Understanding the reporting data model: Facts

Facts are provided by the Reporting Data Model. Each fact table provides access to only information allowed by the configuration of the report.

Understanding facts

Any vulnerability status, severity or category filters will be applied in the facts, only allowing those results, findings, and counts for vulnerabilities in the scope to be exposed. Similarly, only assets within the scope of the report configuration are made available in the fact tables.

By default, all facts are interpreted to be asset-centric, and therefore expose information for all assets in the scope of the report, regardless as to whether they were configured to be in scope with the use of an asset, scan, asset group, or site selection.

Data model 2.0.0 exposes information about linking assets across sites. All previous information is still available, and in the same format. As of data model 2.0.0, there is a sites column in the dim_asset dimension that lists the sites to which an asset belongs.

For each fact, a dimensional star or snowflake schema is provided. For brevity and readability, only one level in a snowflake schema is detailed, and only two levels of dimensions are displayed. For more information on the attributes of these dimensions, refer to the Dimensions section below.

When dates are displayed as measures of facts, they will always be converted to match the time zone specified in the report configuration.

Only data from fully completed scans of assets are included in the facts. Results from aborted or interrupted scans will not be included.

Common measures

It will be helpful to keep in mind some characteristics of certain measures that appear in the following tables.

asset_compliance

asset_compliance

This attribute measures the ratio of assets that are compliant with the policy rule to the total number of assets that were tested for the policy rule.

assets

assets

This attribute measures the number of assets within a particular level of aggregation.

compliant_assets

compliant_assets

This attribute measures the number of assets that are compliant with the policy rule (taking into account policy rule overrides).

exploits

exploits

This attribute measures the number of distinct exploit modules that can be used exploit vulnerabilities on each asset. When the level of grain aggregates multiple assets, the total is the summation of the exploits value for each asset. If there are no vulnerabilities found on the asset or there are no vulnerabilities that can be exploited with a exploit module, the count will be zero.

malware_kits

malware_kits

This attribute measures the number of distinct malware kits that can be used exploit vulnerabilities on each asset. When the level of grain aggregates multiple assets, the total is the summation of the malware kits value for each asset. If there are no vulnerabilities found on the asset or there are no vulnerabilities that can be exploited with a malware kit, the count will be zero.

noncompliant_assets

noncompliant_assets

This attribute measures the number of assets that are not compliant with the policy rule (taking into account policy rule overrides).

not_applicable_assets

not_applicable_assets

This attribute measures the number of assets that are not applicable for the policy rule (taking into account policy rule overrides).

riskscore

riskscore

This attribute measures the risk score of each asset, which is based on the vulnerabilities found on that asset. When the level of grain aggregates multiple assets, the total is the summation of the riskscore value for each asset.

rule_compliance

rule_compliance

This attribute measures the ratio of policy rule test result that are compliant or not applicable to the total number of rule test results.

vulnerabilities

vulnerabilities

This attribute measures the number of vulnerabilities discovered on each asset. When the level of grain aggregates multiple assets, the total is the summation of the vulnerabilities on each asset.

If a vulnerability was discovered multiple times on the same asset, it will only be counted once per asset. This count may be zero if no vulnerabilities were found vulnerable on any asset in the latest scan, or if the scan was not configured to perform vulnerability checks (as in the case of discovery scans).

The vulnerabilities count is also provided for each severity level:

  • Critical: The number of vulnerabilities that are critical.
  • Severe: The number of vulnerabilities that are severe.
  • Moderate: The number of vulnerabilities that are moderate.
vulnerabilities_with_exploit

vulnerabilities_with_exploit

This attribute measures the total number of a vulnerabilities on all assets that can be exploited with a published exploit module. When the level of grain aggregates multiple assets, the total is the summation of the vulnerabilities_with_exploit value for each asset. This value is guaranteed to be less than the total number of vulnerabilities. If no vulnerabilities are present, or none are subject to an exploit, the value will be zero.

