earliest date any instance on the asset was found. reintroduced_date timestamp reintroduced_date timestamp The date on which the vulnerability was reintroduced on the asset following a previous remediation. critical_vulnerabilities bigint critical_vulnerabilities bigint The number of critical vulnerabilities this finding represents. Either 1 if the vulnerablity finding is critical, 0 otherwise. severe_vulnerabilities bigint severe_vulnerabilities bigint The number of severe vulnerabilities this finding represents. Either 1 if the vulnerablity finding is severe, 0 otherwise. moderate_vulnerabilities bigint moderate_vulnerabilities bigint The number of moderate vulnerabilities this finding represents. Either 1 if the vulnerablity finding is moderate, 0 otherwise. malware_kits integer malware_kits integer The the count of malware kits associated to the vulnerability. exploits integer exploits integer The the count of exploits associated to the vulnerability. vulnerabilities_with_malware_kit integer vulnerabilities_with_malware_kit integer The number of vulnerabilities this finding represents that have malware kits. Either 1 if the vulnerablity finding has malware_kits, 0 otherwise. vulnerabilities_with_exploit integer vulnerabilities_with_exploit integer The number of vulnerabilities this finding represents that have exploits. Either 1 if the vulnerablity finding has exploits, 0 otherwise. vulnerability_instances bigint vulnerability_instances * bigint The number of instances of this finding on the asset. raw_risk_score float8 raw_risk_score float8 The raw risk score for the vulnerability of this finding. risk_score float8 risk_score float8 The risk score for the vulnerability of this finding. pci_failures bigint pci_failures bigint The number of PCI failures for the vulnerability. Either 1 if the vulnerablity finding is would caused a PCI failure, 0 otherwise. validated bool validated bool default false Whether the vulnerability has been validated (e.g. using Metasploit). fact_asset_vulnerability_finding_remediation Table public.fact_asset_vulnerability_finding_remediation Accumulating snapshot fact that describes the impact of applying a rollup solution to a vulnerability on an asset. For every rollup solution that is selected for an asset a record will be present in this fact that summaries the result of applying that solution to a vulnerability. Note, this fact does not calculate the impact of solutions that are not the highest level of rollup. asset_id bigint asset_id bigint The unique identifier of the asset. References dim_asset ( asset_id ) vulnerability_id integer vulnerability_id integer The unique identifier of the vulnerability. References dim_vulnerability ( vulnerability_id ) solution_id integer solution_id integer The unique identifier of the solution. References dim_solution ( solution_id ) date timestamp date timestamp The time at which the vulnerability was first found on the asset. This is the earliest date any instance on the asset was found. reintroduced_date timestamp reintroduced_date timestamp The date on which the vulnerability was reintroduced on the asset following a previous remediation. critical_vulnerabilities bigint critical_vulnerabilities * bigint The number of critical vulnerabilities that will be remediated. Either 1 if the vulnerablity finding is critical, 0 otherwise. severe_vulnerabilities bigint severe_vulnerabilities * bigint The number of severe vulnerabilities that will be remediated. Either 1 if the vulnerablity finding is severe, 0 otherwise. moderate_vulnerabilities bigint moderate_vulnerabilities * bigint The number of moderate vulnerabilities that will be remediated. Either 1 if the vulnerablity finding is moderate, 0 otherwise. malware_kits integer malware_kits * integer The the count of malware kits associated to the vulnerability that will be remediated. exploits integer exploits * integer The sum of the count of vulnerabilities with exploits on each asset that will be remediated. vulnerabilities_with_malware_kit integer vulnerabilities_with_malware_kit * integer The sum of the count of vulnerabilities with malware on each asset that will be remediated. vulnerabilities_with_exploit integer vulnerabilities_with_exploit * integer The sum of the count of vulnerabilities with exploits on each asset that will be remediated. vulnerability_instances bigint vulnerability_instances * bigint The sum of all the vulnerabilities instances on any asset that will be remediated. raw_risk_score float8 raw_risk_score * float8 The amount of raw risk score that will be reduced by applying the remediation for the vulnerability. risk_score float8 risk_score * float8 The amount of risk score that will be reduced by applying the remediation for the vulnerability. pci_failures bigint pci_failures * bigint The number of PCI failures that will be resolved by appyling the remediation for the vulnerability. dim_vulnerability_solution Table public.dim_vulnerability_solution Dimension that provides access to the relationship between a vulnerability and its (direct) solutions. These solutions are only those which are directly known to remediate the vulnerability, and do not include rollups or superceding solutions. If a vulnerability has more than one solution (e.g. for multiple platforms), multiple association records will be present. If a vulnerability has no known solutions, it will have no records in this dimension. Pk dim_vulnerability_solution_pkey ( vulnerability_id, solution_id ) vulnerability_id integer vulnerability_id * integer The unique identifier of the vulnerability. References dim_vulnerability ( vulnerability_id ) Pk dim_vulnerability_solution_pkey ( vulnerability_id, solution_id ) solution_id integer solution_id * integer The unique identifier of the solution. References dim_solution ( solution_id ) dim_vulnerability_exploit Table public.dim_vulnerability_exploit Exploits that exploit a particular vulnerability that have been defined by external exploit data sources. Each record represents the relationship between a vulnerability and one exploit module/kit/package known to exploit that vulnerability. Each vulnerability can be associated to multiple exploits. Pk dim_vulnerability_exploit_pkey ( exploit_id, vulnerability_id ) exploit_id integer exploit_id * integer The unique identifier of the exploit module. Referred by dim_asset_validated_vulnerability ( exploit_id ) Referred by fact_asset_vulnerability_finding_exploit ( exploit_id ) Referred by fact_asset_vulnerability_finding_exploit_remediation ( exploit_id ) Pk dim_vulnerability_exploit_pkey ( exploit_id, vulnerability_id ) dim_vulnerability_exploit_vulnerability_id ( vulnerability_id ) vulnerability_id integer vulnerability_id * integer The unique identifier of the vulnerability the exploit relates to. References dim_vulnerability ( vulnerability_id ) title text title * text The short name or title of the exploit which describes the name, purpose, or target of the exploit. description text description text The description of the exploit that provides more detailed information on the purpose or target of the exploit. skill_level text skill_level text The skill level required to perform the exploit, one of the values: 'Expert', 'Novice', or 'Intermediate'. source text source text The source which defined and published the exploit, one of the values: 'Exploit Database' or 'Metasploit Module'. source_key text source_key text The identifier of the exploit within the source that published the exploit. This can be an internal identifier key for the exploit within the source. dim_vulnerability_malware_kit Table public.dim_vulnerability_malware_kit Dimension for malware kits that are known to exploit a vulnerability. Each record represents the relationship between a vulnerability and an associated malware kit known to exploit that vulnerability. Each vulnerability can be associated to multiple malware kits. Pk dim_vulnerability_malware_kit_pkey ( malware_kit_id, vulnerability_id ) malware_kit_id integer malware_kit_id * integer The unique identifier of the malware kit. Referred by fact_asset_vulnerability_finding_exploit ( malware_kit_id ) Referred by fact_asset_vulnerability_finding_exploit_remediation ( malware_kit_id ) Pk dim_vulnerability_malware_kit_pkey ( malware_kit_id, vulnerability_id ) dim_vulnerability_malware_kit_vulnerability_id ( vulnerability_id ) vulnerability_id integer vulnerability_id * integer The unique identifier of the vulnerability with a malware kit References dim_vulnerability ( vulnerability_id ) name text name * text The name of the malware kit. popularity text popularity text The popularity of the malware kit, which identifies how common or accessible it is. Popularity can have the following values: 'Uncommon', 'Occasional', 'Rare', 'Common', 'Favored', 'Popular', or 'Unknown'. dim_vulnerability_reference Table public.dim_vulnerability_reference Dimension for references to external data source(s) that relate to, define, or that the publishing source of a vulnerability. Each record represents the relationship between a vulnerability and an external reference or link to a defining source. Each vulnerability may be associated to multiple references. dim_vulnerability_reference_vulnerability_id ( vulnerability_id ) vulnerability_id integer vulnerability_id * integer The unique identifier of the vulnerability. References dim_vulnerability ( vulnerability_id ) source text source * text The name of a source of vulnerability information or metadata. The source is provided in all upper-case characters (for consistency with the user interface). reference text reference * text The reference that keys or links into the source repository. If the source is 'URL', the reference is a URL. For other data sources such as CVE, BID, or SECUNIA, the reference is typically a key that indexes into those repositories. dim_vulnerability Table public.dim_vulnerability Dimension for a vulnerability and its associated metadata, including risk scores, CVSS vector, and title. One record is present for each vulnerability that is defined. Pk dim_vulnerability_pkey ( vulnerability_id ) vulnerability_id integer vulnerability_id * integer The unique identifier of the vulnerability. Referred by dim_asset_validated_vulnerability ( vulnerability_id ) Referred by dim_asset_vulnerability_finding_rollup_solution ( vulnerability_id ) Referred by dim_asset_vulnerability_finding_solution ( vulnerability_id ) Referred by dim_vulnerability_category ( vulnerability_id ) Referred by dim_vulnerability_exception ( vulnerability_id ) Referred by dim_vulnerability_exploit ( vulnerability_id ) Referred by dim_vulnerability_malware_kit ( vulnerability_id ) Referred by dim_vulnerability_reference ( vulnerability_id ) Referred by dim_vulnerability_solution ( vulnerability_id ) Referred by fact_asset_vulnerability_finding ( vulnerability_id ) Referred by fact_asset_vulnerability_finding_date ( vulnerability_id ) Referred by fact_asset_vulnerability_finding_exploit ( vulnerability_id ) Referred by fact_asset_vulnerability_finding_exploit_remediation ( vulnerability_id ) Referred by fact_asset_vulnerability_finding_remediation ( vulnerability_id ) Referred by fact_asset_vulnerability_instance ( vulnerability_id ) Referred by fact_asset_vulnerability_remediation_date ( vulnerability_id ) Referred by fact_vulnerability ( vulnerability_id ) Referred by fact_vulnerability_date ( vulnerability_id ) dim_vulnerability_nexpose_id ( nexpose_id ) nexpose_id text nexpose_id * text The Nexpose identifier (natural key) of the vulnerability. title text title * text A short, human-readable description of the vulnerability. The title is represented using HTML markup that can be "flattened" using the htmlToText() function. description text description * text A verbose description for the vulnerability. The description is represented using HTML markup that can be "flattened" using the htmlToText() function. date_published date date_published * date The date that the vulnerability was publicized by the third-party, vendor, or another authoring source. The granularity of the date is a day. date_added date date_added * date The date that the vulnerability was first checked by Nexpose. The granularity of the date is a day. date_modified date date_modified * date The date that the vulnerability was last modified. The granularity of the date is a day. severity_score smallint severity_score * smallint The numerical severity of the vulnerability, measured on a scale of 0 to 10 using whole numbers. dim_vulnerability_severity ( severity ) severity text severity * text The textual representation of the severity of the vulnerability, which is based on the severity score. The severity can be any of the following values: 'Critical', 'Severe', or 'Moderate' critical integer critical * integer Numerical representation of the severity of the vulnerability that can be used for aggregation purposes easily use a SUM aggregate. If the severity is 'Critical' the value of this column is 1, otherwise it is 0. severe integer severe * integer Numerical representation of the severity of the vulnerability that can be used for aggregation purposes easily use a SUM aggregate. If the severity is 'Severe' the value of this column is 1, otherwise it is 0. moderate integer moderate * integer Numerical representation of the severity of the vulnerability that can be used for aggregation purposes easily use a SUM aggregate. If the severity is 'Moderate' the value of this column is 1, otherwise it is 0. pci_severity_score smallint pci_severity_score * smallint The numerical PCI severity score of the vulnerability, measured on a scale of 1 to 5 using whole numbers. pci_status text pci_status * text The compliance level of the vulnerability according to PCI standards. 'Pass' indicates the vulnerability may be present on an asset but still pass PCI compliance. 'Fail' indicates the vulnerability must not be present in order to pass PCI compliance. pci_failures integer pci_failures * integer Numerical representation of the pci_status that can be used for aggregation purposes easily using a SUM aggregate. The value is 0 if pci_status is 'Pass', and 1 if pci_status is 'Fail'. risk_score float8 risk_score * float8 The risk score of the vulnerability as computed by the current risk strategy/model. cvss_vector text cvss_vector * text The full CVSS vector in CVSS Version 2.0 notation. cvss_access_vector varchar(1) cvss_access_vector * varchar(1) Access vector (AV) code that represents the CVSS access vector value of the vulnerability. cvss_access_complexity varchar(1) cvss_access_complexity * varchar(1) Access complexity (AC) vector code that represents the CVSS access complexity vector value of the vulnerability. cvss_authentication varchar(1) cvss_authentication * varchar(1) Authentication (Au) vector code that represents the CVSS authentication vector value of the vulnerability. cvss_confidentiality_impact varchar(1) cvss_confidentiality_impact * varchar(1) Confidentiality impact (C) vector code that represents the CVSS confidentiality impact vector value of the vulnerability. cvss_integrity_impact varchar(1) cvss_integrity_impact * varchar(1) Integrity impact (I) vector code that represents the CVSS integrity impact vector value of the vulnerability. cvss_availability_impact varchar(1) cvss_availability_impact * varchar(1) Availability impact (A) vector code that represents the CVSS availability impact vector value of the vulnerability. cvss_score real cvss_score * real Value between 0 and 10 representing the CVSS score of the vulnerability. pci_adjusted_cvss_score real pci_adjusted_cvss_score * real Value between 0 and 10 representing the CVSS score of the vulnerability, adjusted if necessary to follow PCI rules. cvss_exploit_score real cvss_exploit_score * real Base score for the exploitability of a vulnerability that is used to compute the overall CVSS score. cvss_impact_score real cvss_impact_score * real Base score for the impact of a vulnerability that is used to compute the overall CVSS score. pci_special_notes text pci_special_notes text Notes attached to the vulnerability following PCI rules. denial_of_service bool denial_of_service * bool Signifies whether the vulnerability is classified as a denial-of-service vulnerability. exploits bigint exploits * bigint The total number of distinct exploits/modules that are known to exploit the vulnerability. exploit integer exploit * integer Numeric representation as to whether this vulnerability is exploitable. If exploits is greater than 0, this value will be 1, otherwise 0. exploit_skill_level text exploit_skill_level text The minimum exploitability skill level required to exploit this vulnerability (if an exploit is known for it), one of the values 'Expert', 'Novice', 'Intermediate', or NULL. malware_kits bigint malware_kits * bigint The total number of distinct malware kits that are known to exploit the vulnerability. malware_kit integer malware_kit * integer Numeric representation as to whether this vulnerability has a known malware kit. If mwlare_kits is greater than 0, this value will be 1, otherwise 0. malware_popularity text malware_popularity text The maximum popularity value of the malware kits on this vulnerability (if a malware kit is known for it), one of the values: 'Uncommon', 'Occasional', 'Rare', 'Common', 'Favored', 'Popular', or 'Unknown'. cvss_v3_vector text cvss_v3_vector text The full CVSS vector in CVSS Version 3.0 notation. cvss_v3_attack_vector varchar(1) cvss_v3_attack_vector varchar(1) Attack Vector (AV) code that represents the CVSS attack vector value of the vulnerability. cvss_v3_attack_complexity varchar(1) cvss_v3_attack_complexity varchar(1) Attack Complexity (AC) code that represents the CVSS attack complexity value of the vulnerability. cvss_v3_privileges_required varchar(1) cvss_v3_privileges_required varchar(1) Privileges Required (PR) code that represents the CVSS privilege required value of the vulnerability. cvss_v3_user_interaction varchar(1) cvss_v3_user_interaction varchar(1) User Interaction (UI) code that represents the CVSS user interaction value of the vulnerability. cvss_v3_scope varchar(1) cvss_v3_scope varchar(1) Scope (S) code that represents the CVSS scope value of the vulnerability. cvss_v3_confidentiality_impact varchar(1) cvss_v3_confidentiality_impact varchar(1) Confidentiality Impact (C) code that represents the CVSS confidentiality impact value of the vulnerability. cvss_v3_integrity_impact varchar(1) cvss_v3_integrity_impact varchar(1) Integrity Impact (I) code that represents the CVSS integrity impact value of the vulnerability. cvss_v3_availability_impact varchar(1) cvss_v3_availability_impact varchar(1) Availability Impact (A) code that represents the CVSS availability impact value of the vulnerability. cvss_v3_score real cvss_v3_score real Value between 0 and 10 representing the CVSS Version 3.0 score of the Vulnerability. cvss_v3_impact_score real cvss_v3_impact_score real Base score for the impact of a vulnerability that is used to compute the overall CVSS Version 3.0 score. cvss_v3_exploit_score real cvss_v3_exploit_score real Base score for the exploitability of a vulnerability that is used to compute the overall CVSS Version 3.0 score. dim_vulnerability_category Table public.dim_vulnerability_category Dimension for categories that defines groups of related vulnerabilities by a common name. Each record represents a vulnerability and the associated category it belongs to. Each vulnerability can belong to multiple categories, in which case multiple records will be present, one for each category the vulnerability belongs to. Pk dim_vulnerability_category_pkey ( vulnerability_id, category_name ) vulnerability_id integer vulnerability_id * integer The unique identifier of the vulnerability. References dim_vulnerability ( vulnerability_id ) Pk dim_vulnerability_category_pkey ( vulnerability_id, category_name ) category_name text category_name * text The human-readable name of the vulnerability category. fact_asset_vulnerability_instance Table public.fact_asset_vulnerability_instance Accumulating snapshot fact for all current vulnerability instances on an asset. This fact provides a record for each vulnerability instance on every asset. If an asset is not vulnerable to any vulnerabilities (or all vulnerabilities have been excluded) it will have no records in this fact table. fact_asset_vulnerability_instance_id ( asset_id, vulnerability_id ) asset_id bigint asset_id * bigint The unique identifier of the asset. References dim_asset ( asset_id ) fact_asset_vulnerability_instance_id ( asset_id, vulnerability_id ) vulnerability_id integer vulnerability_id * integer The unique identifier of the vulnerability. References dim_vulnerability ( vulnerability_id ) fact_asset_vulnerability_instance_date ( date ) date timestamp date * timestamp The time at which the vulnerability was first found on the asset. This is the earliest date any instance on the asset was found. reintroduced_date timestamp reintroduced_date timestamp The date on which the vulnerability was reintroduced on the asset following a previous remediation. fact_asset_vulnerability_instance_status ( status ) status text status * text The status of the vulnerability, one of the values: 'Confirmed vulnerability', 'Vulnerable version', 'Potential vulnerability' proof text proof text Free-form text that describes the proof which explains why the vulnerability is present on the asset. The proof is represented using HTML markup that can be "flattened" using the htmlToText() function. key text key text Optional secondary identifier for a vulnerability result that can distinguish the result from other vulnerability instances of the same type on the system, but found in different locations (e.g. URLs). fact_asset_vulnerability_instance_service ( service, port, protocol ) service text service text The service this vulnerability test was performed against. If the vulnerability was detected without a network-based service, the value will be NULL. fact_asset_vulnerability_instance_port_protocol ( port, protocol ) fact_asset_vulnerability_instance_service ( service, port, protocol ) port integer port integer The port on which the service was running if the vulnerability was found through a network service. If the vulnerability was not found in the network service, the value is NULL. The data within this column will only contain valid port numbers (0 - 65535). fact_asset_vulnerability_instance_port_protocol ( port, protocol ) fact_asset_vulnerability_instance_service ( service, port, protocol ) protocol text protocol text The protocol that the service was using on which the vulnerability was found. If the vulnerability was not found on a network service, the value is NULL. fact_vulnerability_date Table public.fact_vulnerability_date Periodic snapshot fact for vulnerabilities. This fact table is a date-based snapshot of the fact_vulnerability table. During each export process, the current data is appended to this fact table. Pk fact_vulnerability_date_pkey ( day, vulnerability_id ) day date day * date The date the snapshot was recorded. Pk fact_vulnerability_date_pkey ( day, vulnerability_id ) vulnerability_id integer vulnerability_id * integer The unique identifier of the vulnerability. References dim_vulnerability ( vulnerability_id ) affected_assets bigint affected_assets * bigint The total number of assets vulnerable to this vulnerability. affected_sites bigint affected_sites * bigint The total number of sites with at least one asset vulnerable to this vulnerability. vulnerability_instances bigint vulnerability_instances * bigint The total number of instances across all assets of this vulnerability. first_discovered timestamp first_discovered timestamp The date at which this vulnerability was first discovered on any asset that is still presently vulnerable to the vulnerability. most_recently_discovered timestamp most_recently_discovered timestamp The data at which the vulnerability was most recently discovered on any asset that is currently vulnerable to the vulnerability. fact_vulnerability Table public.fact_vulnerability Accumulating snapshot fact for a vulnerability. This convenience fact rolls up assets by the vulnerabilities they are vulnerable to. Each row represents one distinct vulnerability and the results for that vulnerability. If no assets are vulnerable to a vulnerability there will still be a record in this fact table. There will always be one row in this fact table for every vulnerability defined in the dim_vulnerability dimension. Pk fact_vulnerability_pkey ( vulnerability_id ) vulnerability_id integer vulnerability_id * integer The unique identifier of the vulnerability. References dim_vulnerability ( vulnerability_id ) affected_assets bigint affected_assets * bigint The total number of assets vulnerable to this vulnerability. affected_sites bigint affected_sites * bigint The total number of sites with at least one asset vulnerable to this vulnerability. vulnerability_instances bigint vulnerability_instances * bigint The total number of instances across all assets of this vulnerability. first_discovered timestamp first_discovered timestamp The date at which this vulnerability was first discovered on any asset that is still presently vulnerable to the vulnerability. most_recently_discovered timestamp most_recently_discovered timestamp The data at which the vulnerability was most recently discovered on any asset that is currently vulnerable to the vulnerability. fact_asset_date Table public.fact_asset_date Periodic snapshot fact for assets. This fact table is a date-based snapshot of the fact_asset table. During each export process, the current data is appended to this fact table. Pk fact_asset_date_pkey ( day, asset_id ) day date day * date The date the snapshot was recorded. Pk fact_asset_date_pkey ( day, asset_id ) asset_id bigint asset_id * bigint The unique identifier of the asset. References dim_asset ( asset_id ) vulnerabilities bigint vulnerabilities * bigint The number of vulnerability findings on the asset. This value is equal to the sum of critical_vulnerabilities, severe_vulnerabilities, and moderate_vulnerabilities columns. critical_vulnerabilities bigint critical_vulnerabilities * bigint The number of vulnerability findings for vulnerabilities with a critical severity. severe_vulnerabilities bigint severe_vulnerabilities * bigint The number of vulnerability findings for vulnerabilities with a severe severity. moderate_vulnerabilities bigint moderate_vulnerabilities * bigint The number of vulnerability findings for vulnerabilities with a moderate severity. malware_kits integer malware_kits * integer The number of distinct malware kits that can exploit any vulnerabilities on the asset. exploits integer exploits * integer The number of distinct exploit modules that can exploit any vulnerabilities on the asset. vulnerabilities_with_malware_kit integer vulnerabilities_with_malware_kit * integer The number of vulnerabilities on the asset that have at least one malware kit. vulnerabilities_with_exploit integer vulnerabilities_with_exploit * integer The number of vulnerabilities on the asset that have at least one exploit module. vulnerability_instances bigint vulnerability_instances * bigint The total number of instances of all vulnerabilities. raw_risk_score float8 raw_risk_score * float8 The risk score of the asset across all vulnerabilities but with no risk factor applied. risk_score float8 risk_score * float8 The risk score of the asset across all vulnerabilities with any applicable risk factor applied. pci_status text pci_status * text The compliance level, either 'Pass' or 'Fail', of the asset according to PCI standards. pci_failures bigint pci_failures * bigint Numerical representation of the pci_status that can be used for aggregation. If pci_status is 'Pass' the value is 0, and if 'Fail' the value is 1. validated_vulnerabilities bigint validated_vulnerabilities * bigint default 0 The number of vulnerabilities that have been validated. fact_asset Table public.fact_asset Accumulating snapshot fact table for the latest state of an asset. Each fact record represents the current summary information for an asset, from all data source across all sites the asset belongs to. Pk fact_asset_pkey ( asset_id ) asset_id bigint asset_id * bigint The unique identifier of the asset. References dim_asset ( asset_id ) vulnerabilities bigint vulnerabilities * bigint The number of vulnerability findings on the asset. This value is equal to the sum of critical_vulnerabilities, severe_vulnerabilities, and moderate_vulnerabilities columns. critical_vulnerabilities bigint critical_vulnerabilities * bigint The number of vulnerability findings for vulnerabilities with a critical severity. severe_vulnerabilities bigint severe_vulnerabilities * bigint The number of vulnerability findings for vulnerabilities with a severe severity. moderate_vulnerabilities bigint moderate_vulnerabilities * bigint The number of vulnerability findings for vulnerabilities with a moderate severity. malware_kits integer malware_kits * integer The number of distinct malware kits that can exploit any vulnerabilities on the asset. exploits integer exploits * integer The number of distinct exploit modules that can exploit any vulnerabilities on the asset. vulnerabilities_with_malware_kit integer vulnerabilities_with_malware_kit * integer The number of vulnerabilities on the asset that have at least one malware kit. vulnerabilities_with_exploit integer vulnerabilities_with_exploit * integer The number of vulnerabilities on the asset that have at least one exploit module. vulnerability_instances bigint vulnerability_instances * bigint The total number of instances of all vulnerabilities. raw_risk_score float8 raw_risk_score * float8 The risk score of the asset across all vulnerabilities but with no risk factor applied. risk_score float8 risk_score * float8 The risk score of the asset across all vulnerabilities with any applicable risk factor applied. pci_status text pci_status * text The compliance level, either 'Pass' or 'Fail', of the asset according to PCI standards. pci_failures bigint pci_failures * bigint Numerical representation of the pci_status that can be used for aggregation. If pci_status is 'Pass' the value is 0, and if 'Fail' the value is 1. validated_vulnerabilities bigint validated_vulnerabilities * bigint default 0 The number of vulnerabilities that have been validated. fact_asset_event Table public.fact_asset_event Transactional fact for every event that has occurred on an asset that may have changed the data on the asset. These events includes scans, data import, applying exceptions, etc. fact_asset_event_id ( asset_id, event_id ) asset_id bigint asset_id * bigint The unique identifier of the asset. References dim_asset ( asset_id ) fact_asset_event_id ( asset_id, event_id ) event_id bigint event_id bigint The unique identifier of the event that the asset was modified by, which can be shared across multiple assets that were a part of the same event. fact_asset_event_date ( date ) date timestamp date * timestamp The date in which the event was performed or executed. fact_asset_event_type ( type ) type text type * text The type of the event, which is one of the following values: 'SCAN' - the asset was scanned by a scan engine 'ACTIVE-SYNC' - the asset was scanned/discovered through an active sync connection 'VULNERABILITY_EXCEPTION_APPLIED' - a vulnerability exception was applied to a vulnerability 'VULNERABILITY_EXCEPTION_UNAPPLIED' - a vulnerability exception was unapplied (removed) from a vulnerability 'ASSET-IMPORT' or 'EXTERNAL-IMPORT' - the asset was imported through the external API 'EXTERNAL-IMPORT-APPSPIDER' - the asset was imported from an AppSpider scan 'SCAN-LOG-IMPORT' - the asset was import using a console command 'SCAN-LOG-INGESTOR-UPGRADE' - the asset was imported during a one-time product upgrade (deprecated) fact_asset_event_scan ( scan_id ) scan_id bigint scan_id bigint If the type is 'SCAN', 'ACTIVE-SYNC', 'SCAN-LOG-IMPORT', 'SCAN-LOG-INGESTOR-UPGRADE', or 'EXTERNAL-IMPORT-APPSPIDER' the identifier of the scan that was run. For all other types the value is NULL. References dim_scan ( scan_id ) fact_asset_event_exception ( vulnerability_exception_id ) vulnerability_exception_id integer vulnerability_exception_id integer If the type is 'VULNERABILITY_EXCEPTION_APPLIED' or 'VULNERABILITY_EXCEPTION_UNAPPLIED' the identifier of the vulnerability exception that was applied or unapplied. References dim_vulnerability_exception ( vulnerability_exception_id ) user_name text user_name text If the type is 'EXTERNAL-IMPORT' or 'ASSET-IMPORT' the login name of the user that performed the import. description text description text A description of the event that was performed. This can include details specific to the event type. dim_asset_service Table public.dim_asset_service Dimension for the set of services that have been detected on an asset. Each record represents an open port that is running a service on a protocol. If an asset has no services detected on it, there will be no records for the asset in this dimension. dim_asset_service_id ( asset_id ) asset_id bigint asset_id * bigint The unique identifier of the asset. References dim_asset ( asset_id ) dim_asset_service_service ( service, port, protocol ) service text service text The protocol name of the service (e.g. 'HTTPS', 'RPC', 'NTP', etc). dim_asset_service_service ( service, port, protocol ) port integer port * integer The port the service is running on. dim_asset_service_service ( service, port, protocol ) protocol text protocol text The procol the service is exposed through (e.g. 'TCP', or 'UDP'). vendor text vendor text The vendor of the software running on the service (e.g. 'Apache', 'Microsoft', etc). family text family text The family of the software running on the service (e.g. 'Apache', 'IIS', etc). name text name text The name of the software running on the service (e.g. 'HTTPD', 'IIS', etc). version text version text The version of the software running on the service (e.g. '7.5'). certainty real certainty real The certainty of the service fingerprint that detected the service, expressed as a decimal confidence between 0 (low) and 1.0 (high). credential_status text credential_status text The status of the credential(s) used against this service, which is one of the following values: 'No credentials supplied', 'Login failed', 'Login successful', 'Allowed elevation of privileges', 'Root', 'Login as local admin' dim_asset_tag Table public.dim_asset_tag Dimension for the association between an asset and a tag. For each asset there will be one record with an association to only one tag. This dimension only provides current associations and does not indicate whether an asset once belonged to a tag, but it is no longer. Pk dim_asset_tag_pkey ( tag_id, asset_id ) dim_asset_group_tag_id ( asset_group_id, tag_id ) tag_id integer tag_id * integer The unique identifier of the tag. References dim_tag ( tag_id ) Pk dim_asset_tag_pkey ( tag_id, asset_id ) asset_id bigint asset_id * bigint The unique identifier of the asset. References dim_asset ( asset_id ) association text association * text The association that the tag has with the asset. It can be a direct association ("tag") or an indirect association through a site ("site"), a group ("group") or the tag dynamic search criteria ("criteria"). dim_asset_tag_site ( site_id ) site_id bigint site_id bigint The site id by which an asset indirectly associates with the tag. References dim_site ( site_id ) dim_asset_group_tag_id ( asset_group_id, tag_id ) dim_asset_tag_asset_group ( asset_group_id ) asset_group_id bigint asset_group_id bigint The asset group id by which an asset indirectly associates with the tag. References dim_asset_group ( asset_group_id ) dim_asset_host_name Table public.dim_asset_host_name Dimension for the aliases or host names of an asset. Each record represents one of the host names that were discovered during the most recent scan of the asset, including the primary name available within the other asset fact tables. This dimension is built so it includes all aliases found in any node on the asset within the latest scan. If an asset did not have a host name detected in the latest scan, an empty value will be associated with the asset. dim_asset_host_name_id ( asset_id ) asset_id bigint asset_id * bigint The unique identifier of the asset. References dim_asset ( asset_id ) host_name text host_name * text A host name that was detected on the asset. source_type text source_type text The type of the mechanism used to perform the host name detection (e.g. 'DNS', 'NetBIOS', etc). source text source text The name of the source used to to perform the host name detection (e.g. 'CIFS Name Service', 'uname -n', etc). dim_asset_address Table public.dim_asset_address Dimension for the network addresses of an asset. Each record represents a pair of IP and MAC that were enumerated on the asset. Since every asset will always have at least one IP address, each asset is guranteed to have on value in this table. Every "primary" address from the dim_asset dimension will be present in this dimension. dim_asset_address_id ( asset_id ) asset_id bigint asset_id * bigint The unique identifier of the asset. References dim_asset ( asset_id ) dim_asset_address_ip ( ip_address ) ip_address inet ip_address inet The IP address of the asset. dim_asset_address_mac ( mac_address ) mac_address macaddr mac_address macaddr The MAC address of the asset. primary bool primary * bool Indicates whether this was the primary address of the asset (i.e. the address used to perform a network scan). dim_asset_operating_system Table public.dim_asset_operating_system Dimension for the potential operating systems on an asset. Unlike dim_asset, this dimension provides access to all operating system fingerprints that have been detected. If an asset has no operating system fingerprints detected on it, there will be no records for the asset in this dimension. dim_asset_operating_system_id ( asset_id ) asset_id bigint asset_id * bigint he unique identifier of the asset. References dim_asset ( asset_id ) vendor text vendor text The vendor name of the operating system (e.g. 'Microsoft' or 'Cisco'). family text family text The family of the operating system (e.g. 'Windows' or 'IOS'). name text name text The product name of the operating system (e.g. 'Windows' or 'Linux'). version text version text The version of the operating system (e.g. 'SP1' or '2.2.14'). architecture text architecture text The architecture of the operating system detected on the asset (e.g. 'x86'). description text description text The full description of the operating system, including the vendor, family, name, and version. system text system text A shortened form of the operating system description that includes only the vendor, family, and product. This field is best used when grouping by related operating system families and product combination irrespective of specified versions. cpe text cpe text The common platform enumerate (CPE) value, if applicable, associated to the operating system. type text type text The type of the operating system which describes the classification by purpose, such as 'Router', 'Switch', 'Workstation', 'General', etc. certainty real certainty real The certainty of the fingerprint, expressed as a decimal confidence between 0 (low) and 1.0 (high). dim_asset_service_configuration Table public.dim_asset_service_configuration Dimension for the configurations that have been detected on the services of an asset. Each record represents a configuration value that has been detected on a service. If an asset has no services detected on it, or no configurations were detected, there will be no records for the asset in this dimension. dim_asset_service_configuration_id ( asset_id ) asset_id bigint asset_id * bigint The unique identifier of the asset. References dim_asset ( asset_id ) dim_asset_service_configuration_service ( service, port, protocol ) service text service text The protocol name of the service (e.g. 'HTTPS', 'RPC', 'NTP', etc). dim_asset_service_configuration_service ( service, port, protocol ) port integer port * integer The port the service is running on. dim_asset_service_configuration_service ( service, port, protocol ) protocol text protocol text The procol the service is exposed through (e.g. 'TCP', or 'UDP'). name text name text The name of the configuration value (e.g. 'http.banner', 'ssl.cert.sig.alg.name', etc). value text value text The value of the configuration (e.g. 'Microsoft-IIS/7.5', 'SHA1withRSA', etc). dim_asset_file Table public.dim_asset_file Dimension for files and directories that have been enumerated on an asset. Each record represents one file or directory discovered on an asset. If an asset has no files or groups enumerated, there will be no records in this dimension for the asset. dim_asset_file_id ( asset_id ) asset_id bigint asset_id * bigint The unique identifier of the asset. References dim_asset ( asset_id ) file_id bigint file_id * bigint The unique identifier of the file or directory. type text type text The type of the file. Either 'Directory', 'File' or 'Unknown'. name text name text The name of the file or directory. size bigint size bigint The size of the file or directory in bytes. If the size is unknown, or the file is a directory, the value will be -1. dim_site_asset Table public.dim_site_asset Dimension for the association between an asset and a site. For each asset there will be one record with an association to only one site. Pk dim_site_asset_pkey ( site_id, asset_id ) site_id integer site_id * integer The unique identifier of the site. References dim_site ( site_id ) Pk dim_site_asset_pkey ( site_id, asset_id ) asset_id bigint asset_id * bigint The unique identifier of the asset. References dim_asset ( asset_id ) dim_asset_unique_id Table public.dim_asset_unique_id Dimension for the unique identifiers on an asset. Each record represents a unique identifier enumerated on an asset. Not all assets are guaranteed to have a unique identifier. asset_id bigint asset_id * bigint The unique identifier of the asset. References dim_asset ( asset_id ) source text source * text The source used to discover the unique identifier (e.g. 'WML' or 'system_profiler', etc) unique_id text unique_id * text The unique identifier enumerated on the asset. fact_all_date Table public.fact_all_date Periodic snapshot fact for all data. This fact table is a date-based snapshot of the fact_all table. During each export process, the current data is appended to this fact table. Pk fact_all_date_pkey ( day ) day date day * date The date the snapshot was recorded. assets bigint assets * bigint The total number of assets. vulnerabilities bigint vulnerabilities * bigint The sum of the count of vulnerabilities on each asset. This value is equal to the sum of the critical_vulnerabilities, severe_vulnerabilities, and moderate_vulnerabilities columns. critical_vulnerabilities bigint critical_vulnerabilities * bigint The sum of the count of critical vulnerabilities on each asset. severe_vulnerabilities bigint severe_vulnerabilities * bigint The sum of the count of severe vulnerabilities on each asset. moderate_vulnerabilities bigint moderate_vulnerabilities * bigint The sum of the count of moderate vulnerabilities on each asset. malware_kits integer malware_kits * integer The sum of the count of malware kits on each asset. exploits integer exploits * integer The sum of the count of exploits on each asset. vulnerabilities_with_malware_kit integer vulnerabilities_with_malware_kit * integer The sum of the count of vulnerabilities with malware on each asset. vulnerabilities_with_exploit integer vulnerabilities_with_exploit * integer The sum of the count of vulnerabilities with exploits on each asset. vulnerability_instances bigint vulnerability_instances * bigint The sum of the vulnerabilities instances on each asset. raw_risk_score float8 raw_risk_score * float8 The sum of the raw risk score of each asset. risk_score float8 risk_score * float8 The sum of the risk score of each asset. pci_status text pci_status * text The overall compliance level ('Pass' or 'Fail') according to PCI standards. The status is only 'Pass' if all assets individually have a status of 'Pass' (e.g. in fact_asset) pci_failures bigint pci_failures * bigint The sum of the total PCI failures on each asset. validated_vulnerabilities bigint validated_vulnerabilities * bigint default 0 The number of vulnerabilities that have been validated. fact_asset_group_date Table public.fact_asset_group_date Periodic snapshot fact for asset groups. This fact table is a date-based snapshot of the fact_asset_group table. During each export process, the current data is appended to this fact table. Pk fact_asset_group_date_pkey ( day, asset_group_id ) day date day * date The date the snapshot was recorded. Pk fact_asset_group_date_pkey ( day, asset_group_id ) asset_group_id integer asset_group_id * integer The unique identifier of the asset group. References dim_asset_group ( asset_group_id ) assets bigint assets bigint The total number of assets that are in the scope of associated to the group. If the group has no assets in the current scope or membership, this value can be zero. vulnerabilities bigint vulnerabilities * bigint The sum of the count of vulnerabilities on each asset. This value is equal to the sum of the critical_vulnerabilities, severe_vulnerabilities, and moderate_vulnerabilities columns. critical_vulnerabilities bigint critical_vulnerabilities * bigint The sum of the count of critical vulnerabilities on each asset. severe_vulnerabilities bigint severe_vulnerabilities * bigint The sum of the count of severe vulnerabilities on each asset. moderate_vulnerabilities bigint moderate_vulnerabilities * bigint The sum of the count of moderate vulnerabilities on each asset. malware_kits integer malware_kits * integer The sum of the count of malware kits on each asset. exploits integer exploits * integer The sum of the count of exploits on each asset. vulnerabilities_with_malware_kit integer vulnerabilities_with_malware_kit * integer The sum of the count of vulnerabilities with malware on each asset. vulnerabilities_with_exploit integer vulnerabilities_with_exploit * integer The sum of the count of vulnerabilities with exploits on each asset. vulnerability_instances bigint vulnerability_instances * bigint The sum of the vulnerabilities instances on each asset. raw_risk_score float8 raw_risk_score * float8 The sum of the raw risk score of each asset in the group. risk_score float8 risk_score * float8 The sum of the risk score of each asset in the group. pci_status text pci_status * text The overall compliance level ('Pass' or 'Fail') of the asset group according to PCI standards. The status is only 'Pass' if all assets in the group individually have a status of 'Pass' (e.g. in fact_asset) pci_failures bigint pci_failures * bigint The sum of the total PCI failures on each asset in the group. validated_vulnerabilities bigint validated_vulnerabilities * bigint default 0 The number of vulnerabilities that have been validated. fact_asset_group Table public.fact_asset_group Accumulating snapshot fact for the summary information of an asset group. This is a convenience fact for rolling up the information for assets within the membership of one or more asset groups. The summary information provided is based on the most recent data for each asset in the membership of the group. If an asset group has no assets, there will be a fact record with zero counts. Pk fact_asset_group_pkey ( asset_group_id ) asset_group_id integer asset_group_id * integer The unique identifier of the asset group. References dim_asset_group ( asset_group_id ) assets bigint assets bigint The total number of assets that are in the scope of associated to the group. If the group has no assets in the current scope or membership, this value can be zero. vulnerabilities bigint vulnerabilities * bigint The sum of the count of vulnerabilities on each asset. This value is equal to the sum of the critical_vulnerabilities, severe_vulnerabilities, and moderate_vulnerabilities columns. critical_vulnerabilities bigint critical_vulnerabilities * bigint The sum of the count of critical vulnerabilities on each asset. severe_vulnerabilities bigint severe_vulnerabilities * bigint The sum of the count of severe vulnerabilities on each asset. moderate_vulnerabilities bigint moderate_vulnerabilities * bigint The sum of the count of moderate vulnerabilities on each asset. malware_kits integer malware_kits * integer The sum of the count of malware kits on each asset. exploits integer exploits * integer The sum of the count of exploits on each asset. vulnerabilities_with_malware_kit integer vulnerabilities_with_malware_kit * integer The sum of the count of vulnerabilities with malware on each asset. vulnerabilities_with_exploit integer vulnerabilities_with_exploit * integer The sum of the count of vulnerabilities with exploits on each asset. vulnerability_instances bigint vulnerability_instances * bigint The sum of the vulnerabilities instances on each asset. raw_risk_score float8 raw_risk_score * float8 The sum of the raw risk score of each asset in the group. risk_score float8 risk_score * float8 The sum of the risk score of each asset in the group. pci_status text pci_status * text The overall compliance level ('Pass' or 'Fail') of the asset group according to PCI standards. The status is only 'Pass' if all assets in the group individually have a status of 'Pass' (e.g. in fact_asset) pci_failures bigint pci_failures * bigint The sum of the total PCI failures on each asset in the group. validated_vulnerabilities bigint validated_vulnerabilities * bigint default 0 The number of vulnerabilities that have been validated. periods Table public.periods Stores the historical period information indicating when the warehouse was updated during an ETL process. This can be used to determine what dates the warehouse has data for, particularly for trending and temporal-oriented queries. periods_id ( day ) day date day * date The date an export took place. dim_vulnerability_exception Table public.dim_vulnerability_exception Dimension for all vulnerability exceptions that are currently applied to or are pending approval to apply to any assets. This fact includes exceptions that are pending approval, those that are actively applying, and even expired exceptions. Pk dim_vulnerability_exception_pkey ( vulnerability_exception_id ) vulnerability_exception_id integer vulnerability_exception_id * integer The unique identifier of the vulnerability exception. Referred by fact_asset_event ( vulnerability_exception_id ) dim_vulnerability_exception_vulnerability_id ( vulnerability_id ) vulnerability_id integer vulnerability_id * integer The unique identifier of the vulnerability. References dim_vulnerability ( vulnerability_id ) dim_vulnerability_exception_scope ( scope ) scope text scope * text The scope of the vulnerability exception, one of the values: 'Global', 'Site', 'Asset' or 'Instance'. scope_description text scope_description text The description of the scope of the vulnerability exception, one of the values: 'All instances (all assets)', 'All instances in this site', 'All instances on this asset', or 'Specific instance on this asset' reason text reason * text The reason the vulnerability exception was requested or applied. additional_comments text additional_comments text Comments field populated when a state transition, such as rejection or submission, occurs. This is a user-populated field that is optional. submitted_date timestamp submitted_date timestamp The date that the exception was last submitted, or resubmitted for approval. If the exception has been rejected or recalled and is resubmitted, only the date of the last state transition is used. submitted_by text submitted_by text The login name of the user that submitted the vulnerability exception for approval. review_date timestamp review_date timestamp The date when the last review of the exception request was performed. This can either be the date when the exception was last approved, or last rejected. If the exception is approved, rejected, or recalled multiple times, this is the date of the last state transition. If a review is pending, this value may be NULL. reviewed_by text reviewed_by text The login name of the user that reviewed the vulnerability exception for approval and either approved or rejected it. If the exception is still waiting for approval, this value is NULL. review_comment text review_comment text The last comment when the exception was reviewed, and either approved or rejected. If a review has yet to occur, this can be null. expiration_date date expiration_date date The date at which the expiration of the exception occurs. The expiration date is interpreted as midnight on the date specified. The timestamp is converted into the timezone specified within the report configuration. status text status text The status of the exception, one of the values: 'Under review', 'Approved', 'Rejected', 'Recalled', or 'Expired'. dim_vulnerability_exception_site_id ( site_id ) site_id integer site_id integer If the scope is 'Site', the id of the site the exception applies to. For all other scopes, the value is NULL. dim_vulnerability_exception_asset_id ( asset_id ) asset_id bigint asset_id bigint If the scope is 'Asset' or 'Instance' the id of the asset the exception applies to. For all other scopes, the value is NULL. port integer port integer If the scope is 'Instance' and the exception is applying to a service, the port of the service that exception is applied to. For all other scopes, the value is NULL. key text key text If the scope is 'Instance' and the exception is applied to a vulnerability with a secondary key, the key of the vulnerability the exception applies to. For all other scopes, the value is NULL. dim_vulnerability_exception_group_id ( group_id ) group_id integer group_id integer If the scope is 'Asset Group', the id of the group the exception applies to. For all other scopes, the value is NULL. fact_site_date Table public.fact_site_date Periodic snapshot fact for sites. This fact table is a date-based snapshot of the fact_site table. During each export process, the current data is appended to this fact table. Pk fact_site_date_pkey ( day, site_id ) day date day * date The date the snapshot was recorded. Pk fact_site_date_pkey ( day, site_id ) site_id integer site_id * integer The unique identifier of the site. References dim_site ( site_id ) assets bigint assets * bigint The total number of assets in the site. vulnerabilities bigint vulnerabilities * bigint The sum of the count of vulnerabilities on each asset. This value is equal to the sum of the critical_vulnerabilities, severe_vulnerabilities, and moderate_vulnerabilities columns. critical_vulnerabilities bigint critical_vulnerabilities * bigint The sum of the count of critical vulnerabilities on each asset. severe_vulnerabilities bigint severe_vulnerabilities * bigint The sum of the count of severe vulnerabilities on each asset. moderate_vulnerabilities bigint moderate_vulnerabilities * bigint The sum of the count of moderate vulnerabilities on each asset. malware_kits integer malware_kits * integer The sum of the count of malware kits on each asset. exploits integer exploits * integer The sum of the count of exploits on each asset. vulnerabilities_with_malware_kit integer vulnerabilities_with_malware_kit * integer The sum of the count of vulnerabilities with malware on each asset. vulnerabilities_with_exploit integer vulnerabilities_with_exploit * integer The sum of the count of vulnerabilities with exploits on each asset. vulnerability_instances bigint vulnerability_instances * bigint The sum of the vulnerabilities instances on each asset. raw_risk_score float8 raw_risk_score * float8 The sum of the raw risk score of each asset. risk_score float8 risk_score * float8 The sum of the risk score of each asset. pci_status text pci_status * text The overall compliance level ('Pass' or 'Fail') according to PCI standards. The status is only 'Pass' if all assets individually have a status of 'Pass' (e.g. in fact_asset) pci_failures bigint pci_failures * bigint The sum of the total PCI failures on each asset. validated_vulnerabilities bigint validated_vulnerabilities * bigint default 0 The number of vulnerabilities that have been validated. fact_site Table public.fact_site Accumulating snapshot fact table for a site. This is a convenience fact to rollup assets by the site(s) they belong to. If an asset belongs to more than one site, its counts will be aggregated in each and every site it belongs to. If a site has no asset, it will still have a record in this fact. Pk fact_site_pkey ( site_id ) site_id integer site_id * integer The unique identifier of the site. References dim_site ( site_id ) assets bigint assets * bigint The total number of assets in the site. vulnerabilities bigint vulnerabilities * bigint The sum of the count of vulnerabilities on each asset. This value is equal to the sum of the critical_vulnerabilities, severe_vulnerabilities, and moderate_vulnerabilities columns. critical_vulnerabilities bigint critical_vulnerabilities * bigint The sum of the count of critical vulnerabilities on each asset. severe_vulnerabilities bigint severe_vulnerabilities * bigint The sum of the count of severe vulnerabilities on each asset. moderate_vulnerabilities bigint moderate_vulnerabilities * bigint The sum of the count of moderate vulnerabilities on each asset. malware_kits integer malware_kits * integer The sum of the count of malware kits on each asset. exploits integer exploits * integer The sum of the count of exploits on each asset. vulnerabilities_with_malware_kit integer vulnerabilities_with_malware_kit * integer The sum of the count of vulnerabilities with malware on each asset. vulnerabilities_with_exploit integer vulnerabilities_with_exploit * integer The sum of the count of vulnerabilities with exploits on each asset. vulnerability_instances bigint vulnerability_instances * bigint The sum of the vulnerabilities instances on each asset. raw_risk_score float8 raw_risk_score * float8 The sum of the raw risk score of each asset. risk_score float8 risk_score * float8 The sum of the risk score of each asset. pci_status text pci_status * text The overall compliance level ('Pass' or 'Fail') according to PCI standards. The status is only 'Pass' if all assets individually have a status of 'Pass' (e.g. in fact_asset) pci_failures bigint pci_failures * bigint The sum of the total PCI failures on each asset. validated_vulnerabilities bigint validated_vulnerabilities * bigint default 0 The number of vulnerabilities that have been validated. fact_policy_rule_date Table public.fact_policy_rule_date Periodic snapshot fact for policy rules. This fact table is a date-based snapshot of the fact_policy_rule table. During each export process, the current data is appended to this fact table. Pk fact_policy_rule_date_pkey ( day, rule_id ) day date day * date The date the snapshot was recorded. Pk fact_policy_rule_date_pkey ( day, rule_id ) rule_id bigint rule_id * bigint The unique identifier of the policy rule. References dim_policy_rule ( rule_id ) policy_id bigint policy_id * bigint The unique identifier of the policy. References dim_policy ( policy_id ) compliant_assets bigint compliant_assets * bigint The number of assets passing the rule. noncompliant_assets bigint noncompliant_assets * bigint The number of assets failing the rule. not_applicable_assets bigint not_applicable_assets * bigint The number of assets not applicable to the rule. Assets not applicable to this rule are only counted if they are applicable to at least one rule in the policy. asset_compliance float8 asset_compliance * float8 The ratio of the assets passing the rule to the assets tested. dim_policy_group Table public.dim_policy_group Dimension for all the metadata for each group of rules within a policy. It contains one record for every unhidden group within each policy. Pk dim_policy_group_pkey ( group_id ) group_id bigint group_id * bigint The identifier of the group. dim_policy_group_policy_id ( policy_id ) policy_id bigint policy_id * bigint The identifier of the policy. References dim_policy ( policy_id ) group_name text group_name text The name of policy group. title text title text The title of the group, for each policy, that is visible to the user. description text description text A description of the group. weight numeric(-9999999,0) weight * numeric(-9999999,0) default 1.0 The scoring weight of the policy group. parent_group_id bigint parent_group_id bigint The identifier of a group in the policy that a group directly belongs to. sub_groups integer sub_groups * integer The number of groups decending from a group rules integer rules * integer The number of all rules including rule of a group's sub-groups. fact_asset_policy_rule Table public.fact_asset_policy_rule Accumulating snapshot of policy rules results on an asset. This fact provides a record for each policy rule that was tested on an asset in its most recent scan. Pk fact_asset_policy_rule_pkey ( asset_id, rule_id ) fact_asset_policy_rule_asset_id ( asset_id ) asset_id bigint asset_id * bigint The unique identifier of the asset. References dim_asset ( asset_id ) Pk fact_asset_policy_rule_pkey ( asset_id, rule_id ) fact_asset_policy_rule_rule_id ( rule_id ) rule_id bigint rule_id * bigint The unique identifier of the policy rule. References dim_policy_rule ( rule_id ) fact_asset_policy_rule_policy_id ( policy_id ) policy_id bigint policy_id * bigint The unique identifier of the policy. References dim_policy ( policy_id ) fact_asset_policy_rule_scan_id ( scan_id ) scan_id bigint scan_id * bigint The unique identifier of the scan. References dim_scan ( scan_id ) fact_asset_policy_rule_override_id ( override_id ) override_id bigint override_id bigint The identifier of a policy override effectively overriding a rule test result on the asset. If there are more than one such overrides, the last submitted one will take precedent over the rest. References dim_policy_rule_override ( override_id ) override_ids _int8 override_ids _int8 The array identifiers of policy overrides potentially overriding a rule test result on an asset. date_tested timestamp date_tested * timestamp The time at which the policy rule was tested against the asset. status text status * text The rule compliance status on an asset. fact_asset_policy_date Table public.fact_asset_policy_date Periodic snapshot fact for asset policy records. This fact table is a date-based snapshot of the fact_asset_policy table. During each export process, the current data is appended to this fact table. Pk fact_asset_policy_date_pkey ( day, asset_id, policy_id ) day date day * date The date the snapshot was recorded. Pk fact_asset_policy_date_pkey ( day, asset_id, policy_id ) asset_id bigint asset_id * bigint The unique identifier of the asset. References dim_asset ( asset_id ) Pk fact_asset_policy_date_pkey ( day, asset_id, policy_id ) policy_id bigint policy_id * bigint The unique identifier of the policy. References dim_policy ( policy_id ) scan_id bigint scan_id * bigint The unique identifier of the scan. References dim_scan ( scan_id ) date_tested timestamp date_tested * timestamp The time at which the policy was tested against the asset. compliant_rules integer compliant_rules * integer The total number of rules for which the asset passed in the most recent scan for this policy. noncompliant_rules integer noncompliant_rules * integer The total number of rules for which the asset failed in the most recent scan for this policy not_applicable_rules integer not_applicable_rules * integer The total number of rules that were not applicable to the asset in the most recent scan for this policy. rule_compliance float8 rule_compliance * float8 The ratio of passing results for the rules to the total number of scorable rules for this policy. dim_policy_rule_override Table public.dim_policy_rule_override Dimension for all the metadata for each policy rule that has been overriden. Pk dim_policy_rule_override_pkey ( override_id ) override_id bigint override_id * bigint The identifier of the policy rule override. Referred by fact_asset_policy_rule ( override_id ) Referred by fact_asset_policy_rule_check ( override_id ) dim_policy_rule_override_rule_id ( rule_id ) rule_id bigint rule_id * bigint The identifier of the policy rule. References dim_policy_rule ( rule_id ) scope text scope * text The system scope for which