vulnerabilities_with_malware_kit

vulnerabilities_with_malware_kit

This attribute measures the number of vulnerabilities on each asset that are exploitable with a malware kit. When the level of grain aggregates multiple assets, the total is the summation of the vulnerabilities_with_malware_kit value for each asset. This value is guaranteed to be less than the total number of vulnerabilities. If no vulnerabilities are present, or none are subject to a malware kit, the value will be zero.

vulnerability_instances

vulnerability_instances

This attribute measures the number of occurrences of all vulnerabilities found on each asset. When the level of grain aggregates multiple assets, the total is the summation of the vulnerability_instances value for each asset. This value will count each instance of a vulnerability on each asset. This value may be zero if no instances were tested or found vulnerable (e.g. discover scans).

Attributes with a timestamp datatype, such as a first_discovered, honor the time zone specified in the report configuration.

Fact_all

fact_all

fact_all

Level of Grain: The summary of the current state of all assets within the scope of the report.

Fact Type: accumulating snapshot

Description: Summaries of the latest vulnerability details across the entire report. This is an accumulating snapshot fact that updates after every scan of any asset within the report completes. This fact will include the data for the most recent scan of each asset that is contained within the scope of the report. As the level of aggregation is all assets in the report, this fact table is guaranteed to return one and only one row always.

Columns

ColumnData TypeNullableDescriptionAssociated Dimension
vulnerabilitiesbigintNoThe number of vulnerabilities across all assets.
critical_vulnerabilitiesbigintNoThe number of critical vulnerabilities across all assets.
severe_vulnerabilitiesbigintNoThe number of severe vulnerabilities across all assets.
moderate_vulnerabilitiesbigintNoThe number of moderate vulnerabilities across all assets.
malware_kitsintegerNoThe number of malware kits across all assets.
exploitsintegerNoThe number of exploit modules across all assets.
vulnerabilities_with_malware_kitintegerNoThe number of vulnerabilities with a malware kit across all assets.
vulnerabilities_with_exploitintegerNoThe number of vulnerabilities with an exploit module across all assets.
vulnerability_instancesbigintNoThe number of vulnerability instances across all assets.
riskscoredouble precisionNoThe risk score across all assets.
pci_statustextNoThe PCI compliance status; either Pass or Fail.

Dimensional model

fact_asset

fact_asset

Level of Grain: An asset and its current summary information.

Fact Type: accumulating snapshot

Description: The fact_asset fact table provides the most recent information for each asset within the scope of the report. For every asset in scope there will be one record in the fact table.

Columns

ColumnData TypeNullableDescriptionAssociated Dimension
asset_idbigintNoThe identifier of the asset.dim_asset
last_scan_idbigintNoThe identifier of the scan with the most recent information being summarized.dim_scan
scan_startedtimestamp with time zoneNoThe date and time at which the latest scan for the asset started.
scan_finishedtimestamp with time zoneNoThe date and time at which the latest scan for the asset completed.
vulnerabilitiesbigintNoThe number of all distinct vulnerabilities on the asset
critical_vulnerabilitiesbigintNoThe number of critical vulnerabilities on the asset.
severe_vulnerabilitiesbigintNoThe number of severe vulnerabilities on the asset.
moderate_vulnerabilitiesbigintNoThe number of moderate vulnerabilities on the asset.
malware_kitsintegerNoThe number of malware kits associated with any vulnerabilities discovered on the asset.
exploitsintegerNoThe number of exploits associated with any vulnerabilities discovered on the asset.
vulnerabilities_with_malware_kitintegerNoThe number of vulnerabilities with a known malware kit discovered on the asset.
vulnerabilities_with_exploitintegerNoThe number of vulnerabilities with a known exploit discovered on the asset.
vulnerability_instancesbigintNoThe number of vulnerability instances discovered on the asset
riskscoredouble precisionNoThe risk score of the asset.
pci_statustextNoThe PCI compliance status; either Pass or Fail.
aggregated_credential_status_idintegerNoThe status aggregated across all available services for the given asset in the given scan.dim_aggregated_credential_status

Dimensional model

fact_asset_date (startDate, endDate, dateInterval)

fact_asset_date (startDate, endDate, dateInterval)

Added in version 1.1.0

Level of Grain: An asset and its summary information on a specific date.

Fact Type: periodic snapshot

Description: This fact table provides a periodic snapshot for summarized values on an asset by date. The fact table takes three dynamic arguments, which refine what data is returned. Starting from startDate and ending on endDate, a summarized value for each asset in the scope of the report will be returned for every dateInterval period of time. This will allow trending on asset information by a customizable interval of time. In terms of a chart, startDate represents the lowest value in the range, the endDate the largest value in the range, and the dateInterval is the separation of the ticks of the range axis. If an asset did not exist prior to a summarization date, it will have no record for that date value. The summarized values of an asset represent the state of the asset in the most recent scan prior to the date being summarized; therefore, if an asset has not been scanned before the next summary interval, the values for the asset will remain the same.

For example, fact_asset_date(‘2013-01-01’, ‘2014-01-01’, INTERVAL ‘1 month’) will return a row for each asset for every month in the year 2013.

Arguments

ColumnData TypeDescription
startDatedateThe first date to return summarizations for.
endDatedateThe last date to return summarizations for.
dateIntervalintervalThe interval between the start and end date to return summarizations for.

Columns

ColumnData TypeNullableDescriptionAssociated Dimension
asset_idbigintNoThe identifier of the asset.dim_asset
last_scan_idbigintNoThe identifier of the scan with the most recent information being summarized.dim_scan
scan_startedtimestamp with time zoneNoThe date and time at which the latest scan for the asset started.
scan_finishedtimestamp with time zoneNoThe date and time at which the latest scan for the asset completed.
vulnerabilitiesbigintNoThe number of all distinct vulnerabilities on the asset.
critical_vulnerabilitiesbigintNoThe number of critical vulnerabilities on the asset.
severe_vulnerabilitiesbigintNoThe number of severe vulnerabilities on the asset.
moderate_vulnerabilitiesbigintNoThe number of moderate vulnerabilities on the asset.
malware_kitsintegerNoThe number of malware kits associated with any vulnerabilities discovered on the asset.
exploitsintegerNoThe number of exploits associated with any vulnerabilities discovered on the asset.
vulnerabilities_with_malware_kitintegerNoThe number of vulnerabilities with a known malware kit discovered on the asset.
vulnerabilities_with_exploitintegerNoThe number of vulnerabilities with a known exploit discovered on the asset.
vulnerability_instancesbigintNoThe number of vulnerability instances discovered on the asset
riskscoredouble precisionNoThe risk score of the asset.
pci_statustextNoThe PCI compliance status; either Pass or Fail.
daydateNoThe date of the summarization of the asset.

Dimensional model

fact_asset_discovery

fact_asset_discovery

Level of Grain: A snapshot of the discovery dates for an asset.

Fact Type: accumulating snapshot

Description: The fact_asset_discovery fact table provides an accumulating snapshot for each asset within the scope of the report and details when the asset was first and last discovered. The discovery date is interpreted as the precise time that the asset was first communicated with during a scan, during the discovery phase of the scan. If an asset has only been scanned once both the first_discovered and last_discovered dates will be the same.

Columns

ColumnData TypeNullableDescriptionAssociated Dimension
asset_idbig_intNoThe identifier of the asset.dim_asset
first_discoveredtimestamp without timezoneNoThe date and time the asset was first discovered during any scan.
last_discoveredtimestamp without timezoneNoThe date and time the asset was last discovered during any scan.

Dimensional model

Asset Groups

fact_asset_group

fact_asset_group

Level of Grain: An asset group and its current summary information.

Fact Type: accumulating snapshot

Description: The fact_asset_group fact table provides the most recent information for each asset group within the scope of the report. Every asset group that any asset within the scope of the report is currently a member of will be available within the scope (not just those specified in the configuration of the report). There will be one fact record for every asset group in the scope of the report. As scans are performed against assets, the information in the fact table will accumulate the most recent information for the asset group (including discovery scans).