the policy rule override applies to. scope_description text scope_description * text The description for the scope of the rule override submitted_by text submitted_by * text User name that submitted the policy rule override. submitted_time timestamp submitted_time * timestamp Timestamp for submission of the policy rule override. comment text comment * text Reporter comment that submitted the policy rule overrdie. reviewed_by text reviewed_by text Reviewer of the policy rule override. review_comment text review_comment text Reviewer comment for overriding the policy rule. reviewed_rule_result text reviewed_rule_result * text The original rule status when the override was submitted effective_time timestamp effective_time timestamp Timestamp for the policy rule override to be effective. expiration_time timestamp expiration_time timestamp Timestamp for the expiration of the policy rule override. status text status * text Aggregated values for the rule status. overridden_rule_result text overridden_rule_result * text The overridden rule status. dim_policy_rule_override_asset_id ( asset_id ) asset_id bigint asset_id bigint The identifier of the asset for which the policy rule override applies to. References dim_asset ( asset_id ) dim_solution_supercedence Table public.dim_solution_supercedence Dimension that provides all superceding associations between solutions. Unlike dim_solution_highest_supercedence, this dimension provides access to the entire graph of superceding relationships. If a solution does not supercede any other solution, it will not have any records in this dimension. Pk dim_solution_supercedence_pkey ( solution_id, superceding_solution_id ) solution_id integer solution_id * integer The unique identifier of the solution. References dim_solution ( solution_id ) Pk dim_solution_supercedence_pkey ( solution_id, superceding_solution_id ) dim_solution_supercedence_superceding_solution_id ( superceding_solution_id ) superceding_solution_id integer superceding_solution_id * integer The unique identifier of the superceding solution. References dim_solution ( superceding_solution_id -> solution_id ) dim_policy Table public.dim_policy Dimension for all metadata related to a policy. It contains one record for every policy that currently exists. Pk dim_policy_pkey ( policy_id ) policy_id bigint policy_id * bigint The unique identifier of a policy. Referred by dim_policy_group ( policy_id ) Referred by dim_policy_rule ( policy_id ) Referred by fact_asset_policy ( policy_id ) Referred by fact_asset_policy_date ( policy_id ) Referred by fact_asset_policy_rule ( policy_id ) Referred by fact_asset_policy_rule_check ( policy_id ) Referred by fact_policy ( policy_id ) Referred by fact_policy_date ( policy_id ) Referred by fact_policy_rule ( policy_id ) Referred by fact_policy_rule_date ( policy_id ) benchmark_id bigint benchmark_id * bigint A foreign key to the benchmark the policy is associated with. References dim_policy_benchmark ( benchmark_id ) policy_name text policy_name * text The natural identifier of the policy benchmark source file. Can be used to uniquely identify a policy, in conjunction with columns benchmark_name and benchmark_version from the table policy_benchmark, as an alternative from using the primary key column policy_id. policy_version text policy_version text The version of the policy. title text title text The title of the policy as visible to the user. description text description text A description of the policy. unscored_rules integer unscored_rules * integer The number of rules defined in the policy with a role of "unscored". These rules will not affect rule compliance scoring for the policy. dim_policy_benchmark Table public.dim_policy_benchmark Dimension for all metadata related to a policy benchmark. It contains one record for every policy benchmark that currently exists. Pk dim_policy_benchmark_pkey ( benchmark_id ) benchmark_id bigint benchmark_id * bigint The unique identifier of a policy benchmark. Referred by dim_policy ( benchmark_id ) benchmark_name text benchmark_name * text The natural identifier of the policy benchmark source file. Can be used is conjunction with column benchmark_version to uniquely identify a policy benchmark as an alternative from using the primary key column benchmark_id. benchmark_version text benchmark_version * text The version of the policy benchmark. Can be used is conjunction with column benchmark_name to uniquely identify a policy benchmark as an alternative from using the primary key column benchmark_id. title text title text The title of the policy benchmark. description text description text A description of the policy benchmark. category text category * text A grouping of similar benchmarks based on their source, purpose, or other criteria. Examples include "FDCC", "USGCB", and "CIS". Policy benchmarks created by users have a category of "Custom" fact_policy_date Table public.fact_policy_date Periodic snapshot fact for policies. This fact table is a date-based snapshot of the fact_policy table. During each export process, the current data is appended to this fact table. Pk fact_policy_date_pkey ( day, policy_id ) day date day * date The date the snapshot was recorded. Pk fact_policy_date_pkey ( day, policy_id ) policy_id bigint policy_id * bigint The unique identifier of the policy. References dim_policy ( policy_id ) rule_compliance float8 rule_compliance * float8 The ratio of rules passing across all tested assets to the total number of scorable rules across all tested assets for this policy. total_assets bigint total_assets * bigint The total number of tested assets with applicable results. An asset has applicable results if at least one rule has a pass or fail status. An asset with all rule status. compliant_assets bigint compliant_assets * bigint The number of assets passing all scorable rules in the policy. noncompliant_assets bigint noncompliant_assets * bigint The number of assets failing at least one scorable rule in the policy. asset_compliance float8 asset_compliance * float8 The ratio of assets passing all scorable rules in the policy to the total number of assets tested with the policy. fact_policy Table public.fact_policy Accumulating snapshot fact table for a policy. This is a convenience fact to rollup assets by the policy to measure the policy's overall compliance. fact_policy_policy_id ( policy_id ) policy_id bigint policy_id * bigint The unique identifier of the policy. References dim_policy ( policy_id ) rule_compliance float8 rule_compliance * float8 The ratio of rules passing across all tested assets to the total number of scorable rules across all tested assets for this policy. total_assets bigint total_assets * bigint The total number of tested assets with applicable results. An asset has applicable results if at least one rule has a pass or fail status. An asset with all rule status. compliant_assets bigint compliant_assets * bigint The number of assets passing all scorable rules in the policy. noncompliant_assets bigint noncompliant_assets * bigint The number of assets failing at least one scorable rule in the policy. asset_compliance float8 asset_compliance * float8 The ratio of assets passing all scorable rules in the policy to the total number of assets tested with the policy. dim_policy_rule Table public.dim_policy_rule Dimension for all the metadata for each rule within a policy. It contains one record for every rule within each policy. Pk dim_policy_rule_pkey ( rule_id ) rule_id bigint rule_id * bigint The identifier of the policy rule. Referred by dim_policy_rule_cce_platform_nist_control_mapping ( rule_id ) Referred by dim_policy_rule_override ( rule_id ) Referred by dim_policy_rule_test ( rule_id ) Referred by fact_asset_policy_rule ( rule_id ) Referred by fact_asset_policy_rule_check ( rule_id ) Referred by fact_asset_policy_rule_test ( rule_id ) Referred by fact_policy_rule ( rule_id ) Referred by fact_policy_rule_date ( rule_id ) dim_policy_rule_policy_id ( policy_id ) policy_id bigint policy_id * bigint The identifier of the policy. References dim_policy ( policy_id ) rule_name text rule_name * text The name of the rule from the selected policy. title text title text The title of the rule, for each policy, that is visible to the user. It describes a state or condition with which a tested asset should comply. description text description text A description of the rule. parent_group_id bigint parent_group_id bigint The identifier of a group in the policy that a rule directly belongs to. role text role * text The rule's role in scoring and reporting: "full", "unchecked" and "unscored". severity text severity text The severity of the rule. A textual value that can be one of the following: "low", "medium", "high", or "unknown". weight numeric(-9999999,0) weight numeric(-9999999,0) default 1.0 The scoring weight of the rule. rationale text rationale text Descriptive text explaining why compliance is important to the security of the target platform. remediation text remediation text Instructions for remediating the non-compliant rule. enabled bool enabled bool The boolean to determine whether this rule is enabled. fact_asset_policy_rule_test Table public.fact_asset_policy_rule_test Accumulating snapshot of policy rule test results on an asset. These results include each system configuration entity tested. Pk fact_asset_policy_rule_test_pkey ( test_key, rule_id, asset_id ) test_key text test_key * text The unique identifier of the policy rule test. References dim_policy_rule_test ( test_key, rule_id ) Pk fact_asset_policy_rule_test_pkey ( test_key, rule_id, asset_id ) fact_asset_policy_rule_test_id ( asset_id, rule_id ) rule_id bigint rule_id * bigint The unique identifier of the rule. References dim_policy_rule ( rule_id ) References dim_policy_rule_test ( test_key, rule_id ) Pk fact_asset_policy_rule_test_pkey ( test_key, rule_id, asset_id ) fact_asset_policy_rule_test_id ( asset_id, rule_id ) asset_id bigint asset_id * bigint The unique identifier of the asset. References dim_asset ( asset_id ) test_result text test_result * text The result of the policy rule test. Possible values are 'true', 'false', 'unknown', 'error', 'not_evaluated', and 'not_applicable' entity_name text entity_name * text The name of the object or state entity that was tested. entity_operation text entity_operation * text The operation applied to the entity to determine a result. entity_value text entity_value text The expected value we are testing the entity for. object_key text object_key text The unique identifier of the policy rule test object. object_collection_flag text object_collection_flag text A flag indicating the collection status of the policy rule test object. state_key text state_key text The unique identifier of the policy rule test state. collected_entity_value text collected_entity_value text The collected value for the entity. location text location text The location of the system configuration entity tested on the asset. test_result_id bigint test_result_id bigint The unique identifier of a policy rule test result. Multiple rows in this table can be associated with a single policy rule test result. fact_asset_policy_rule_check Table public.fact_asset_policy_rule_check Accumulating snapshot of policy rule check results on an asset. This fact provides a record for each policy rule check that was tested on an asset in its most recent scan. Pk fact_asset_policy_rule_check_pkey ( result_id ) result_id bigint result_id * bigint The unique identifier of the rule check result. fact_asset_policy_rule_check_asset_id ( asset_id ) asset_id bigint asset_id * bigint The unique identifier of the asset. References dim_asset ( asset_id ) fact_asset_policy_rule_check_policy_id ( policy_id ) policy_id bigint policy_id * bigint The unique identifier of the policy. References dim_policy ( policy_id ) fact_asset_policy_rule_check_rule_id ( rule_id ) rule_id bigint rule_id * bigint The unique identifier of the policy rule. References dim_policy_rule ( rule_id ) fact_asset_policy_rule_check_scan_id ( scan_id ) scan_id bigint scan_id * bigint The unique identifier of the scan. References dim_scan ( scan_id ) fact_asset_policy_rule_check_override_id ( override_id ) override_id bigint override_id bigint The identifier of a policy override effectively overriding a rule test result on the asset. If there are more than one such overrides, the last submitted one will take precedent over the rest. References dim_policy_rule_override ( override_id ) override_ids _int8 override_ids _int8 The array identifiers of policy overrides potentially overriding a rule test result on an asset. date_tested timestamp date_tested * timestamp The time at which the policy rule check was tested against the asset. check_result text check_result * text The rule check result on an asset. proof text proof text The proof gathered during the evaluation of the rule check on the asset. dim_policy_rule_test Table public.dim_policy_rule_test Dimension that provides all tests associated with a policy rule. Pk dim_policy_rule_test_pkey ( test_key, rule_id ) dim_policy_rule_test_test_id ( rule_id, test_key ) test_key text test_key * text The unique identifier for the policy rule test Referred by fact_asset_policy_rule_test ( test_key, rule_id ) Pk dim_policy_rule_test_pkey ( test_key, rule_id ) dim_policy_rule_test_test_id ( rule_id, test_key ) rule_id bigint rule_id * bigint The identifier of the policy rule. References dim_policy_rule ( rule_id ) Referred by fact_asset_policy_rule_test ( test_key, rule_id ) test_type text test_type * text The type of the policy rule test. description text description * text The description of what the rule test is checking for. check_existence text check_existence * text The identifier of the type of condition performed in the test. Can be "all_exist", "any_exist", "at_least_one_exists", "none_exist", or "only_one_exists". check_results text check_results text The rule test check results. state_operator text state_operator * text The logical operator that combines the evaluation results from each referenced state on a per item basis. dim_policy_rule_cce_platform_nist_control_mapping Table public.dim_policy_rule_cce_platform_nist_control_mapping Dimension that provides all NIST SP 800-53 controls mappings for each CCE within a rule. dim_policy_rule_cce_platform_nist_control_mapping_rule_id ( rule_id ) rule_id bigint rule_id * bigint The identifier of the policy rule. References dim_policy_rule ( rule_id ) cce_item_id text cce_item_id * text The identifier of the CCE item. platform text platform * text The platform of the CCE. control_name text control_name * text The name of the control mapping. date_published date date_published * date The date published of the control mapping. fact_policy_rule Table public.fact_policy_rule Accumulating snapshot fact table for a policy rule. This is a convenience fact to rollup assets by the policy rule to measure the policy rule's asset compliance. fact_policy_rule_rule_id ( rule_id ) rule_id bigint rule_id * bigint The unique identifier of the policy rule. References dim_policy_rule ( rule_id ) policy_id bigint policy_id * bigint The unique identifier of the policy. References dim_policy ( policy_id ) compliant_assets bigint compliant_assets * bigint The number of assets passing the rule. noncompliant_assets bigint noncompliant_assets * bigint The number of assets failing the rule. not_applicable_assets bigint not_applicable_assets * bigint The number of assets not applicable to the rule. Assets not applicable to this rule are only counted if they are applicable to at least one rule in the policy. asset_compliance float8 asset_compliance * float8 The ratio of the assets passing the rule to the assets tested. fact_asset_policy Table public.fact_asset_policy Accumulating snapshot fact for all current tested policies on an asset. This fact is a convenience rollup for the fact_asset_policy_rule fact and provides a record for each tested policy on every asset. If an asset was not applicable to any rules in the policy, it will have no records in this fact table. Pk fact_asset_policy_pkey ( asset_id, policy_id ) fact_asset_policy_asset_id ( asset_id ) asset_id bigint asset_id * bigint The unique identifier of the asset. References dim_asset ( asset_id ) Pk fact_asset_policy_pkey ( asset_id, policy_id ) fact_asset_policy_policy_id ( policy_id ) policy_id bigint policy_id * bigint The unique identifier of the policy. References dim_policy ( policy_id ) fact_asset_policy_scan_id ( scan_id ) scan_id bigint scan_id * bigint The unique identifier of the scan. References dim_scan ( scan_id ) date_tested timestamp date_tested * timestamp The time at which the policy was tested against the asset. compliant_rules integer compliant_rules * integer The total number of rules for which the asset passed in the most recent scan for this policy. noncompliant_rules integer noncompliant_rules * integer The total number of rules for which the asset failed in the most recent scan for this policy not_applicable_rules integer not_applicable_rules * integer The total number of rules that were not applicable to the asset in the most recent scan for this policy. rule_compliance float8 rule_compliance * float8 The ratio of passing results for the rules to the total number of scorable rules for this policy. dim_asset_container Table public.dim_asset_container Dimension for the containers detected on a container host. Each record represents one container. If an asset has no containers or is not a container host, there will be no records for the asset in this dimension. asset_id bigint asset_id bigint The unique identifier of the asset. References dim_asset ( asset_id ) container_id text container_id text The identifier of the container. name text name text The name of the container. status text status text The status of the container (one of 'CREATED', 'RUNNING', 'PAUSED', 'RESTARTING', 'EXITED', 'DEAD', or 'UNKNOWN;') created timestamp created timestamp The date that the container was created. started timestamp started timestamp The date the container last started. finished timestamp finished timestamp The date the container last finished running. image_id text image_id text The identifier of the image the container was based from. digest text digest text The digest of the image the container was based on. repository text repository text The repository of the image the container was based on. dim_asset_validated_vulnerability Table public.dim_asset_validated_vulnerability Dimension that provides access to validation results on assets. If a validation source is used to validate a vulnerability (e.g. Metasploit) it will have a record in this table detailing which vulnerability was validated, and was exploit module was used to validate. dim_asset_validated_vulnerability_asset_id ( asset_id ) dim_asset_validated_vulnerability_asset_id_vulnerability_id ( asset_id, vulnerability_id ) asset_id bigint asset_id * bigint The unique identifier of the asset. References dim_asset ( asset_id ) dim_asset_validated_vulnerability_asset_id_vulnerability_id ( asset_id, vulnerability_id ) dim_asset_validated_vulnerability_vulnerability_id ( vulnerability_id ) vulnerability_id integer vulnerability_id * integer References dim_vulnerability ( vulnerability_id ) dim_asset_validated_vulnerability_exploit_id ( exploit_id ) exploit_id integer exploit_id integer The unique identifier of the exploit. References dim_vulnerability_exploit ( exploit_id ) module text module text The module used to validate the vulnerability, either 'metasploit' or 'other' dim_asset_validated_vulnerability_date ( date ) date timestamp date * timestamp The date the vulnerability result was validated. fact_asset_vulnerability_finding Table public.fact_asset_vulnerability_finding Accumulating snapshot fact for all current vulnerability findings on an asset. This fact is a convenience rollup for the fact_asset_vulnerability_instance fact and provides a record for each vulnerability finding on every asset. If an asset was not vulnerable to any vulnerabilities (or all instances are excluded), it will have no records in this fact table. If multiple instances of a vulnerability are found on the same asset they will be aggregated together in the instances count. This fact table should be the preferred level of grain when instance-level details (such as the port and proof) are not required. To access exploitability information for the finding refer to fact_asset_vulnerability_finding_exploit. asset_id bigint asset_id * bigint The unique identifier of the asset. References dim_asset ( asset_id ) vulnerability_id integer vulnerability_id * integer The unique identifier of the vulnerability. References dim_vulnerability ( vulnerability_id ) date timestamp date * timestamp The time at which the vulnerability was first found on the asset. This is the earliest date any instance on the asset was found. reintroduced_date timestamp reintroduced_date timestamp The date on which the vulnerability was reintroduced on the asset following a previous remediation. vulnerability_instances bigint vulnerability_instances * bigint The number of instances of this finding on the asset. critical_vulnerabilities bigint critical_vulnerabilities bigint The number of critical vulnerabilities this finding represents. Either 1 if the vulnerablity finding is critical, 0 otherwise. severe_vulnerabilities bigint severe_vulnerabilities bigint The number of severe vulnerabilities this finding represents. Either 1 if the vulnerablity finding is severe, 0 otherwise. moderate_vulnerabilities bigint moderate_vulnerabilities bigint The number of moderate vulnerabilities this finding represents. Either 1 if the vulnerablity finding is moderate, 0 otherwise. malware_kits integer malware_kits integer The the count of malware kits associated to the vulnerability. exploits integer exploits integer The the count of exploits associated to the vulnerability. vulnerabilities_with_malware_kit integer vulnerabilities_with_malware_kit integer The number of vulnerabilities this finding represents that have malware kits. Either 1 if the vulnerablity finding has malware_kits, 0 otherwise. vulnerabilities_with_exploit integer vulnerabilities_with_exploit integer The number of vulnerabilities this finding represents that have exploits. Either 1 if the vulnerablity finding has exploits, 0 otherwise. raw_risk_score float8 raw_risk_score float8 The raw risk score for the vulnerability of this finding. risk_score float8 risk_score float8 The risk score for the vulnerability of this finding. pci_failures bigint pci_failures bigint The number of PCI failures for the vulnerability. Either 1 if the vulnerablity finding is would caused a PCI failure, 0 otherwise. validated bool validated * bool default false Whether the vulnerability has been validated (e.g. using Metasploit). fact_all Table public.fact_all Accumulating snapsht fact for all assets. This convenience rollup fact aggregates across all defined assets. This fact table is guaranteed to have one and only one record at all times, even if no assets are defined. assets bigint assets * bigint The total number of assets. vulnerabilities bigint vulnerabilities * bigint The sum of the count of vulnerabilities on each asset. This value is equal to the sum of the critical_vulnerabilities, severe_vulnerabilities, and moderate_vulnerabilities columns. critical_vulnerabilities bigint critical_vulnerabilities * bigint The sum of the count of critical vulnerabilities on each asset. severe_vulnerabilities bigint severe_vulnerabilities * bigint The sum of the count of severe vulnerabilities on each asset. moderate_vulnerabilities bigint moderate_vulnerabilities * bigint The sum of the count of moderate vulnerabilities on each asset. malware_kits integer malware_kits * integer The sum of the count of malware kits on each asset. exploits integer exploits * integer The sum of the count of exploits on each asset. vulnerabilities_with_malware_kit integer vulnerabilities_with_malware_kit * integer The sum of the count of vulnerabilities with malware on each asset. vulnerabilities_with_exploit integer vulnerabilities_with_exploit * integer The sum of the count of vulnerabilities with exploits on each asset. vulnerability_instances bigint vulnerability_instances * bigint The sum of the vulnerabilities instances on each asset. raw_risk_score float8 raw_risk_score * float8 The sum of the raw risk score of each asset. risk_score float8 risk_score * float8 The sum of the risk score of each asset. pci_status text pci_status * text The overall compliance level ('Pass' or 'Fail') according to PCI standards. The status is only 'Pass' if all assets individually have a status of 'Pass' (e.g. in fact_asset) pci_failures bigint pci_failures * bigint The sum of the total PCI failures on each asset. validated_vulnerabilities bigint validated_vulnerabilities * bigint default 0 The number of vulnerabilities that have been validated. fact_asset_vulnerability_finding_exploit Table public.fact_asset_vulnerability_finding_exploit Accumulating snapshot fact for all current vulnerability findings on an asset that are known to be exploitable. This fact is a convenience rollup for the fact_asset_vulnerability_instance fact and provides a record for each vulnerability finding on every asset that is exploitable. If an asset was not vulnerable to an exploitable vulnerability (or all instances are excluded), it will have no records in this fact table. Each row represents one unique exploit, and either the malware_kit_id or exploit_id is guaranteed to be non-null. This fact table should be the preferred level of grain when instance-level details (such as the port and proof) are not required. asset_id bigint asset_id * bigint The unique identifier of the asset. References dim_asset ( asset_id ) vulnerability_id integer vulnerability_id * integer The unique identifier of the vulnerability. References dim_vulnerability ( vulnerability_id ) exploit_id integer exploit_id integer The unique identifier of the exploit. References dim_vulnerability_exploit ( exploit_id ) malware_kit_id integer malware_kit_id integer The unique identifier of the malware_kit_id. References dim_vulnerability_malware_kit ( malware_kit_id ) fact_asset_vulnerability_remediation_date Table public.fact_asset_vulnerability_remediation_date Periodic snapshot fact for vulnerability remediations on an asset. If a vulnerability has been remediated on an asset since the last export period, a row will be present in this table. Remediation includes the application of vulnerability exceptions. fact_asset_vulnerability_remediation_date_id ( day, asset_id, vulnerability_id ) Pk fact_asset_vulnerability_remediation_date_pkey ( day, asset_id ) day date day * date The date the snapshot was recorded. fact_asset_vulnerability_remediation_date_id ( day, asset_id, vulnerability_id ) Pk fact_asset_vulnerability_remediation_date_pkey ( day, asset_id ) asset_id bigint asset_id * bigint The unique identifier of the asset. References dim_asset ( asset_id ) fact_asset_vulnerability_remediation_date_id ( day, asset_id, vulnerability_id ) fact_asset_vulnerability_remediation_date_vuln_id ( vulnerability_id ) vulnerability_id integer vulnerability_id * integer The unique identifier of the vulnerability. References dim_vulnerability ( vulnerability_id ) dim_asset Table public.dim_asset Dimension for the most recent information of all assets. This is a slowly changing dimension that will change as new scans are performed on the asset. Pk dim_asset_pkey ( asset_id ) asset_id bigint asset_id * bigint The unique identifier of the asset. Referred by dim_asset_address ( asset_id ) Referred by dim_asset_container ( asset_id ) Referred by dim_asset_file ( asset_id ) Referred by dim_asset_group_account ( asset_id ) Referred by dim_asset_group_asset ( asset_id ) Referred by dim_asset_host_name ( asset_id ) Referred by dim_asset_operating_system ( asset_id ) Referred by dim_asset_service ( asset_id ) Referred by dim_asset_service_configuration ( asset_id ) Referred by dim_asset_software ( asset_id ) Referred by dim_asset_tag ( asset_id ) Referred by dim_asset_unique_id ( asset_id ) Referred by dim_asset_user_account ( asset_id ) Referred by dim_asset_validated_vulnerability ( asset_id ) Referred by dim_asset_vulnerability_finding_rollup_solution ( asset_id ) Referred by dim_asset_vulnerability_finding_solution ( asset_id ) Referred by dim_policy_rule_override ( asset_id ) Referred by dim_site_asset ( asset_id ) Referred by fact_asset ( asset_id ) Referred by fact_asset_date ( asset_id ) Referred by fact_asset_event ( asset_id ) Referred by fact_asset_policy ( asset_id ) Referred by fact_asset_policy_date ( asset_id ) Referred by fact_asset_policy_rule ( asset_id ) Referred by fact_asset_policy_rule_check ( asset_id ) Referred by fact_asset_policy_rule_test ( asset_id ) Referred by fact_asset_vulnerability_finding ( asset_id ) Referred by fact_asset_vulnerability_finding_date ( asset_id ) Referred by fact_asset_vulnerability_finding_exploit ( asset_id ) Referred by fact_asset_vulnerability_finding_exploit_remediation ( asset_id ) Referred by fact_asset_vulnerability_finding_remediation ( asset_id ) Referred by fact_asset_vulnerability_instance ( asset_id ) Referred by fact_asset_vulnerability_remediation_date ( asset_id ) dim_asset_mac ( mac_address ) mac_address macaddr mac_address macaddr The primary or best MAC address associated to the asset in the scan. dim_asset_ip ( ip_address ) ip_address inet ip_address inet The primary IP address of the asset. host_name text host_name text The primary host name of the asset. If a host name was used to detect the asset, this name will be preferred. host_type text host_type text The type of the host, which is one of the values: 'Virtual Machine', 'Hypervisor', 'Bare Metal', or 'Mobile'. os_type text os_type text The type of the asset which describe the classification by purpose, such as 'Router', 'Switch', 'Workstation', 'General', etc. os_vendor text os_vendor text The vendor name of the operating system detected on the asset (e.g. 'Microsoft' or 'Cisco'). os_family text os_family text The family of the operating system detected on the asset (e.g. 'Windows' or 'IOS'). os_name text os_name text The product name of the operating system detected on the asset (e.g. 'Windows' or 'Linux'). os_version text os_version text The version of the operating system detected on the asset (.e.g 'SP1' or '2.2.14'). os_architecture text os_architecture text The architecture of the operating system detected on the asset (e.g. 'x86'). os_description text os_description text The full description of the operating system detected on the asset, including the vendor, family, name, and version. os_system text os_system text A shortened form of the operating system description that includes only the vendor, family, and product. This field is best used when grouping by related operating system families and product combination irrespective of specified versions. os_cpe text os_cpe text The common platform enumerate (CPE) value, if applicable, associated to the operating system detected on the asset. risk_modifier float8 risk_modifier * float8 A modifier value that influences the overall risk score of the asset (a multiplier factor on the raw risk score). assessed_for_vulnerabilities bool assessed_for_vulnerabilities * bool Indicates whether this asset was assessed for vulnerabilities at least once in its history. assessed_for_policies bool assessed_for_policies * bool Indicates whether this asset was assessed for policy compliance at least once in its history. credential_status text credential_status text The status of credentials on the asset used most recently. This is an aggregation of all credentials and is one of the following values: 'No credentials supplied', 'All credentials failed', 'Credentials partially successful', or 'All credentials successful'. sites text sites text A comma-delimited list of sites the asset is currently a part of (sorted by name ascending). This column can be used a simple and conventient alternative to querying against dim_site_asset to retrieve the individual relationships. last_assessed_for_vulnerabilities timestamp last_assessed_for_vulnerabilities timestamp The date and time the asset was last assessed for vulnerabilities.