Columns

ColumnData TypeNullableDescriptionAssociated Dimension
asset_group_id (as named in versions 1.2.0 and later of the data model) group_id(as named in version 1.1.0)bigintNoThe identifier of the asset group.dim_asset_group
assetsbigintNoThe number of distinct assets associated to the asset group. If the asset group contains no assets, the count will be zero.
vulnerabilitiesbigintNoThe number of all vulnerabilities discovered on assets in the asset group.
critical_vulnerabilitiesbigintNoThe number of all critical vulnerabilities discovered on assets in the asset group.
severe_vulnerabilitiesbigintNoThe number of all severe vulnerabilities discovered on assets in the asset group.
moderate_vulnerabilitiesbigintNoThe number of all moderate vulnerabilities discovered on assets in the asset group.
malware_kitsintegerNoThe number of malware kits associated with vulnerabilities discovered on assets in the asset group.
exploitsintegerNoThe number of exploits associated with vulnerabilities discovered on assets in the asset group.
vulnerabilities_with_malware_kitintegerNoThe number of vulnerabilities with a known malware kit discovered on assets in the asset group.
vulnerabilities_with_exploitintegerNoThe number of vulnerabilities with a known exploit discovered on assets in the asset group.
vulnerability_instancesbigintNoThe number of vulnerability instances discovered on assets in the asset group.
riskscoredouble precisionNoThe risk score of the asset group.
pci_statustextNoThe PCI compliance status; either Pass or Fail.

Dimensional model

fact_asset_group_date (startDate, endDate, dateInterval)

fact_asset_group_date (startDate, endDate, dateInterval)

Added in version 1.1.0

Level of Grain: An asset group and its summary information on a specific date.

Fact Type: periodic snapshot

Description: This fact table provides a periodic snapshot for summarized values on an asset group by date. The fact table takes three dynamic arguments, which refine what data is returned. Starting from startDate and ending on endDate, a summarized value for each asset group in the scope of the report will be returned for every dateInterval period of time. This will allow trending on asset group information by a customizable interval of time. In terms of a chart, startDate represents the lowest value in the range, the endDate the largest value in the range, and the dateInterval is the separation of the ticks of the range axis. If an asset group did not exist prior to a summarization date, it will have no record for that date value. The summarized values of an asset group represent the state of the asset group prior to the date being summarized; therefore, if the assets in an asset group have not been scanned before the next summary interval, the values for the asset group will remain the same.

For example, fact_asset_group_date(‘2013-01-01’, ‘2014-01-01’, INTERVAL ‘1 month’) will return a row for each asset group for every month in the year 2013.

Arguments

ColumnData TypeNullableDescription
startDatedateNoThe first date to return summarizations for.
endDatedateNoThe last date to return summarizations for.
dateIntervalintervalNoThe interval between the start and end date to return summarizations for.

Columns

ColumnData TypeNullableDescriptionAssociated Dimension
group_idbigintNoThe identifier of the asset group.dim_asset_group
assetsbigintNoThe number of distinct assets associated to the asset group. If the asset group contains no assets, the count will be zero.
vulnerabilitiesbigintNoThe number of all vulnerabilities discovered on assets in the asset group.
critical_vulnerabilitiesbigintNoThe number of all critical vulnerabilities discovered on assets in the asset group.
severe_vulnerabilitiesbigintNoThe number of all severe vulnerabilities discovered on assets in the asset group.
moderate_vulnerabilitiesbigintNoThe number of all moderate vulnerabilities discovered on assets in the asset group.
malware_kitsintegerNoThe number of malware kits associated with vulnerabilities discovered on assets in the asset group.
exploitsintegerNoThe number of exploits associated with vulnerabilities discovered on assets in the asset group.
vulnerabilities_with_malware_kitintegerNoThe number of vulnerabilities with a known malware kit discovered on assets in the asset group.
vulnerabilities_with_exploitintegerNoThe number of vulnerabilities with a known exploit discovered on assets in the asset group.
vulnerability_instancesbigintNoThe number of vulnerability instances discovered on assets in the asset group.
riskscoredouble precisionNoThe risk score of the asset group.
pci_statustextNoThe PCI compliance status; either Pass or Fail.
daydateNoThe date of the summarization of the asset.