dim_asset

Dimension for the most recent information of all assets. This is a slowly changing dimension that will change as new scans are performed on the asset.
Columns
  asset_id bigint The unique identifier of the asset.
Nullable mac_address macaddr The primary or best MAC address associated to the asset in the scan.
Nullable ip_address inet The primary IP address of the asset.
  Nullable host_name text The primary host name of the asset. If a host name was used to detect the asset, this name will be preferred.
  Nullable host_type text The type of the host, which is one of the values: 'Virtual Machine', 'Hypervisor', 'Bare Metal', or 'Mobile'.
  Nullable os_type text The type of the asset which describe the classification by purpose, such as 'Router', 'Switch', 'Workstation', 'General', etc.
  Nullable os_vendor text The vendor name of the operating system detected on the asset (e.g. 'Microsoft' or 'Cisco').
  Nullable os_family text The family of the operating system detected on the asset (e.g. 'Windows' or 'IOS').
  Nullable os_name text The product name of the operating system detected on the asset (e.g. 'Windows' or 'Linux').
  Nullable os_version text The version of the operating system detected on the asset (.e.g 'SP1' or '2.2.14').
  Nullable os_architecture text The architecture of the operating system detected on the asset (e.g. 'x86').
  Nullable os_description text The full description of the operating system detected on the asset, including the vendor, family, name, and version.
  Nullable os_system text A shortened form of the operating system description that includes only the vendor, family, and product. This field is best used when grouping by related operating system families and product combination irrespective of specified versions.
  Nullable os_cpe text The common platform enumerate (CPE) value, if applicable, associated to the operating system detected on the asset.
risk_modifier float8 A modifier value that influences the overall risk score of the asset (a multiplier factor on the raw risk score).
assessed_for_vulnerabilities bool Indicates whether this asset was assessed for vulnerabilities at least once in its history.
assessed_for_policies bool Indicates whether this asset was assessed for policy compliance at least once in its history.
  Nullable credential_status text The status of credentials on the asset used most recently. This is an aggregation of all credentials and is one of the following values: 'No credentials supplied', 'All credentials failed', 'Credentials partially successful', or 'All credentials successful'.
  Nullable sites text A comma-delimited list of sites the asset is currently a part of (sorted by name ascending). This column can be used a simple and conventient alternative to querying against dim_site_asset to retrieve the individual relationships.
  Nullable last_assessed_for_vulnerabilities timestamp The date and time the asset was last assessed for vulnerabilities.
Indexes
dim_asset_pkey ON asset_id
dim_asset_ip ON ip_address
dim_asset_mac ON mac_address

dim_asset_address

Dimension for the network addresses of an asset. Each record represents a pair of IP and MAC that were enumerated on the asset. Since every asset will always have at least one IP address, each asset is guranteed to have on value in this table. Every "primary" address from the dim_asset dimension will be present in this dimension.
Columns
  asset_id bigint The unique identifier of the asset.
Nullable ip_address inet The IP address of the asset.
Nullable mac_address macaddr The MAC address of the asset.
primary bool Indicates whether this was the primary address of the asset (i.e. the address used to perform a network scan).
Indexes
dim_asset_address_id ON asset_id
dim_asset_address_ip ON ip_address
dim_asset_address_mac ON mac_address
Foreign Keys
asset_id_fk (asset_id) references dim_asset (asset_id)

dim_asset_container

Dimension for the containers detected on a container host. Each record represents one container. If an asset has no containers or is not a container host, there will be no records for the asset in this dimension.
Columns
asset_id bigint The unique identifier of the asset.
  Nullable container_id text The identifier of the container.
  Nullable name text The name of the container.
  Nullable status text The status of the container (one of 'CREATED', 'RUNNING', 'PAUSED', 'RESTARTING', 'EXITED', 'DEAD', or 'UNKNOWN;')
  Nullable created timestamp The date that the container was created.
  Nullable started timestamp The date the container last started.
  Nullable finished timestamp The date the container last finished running.
  Nullable image_id text The identifier of the image the container was based from.
  Nullable digest text The digest of the image the container was based on.
  Nullable repository text The repository of the image the container was based on.
Foreign Keys
asset_id_fk (asset_id) references dim_asset (asset_id)

dim_asset_file

Dimension for files and directories that have been enumerated on an asset. Each record represents one file or directory discovered on an asset. If an asset has no files or groups enumerated, there will be no records in this dimension for the asset.
Columns
  asset_id bigint The unique identifier of the asset.
file_id bigint The unique identifier of the file or directory.
  Nullable type text The type of the file. Either 'Directory', 'File' or 'Unknown'.
  Nullable name text The name of the file or directory.
  Nullable size bigint The size of the file or directory in bytes. If the size is unknown, or the file is a directory, the value will be -1.
Indexes
dim_asset_file_id ON asset_id
Foreign Keys
asset_id_fk (asset_id) references dim_asset (asset_id)

dim_asset_group

Dimension for all asset groups that any assets within the scope of the report belong to. Each asset group has metadata that define it and can be based off dynamic membership criteria.
Columns
  asset_group_id integer The unique identifier of the asset group.
name text The name of the asset groups which provides a human-readable identifier of the group. Asset groups names are guaranteed to be unique across multiple groups.
  Nullable description text A description of the asset group that indicates the content, purpose, or composition of a group.
  Nullable dynamic_membership bool Indicates whether the assets belonging to the group are defined statically by an user, or can change automatically based on asset metadata. If true, the membership of the group is dynamically changed whenever scans are performed on assets and the metadata and vulnerabilities related to the asset change. If false, the membership is static and defined manually by a group administrator.
Indexes
dim_asset_group_pkey ON asset_group_id

dim_asset_group_account

Dimension for user group accounts that have been enumerated on an asset. Each record represents one user group account on an asset. If an asset has no user group accounts enumerated, there will be no records in this dimension for the asset.
Columns
  asset_id bigint The unique identifier of the asset.
  Nullable name text The name of the group account.
Indexes
dim_asset_group_account_id ON asset_id
Foreign Keys
asset_id_fk (asset_id) references dim_asset (asset_id)

dim_asset_group_asset

Dimension for the association between an asset and an asset group. For each asset there will be one record with an association to one asset group. This dimension only provides current associations and does not indicate whether an asset once belonged to a group, but it is no longer.
Columns
  asset_group_id integer The unique identifier of the asset group.
asset_id bigint The unique identifier of the asset.
Indexes
dim_asset_group_asset_pkey ON asset_group_id, asset_id
Foreign Keys
asset_id_fk (asset_id) references dim_asset (asset_id)
asset_group_id_fk (asset_group_id) references dim_asset_group (asset_group_id)

dim_asset_group_tag

Dimension that demonstrates the relationship between an asset group and a tag. For each tag applied to an asset group there will be one record in this dimension. If an asset group has not associated tags, no records for that group will apear in this dimension.
Columns
  asset_group_id bigint The unique identifier of the asset group.
tag_id integer The unique identifier of the tag applied to the asset group.
Indexes
dim_asset_group_tag_pkey ON asset_group_id, tag_id
Foreign Keys
asset_group_id_fk (asset_group_id) references dim_asset_group (asset_group_id)
tag_id_fk (tag_id) references dim_tag (tag_id)

dim_asset_host_name

Dimension for the aliases or host names of an asset. Each record represents one of the host names that were discovered during the most recent scan of the asset, including the primary name available within the other asset fact tables. This dimension is built so it includes all aliases found in any node on the asset within the latest scan. If an asset did not have a host name detected in the latest scan, an empty value will be associated with the asset.
Columns
  asset_id bigint The unique identifier of the asset.
host_name text A host name that was detected on the asset.
  Nullable source_type text The type of the mechanism used to perform the host name detection (e.g. 'DNS', 'NetBIOS', etc).
  Nullable source text The name of the source used to to perform the host name detection (e.g. 'CIFS Name Service', 'uname -n', etc).
Indexes
dim_asset_host_name_id ON asset_id
Foreign Keys
asset_id_fk (asset_id) references dim_asset (asset_id)

dim_asset_operating_system

Dimension for the potential operating systems on an asset. Unlike dim_asset, this dimension provides access to all operating system fingerprints that have been detected. If an asset has no operating system fingerprints detected on it, there will be no records for the asset in this dimension.
Columns
  asset_id bigint he unique identifier of the asset.
  Nullable vendor text The vendor name of the operating system (e.g. 'Microsoft' or 'Cisco').
  Nullable family text The family of the operating system (e.g. 'Windows' or 'IOS').
  Nullable name text The product name of the operating system (e.g. 'Windows' or 'Linux').
  Nullable version text The version of the operating system (e.g. 'SP1' or '2.2.14').
  Nullable architecture text The architecture of the operating system detected on the asset (e.g. 'x86').
  Nullable description text The full description of the operating system, including the vendor, family, name, and version.
  Nullable system text A shortened form of the operating system description that includes only the vendor, family, and product. This field is best used when grouping by related operating system families and product combination irrespective of specified versions.
  Nullable cpe text The common platform enumerate (CPE) value, if applicable, associated to the operating system.
  Nullable type text The type of the operating system which describes the classification by purpose, such as 'Router', 'Switch', 'Workstation', 'General', etc.
  Nullable certainty real The certainty of the fingerprint, expressed as a decimal confidence between 0 (low) and 1.0 (high).
Indexes
dim_asset_operating_system_id ON asset_id
Foreign Keys
asset_id_fk (asset_id) references dim_asset (asset_id)

dim_asset_service

Dimension for the set of services that have been detected on an asset. Each record represents an open port that is running a service on a protocol. If an asset has no services detected on it, there will be no records for the asset in this dimension.
Columns
  asset_id bigint The unique identifier of the asset.
Nullable service text The protocol name of the service (e.g. 'HTTPS', 'RPC', 'NTP', etc).
port integer The port the service is running on.
Nullable protocol text The procol the service is exposed through (e.g. 'TCP', or 'UDP').
  Nullable vendor text The vendor of the software running on the service (e.g. 'Apache', 'Microsoft', etc).
  Nullable family text The family of the software running on the service (e.g. 'Apache', 'IIS', etc).
  Nullable name text The name of the software running on the service (e.g. 'HTTPD', 'IIS', etc).
  Nullable version text The version of the software running on the service (e.g. '7.5').
  Nullable certainty real The certainty of the service fingerprint that detected the service, expressed as a decimal confidence between 0 (low) and 1.0 (high).
  Nullable credential_status text The status of the credential(s) used against this service, which is one of the following values: 'No credentials supplied', 'Login failed', 'Login successful', 'Allowed elevation of privileges', 'Root', 'Login as local admin'
Indexes
dim_asset_service_id ON asset_id
dim_asset_service_service ON service, port, protocol
Foreign Keys
asset_id_fk (asset_id) references dim_asset (asset_id)

dim_asset_service_configuration

Dimension for the configurations that have been detected on the services of an asset. Each record represents a configuration value that has been detected on a service. If an asset has no services detected on it, or no configurations were detected, there will be no records for the asset in this dimension.
Columns
  asset_id bigint The unique identifier of the asset.
Nullable service text The protocol name of the service (e.g. 'HTTPS', 'RPC', 'NTP', etc).
port integer The port the service is running on.
Nullable protocol text The procol the service is exposed through (e.g. 'TCP', or 'UDP').
  Nullable name text The name of the configuration value (e.g. 'http.banner', 'ssl.cert.sig.alg.name', etc).
  Nullable value text The value of the configuration (e.g. 'Microsoft-IIS/7.5', 'SHA1withRSA', etc).
Indexes
dim_asset_service_configuration_id ON asset_id
dim_asset_service_configuration_service ON service, port, protocol
Foreign Keys
asset_id_fk (asset_id) references dim_asset (asset_id)

dim_asset_software

Dimension for the software that have been detected on an asset. Each record represents a fingerprint result and multiple software instances can be associated with each asset. If an asset had no installed software detected, there will be no records in this dimension.
Columns
  asset_id bigint The unique identifier of the asset.
  Nullable vendor text The vendor of the software.
  Nullable family text The product family of the software.
  Nullable name text The product name of the software.
  Nullable version text The version of the software.
  Nullable type text The type of the software, indicating its purpose or classification (e.g. 'General', 'Virtualization', 'Database Server', 'Security', etc).
  Nullable cpe text The common platform enumerate (CPE) value, if applicable, associated to the software.
Indexes
dim_asset_software_id ON asset_id
Foreign Keys
asset_id_fk (asset_id) references dim_asset (asset_id)

dim_asset_tag

Dimension for the association between an asset and a tag. For each asset there will be one record with an association to only one tag. This dimension only provides current associations and does not indicate whether an asset once belonged to a tag, but it is no longer.
Columns
  tag_id integer The unique identifier of the tag.
asset_id bigint The unique identifier of the asset.
association text The association that the tag has with the asset. It can be a direct association ("tag") or an indirect association through a site ("site"), a group ("group") or the tag dynamic search criteria ("criteria").
Nullable site_id bigint The site id by which an asset indirectly associates with the tag.
Nullable asset_group_id bigint The asset group id by which an asset indirectly associates with the tag.
Indexes
dim_asset_tag_pkey ON tag_id, asset_id
dim_asset_group_tag_id ON asset_group_id, tag_id
dim_asset_tag_asset_group ON asset_group_id
dim_asset_tag_site ON site_id
Foreign Keys
asset_group_id_fk (asset_group_id) references dim_asset_group (asset_group_id)
site_id_fk (site_id) references dim_site (site_id)
asset_id_fk (asset_id) references dim_asset (asset_id)
tag_id_fk (tag_id) references dim_tag (tag_id)

dim_asset_unique_id

Dimension for the unique identifiers on an asset. Each record represents a unique identifier enumerated on an asset. Not all assets are guaranteed to have a unique identifier.
Columns
  asset_id bigint The unique identifier of the asset.
source text The source used to discover the unique identifier (e.g. 'WML' or 'system_profiler', etc)
unique_id text The unique identifier enumerated on the asset.
Foreign Keys
asset_id_fk (asset_id) references dim_asset (asset_id)

dim_asset_user_account

Dimension for user accounts that have been enumerated on an asset. Each record represents one user account on an asset. If an asset has no user accounts enumerated, there will be no records in this dimension for the asset.
Columns
  asset_id bigint The unique identifier of the asset.
  Nullable name text The short, login name associated with the user account. This value may be null, but is typically non-null.
  Nullable full_name text The longer name, or description, of the user account.
Indexes
dim_asset_user_account_id ON asset_id
Foreign Keys
asset_id_fk (asset_id) references dim_asset (asset_id)

dim_asset_validated_vulnerability

Dimension that provides access to validation results on assets. If a validation source is used to validate a vulnerability (e.g. Metasploit) it will have a record in this table detailing which vulnerability was validated, and was exploit module was used to validate.
Columns
  asset_id bigint The unique identifier of the asset.
vulnerability_id integer
Nullable exploit_id integer The unique identifier of the exploit.
  Nullable module text The module used to validate the vulnerability, either 'metasploit' or 'other'
date timestamp The date the vulnerability result was validated.
Indexes
dim_asset_validated_vulnerability_asset_id ON asset_id
dim_asset_validated_vulnerability_asset_id_vulnerability_id ON asset_id, vulnerability_id
dim_asset_validated_vulnerability_date ON date
dim_asset_validated_vulnerability_exploit_id ON exploit_id
dim_asset_validated_vulnerability_vulnerability_id ON vulnerability_id
Foreign Keys
asset_id_fk (asset_id) references dim_asset (asset_id)
vulnerability_id_fk (vulnerability_id) references dim_vulnerability (vulnerability_id)
exploit_id_fk (exploit_id) references dim_vulnerability_exploit (exploit_id)

dim_asset_vulnerability_finding_rollup_solution

Dimension that provides access to what "best" solutions can be used to remediate a vulnerability on an asset. The solution(s) presented for an asset and vulnerability will be matched on the metadata/fingerprints of the asset and take supercedence and rollup into account. Despite this, multiple solutions may be selected and presented if a single solution cannot be selected. See dim_asset_vulnerability_finding_solution to gain access to the solutions without rollup applied.
Columns
  asset_id bigint The unique identifier of the asset.
vulnerability_id integer The unique identifier of the vulnerability.
solution_id integer The unique identifier of the rollup solution.
Indexes
dim_asset_vulnerability_finding_rollup_solution_id ON asset_id, vulnerability_id
dim_asset_vulnerability_finding_rollup_solution_solution_id ON solution_id
Foreign Keys
asset_id_fk (asset_id) references dim_asset (asset_id)
solution_id_fk (solution_id) references dim_solution (solution_id)
vulnerability_id_fk (vulnerability_id) references dim_vulnerability (vulnerability_id)

dim_asset_vulnerability_finding_solution

Dimension that provides access to what solutions can be used to remediate a vulnerability on an asset. The solution(s) presented for an asset and vulnerability will be matched on the metadata/fingerprints of the asset. If a single solution cannot be selected based on the fingerprints of an asset, multiple solutions may be selected and presented. The solution(s) provided represent only the most direct/immediate solutions associated with the vulnerability. See dim_asset_vulnerability_finding_rollup_solution for similar information, but with rollups and supercedence applied.
Columns
  asset_id bigint The unique identifier of the asset.
vulnerability_id integer The unique identifier of the vulnerability.
solution_id integer The unique identifier of the solution.
Indexes
dim_asset_vulnerability_finding_solution_id ON asset_id, vulnerability_id
dim_asset_vulnerability_finding_solution_solution_id ON solution_id
Foreign Keys
asset_id_fk (asset_id) references dim_asset (asset_id)
solution_id_fk (solution_id) references dim_solution (solution_id)
vulnerability_id_fk (vulnerability_id) references dim_vulnerability (vulnerability_id)

dim_policy

Dimension for all metadata related to a policy. It contains one record for every policy that currently exists.
Columns
  policy_id bigint The unique identifier of a policy.
benchmark_id bigint A foreign key to the benchmark the policy is associated with.
policy_name text The natural identifier of the policy benchmark source file. Can be used to uniquely identify a policy, in conjunction with columns benchmark_name and benchmark_version from the table policy_benchmark, as an alternative from using the primary key column policy_id.
  Nullable policy_version text The version of the policy.
  Nullable title text The title of the policy as visible to the user.
  Nullable description text A description of the policy.
unscored_rules integer The number of rules defined in the policy with a role of "unscored". These rules will not affect rule compliance scoring for the policy.
Indexes
dim_policy_pkey ON policy_id
Foreign Keys
benchmark_id_fk (benchmark_id) references dim_policy_benchmark (benchmark_id)

dim_policy_benchmark

Dimension for all metadata related to a policy benchmark. It contains one record for every policy benchmark that currently exists.
Columns
  benchmark_id bigint The unique identifier of a policy benchmark.
benchmark_name text The natural identifier of the policy benchmark source file. Can be used is conjunction with column benchmark_version to uniquely identify a policy benchmark as an alternative from using the primary key column benchmark_id.
benchmark_version text The version of the policy benchmark. Can be used is conjunction with column benchmark_name to uniquely identify a policy benchmark as an alternative from using the primary key column benchmark_id.
  Nullable title text The title of the policy benchmark.
  Nullable description text A description of the policy benchmark.
category text A grouping of similar benchmarks based on their source, purpose, or other criteria. Examples include "FDCC", "USGCB", and "CIS". Policy benchmarks created by users have a category of "Custom"
Indexes
dim_policy_benchmark_pkey ON benchmark_id

dim_policy_group

Dimension for all the metadata for each group of rules within a policy. It contains one record for every unhidden group within each policy.
Columns
  group_id bigint The identifier of the group.
policy_id bigint The identifier of the policy.
  Nullable group_name text The name of policy group.
  Nullable title text The title of the group, for each policy, that is visible to the user.
  Nullable description text A description of the group.
weight numeric DEFAULT 1.0 The scoring weight of the policy group.
  Nullable parent_group_id bigint The identifier of a group in the policy that a group directly belongs to.
sub_groups integer The number of groups decending from a group
rules integer The number of all rules including rule of a group's sub-groups.
Indexes
dim_policy_group_pkey ON group_id
dim_policy_group_policy_id ON policy_id
Foreign Keys
policy_id_fk (policy_id) references dim_policy (policy_id)

dim_policy_rule

Dimension for all the metadata for each rule within a policy. It contains one record for every rule within each policy.
Columns
  rule_id bigint The identifier of the policy rule.
policy_id bigint The identifier of the policy.
rule_name text The name of the rule from the selected policy.
  Nullable title text The title of the rule, for each policy, that is visible to the user. It describes a state or condition with which a tested asset should comply.
  Nullable description text A description of the rule.
  Nullable parent_group_id bigint The identifier of a group in the policy that a rule directly belongs to.
role text The rule's role in scoring and reporting: "full", "unchecked" and "unscored".
  Nullable severity text The severity of the rule. A textual value that can be one of the following: "low", "medium", "high", or "unknown".
  Nullable weight numeric DEFAULT 1.0 The scoring weight of the rule.
  Nullable rationale text Descriptive text explaining why compliance is important to the security of the target platform.
  Nullable remediation text Instructions for remediating the non-compliant rule.
  Nullable enabled bool The boolean to determine whether this rule is enabled.
Indexes
dim_policy_rule_pkey ON rule_id
dim_policy_rule_policy_id ON policy_id
Foreign Keys
policy_id_fk (policy_id) references dim_policy (policy_id)

dim_policy_rule_cce_platform_nist_control_mapping

Dimension that provides all NIST SP 800-53 controls mappings for each CCE within a rule.
Columns
  rule_id bigint The identifier of the policy rule.
cce_item_id text The identifier of the CCE item.
platform text The platform of the CCE.
control_name text The name of the control mapping.
date_published date The date published of the control mapping.
Indexes
dim_policy_rule_cce_platform_nist_control_mapping_rule_id ON rule_id
Foreign Keys
rule_id_fk (rule_id) references dim_policy_rule (rule_id)

dim_policy_rule_override

Dimension for all the metadata for each policy rule that has been overriden.
Columns
  override_id bigint The identifier of the policy rule override.
rule_id bigint The identifier of the policy rule.
scope text The system scope for which the policy rule override applies to.
scope_description text The description for the scope of the rule override
submitted_by text User name that submitted the policy rule override.
submitted_time timestamp Timestamp for submission of the policy rule override.
comment text Reporter comment that submitted the policy rule overrdie.
  Nullable reviewed_by text Reviewer of the policy rule override.
  Nullable review_comment text Reviewer comment for overriding the policy rule.
reviewed_rule_result text The original rule status when the override was submitted
  Nullable effective_time timestamp Timestamp for the policy rule override to be effective.
  Nullable expiration_time timestamp Timestamp for the expiration of the policy rule override.
status text Aggregated values for the rule status.
overridden_rule_result text The overridden rule status.
Nullable asset_id bigint The identifier of the asset for which the policy rule override applies to.
Indexes
dim_policy_rule_override_pkey ON override_id
dim_policy_rule_override_asset_id ON asset_id
dim_policy_rule_override_rule_id ON rule_id
Foreign Keys
asset_id_fk (asset_id) references dim_asset (asset_id)
rule_id_fk (rule_id) references dim_policy_rule (rule_id)

dim_policy_rule_test

Dimension that provides all tests associated with a policy rule.
Columns
  test_key text The unique identifier for the policy rule test
rule_id bigint The identifier of the policy rule.
test_type text The type of the policy rule test.
description text The description of what the rule test is checking for.
check_existence text The identifier of the type of condition performed in the test. Can be "all_exist", "any_exist", "at_least_one_exists", "none_exist", or "only_one_exists".
  Nullable check_results text The rule test check results.
state_operator text The logical operator that combines the evaluation results from each referenced state on a per item basis.
Indexes
dim_policy_rule_test_pkey ON test_key, rule_id
dim_policy_rule_test_test_id ON rule_id, test_key
Foreign Keys
rule_id_fk (rule_id) references dim_policy_rule (rule_id)

dim_scan

Dimension for all scans that have been run on any sites within access of the report, not only those within the scope. All scans will be made available, regardless of their scan status, including currently running scans.
Columns
  scan_id bigint The unique identifier of the scan.
Nullable site_id integer The unique identifier of the site.
started timestamp The time at which the scan started.
  Nullable finished timestamp The time at which the scan ended, which may be NULL if a scan is still in progress.
status text The current status of the scan, one of the values: 'Aborted', 'Successful', 'Running', 'Stopped', 'Failed', or 'Paused'.
type text The type of the scan, one of the values: 'Manual' or 'Scheduled'.
  Nullable scan_name text The user-driven scan name for the scan.
Indexes
dim_scan_pkey ON scan_id
dim_scan_site ON site_id
Foreign Keys
site_id_fk (site_id) references dim_site (site_id)

dim_scan_engine

Dimensions for the scan engines that may be selected to run scans, including standalone engines or pools. One record is present in this dimension for each scan engine that is defined.
Columns
  scan_engine_id integer The unique identifier of the scan engine.
name text The name of the scan engine.
address text The address (either IP or host name) of the scan engine.
port integer The port the scan engine is running on.
  Nullable type text The type of the scan engine, one of the values: 'Standard', 'Pool', 'VMWare EPsec', or 'AWS'
Indexes
dim_scan_engine_pkey ON scan_engine_id

dim_scan_template

Dimension for all scan templates that are defined. A record is present for each scan template in the system.
Columns
  scan_template_id text The unique identifier of the scan template.
name text The short, human-readable name of the scan template.
  Nullable description text The verbose description of the scan template.
Indexes
dim_scan_template_pkey ON scan_template_id

dim_site

Dimension for all sites. Each site has metadata that define it, including organization information.
Columns
  site_id integer The unique identifier of the site.
name text The name of the site which provides a human-readable identifier of the site. Site names are guaranteed to be unique across multiple sites.
  Nullable description text An optional description of the site that indicates the content, purpose, or composition of a site.
  Nullable importance text A human-readable description of the importance of site, one of the values: 'Very Low', 'Low', 'Normal', 'High' or 'Very High'
dynamic_targets bool Indicates whether the targets defined within the site are dynamically configured based on a discovery connection. If true, a discovery connection is the means by which the targets of a site are defined and dynamically updated. If false, the target definition is static and manually configured by a site administrator.
  Nullable risk_factor real An adjustment factor for the risk of a site. The weighting factor defaults to 1.0 and can be adjusted up or down as the importance of a site is changed. The higher the importance, the larger the risk factor, and the lower the importance, the lower the risk factor.
Nullable last_scan_id bigint The identifier of the scan that last ran for the site. If the site has not had a scan run, the value will be NULL.
Nullable previous_scan_id bigint The identifier of the scan that ran prior to the last scan for the site. If the site has not had a scan run, the value will be NULL.
scan_template text The name of the scan template the site is currently configured to run scans using.
scan_template_id text The identifier of the scan template the site is currently configured to run scans using.
scan_engine text The name of the scan engine the site is currently configured to run scans with.
scan_engine_id integer The identifier of the scan engine the site is currently configured to run scans with.
  Nullable organization_name text The optional name of the organization the site is associated to.
  Nullable organization_url text The URL/website of the organization the site is associated to.
  Nullable organization_contact text The contact name for the contact of the organization the site is associated to.
  Nullable organization_job_title text The job title of the contact of the organization the site isassociated to.
  Nullable organization_email text The email address of the contact of the organization the site is associated to.
  Nullable organization_phone text The phone number of the organization the site is associated to.
  Nullable organization_address text The address of the organization the site is associated to.
  Nullable organization_city text The city/region of the organization the site is associated to.
  Nullable organization_state text The state/county/province/territory of the organization of the site.
  Nullable organization_country text The country of organization the site is associated to.
  Nullable organization_zip text The zip-code (if applicable) of the organization the site is associated to.
Indexes
dim_site_pkey ON site_id
dim_site_last_scan ON last_scan_id
dim_site_previous_scan ON previous_scan_id
Foreign Keys
scan_engine_id_fk (scan_engine_id) references dim_scan_engine (scan_engine_id)
scan_template_id_fk (scan_template_id) references dim_scan_template (scan_template_id)

dim_site_asset

Dimension for the association between an asset and a site. For each asset there will be one record with an association to only one site.
Columns
  site_id integer The unique identifier of the site.
asset_id bigint The unique identifier of the asset.
Indexes
dim_site_asset_pkey ON site_id, asset_id
Foreign Keys
asset_id_fk (asset_id) references dim_asset (asset_id)
site_id_fk (site_id) references dim_site (site_id)

dim_site_target

Dimension for all the included and excluded targets of a site. For all assets in the scope of the report, a record will be present for each unique IP range and/or host name defined as an included or excluded address in the site configuration. If any global exclusions are applied, these will also be provided at the site level.
Columns
  site_id integer The unique identifier of the site.
type text Either 'host' or 'ip' to indicate the type of address.
included bool True if the target is included in the configuration, or false if it is excluded.
target text If type is 'host', this is the host name.
  Nullable ip_start inet If type is 'ip', this is the starting IP address of the range (if there is no range, the ip_start is the IP).
  Nullable ip_end inet If type is 'ip', this is the ending IP address of the range (if there is no range, ip_end is the same as the ip_start).
  Nullable scope text The scope of an exclusion, either 'global' if the exclusion is a global exclusion, 'site' if the exclusion is defined on the site, or NULL if included is true.
Indexes
dim_site_target_id ON site_id
Foreign Keys
site_id_fk (site_id) references dim_site (site_id)