Dimensional model

fact_asset_group_policy_date

fact_asset_group_policy_date

Type: Periodic snapshot

Description: This fact table provides a periodic snapshot for summarized policy values on an asset group by date. The fact table takes three dynamic arguments, which refine what data is returned. Starting from startDate and ending on endDate, the summarized policy value for each asset group in the scope of the report will be returned for every dateInterval period of time. This will allow trending on asset group information by a customizable interval of time. In terms of a chart, startDate represents the lowest value in the range, the endDate the largest value in the range, and the dateInterval is the separation of the ticks of the range axis. If an asset group did not exist prior to a summarization date, it will have no record for that date value. The summarized policy values of an asset group represent the state of the asset group prior to the date being summarized; therefore, if the assets in an asset group have not been scanned before the next summary interval, the values for the asset group will remain the same.

Arguments

ColumnData TypeNullableDescription
startDatedateNoThe first date to return summarizations for.
endDatedateNoThe last date to return summarizations for.
dateIntervalintervalNoThe interval between the start and end dates to return summarizations for.

Columns

ColumnData TypeNullableDescriptionAssociated Dimension
group_idbigintYesThe unique identifier of the asset group.dim_asset
daydateNoThe date which the summarized policy scan results snapshot is taken.
policy_idbigintYesThe unique identifier of the policy within a scope.dim_policy
scopetextYesThe identifier for scope of policy. Policies that are automatically available have "Built-in" scope, whereas policies created by users have scope as "Custom".dim_policy
assetsintegerYesThe total number of assets that are in the scope of the report and associated to the asset group.
compliant_assetsintegerYesThe number of assets associated to the asset group that have not failed any while passed at least one policy rule test.
noncompliant_assetsintegerYesThe number of assets associated to the asset group that have failed at least one policy rule test.
not_applicable_assetsintegerYesThe number of assets associated to the asset group that have neither failed nor passed at least one policy rule test.
rule_compliancenumericYesThe ratio of rule test results that are compliant with or not applicable to the total number of rule test results.

Asset Policy

fact_asset_policy

fact_asset_policy

added in version 1.2.0

Level of Grain: A policy result on an asset

Fact Type: accumulating snapshot

Description: This table provides an accumulating snapshot of policy test results on an asset. It displays a record for each policy that was tested on an asset in its most recent scan. Only policies scanned within the scope of report are included.

Columns

ColumnData TypeNullableDescriptionAssociated Dimension
asset_idbigintNoThe identifier of the asset.dim_asset
last_scan_idbigintNoThe identifier of the scan.dim_scan
policy_idbigintYesThe unique identifier of the policy within a scope.dim_policy
scopetextYesThe identifier for scope of policy. Policies that are automatically available have "Built-in" scope, whereas policies created by users have scope as "Custom".dim_policy
date_testedtimestamp without timezoneNoThe end date and time for the scan of the asset that was tested for the policy, in the time zone specified in the report configuration.
compliant_rulebigintNoThe total number of each policy's rules in which all assets are compliant with the most recent scan.
noncompliant_rulesbigintThe total number of each policy's rules which at least one asset filed in the most recent scan.
not_applicable_rulesbigintThe total number of each policy's rules which at least one asset failed in the most recent scan.
rule_compliancenumericThe ratio of policy rule test results that are compliant or not applicable to the total number of rule test results.

Dimensional model

fact_asset_policy_date

fact_asset_policy_date

added in version 1.3.0

Type: Periodic snapshot

Description: This fact table provides a periodic snapshot for summarized policy values on an asset by date. The fact table takes three dynamic arguments, which refine what data is returned. Starting from startDate and ending on endDate, the summarized policy value for each asset in the scope of the report will be returned for every dateInterval period of time. This will allow trending on asset information by a customizable interval of time. In terms of a chart, startDate represents the lowest value in the range, the endDate the largest value in the range, and the dateInterval is the separation of the ticks of the range axis. If an asset did not exist prior to a summarization date, it will have no record for that date value. The summarized policy values of an asset represent the state of the asset prior to the date being summarized; therefore, if the assets in an asset group have not been scanned before the next summary interval, the values for the asset will remain the same.