dim_solution

Dimension that provides access to all solutions defined. A solution models the information, steps, and background required to remediate a vulnerability.
Columns
  solution_id integer The unique identifier of the solution.
nexpose_id text The key/identifier of the solution that uniquely identifies it within Nexpose.
  Nullable estimate interval The amount of required time estimated to implement this solution on a single asset. This is a heuristic and may not represent the actualy time required to remediate or apply the solution, depending on the environment and tools available for remediation.
  Nullable url text An optional URL link defined for getting more information about the solution. When defined, this may be a web page defined by the vendor that provides more details on the solution, or it may be a download link to a patch.
solution_type text Type of the solution, one of the values: 'PATCH', 'ROLLUP' or 'WORKAROUND'.
  Nullable fix text The steps that are a part of the fix this solution prescribes. The fix will usually contain a list of procedures that must be followed to remediate the vulnerability. The fix is represented using HTML markup that can be "flattened" using the htmlToText() function.
summary text A short summary of solution which describes the purpose of the solution at a high level and is suitable for use as a summarization of the solution. The summary is represented using HTML markup that can be "flattened" using the htmlToText() function.
  Nullable additional_data text Additional information about the solution. The additional data is represented using HTML markup that can be "flattened" using the htmlToText() function.
  Nullable applies_to text Textual representation of the types of system, software, and/or services that the solution can be applied to. If the solution is not restricted to a certain type of system, software or service, this field will be NULL.
Indexes
dim_solution_pkey ON solution_id
dim_solution_nexpose_id ON nexpose_id
dim_solution_solution_type ON solution_type

dim_solution_highest_supercedence

Dimension that provides access to the highest level superceding solution for every solution. If a solution has multiple superceding solutions that themselves are not superceded, all will be returned. Therefore a single solution may have multiple records returned. If a solution is not superceded by any other solution, it will be marked as being superceded by itself.
Columns
  solution_id integer The unique identifier of the solution.
superceding_solution_id integer The identifier of a solution that is known to supercede the solution, and which itself is not superceded (the highest level of supercedence). If the solution is not superceded, this is the same identifier as solution_id.
Indexes
dim_solution_highest_supercedence_pkey ON solution_id, superceding_solution_id
dim_solution_highest_supercedence_superceding_solution_id ON superceding_solution_id
Foreign Keys
solution_id_fk (solution_id) references dim_solution (solution_id)
superceding_solution_id_fk (superceding_solution_id) references dim_solution (solution_id)

dim_solution_prerequisite

Dimension that provides an association between a solution and all the prerequisite solutions that must be applied before it. If a solution has no prerequisites, it will have no records in this dimension.
Columns
  solution_id integer The unique identifier of the solution.
required_solution_id integer The unique identifier of the prerequisite solution.
Indexes
dim_solution_prerequisite_pkey ON solution_id, required_solution_id
Foreign Keys
required_solution_id_fk (required_solution_id) references dim_solution (solution_id)
solution_id_fk (solution_id) references dim_solution (solution_id)

dim_solution_supercedence

Dimension that provides all superceding associations between solutions. Unlike dim_solution_highest_supercedence, this dimension provides access to the entire graph of superceding relationships. If a solution does not supercede any other solution, it will not have any records in this dimension.
Columns
  solution_id integer The unique identifier of the solution.
superceding_solution_id integer The unique identifier of the superceding solution.
Indexes
dim_solution_supercedence_pkey ON solution_id, superceding_solution_id
dim_solution_supercedence_superceding_solution_id ON superceding_solution_id
Foreign Keys
solution_id_fk (solution_id) references dim_solution (solution_id)
superceding_solution_id_fk (superceding_solution_id) references dim_solution (solution_id)

dim_tag

Dimension for all tags that any assets within the scope of the report belong to. Each tag has either a direct association or indirection association to an asset based off site or asset group association or of dynamic membership criteria.
Columns
  tag_id integer The unique identifier of the tag.
name text The name of the tags. Tag names are unique for tags of the same type.
type text The type of the tag, one of the following values: 'CRITICALITY', 'LOCATION', 'OWNER', or 'CUSTOM'.
  Nullable source text The original application that created the tag.
created timestamp The creation time.
  Nullable risk_modifier float8 The risk modifier for a CRITICALITY typed tag.
  Nullable color text The optional color of the tag, in hexadecimal notation.
Indexes
dim_tag_pkey ON tag_id
dim_tag_type ON type

dim_vulnerability

Dimension for a vulnerability and its associated metadata, including risk scores, CVSS vector, and title. One record is present for each vulnerability that is defined.
Columns
  vulnerability_id integer The unique identifier of the vulnerability.
nexpose_id text The Nexpose identifier (natural key) of the vulnerability.
title text A short, human-readable description of the vulnerability. The title is represented using HTML markup that can be "flattened" using the htmlToText() function.
description text A verbose description for the vulnerability. The description is represented using HTML markup that can be "flattened" using the htmlToText() function.
date_published date The date that the vulnerability was publicized by the third-party, vendor, or another authoring source. The granularity of the date is a day.
date_added date The date that the vulnerability was first checked by Nexpose. The granularity of the date is a day.
date_modified date The date that the vulnerability was last modified. The granularity of the date is a day.
severity_score smallint The numerical severity of the vulnerability, measured on a scale of 0 to 10 using whole numbers.
severity text The textual representation of the severity of the vulnerability, which is based on the severity score. The severity can be any of the following values: 'Critical', 'Severe', or 'Moderate'
critical integer Numerical representation of the severity of the vulnerability that can be used for aggregation purposes easily use a SUM aggregate. If the severity is 'Critical' the value of this column is 1, otherwise it is 0.
severe integer Numerical representation of the severity of the vulnerability that can be used for aggregation purposes easily use a SUM aggregate. If the severity is 'Severe' the value of this column is 1, otherwise it is 0.
moderate integer Numerical representation of the severity of the vulnerability that can be used for aggregation purposes easily use a SUM aggregate. If the severity is 'Moderate' the value of this column is 1, otherwise it is 0.
pci_severity_score smallint The numerical PCI severity score of the vulnerability, measured on a scale of 1 to 5 using whole numbers.
pci_status text The compliance level of the vulnerability according to PCI standards. 'Pass' indicates the vulnerability may be present on an asset but still pass PCI compliance. 'Fail' indicates the vulnerability must not be present in order to pass PCI compliance.
pci_failures integer Numerical representation of the pci_status that can be used for aggregation purposes easily using a SUM aggregate. The value is 0 if pci_status is 'Pass', and 1 if pci_status is 'Fail'.
risk_score float8 The risk score of the vulnerability as computed by the current risk strategy/model.
cvss_vector text The full CVSS vector in CVSS Version 2.0 notation.
cvss_access_vector varchar( 1 ) Access vector (AV) code that represents the CVSS access vector value of the vulnerability.
cvss_access_complexity varchar( 1 ) Access complexity (AC) vector code that represents the CVSS access complexity vector value of the vulnerability.
cvss_authentication varchar( 1 ) Authentication (Au) vector code that represents the CVSS authentication vector value of the vulnerability.
cvss_confidentiality_impact varchar( 1 ) Confidentiality impact (C) vector code that represents the CVSS confidentiality impact vector value of the vulnerability.
cvss_integrity_impact varchar( 1 ) Integrity impact (I) vector code that represents the CVSS integrity impact vector value of the vulnerability.
cvss_availability_impact varchar( 1 ) Availability impact (A) vector code that represents the CVSS availability impact vector value of the vulnerability.
cvss_score real Value between 0 and 10 representing the CVSS score of the vulnerability.
pci_adjusted_cvss_score real Value between 0 and 10 representing the CVSS score of the vulnerability, adjusted if necessary to follow PCI rules.
cvss_exploit_score real Base score for the exploitability of a vulnerability that is used to compute the overall CVSS score.
cvss_impact_score real Base score for the impact of a vulnerability that is used to compute the overall CVSS score.
  Nullable pci_special_notes text Notes attached to the vulnerability following PCI rules.
denial_of_service bool Signifies whether the vulnerability is classified as a denial-of-service vulnerability.
exploits bigint The total number of distinct exploits/modules that are known to exploit the vulnerability.
exploit integer Numeric representation as to whether this vulnerability is exploitable. If exploits is greater than 0, this value will be 1, otherwise 0.
  Nullable exploit_skill_level text The minimum exploitability skill level required to exploit this vulnerability (if an exploit is known for it), one of the values 'Expert', 'Novice', 'Intermediate', or NULL.
malware_kits bigint The total number of distinct malware kits that are known to exploit the vulnerability.
malware_kit integer Numeric representation as to whether this vulnerability has a known malware kit. If mwlare_kits is greater than 0, this value will be 1, otherwise 0.
  Nullable malware_popularity text The maximum popularity value of the malware kits on this vulnerability (if a malware kit is known for it), one of the values: 'Uncommon', 'Occasional', 'Rare', 'Common', 'Favored', 'Popular', or 'Unknown'.
  Nullable cvss_v3_vector text The full CVSS vector in CVSS Version 3.0 notation.
  Nullable cvss_v3_attack_vector varchar( 1 ) Attack Vector (AV) code that represents the CVSS attack vector value of the vulnerability.
  Nullable cvss_v3_attack_complexity varchar( 1 ) Attack Complexity (AC) code that represents the CVSS attack complexity value of the vulnerability.
  Nullable cvss_v3_privileges_required varchar( 1 ) Privileges Required (PR) code that represents the CVSS privilege required value of the vulnerability.
  Nullable cvss_v3_user_interaction varchar( 1 ) User Interaction (UI) code that represents the CVSS user interaction value of the vulnerability.
  Nullable cvss_v3_scope varchar( 1 ) Scope (S) code that represents the CVSS scope value of the vulnerability.
  Nullable cvss_v3_confidentiality_impact varchar( 1 ) Confidentiality Impact (C) code that represents the CVSS confidentiality impact value of the vulnerability.
  Nullable cvss_v3_integrity_impact varchar( 1 ) Integrity Impact (I) code that represents the CVSS integrity impact value of the vulnerability.
  Nullable cvss_v3_availability_impact varchar( 1 ) Availability Impact (A) code that represents the CVSS availability impact value of the vulnerability.
  Nullable cvss_v3_score real Value between 0 and 10 representing the CVSS Version 3.0 score of the Vulnerability.
  Nullable cvss_v3_impact_score real Base score for the impact of a vulnerability that is used to compute the overall CVSS Version 3.0 score.
  Nullable cvss_v3_exploit_score real Base score for the exploitability of a vulnerability that is used to compute the overall CVSS Version 3.0 score.
Indexes
dim_vulnerability_pkey ON vulnerability_id
dim_vulnerability_nexpose_id ON nexpose_id
dim_vulnerability_severity ON severity

dim_vulnerability_category

Dimension for categories that defines groups of related vulnerabilities by a common name. Each record represents a vulnerability and the associated category it belongs to. Each vulnerability can belong to multiple categories, in which case multiple records will be present, one for each category the vulnerability belongs to.
Columns
  vulnerability_id integer The unique identifier of the vulnerability.
category_name text The human-readable name of the vulnerability category.
Indexes
dim_vulnerability_category_pkey ON vulnerability_id, category_name
Foreign Keys
vulnerability_id_fk (vulnerability_id) references dim_vulnerability (vulnerability_id)

dim_vulnerability_exception

Dimension for all vulnerability exceptions that are currently applied to or are pending approval to apply to any assets. This fact includes exceptions that are pending approval, those that are actively applying, and even expired exceptions.
Columns
  vulnerability_exception_id integer The unique identifier of the vulnerability exception.
vulnerability_id integer The unique identifier of the vulnerability.
scope text The scope of the vulnerability exception, one of the values: 'Global', 'Site', 'Asset' or 'Instance'.
  Nullable scope_description text The description of the scope of the vulnerability exception, one of the values: 'All instances (all assets)', 'All instances in this site', 'All instances on this asset', or 'Specific instance on this asset'
reason text The reason the vulnerability exception was requested or applied.
  Nullable additional_comments text Comments field populated when a state transition, such as rejection or submission, occurs. This is a user-populated field that is optional.
  Nullable submitted_date timestamp The date that the exception was last submitted, or resubmitted for approval. If the exception has been rejected or recalled and is resubmitted, only the date of the last state transition is used.
  Nullable submitted_by text The login name of the user that submitted the vulnerability exception for approval.
  Nullable review_date timestamp The date when the last review of the exception request was performed. This can either be the date when the exception was last approved, or last rejected. If the exception is approved, rejected, or recalled multiple times, this is the date of the last state transition. If a review is pending, this value may be NULL.
  Nullable reviewed_by text The login name of the user that reviewed the vulnerability exception for approval and either approved or rejected it. If the exception is still waiting for approval, this value is NULL.
  Nullable review_comment text The last comment when the exception was reviewed, and either approved or rejected. If a review has yet to occur, this can be null.
  Nullable expiration_date date The date at which the expiration of the exception occurs. The expiration date is interpreted as midnight on the date specified. The timestamp is converted into the timezone specified within the report configuration.
  Nullable status text The status of the exception, one of the values: 'Under review', 'Approved', 'Rejected', 'Recalled', or 'Expired'.
Nullable site_id integer If the scope is 'Site', the id of the site the exception applies to. For all other scopes, the value is NULL.
Nullable asset_id bigint If the scope is 'Asset' or 'Instance' the id of the asset the exception applies to. For all other scopes, the value is NULL.
  Nullable port integer If the scope is 'Instance' and the exception is applying to a service, the port of the service that exception is applied to. For all other scopes, the value is NULL.
  Nullable key text If the scope is 'Instance' and the exception is applied to a vulnerability with a secondary key, the key of the vulnerability the exception applies to. For all other scopes, the value is NULL.
Nullable group_id integer If the scope is 'Asset Group', the id of the group the exception applies to. For all other scopes, the value is NULL.
Indexes
dim_vulnerability_exception_pkey ON vulnerability_exception_id
dim_vulnerability_exception_asset_id ON asset_id
dim_vulnerability_exception_group_id ON group_id
dim_vulnerability_exception_scope ON scope
dim_vulnerability_exception_site_id ON site_id
dim_vulnerability_exception_vulnerability_id ON vulnerability_id
Foreign Keys
vulnerability_id_fk (vulnerability_id) references dim_vulnerability (vulnerability_id)

dim_vulnerability_exploit

Exploits that exploit a particular vulnerability that have been defined by external exploit data sources. Each record represents the relationship between a vulnerability and one exploit module/kit/package known to exploit that vulnerability. Each vulnerability can be associated to multiple exploits.
Columns
  exploit_id integer The unique identifier of the exploit module.
vulnerability_id integer The unique identifier of the vulnerability the exploit relates to.
title text The short name or title of the exploit which describes the name, purpose, or target of the exploit.
  Nullable description text The description of the exploit that provides more detailed information on the purpose or target of the exploit.
  Nullable skill_level text The skill level required to perform the exploit, one of the values: 'Expert', 'Novice', or 'Intermediate'.
  Nullable source text The source which defined and published the exploit, one of the values: 'Exploit Database' or 'Metasploit Module'.
  Nullable source_key text The identifier of the exploit within the source that published the exploit. This can be an internal identifier key for the exploit within the source.
Indexes
dim_vulnerability_exploit_pkey ON exploit_id, vulnerability_id
dim_vulnerability_exploit_vulnerability_id ON vulnerability_id
Foreign Keys
vulnerability_id_fk (vulnerability_id) references dim_vulnerability (vulnerability_id)

dim_vulnerability_malware_kit

Dimension for malware kits that are known to exploit a vulnerability. Each record represents the relationship between a vulnerability and an associated malware kit known to exploit that vulnerability. Each vulnerability can be associated to multiple malware kits.
Columns
  malware_kit_id integer The unique identifier of the malware kit.
vulnerability_id integer The unique identifier of the vulnerability with a malware kit
name text The name of the malware kit.
  Nullable popularity text The popularity of the malware kit, which identifies how common or accessible it is. Popularity can have the following values: 'Uncommon', 'Occasional', 'Rare', 'Common', 'Favored', 'Popular', or 'Unknown'.
Indexes
dim_vulnerability_malware_kit_pkey ON malware_kit_id, vulnerability_id
dim_vulnerability_malware_kit_vulnerability_id ON vulnerability_id
Foreign Keys
vulnerability_id_fk (vulnerability_id) references dim_vulnerability (vulnerability_id)

dim_vulnerability_reference

Dimension for references to external data source(s) that relate to, define, or that the publishing source of a vulnerability. Each record represents the relationship between a vulnerability and an external reference or link to a defining source. Each vulnerability may be associated to multiple references.
Columns
  vulnerability_id integer The unique identifier of the vulnerability.
source text The name of a source of vulnerability information or metadata. The source is provided in all upper-case characters (for consistency with the user interface).
reference text The reference that keys or links into the source repository. If the source is 'URL', the reference is a URL. For other data sources such as CVE, BID, or SECUNIA, the reference is typically a key that indexes into those repositories.
Indexes
dim_vulnerability_referenceserence_vulnerability_id
Foreign Keys
vulnerability_id_fk (vulnerability_id) references dim_vulnerability (vulnerability_id)

dim_vulnerability_solution

Dimension that provides access to the relationship between a vulnerability and its (direct) solutions. These solutions are only those which are directly known to remediate the vulnerability, and do not include rollups or superceding solutions. If a vulnerability has more than one solution (e.g. for multiple platforms), multiple association records will be present. If a vulnerability has no known solutions, it will have no records in this dimension.
Columns
  vulnerability_id integer The unique identifier of the vulnerability.
solution_id integer The unique identifier of the solution.
Indexes
dim_vulnerability_solution_pkey ON vulnerability_id, solution_id
Foreign Keys
solution_id_fk (solution_id) references dim_solution (solution_id)
vulnerability_id_fk (vulnerability_id) references dim_vulnerability (vulnerability_id)

fact_all

Accumulating snapsht fact for all assets. This convenience rollup fact aggregates across all defined assets. This fact table is guaranteed to have one and only one record at all times, even if no assets are defined.
Columns
  assets bigint The total number of assets.
vulnerabilities bigint The sum of the count of vulnerabilities on each asset. This value is equal to the sum of the critical_vulnerabilities, severe_vulnerabilities, and moderate_vulnerabilities columns.
critical_vulnerabilities bigint The sum of the count of critical vulnerabilities on each asset.
severe_vulnerabilities bigint The sum of the count of severe vulnerabilities on each asset.
moderate_vulnerabilities bigint The sum of the count of moderate vulnerabilities on each asset.
malware_kits integer The sum of the count of malware kits on each asset.
exploits integer The sum of the count of exploits on each asset.
vulnerabilities_with_malware_kit integer The sum of the count of vulnerabilities with malware on each asset.
vulnerabilities_with_exploit integer The sum of the count of vulnerabilities with exploits on each asset.
vulnerability_instances bigint The sum of the vulnerabilities instances on each asset.
raw_risk_score float8 The sum of the raw risk score of each asset.
risk_score float8 The sum of the risk score of each asset.
pci_status text The overall compliance level ('Pass' or 'Fail') according to PCI standards. The status is only 'Pass' if all assets individually have a status of 'Pass' (e.g. in fact_asset)
pci_failures bigint The sum of the total PCI failures on each asset.
validated_vulnerabilities bigint DEFAULT 0 The number of vulnerabilities that have been validated.