Arguments

ColumnData TypeNullableDescription
startDatedateNoThe first date to return summarizations for.
endDatedateNoThe last date to return summarizations for.
dateIntervalintervalNoThe interval between the start and end dates to return summarizations for.

Columns

ColumnData TypeNullableDescriptionAssociated Dimension
asset_idbigintYesThe unique identifier of the asset.dim_asset
daydateNoThe date which the summarized policy scan results snapshot is taken.
scan_idbigintYesThe unique identifier of the scan.dim_scan
policy_idbigintYesThe unique identifier of the policy.dim_policy
scopetextYesThe identifier for scope of policy. Policies that are automatically available have "Built-in" scope, whereas policies created by users have scope as "Custom".
date_testedtimestamp without timezoneYesThe time the asset was tested with the policy rules.
compliant_rulesintegerYesThe number of rules that all assets are compliant with in the scan.
noncompliant_rulesintegerYesThe number of rules that at least one asset failed in the scan.
not_applicable_rulesintegerYesThe number of rules that are not applicable to the asset.
rule_compliancenumericYesThe ratio of rule results that are compliant or not applicable to the total number of rule test results.
fact_asset_policy_rule

fact_asset_policy_rule

added in version 1.3.0, updated in version 2.0.0

Level of Grain: A policy rule result on an asset

Fact Type: accumulating snapshot

Description: This table provides the rule results of the most recent policy scan for an asset within the scope of the report. For each rule, only assets that are subject to that rule and that have a result in the most recent scan are counted.

Columns

ColumnData TypeNullableDescriptionAssociated Dimension
asset_idbigintNoThe identifier of the asset.dim_asset
policy_idbigintNoThe identifier of the policy.dim_policy
scopetextNoThe identifier for scope of policy. Policies that are automatically available have "Built-in" scope, whereas policies created by users have scope as "Custom".
rule_idbigintNoThe identifier of the policy rule.dim_policy_rule
date_testedtimestamp without timezoneThe end date and time for the scan of the asset that was tested for the policy, in the time zone specified in the report configuration.
status_idcharacter(1)NoThe identifier of the status for the policy rule finding on the asset (taking into account policy rule overrides).dim_policy_result_status
compliancebooleanNoWhether the asset is compliant with the rule. True if and only if all of the policy checks for this rule have not failed, or the rule is overridden with the value true on the asset.
prooftextYesThe proof of the policy checks on the asset.
override_idbigintYesThe unique identifier of the policy rule override that is applied to the rule on an asset. If multiple overrides apply to the rule at different levels of scope, the identifier of the override having the true effect on the rule (latest override) is returned.dim_policy_rule_override
override_idsbigint[]YesThe unique identifiers of the policy rule override that are applied to the rule on an asset. If multiple overrides apply to the rule at different levels of scope, the identifier of each override is returned in a comma-separated list.dim_policy_rule_override
last_scan_idbigintNoThe identifier of the scan with the most recent information being summarized.dim_scan

Dimensional model

Asset Scans

fact_asset_scan

fact_asset_scan

Level of Grain: A summary of a completed scan of an asset.

Fact Type: transaction

Description: The fact_asset_scan transaction fact provides summary information of the results of a scan for an asset. A fact record will be present for every asset and scan in which the asset was fully scanned in. Only assets configured within the scope of the report and vulnerabilities filtered within the report will take part in the accumulated totals. If no vulnerabilities checks were performed during the scan, for example as a result of a discovery scan, the vulnerability related counts will be zero.