fact_all_date

Periodic snapshot fact for all data. This fact table is a date-based snapshot of the fact_all table. During each export process, the current data is appended to this fact table.
Columns
  day date The date the snapshot was recorded.
assets bigint The total number of assets.
vulnerabilities bigint The sum of the count of vulnerabilities on each asset. This value is equal to the sum of the critical_vulnerabilities, severe_vulnerabilities, and moderate_vulnerabilities columns.
critical_vulnerabilities bigint The sum of the count of critical vulnerabilities on each asset.
severe_vulnerabilities bigint The sum of the count of severe vulnerabilities on each asset.
moderate_vulnerabilities bigint The sum of the count of moderate vulnerabilities on each asset.
malware_kits integer The sum of the count of malware kits on each asset.
exploits integer The sum of the count of exploits on each asset.
vulnerabilities_with_malware_kit integer The sum of the count of vulnerabilities with malware on each asset.
vulnerabilities_with_exploit integer The sum of the count of vulnerabilities with exploits on each asset.
vulnerability_instances bigint The sum of the vulnerabilities instances on each asset.
raw_risk_score float8 The sum of the raw risk score of each asset.
risk_score float8 The sum of the risk score of each asset.
pci_status text The overall compliance level ('Pass' or 'Fail') according to PCI standards. The status is only 'Pass' if all assets individually have a status of 'Pass' (e.g. in fact_asset)
pci_failures bigint The sum of the total PCI failures on each asset.
validated_vulnerabilities bigint DEFAULT 0 The number of vulnerabilities that have been validated.
Indexes
fact_all_date_pkey ON day

fact_asset

Accumulating snapshot fact table for the latest state of an asset. Each fact record represents the current summary information for an asset, from all data source across all sites the asset belongs to.
Columns
  asset_id bigint The unique identifier of the asset.
vulnerabilities bigint The number of vulnerability findings on the asset. This value is equal to the sum of critical_vulnerabilities, severe_vulnerabilities, and moderate_vulnerabilities columns.
critical_vulnerabilities bigint The number of vulnerability findings for vulnerabilities with a critical severity.
severe_vulnerabilities bigint The number of vulnerability findings for vulnerabilities with a severe severity.
moderate_vulnerabilities bigint The number of vulnerability findings for vulnerabilities with a moderate severity.
malware_kits integer The number of distinct malware kits that can exploit any vulnerabilities on the asset.
exploits integer The number of distinct exploit modules that can exploit any vulnerabilities on the asset.
vulnerabilities_with_malware_kit integer The number of vulnerabilities on the asset that have at least one malware kit.
vulnerabilities_with_exploit integer The number of vulnerabilities on the asset that have at least one exploit module.
vulnerability_instances bigint The total number of instances of all vulnerabilities.
raw_risk_score float8 The risk score of the asset across all vulnerabilities but with no risk factor applied.
risk_score float8 The risk score of the asset across all vulnerabilities with any applicable risk factor applied.
pci_status text The compliance level, either 'Pass' or 'Fail', of the asset according to PCI standards.
pci_failures bigint Numerical representation of the pci_status that can be used for aggregation. If pci_status is 'Pass' the value is 0, and if 'Fail' the value is 1.
validated_vulnerabilities bigint DEFAULT 0 The number of vulnerabilities that have been validated.
Indexes
fact_asset_pkey ON asset_id
Foreign Keys
asset_id_fk (asset_id) references dim_asset (asset_id)

fact_asset_date

Periodic snapshot fact for assets. This fact table is a date-based snapshot of the fact_asset table. During each export process, the current data is appended to this fact table.
Columns
  day date The date the snapshot was recorded.
asset_id bigint The unique identifier of the asset.
vulnerabilities bigint The number of vulnerability findings on the asset. This value is equal to the sum of critical_vulnerabilities, severe_vulnerabilities, and moderate_vulnerabilities columns.
critical_vulnerabilities bigint The number of vulnerability findings for vulnerabilities with a critical severity.
severe_vulnerabilities bigint The number of vulnerability findings for vulnerabilities with a severe severity.
moderate_vulnerabilities bigint The number of vulnerability findings for vulnerabilities with a moderate severity.
malware_kits integer The number of distinct malware kits that can exploit any vulnerabilities on the asset.
exploits integer The number of distinct exploit modules that can exploit any vulnerabilities on the asset.
vulnerabilities_with_malware_kit integer The number of vulnerabilities on the asset that have at least one malware kit.
vulnerabilities_with_exploit integer The number of vulnerabilities on the asset that have at least one exploit module.
vulnerability_instances bigint The total number of instances of all vulnerabilities.
raw_risk_score float8 The risk score of the asset across all vulnerabilities but with no risk factor applied.
risk_score float8 The risk score of the asset across all vulnerabilities with any applicable risk factor applied.
pci_status text The compliance level, either 'Pass' or 'Fail', of the asset according to PCI standards.
pci_failures bigint Numerical representation of the pci_status that can be used for aggregation. If pci_status is 'Pass' the value is 0, and if 'Fail' the value is 1.
validated_vulnerabilities bigint DEFAULT 0 The number of vulnerabilities that have been validated.
Indexes
fact_asset_date_pkey ON day, asset_id
Foreign Keys
asset_id_fk (asset_id) references dim_asset (asset_id)

fact_asset_event

Transactional fact for every event that has occurred on an asset that may have changed the data on the asset. These events includes scans, data import, applying exceptions, etc.
Columns
  asset_id bigint The unique identifier of the asset.
Nullable event_id bigint The unique identifier of the event that the asset was modified by, which can be shared across multiple assets that were a part of the same event.
date timestamp The date in which the event was performed or executed.
type text The type of the event, which is one of the following values: 'SCAN' - the asset was scanned by a scan engine 'ACTIVE-SYNC' - the asset was scanned/discovered through an active sync connection 'VULNERABILITY_EXCEPTION_APPLIED' - a vulnerability exception was applied to a vulnerability 'VULNERABILITY_EXCEPTION_UNAPPLIED' - a vulnerability exception was unapplied (removed) from a vulnerability 'ASSET-IMPORT' or 'EXTERNAL-IMPORT' - the asset was imported through the external API 'EXTERNAL-IMPORT-APPSPIDER' - the asset was imported from an AppSpider scan 'SCAN-LOG-IMPORT' - the asset was import using a console command 'SCAN-LOG-INGESTOR-UPGRADE' - the asset was imported during a one-time product upgrade (deprecated)
Nullable scan_id bigint If the type is 'SCAN', 'ACTIVE-SYNC', 'SCAN-LOG-IMPORT', 'SCAN-LOG-INGESTOR-UPGRADE', or 'EXTERNAL-IMPORT-APPSPIDER' the identifier of the scan that was run. For all other types the value is NULL.
Nullable vulnerability_exception_id integer If the type is 'VULNERABILITY_EXCEPTION_APPLIED' or 'VULNERABILITY_EXCEPTION_UNAPPLIED' the identifier of the vulnerability exception that was applied or unapplied.
  Nullable user_name text If the type is 'EXTERNAL-IMPORT' or 'ASSET-IMPORT' the login name of the user that performed the import.
  Nullable description text A description of the event that was performed. This can include details specific to the event type.
Indexes
fact_asset_event_date ON date
fact_asset_event_exception ON vulnerability_exception_id
fact_asset_event_id ON asset_id, event_id
fact_asset_event_scan ON scan_id
fact_asset_event_type ON type
Foreign Keys
asset_id_fk (asset_id) references dim_asset (asset_id)
scan_id_fk (scan_id) references dim_scan (scan_id)
vulnerability_exception_id_fk (vulnerability_exception_id) references dim_vulnerability_exception (vulnerability_exception_id)

fact_asset_group

Accumulating snapshot fact for the summary information of an asset group. This is a convenience fact for rolling up the information for assets within the membership of one or more asset groups. The summary information provided is based on the most recent data for each asset in the membership of the group. If an asset group has no assets, there will be a fact record with zero counts.
Columns
  asset_group_id integer The unique identifier of the asset group.
  Nullable assets bigint The total number of assets that are in the scope of associated to the group. If the group has no assets in the current scope or membership, this value can be zero.
vulnerabilities bigint The sum of the count of vulnerabilities on each asset. This value is equal to the sum of the critical_vulnerabilities, severe_vulnerabilities, and moderate_vulnerabilities columns.
critical_vulnerabilities bigint The sum of the count of critical vulnerabilities on each asset.
severe_vulnerabilities bigint The sum of the count of severe vulnerabilities on each asset.
moderate_vulnerabilities bigint The sum of the count of moderate vulnerabilities on each asset.
malware_kits integer The sum of the count of malware kits on each asset.
exploits integer The sum of the count of exploits on each asset.
vulnerabilities_with_malware_kit integer The sum of the count of vulnerabilities with malware on each asset.
vulnerabilities_with_exploit integer The sum of the count of vulnerabilities with exploits on each asset.
vulnerability_instances bigint The sum of the vulnerabilities instances on each asset.
raw_risk_score float8 The sum of the raw risk score of each asset in the group.
risk_score float8 The sum of the risk score of each asset in the group.
pci_status text The overall compliance level ('Pass' or 'Fail') of the asset group according to PCI standards. The status is only 'Pass' if all assets in the group individually have a status of 'Pass' (e.g. in fact_asset)
pci_failures bigint The sum of the total PCI failures on each asset in the group.
validated_vulnerabilities bigint DEFAULT 0 The number of vulnerabilities that have been validated.
Indexes
fact_asset_group_pkey ON asset_group_id
Foreign Keys
asset_group_id_fk (asset_group_id) references dim_asset_group (asset_group_id)

fact_asset_group_date

Periodic snapshot fact for asset groups. This fact table is a date-based snapshot of the fact_asset_group table. During each export process, the current data is appended to this fact table.
Columns
  day date The date the snapshot was recorded.
asset_group_id integer The unique identifier of the asset group.
  Nullable assets bigint The total number of assets that are in the scope of associated to the group. If the group has no assets in the current scope or membership, this value can be zero.
vulnerabilities bigint The sum of the count of vulnerabilities on each asset. This value is equal to the sum of the critical_vulnerabilities, severe_vulnerabilities, and moderate_vulnerabilities columns.
critical_vulnerabilities bigint The sum of the count of critical vulnerabilities on each asset.
severe_vulnerabilities bigint The sum of the count of severe vulnerabilities on each asset.
moderate_vulnerabilities bigint The sum of the count of moderate vulnerabilities on each asset.
malware_kits integer The sum of the count of malware kits on each asset.
exploits integer The sum of the count of exploits on each asset.
vulnerabilities_with_malware_kit integer The sum of the count of vulnerabilities with malware on each asset.
vulnerabilities_with_exploit integer The sum of the count of vulnerabilities with exploits on each asset.
vulnerability_instances bigint The sum of the vulnerabilities instances on each asset.
raw_risk_score float8 The sum of the raw risk score of each asset in the group.
risk_score float8 The sum of the risk score of each asset in the group.
pci_status text The overall compliance level ('Pass' or 'Fail') of the asset group according to PCI standards. The status is only 'Pass' if all assets in the group individually have a status of 'Pass' (e.g. in fact_asset)
pci_failures bigint The sum of the total PCI failures on each asset in the group.
validated_vulnerabilities bigint DEFAULT 0 The number of vulnerabilities that have been validated.
Indexes
fact_asset_group_date_pkey ON day, asset_group_id
Foreign Keys
asset_group_id_fk (asset_group_id) references dim_asset_group (asset_group_id)

fact_asset_policy

Accumulating snapshot fact for all current tested policies on an asset. This fact is a convenience rollup for the fact_asset_policy_rule fact and provides a record for each tested policy on every asset. If an asset was not applicable to any rules in the policy, it will have no records in this fact table.
Columns
  asset_id bigint The unique identifier of the asset.
policy_id bigint The unique identifier of the policy.
scan_id bigint The unique identifier of the scan.
date_tested timestamp The time at which the policy was tested against the asset.
compliant_rules integer The total number of rules for which the asset passed in the most recent scan for this policy.
noncompliant_rules integer The total number of rules for which the asset failed in the most recent scan for this policy
not_applicable_rules integer The total number of rules that were not applicable to the asset in the most recent scan for this policy.
rule_compliance float8 The ratio of passing results for the rules to the total number of scorable rules for this policy.
Indexes
fact_asset_policy_pkey ON asset_id, policy_id
fact_asset_policy_asset_id ON asset_id
fact_asset_policy_policy_id ON policy_id
fact_asset_policy_scan_id ON scan_id
Foreign Keys
asset_id_fk (asset_id) references dim_asset (asset_id)
policy_id_fk (policy_id) references dim_policy (policy_id)
scan_id_fk (scan_id) references dim_scan (scan_id)

fact_asset_policy_date

Periodic snapshot fact for asset policy records. This fact table is a date-based snapshot of the fact_asset_policy table. During each export process, the current data is appended to this fact table.
Columns
  day date The date the snapshot was recorded.
asset_id bigint The unique identifier of the asset.
policy_id bigint The unique identifier of the policy.
scan_id bigint The unique identifier of the scan.
date_tested timestamp The time at which the policy was tested against the asset.
compliant_rules integer The total number of rules for which the asset passed in the most recent scan for this policy.
noncompliant_rules integer The total number of rules for which the asset failed in the most recent scan for this policy
not_applicable_rules integer The total number of rules that were not applicable to the asset in the most recent scan for this policy.
rule_compliance float8 The ratio of passing results for the rules to the total number of scorable rules for this policy.
Indexes
fact_asset_policy_date_pkey ON day, asset_id, policy_id
Foreign Keys
asset_id_fk (asset_id) references dim_asset (asset_id)
policy_id_fk (policy_id) references dim_policy (policy_id)
scan_id_fk (scan_id) references dim_scan (scan_id)

fact_asset_policy_rule

Accumulating snapshot of policy rules results on an asset. This fact provides a record for each policy rule that was tested on an asset in its most recent scan.
Columns
  asset_id bigint The unique identifier of the asset.
rule_id bigint The unique identifier of the policy rule.
policy_id bigint The unique identifier of the policy.
scan_id bigint The unique identifier of the scan.
Nullable override_id bigint The identifier of a policy override effectively overriding a rule test result on the asset. If there are more than one such overrides, the last submitted one will take precedent over the rest.
  Nullable override_ids _int8 The array identifiers of policy overrides potentially overriding a rule test result on an asset.
date_tested timestamp The time at which the policy rule was tested against the asset.
status text The rule compliance status on an asset.
Indexes
fact_asset_policy_rule_pkey ON asset_id, rule_id
fact_asset_policy_rule_asset_id ON asset_id
fact_asset_policy_rule_override_id ON override_id
fact_asset_policy_rule_policy_id ON policy_id
fact_asset_policy_rule_rule_id ON rule_id
fact_asset_policy_rule_scan_id ON scan_id
Foreign Keys
asset_id_fk (asset_id) references dim_asset (asset_id)
policy_id_fk (policy_id) references dim_policy (policy_id)
rule_id_fk (rule_id) references dim_policy_rule (rule_id)
override_id_fk (override_id) references dim_policy_rule_override (override_id)
scan_id_fk (scan_id) references dim_scan (scan_id)

fact_asset_policy_rule_check

Accumulating snapshot of policy rule check results on an asset. This fact provides a record for each policy rule check that was tested on an asset in its most recent scan.
Columns
  result_id bigint The unique identifier of the rule check result.
asset_id bigint The unique identifier of the asset.
policy_id bigint The unique identifier of the policy.
rule_id bigint The unique identifier of the policy rule.
scan_id bigint The unique identifier of the scan.
Nullable override_id bigint The identifier of a policy override effectively overriding a rule test result on the asset. If there are more than one such overrides, the last submitted one will take precedent over the rest.
  Nullable override_ids _int8 The array identifiers of policy overrides potentially overriding a rule test result on an asset.
date_tested timestamp The time at which the policy rule check was tested against the asset.
check_result text The rule check result on an asset.
  Nullable proof text The proof gathered during the evaluation of the rule check on the asset.
Indexes
fact_asset_policy_rule_check_pkey ON result_id
fact_asset_policy_rule_check_asset_id ON asset_id
fact_asset_policy_rule_check_override_id ON override_id
fact_asset_policy_rule_check_policy_id ON policy_id
fact_asset_policy_rule_check_rule_id ON rule_id
fact_asset_policy_rule_check_scan_id ON scan_id
Foreign Keys
asset_id_fk (asset_id) references dim_asset (asset_id)
policy_id_fk (policy_id) references dim_policy (policy_id)
rule_id_fk (rule_id) references dim_policy_rule (rule_id)
override_id_fk (override_id) references dim_policy_rule_override (override_id)
scan_id_fk (scan_id) references dim_scan (scan_id)

fact_asset_policy_rule_test

Accumulating snapshot of policy rule test results on an asset. These results include each system configuration entity tested.
Columns
  test_key text The unique identifier of the policy rule test.
rule_id bigint The unique identifier of the rule.
asset_id bigint The unique identifier of the asset.
test_result text The result of the policy rule test. Possible values are 'true', 'false', 'unknown', 'error', 'not_evaluated', and 'not_applicable'
entity_name text The name of the object or state entity that was tested.
entity_operation text The operation applied to the entity to determine a result.
  Nullable entity_value text The expected value we are testing the entity for.
  Nullable object_key text The unique identifier of the policy rule test object.
  Nullable object_collection_flag text A flag indicating the collection status of the policy rule test object.
  Nullable state_key text The unique identifier of the policy rule test state.
  Nullable collected_entity_value text The collected value for the entity.
  Nullable location text The location of the system configuration entity tested on the asset.
  Nullable test_result_id bigint The unique identifier of a policy rule test result. Multiple rows in this table can be associated with a single policy rule test result.
Indexes
fact_asset_policy_rule_test_pkey ON test_key, rule_id, asset_id
fact_asset_policy_rule_test_id ON asset_id, rule_id
Foreign Keys
asset_id_fk (asset_id) references dim_asset (asset_id)
rule_id_fk (rule_id) references dim_policy_rule (rule_id)
test_key_rule_id_fk (test_key, rule_id) references dim_policy_rule_test (test_key, rule_id)

fact_asset_vulnerability_finding

Accumulating snapshot fact for all current vulnerability findings on an asset. This fact is a convenience rollup for the fact_asset_vulnerability_instance fact and provides a record for each vulnerability finding on every asset. If an asset was not vulnerable to any vulnerabilities (or all instances are excluded), it will have no records in this fact table. If multiple instances of a vulnerability are found on the same asset they will be aggregated together in the instances count. This fact table should be the preferred level of grain when instance-level details (such as the port and proof) are not required. To access exploitability information for the finding refer to fact_asset_vulnerability_finding_exploit.
Columns
  asset_id bigint The unique identifier of the asset.
vulnerability_id integer The unique identifier of the vulnerability.
date timestamp The time at which the vulnerability was first found on the asset. This is the earliest date any instance on the asset was found.
  Nullable reintroduced_date timestamp The date on which the vulnerability was reintroduced on the asset following a previous remediation.
vulnerability_instances bigint The number of instances of this finding on the asset.
  Nullable critical_vulnerabilities bigint The number of critical vulnerabilities this finding represents. Either 1 if the vulnerablity finding is critical, 0 otherwise.
  Nullable severe_vulnerabilities bigint The number of severe vulnerabilities this finding represents. Either 1 if the vulnerablity finding is severe, 0 otherwise.
  Nullable moderate_vulnerabilities bigint The number of moderate vulnerabilities this finding represents. Either 1 if the vulnerablity finding is moderate, 0 otherwise.
  Nullable malware_kits integer The the count of malware kits associated to the vulnerability.
  Nullable exploits integer The the count of exploits associated to the vulnerability.
  Nullable vulnerabilities_with_malware_kit integer The number of vulnerabilities this finding represents that have malware kits. Either 1 if the vulnerablity finding has malware_kits, 0 otherwise.
  Nullable vulnerabilities_with_exploit integer The number of vulnerabilities this finding represents that have exploits. Either 1 if the vulnerablity finding has exploits, 0 otherwise.
  Nullable raw_risk_score float8 The raw risk score for the vulnerability of this finding.
  Nullable risk_score float8 The risk score for the vulnerability of this finding.
  Nullable pci_failures bigint The number of PCI failures for the vulnerability. Either 1 if the vulnerablity finding is would caused a PCI failure, 0 otherwise.
validated bool DEFAULT false Whether the vulnerability has been validated (e.g. using Metasploit).
Foreign Keys
asset_id_fk (asset_id) references dim_asset (asset_id)
vulnerability_id_fk (vulnerability_id) references dim_vulnerability (vulnerability_id)

fact_asset_vulnerability_finding_date

Periodic snapshot fact for vulnerability findings on an asset. This fact table is a date-based snapshot of the fact_asset_vulnerability_finding table. During each export process, the current data is appended to this fact table.
Columns
  day date The date the snapshot was recorded.
asset_id bigint The unique identifier of the asset.
vulnerability_id integer The unique identifier of the vulnerability.
date timestamp The time at which the vulnerability was first found on the asset. This is the earliest date any instance on the asset was found.
  Nullable reintroduced_date timestamp The date on which the vulnerability was reintroduced on the asset following a previous remediation.
  Nullable critical_vulnerabilities bigint The number of critical vulnerabilities this finding represents. Either 1 if the vulnerablity finding is critical, 0 otherwise.
  Nullable severe_vulnerabilities bigint The number of severe vulnerabilities this finding represents. Either 1 if the vulnerablity finding is severe, 0 otherwise.
  Nullable moderate_vulnerabilities bigint The number of moderate vulnerabilities this finding represents. Either 1 if the vulnerablity finding is moderate, 0 otherwise.
  Nullable malware_kits integer The the count of malware kits associated to the vulnerability.
  Nullable exploits integer The the count of exploits associated to the vulnerability.
  Nullable vulnerabilities_with_malware_kit integer The number of vulnerabilities this finding represents that have malware kits. Either 1 if the vulnerablity finding has malware_kits, 0 otherwise.
  Nullable vulnerabilities_with_exploit integer The number of vulnerabilities this finding represents that have exploits. Either 1 if the vulnerablity finding has exploits, 0 otherwise.
vulnerability_instances bigint The number of instances of this finding on the asset.
  Nullable raw_risk_score float8 The raw risk score for the vulnerability of this finding.
  Nullable risk_score float8 The risk score for the vulnerability of this finding.
  Nullable pci_failures bigint The number of PCI failures for the vulnerability. Either 1 if the vulnerablity finding is would caused a PCI failure, 0 otherwise.
  Nullable validated bool DEFAULT false Whether the vulnerability has been validated (e.g. using Metasploit).
Indexes
fact_asset_vulnerability_finding_date_pkey ON day, asset_id
fact_asset_vulnerability_finding_date_id ON day, asset_id, vulnerability_id
fact_asset_vulnerability_finding_date_vuln_id ON vulnerability_id
Foreign Keys
asset_id_fk (asset_id) references dim_asset (asset_id)
vulnerability_id_fk (vulnerability_id) references dim_vulnerability (vulnerability_id)

fact_asset_vulnerability_finding_exploit

Accumulating snapshot fact for all current vulnerability findings on an asset that are known to be exploitable. This fact is a convenience rollup for the fact_asset_vulnerability_instance fact and provides a record for each vulnerability finding on every asset that is exploitable. If an asset was not vulnerable to an exploitable vulnerability (or all instances are excluded), it will have no records in this fact table. Each row represents one unique exploit, and either the malware_kit_id or exploit_id is guaranteed to be non-null. This fact table should be the preferred level of grain when instance-level details (such as the port and proof) are not required.
Columns
  asset_id bigint The unique identifier of the asset.
vulnerability_id integer The unique identifier of the vulnerability.
Nullable exploit_id integer The unique identifier of the exploit.
Nullable malware_kit_id integer The unique identifier of the malware_kit_id.
Foreign Keys
asset_id_fk (asset_id) references dim_asset (asset_id)
exploit_id_fk (exploit_id) references dim_vulnerability_exploit (exploit_id)
malware_kit_id_fk (malware_kit_id) references dim_vulnerability_malware_kit (malware_kit_id)
vulnerability_id_fk (vulnerability_id) references dim_vulnerability (vulnerability_id)

fact_asset_vulnerability_finding_exploit_remediation

Accumulating snapshot fact for all current vulnerability findings on an asset that are known to be exploitable and the solution(s) that remediate them. This fact is a convenience rollup for the fact_asset_vulnerability_finding_exploit_remediation fact and provides the best solution(s) to remediate an exploitable vulnerability finding.
Columns
  asset_id bigint The unique identifier of the asset.
vulnerability_id integer The unique identifier of the vulnerability.
solution_id integer The unique identifier of the solution.
Nullable exploit_id integer The unique identifier of the exploit.
Nullable malware_kit_id integer The unique identifier of the malware_kit_id.
Foreign Keys
asset_id_fk (asset_id) references dim_asset (asset_id)
solution_id_fk (solution_id) references dim_solution (solution_id)
exploit_id_fk (exploit_id) references dim_vulnerability_exploit (exploit_id)
malware_kit_id_fk (malware_kit_id) references dim_vulnerability_malware_kit (malware_kit_id)
vulnerability_id_fk (vulnerability_id) references dim_vulnerability (vulnerability_id)

fact_asset_vulnerability_finding_remediation

Accumulating snapshot fact that describes the impact of applying a rollup solution to a vulnerability on an asset. For every rollup solution that is selected for an asset a record will be present in this fact that summaries the result of applying that solution to a vulnerability. Note, this fact does not calculate the impact of solutions that are not the highest level of rollup.
Columns
asset_id bigint The unique identifier of the asset.
Nullable vulnerability_id integer The unique identifier of the vulnerability.
Nullable solution_id integer The unique identifier of the solution.
  Nullable date timestamp The time at which the vulnerability was first found on the asset. This is the earliest date any instance on the asset was found.
  Nullable reintroduced_date timestamp The date on which the vulnerability was reintroduced on the asset following a previous remediation.
critical_vulnerabilities bigint The number of critical vulnerabilities that will be remediated. Either 1 if the vulnerablity finding is critical, 0 otherwise.
severe_vulnerabilities bigint The number of severe vulnerabilities that will be remediated. Either 1 if the vulnerablity finding is severe, 0 otherwise.
moderate_vulnerabilities bigint The number of moderate vulnerabilities that will be remediated. Either 1 if the vulnerablity finding is moderate, 0 otherwise.
malware_kits integer The the count of malware kits associated to the vulnerability that will be remediated.
exploits integer The sum of the count of vulnerabilities with exploits on each asset that will be remediated.
vulnerabilities_with_malware_kit integer The sum of the count of vulnerabilities with malware on each asset that will be remediated.
vulnerabilities_with_exploit integer The sum of the count of vulnerabilities with exploits on each asset that will be remediated.
vulnerability_instances bigint The sum of all the vulnerabilities instances on any asset that will be remediated.
raw_risk_score float8 The amount of raw risk score that will be reduced by applying the remediation for the vulnerability.
risk_score float8 The amount of risk score that will be reduced by applying the remediation for the vulnerability.
pci_failures bigint The number of PCI failures that will be resolved by appyling the remediation for the vulnerability.
Foreign Keys
asset_id_fk (asset_id) references dim_asset (asset_id)
solution_id_fk (solution_id) references dim_solution (solution_id)
vulnerability_id_fk (vulnerability_id) references dim_vulnerability (vulnerability_id)

fact_asset_vulnerability_instance

Accumulating snapshot fact for all current vulnerability instances on an asset. This fact provides a record for each vulnerability instance on every asset. If an asset is not vulnerable to any vulnerabilities (or all vulnerabilities have been excluded) it will have no records in this fact table.
Columns
  asset_id bigint The unique identifier of the asset.
vulnerability_id integer The unique identifier of the vulnerability.
date timestamp The time at which the vulnerability was first found on the asset. This is the earliest date any instance on the asset was found.
  Nullable reintroduced_date timestamp The date on which the vulnerability was reintroduced on the asset following a previous remediation.
status text The status of the vulnerability, one of the values: 'Confirmed vulnerability', 'Vulnerable version', 'Potential vulnerability'
  Nullable proof text Free-form text that describes the proof which explains why the vulnerability is present on the asset. The proof is represented using HTML markup that can be "flattened" using the htmlToText() function.
  Nullable key text Optional secondary identifier for a vulnerability result that can distinguish the result from other vulnerability instances of the same type on the system, but found in different locations (e.g. URLs).
Nullable service text The service this vulnerability test was performed against. If the vulnerability was detected without a network-based service, the value will be NULL.
Nullable port integer The port on which the service was running if the vulnerability was found through a network service. If the vulnerability was not found in the network service, the value is NULL. The data within this column will only contain valid port numbers (0 - 65535).
Nullable protocol text The protocol that the service was using on which the vulnerability was found. If the vulnerability was not found on a network service, the value is NULL.
Indexes
fact_asset_vulnerability_instance_date ON date
fact_asset_vulnerability_instance_id ON asset_id, vulnerability_id
fact_asset_vulnerability_instance_port_protocol ON port, protocol
fact_asset_vulnerability_instance_service ON service, port, protocol
fact_asset_vulnerability_instance_status ON status
Foreign Keys
asset_id_fk (asset_id) references dim_asset (asset_id)
vulnerability_id_fk (vulnerability_id) references dim_vulnerability (vulnerability_id)

fact_asset_vulnerability_remediation_date

Periodic snapshot fact for vulnerability remediations on an asset. If a vulnerability has been remediated on an asset since the last export period, a row will be present in this table. Remediation includes the application of vulnerability exceptions.
Columns
  day date The date the snapshot was recorded.
asset_id bigint The unique identifier of the asset.
vulnerability_id integer The unique identifier of the vulnerability.
Indexes
fact_asset_vulnerability_remediation_date_id ON day, asset_id, vulnerability_id
fact_asset_vulnerability_remediation_date_vuln_id ON vulnerability_id
fact_asset_vulnerability_remediation_date_pkey ON day, asset_id
Foreign Keys
asset_id_fk (asset_id) references dim_asset (asset_id)
vulnerability_id_fk (vulnerability_id) references dim_vulnerability (vulnerability_id)

fact_policy

Accumulating snapshot fact table for a policy. This is a convenience fact to rollup assets by the policy to measure the policy's overall compliance.
Columns
  policy_id bigint The unique identifier of the policy.
rule_compliance float8 The ratio of rules passing across all tested assets to the total number of scorable rules across all tested assets for this policy.
total_assets bigint The total number of tested assets with applicable results. An asset has applicable results if at least one rule has a pass or fail status. An asset with all rule status.
compliant_assets bigint The number of assets passing all scorable rules in the policy.
noncompliant_assets bigint The number of assets failing at least one scorable rule in the policy.
asset_compliance float8 The ratio of assets passing all scorable rules in the policy to the total number of assets tested with the policy.
Indexes
fact_policy_policy_id ON policy_id
Foreign Keys
policy_id_fk (policy_id) references dim_policy (policy_id)

fact_policy_date

Periodic snapshot fact for policies. This fact table is a date-based snapshot of the fact_policy table. During each export process, the current data is appended to this fact table.
Columns
  day date The date the snapshot was recorded.
policy_id bigint The unique identifier of the policy.
rule_compliance float8 The ratio of rules passing across all tested assets to the total number of scorable rules across all tested assets for this policy.
total_assets bigint The total number of tested assets with applicable results. An asset has applicable results if at least one rule has a pass or fail status. An asset with all rule status.
compliant_assets bigint The number of assets passing all scorable rules in the policy.
noncompliant_assets bigint The number of assets failing at least one scorable rule in the policy.
asset_compliance float8 The ratio of assets passing all scorable rules in the policy to the total number of assets tested with the policy.
Indexes
fact_policy_date_pkey ON day, policy_id
Foreign Keys
policy_id_fk (policy_id) references dim_policy (policy_id)

fact_policy_rule

Accumulating snapshot fact table for a policy rule. This is a convenience fact to rollup assets by the policy rule to measure the policy rule's asset compliance.
Columns
  rule_id bigint The unique identifier of the policy rule.
policy_id bigint The unique identifier of the policy.
compliant_assets bigint The number of assets passing the rule.
noncompliant_assets bigint The number of assets failing the rule.
not_applicable_assets bigint The number of assets not applicable to the rule. Assets not applicable to this rule are only counted if they are applicable to at least one rule in the policy.
asset_compliance float8 The ratio of the assets passing the rule to the assets tested.
Indexes
fact_policy_rule_rule_id ON rule_id
Foreign Keys
policy_id_fk (policy_id) references dim_policy (policy_id)
rule_id_fk (rule_id) references dim_policy_rule (rule_id)

fact_policy_rule_date

Periodic snapshot fact for policy rules. This fact table is a date-based snapshot of the fact_policy_rule table. During each export process, the current data is appended to this fact table.
Columns
  day date The date the snapshot was recorded.
rule_id bigint The unique identifier of the policy rule.
policy_id bigint The unique identifier of the policy.
compliant_assets bigint The number of assets passing the rule.
noncompliant_assets bigint The number of assets failing the rule.
not_applicable_assets bigint The number of assets not applicable to the rule. Assets not applicable to this rule are only counted if they are applicable to at least one rule in the policy.
asset_compliance float8 The ratio of the assets passing the rule to the assets tested.
Indexes
fact_policy_rule_date_pkey ON day, rule_id
Foreign Keys
policy_id_fk (policy_id) references dim_policy (policy_id)
rule_id_fk (rule_id) references dim_policy_rule (rule_id)

fact_scan

Transaction fact table for the results of a scan and all the asset within it. This is a convenience fact to rollup assets by scans. Only scans for assets that completed fully will be included in each fact record, but the scan may be in a non-completed state (such as paused).
Columns
  scan_id integer The unique identifier of the scan.
assets bigint The total number of assets in the scan.
vulnerabilities bigint The sum of the count of vulnerabilities on each asset. This value is equal to the sum of the critical_vulnerabilities, severe_vulnerabilities, and moderate_vulnerabilities columns.
critical_vulnerabilities bigint The sum of the count of critical vulnerabilities on each asset.
severe_vulnerabilities bigint The sum of the count of severe vulnerabilities on each asset.
moderate_vulnerabilities bigint The sum of the count of moderate vulnerabilities on each asset.
malware_kits integer The sum of the count of malware kits on each asset.
exploits integer The sum of the count of exploits on each asset.
vulnerabilities_with_malware_kit integer The sum of the count of vulnerabilities with malware on each asset.
vulnerabilities_with_exploit integer The sum of the count of vulnerabilities with exploits on each asset.
vulnerability_instances bigint The sum of the vulnerabilities instances on each asset.
raw_risk_score float8 The sum of the raw risk score of each asset.
risk_score float8 The sum of the risk score of each asset.
pci_status text The overall compliance level ('Pass' or 'Fail') according to PCI standards. The status is only 'Pass' if all assets individually have a status of 'Pass' (e.g. in fact_asset)
pci_failures bigint The sum of the total PCI failures on each asset.
validated_vulnerabilities bigint DEFAULT 0 The number of vulnerabilities that have been validated.
Indexes
fact_scan_pkey ON scan_id
Foreign Keys
scan_id_fk (scan_id) references dim_scan (scan_id)

fact_site

Accumulating snapshot fact table for a site. This is a convenience fact to rollup assets by the site(s) they belong to. If an asset belongs to more than one site, its counts will be aggregated in each and every site it belongs to. If a site has no asset, it will still have a record in this fact.
Columns
  site_id integer The unique identifier of the site.
assets bigint The total number of assets in the site.
vulnerabilities bigint The sum of the count of vulnerabilities on each asset. This value is equal to the sum of the critical_vulnerabilities, severe_vulnerabilities, and moderate_vulnerabilities columns.
critical_vulnerabilities bigint The sum of the count of critical vulnerabilities on each asset.
severe_vulnerabilities bigint The sum of the count of severe vulnerabilities on each asset.
moderate_vulnerabilities bigint The sum of the count of moderate vulnerabilities on each asset.
malware_kits integer The sum of the count of malware kits on each asset.
exploits integer The sum of the count of exploits on each asset.
vulnerabilities_with_malware_kit integer The sum of the count of vulnerabilities with malware on each asset.
vulnerabilities_with_exploit integer The sum of the count of vulnerabilities with exploits on each asset.
vulnerability_instances bigint The sum of the vulnerabilities instances on each asset.
raw_risk_score float8 The sum of the raw risk score of each asset.
risk_score float8 The sum of the risk score of each asset.
pci_status text The overall compliance level ('Pass' or 'Fail') according to PCI standards. The status is only 'Pass' if all assets individually have a status of 'Pass' (e.g. in fact_asset)
pci_failures bigint The sum of the total PCI failures on each asset.
validated_vulnerabilities bigint DEFAULT 0 The number of vulnerabilities that have been validated.
Indexes
fact_site_pkey ON site_id
Foreign Keys
site_id_fk (site_id) references dim_site (site_id)

fact_site_date

Periodic snapshot fact for sites. This fact table is a date-based snapshot of the fact_site table. During each export process, the current data is appended to this fact table.
Columns
  day date The date the snapshot was recorded.
site_id integer The unique identifier of the site.
assets bigint The total number of assets in the site.
vulnerabilities bigint The sum of the count of vulnerabilities on each asset. This value is equal to the sum of the critical_vulnerabilities, severe_vulnerabilities, and moderate_vulnerabilities columns.
critical_vulnerabilities bigint The sum of the count of critical vulnerabilities on each asset.
severe_vulnerabilities bigint The sum of the count of severe vulnerabilities on each asset.
moderate_vulnerabilities bigint The sum of the count of moderate vulnerabilities on each asset.
malware_kits integer The sum of the count of malware kits on each asset.
exploits integer The sum of the count of exploits on each asset.
vulnerabilities_with_malware_kit integer The sum of the count of vulnerabilities with malware on each asset.
vulnerabilities_with_exploit integer The sum of the count of vulnerabilities with exploits on each asset.
vulnerability_instances bigint The sum of the vulnerabilities instances on each asset.
raw_risk_score float8 The sum of the raw risk score of each asset.
risk_score float8 The sum of the risk score of each asset.
pci_status text The overall compliance level ('Pass' or 'Fail') according to PCI standards. The status is only 'Pass' if all assets individually have a status of 'Pass' (e.g. in fact_asset)
pci_failures bigint The sum of the total PCI failures on each asset.
validated_vulnerabilities bigint DEFAULT 0 The number of vulnerabilities that have been validated.
Indexes
fact_site_date_pkey ON day, site_id
Foreign Keys
site_id_fk (site_id) references dim_site (site_id)

fact_tag

Accumulating snapshot fact for the summary information of a tag. This is a convenience fact for rolling up the information for assets that are tagged with a tag. The summary information provided is based on the most recent data for each asset in the membership of the tag. If a tag has no assets, there will be a fact record with zero counts.
Columns
  tag_id integer The unique identifier of the tag.
assets bigint The total number of accessible assets associated to the tag. If the tag has no accessible assets in the current scope or membership, this value can be zero.
vulnerabilities bigint The sum of the count of vulnerabilities on each asset. This value is equal to the sum of the critical_vulnerabilities, severe_vulnerabilities, and moderate_vulnerabilities columns.
critical_vulnerabilities bigint The sum of the count of critical vulnerabilities on each asset.
severe_vulnerabilities bigint The sum of the count of severe vulnerabilities on each asset.
moderate_vulnerabilities bigint The sum of the count of moderate vulnerabilities on each asset.
malware_kits integer The sum of the count of malware kits on each asset.
exploits integer The sum of the count of exploits on each asset.
vulnerabilities_with_malware_kit integer The sum of the count of vulnerabilities with malware on each asset.
vulnerabilities_with_exploit integer The sum of the count of vulnerabilities with exploits on each asset.
vulnerability_instances bigint The sum of the vulnerabilities instances on each asset.
raw_risk_score float8 The sum of the raw risk score of each asset in the tag.
risk_score float8 The sum of the risk score of each asset in the tag.
pci_status text The overall compliance level ('Pass' or 'Fail') of the tag according to PCI standards. The status is only 'Pass' if all assets in the tag individually have a status of 'Pass'(e.g. in fact_asset)
pci_failures bigint The sum of the total PCI failures on each asset in the group.
validated_vulnerabilities bigint DEFAULT 0 The number of vulnerabilities that have been validated.
Indexes
fact_tag_pkey ON tag_id
Foreign Keys
tag_id_fk (tag_id) references dim_tag (tag_id)

fact_tag_date

Periodic snapshot fact for tags. This fact table is a date-based snapshot of the fact_tag table. During each export process, the current data is appended to this fact table.
Columns
  day date The date the snapshot was recorded.
tag_id integer The unique identifier of the tag.
assets bigint The total number of accessible assets associated to the tag. If the tag has no accessible assets in the current scope or membership, this value can be zero.
vulnerabilities bigint The sum of the count of vulnerabilities on each asset. This value is equal to the sum of the critical_vulnerabilities, severe_vulnerabilities, and moderate_vulnerabilities columns.
critical_vulnerabilities bigint The sum of the count of critical vulnerabilities on each asset.
severe_vulnerabilities bigint The sum of the count of severe vulnerabilities on each asset.
moderate_vulnerabilities bigint The sum of the count of moderate vulnerabilities on each asset.
malware_kits integer The sum of the count of malware kits on each asset.
exploits integer The sum of the count of exploits on each asset.
vulnerabilities_with_malware_kit integer The sum of the count of vulnerabilities with malware on each asset.
vulnerabilities_with_exploit integer The sum of the count of vulnerabilities with exploits on each asset.
vulnerability_instances bigint The sum of the vulnerabilities instances on each asset.
raw_risk_score float8 The sum of the raw risk score of each asset in the tag.
risk_score float8 The sum of the risk score of each asset in the tag.
pci_status text The overall compliance level ('Pass' or 'Fail') of the tag according to PCI standards. The status is only 'Pass' if all assets in the tag individually have a status of 'Pass'(e.g. in fact_asset)
pci_failures bigint The sum of the total PCI failures on each asset in the group.
validated_vulnerabilities bigint DEFAULT 0 The number of vulnerabilities that have been validated.
Indexes
fact_tag_date_pkey ON day, tag_id
Foreign Keys
tag_id_fk (tag_id) references dim_tag (tag_id)

fact_vulnerability

Accumulating snapshot fact for a vulnerability. This convenience fact rolls up assets by the vulnerabilities they are vulnerable to. Each row represents one distinct vulnerability and the results for that vulnerability. If no assets are vulnerable to a vulnerability there will still be a record in this fact table. There will always be one row in this fact table for every vulnerability defined in the dim_vulnerability dimension.
Columns
  vulnerability_id integer The unique identifier of the vulnerability.
affected_assets bigint The total number of assets vulnerable to this vulnerability.
affected_sites bigint The total number of sites with at least one asset vulnerable to this vulnerability.
vulnerability_instances bigint The total number of instances across all assets of this vulnerability.
  Nullable first_discovered timestamp The date at which this vulnerability was first discovered on any asset that is still presently vulnerable to the vulnerability.
  Nullable most_recently_discovered timestamp The data at which the vulnerability was most recently discovered on any asset that is currently vulnerable to the vulnerability.
Indexes
fact_vulnerability_pkey ON vulnerability_id
Foreign Keys
vulnerability_id_fk (vulnerability_id) references dim_vulnerability (vulnerability_id)

fact_vulnerability_date

Periodic snapshot fact for vulnerabilities. This fact table is a date-based snapshot of the fact_vulnerability table. During each export process, the current data is appended to this fact table.
Columns
  day date The date the snapshot was recorded.
vulnerability_id integer The unique identifier of the vulnerability.
affected_assets bigint The total number of assets vulnerable to this vulnerability.
affected_sites bigint The total number of sites with at least one asset vulnerable to this vulnerability.
vulnerability_instances bigint The total number of instances across all assets of this vulnerability.
  Nullable first_discovered timestamp The date at which this vulnerability was first discovered on any asset that is still presently vulnerable to the vulnerability.
  Nullable most_recently_discovered timestamp The data at which the vulnerability was most recently discovered on any asset that is currently vulnerable to the vulnerability.
Indexes
fact_vulnerability_date_pkey ON day, vulnerability_id
Foreign Keys
vulnerability_id_fk (vulnerability_id) references dim_vulnerability (vulnerability_id)

periods

Stores the historical period information indicating when the warehouse was updated during an ETL process. This can be used to determine what dates the warehouse has data for, particularly for trending and temporal-oriented queries.
Columns
  day date The date an export took place.
Indexes
periods_id ON day

version

Stores the current version of the schema the warehouse is using. This information is used to perform upgrades over time, and is not a native part of the dimensional model.
Columns
  version integer The current database schema version of this warehouse.

Functions

age(date, unit)

Function that determines the age, which is the amount of units the specified date is from the current date, and returns a formatted numeric value. The age that is returned is calculated using naive calendar mathematics, and does not take into account variable month duration, daylight savings time, or leap years.
Input
date TIMESTAMP WITHOUT TIME ZONE The date to compute the age for.
unit TEXT The unit of the computation. One of the following: "years", "months", "weeks", "days", "hours", or "minutes".
Output
NUMERIC The value of the age, in the unit specified, with a precision based on the input.

htmlToText(html, stripNewlines)

Function that removes the proprietary markup embedded within an HTML-based description so that it can be displayed as raw text within the output of a report. If the text contains embedded HTML markup, it will be unescaped for presentation as HTML/code, including stripping leading and trailing whitespace. The boolean parameter indicates whether newlines and carriage returns should be remove from the HTML (defaults to true).
Input
html TEXT The HTML text to convert.
stripNewlines TEXT Whether to remove newlines from the output. Defaults to true.
Output
TEXT Converted text from the HTML input, with all HTML markup removed and replaced with textual equivalents.

periodAfter(date)

Returns the period that occurred on or after the specified date. This returns the last export that occurred in the warehouse after the date specified.
Input
date DATE The date to compute the age for.
Output
DATE The date that the warehouse last had data exported into it on or after the specified date.

periodBefore(date)

Returns the period that occurred on or after the specified date. This returns the last export that occurred in the warehouse after the date specified.
Input
date DATE The date to compute the age for.
Output
DATE The date that the warehouse last had data exported into it on or after the specified date.

Aggregates

baselineComparison(state, currentState)

Custom aggregate function that aggregates over values within two different states, old and new. The state is defined as an identifier that is historical in nature (e.g. scans). The aggregate function is passed two values. The first value is the instance of a state (old or new). The second value is the identifier of the newest state, and will be expected to be the same for each pair within the aggregation. The order in which the state is aggregated has no effect on the result of the aggregation. The result of the aggregate function is a determination of the change (or lack of change) between the two states that are provided. If a value in the old state remains the same as a value in the new state (present in both), then the result is "Same". If a value in old state does not occur within the new state (only present in old), then the result is "Old". If a value in the new state does not occur within the old state (only present in new), then the result is "New". Only one of these three values will be returned. If there are multiple values in either the old or new state with the same identifier, they are considered the same (this aggregate does not perform any counting of occurrences of a value in the state).
Input
state BIGINT The input state (either old or new) identifier.
currentState BIGINT The current state identifier.
Output
TEXT A value indicating whether the baseline evaluates to "New", "Old", or "Same".

csv(values)

Custom aggregate function that aggregates multiple text values into a comma-separate value string. This is equivalent to manually aggregating the following way: array_to_string(array_agg(column), ',')
Input
values TEXT The column with the textual values to delimit.
Output
TEXT A comma-separated list of the values for the column specified.

maximumSeverity(severity)

Aggregate function that aggregates multiple severity values to select a single maximum severity value.
Input
severity TEXT The severity values to aggregate over.
Output
TEXT The maximum severity value from those specified. Will be either "Critical", "Severe", "Moderate" or NULL if no values were specified.

minimumSkillLevel(skillLevel)

Aggregate function that aggregates multiple skill level values to select the minimum skill level.
Input
skillLevel TEXT The skill level values to aggregate over.
Output
TEXT The minimum skill level from the values specified. Will be either "Novice", "Intermediate", "Expert", or NULL if no values were specified.