Columns

ColumnData TypeNullableDescriptionAssociated Dimension
scan_idbiginNoThe identifier of the scan.dim_scan
asset_ idbigintNoThe identifier of the asset.dim_asset
scan_startedtimestamp without timezoneNoThe time at which the scan for the asset was started.
scan_finishedtimestamp without timezoneNoThe time at which the scan for the asset completed.
vulnerabilitiesbigintNoThe number of vulnerabilities found on the asset during the scan.
critical_vulnerabilitiesbigintNoThe number of critical vulnerabilities found of the asset during the scan.
severe_vulnerabilitiesbigintNoThe number of severe vulnerabilities found of the asset during the scan.
moderate_vulnerabilitiesbigintNoThe number of moderate vulnerabilities found of the asset during the scan.
malware_kitsintegerNoThe number of malware kits associated with vulnerabilities discovered during the scan.
exploitsintegerNoThe number of exploits associated with vulnerabilities discovered during the scan.
vulnerabilities_with_malware_kitintegerNoThe number of vulnerabilities with a known malware kit discovered during the scan.
vulnerabilities_with_exploitsintegerNoThe number of vulnerabilities with a known exploit discovered during the scan.
vulnerability_instancesbigintNoThe number of vulnerability instances found discovered during the scan.
riskscoredouble precisionNoThe risk score for the scan.
pci_statustextNoThe PCI compliance status; either Pass or Fail.
aggregated_credential_status_idintegerNoThe status aggregated across all available services for the given asset in the scan.

Dimensional model

fact_asset_scan_operating_system

fact_asset_scan_operating_system

Level of Grain: An operating system fingerprint on an asset in a scan.

Fact Type: transaction

Description: The fact_asset_operating_system fact table provides the operating systems fingerprinted on an asset in a scan. The operating system fingerprints represent all the potential fingerprints collected during a scan that can be chosen as the primary or best operating system fingerprint on the asset. If an asset had no fingerprint acquired during a scan, it will have a record with values indicating an unknown fingerprint.

Columns

ColumnData TypeNullableDescriptionAssociated Dimension
scan_idbiginNoThe identifier of the scan.dim_scan
asset_ idbigintNoThe identifier of the asset.dim_asset
operating_system_idbigintNoThe identifier of the operating system that was fingerprinted on the asset in the scan. If a fingerprint was not found, the value will be -1.dim_operating_system
fingerprint_source_idintegerNoThe identifier of the source that was used to acquire the fingerprint. If a fingerprint was not found, the value will be -1.dim_fingerprint_source
certaintyrealNoA value between 0 and 1 that represents the confidence level of the fingerprint. If a fingerprint was not found, the value will be 0.

Dimensional model

fact_asset_scan_policy

fact_asset_scan_policy

Level of Grain: A policy result for an asset in a scan

Fact Type: transaction

Description: This table provides the details of policy test results on an asset during a scan. Each record provides the policy test results for an asset for a specific scan. Only policies within the scope of report are included.

Columns

As of version 1.3.0, passed_rules and failed_rules are now called compliant_rules and noncompliant_rules.

ColumnData TypeNullableDescriptionAssociated Dimension
scan_idbiginNoThe identifier of the scan.dim_scan
asset_ idbigintNoThe identifier of the asset.dim_asset
policy_idbigintNoThe identifier of the policy.dim_policy
scopetextNoThe identifier for scope of policy. Policies that are automatically available have "Built-in" scope, whereas policies created by users have scope as "Custom".
date_testedtimestamp without timezoneThe end date and time for the scan of the asset that was tested for the policy, in the timezone specified in the report configuration.
compliant_rulesbigintThe total number of each policy's rules for which the asset passed in the most recent scan.
noncompliant_rulesbigintThe total number of each policy's rules for which the asset failed in the most recent scan.
not_applicable_rulesbigintThe total number of each policy's rules that were not applicable to the asset in the most recent scan.
rule_compliancenumericThe ratio of the policy rule test result that are compliant or not applicable to the total number of rule test results.

Dimensional model

fact_asset_scan_software

fact_asset_scan_software

Level of Grain: A fingerprint for an installed software on an asset in a scan.

Fact Type: transaction

Description: The fact_asset_scan_software fact table provides the installed software packages enumerated or detected during a scan of an asset. If an asset had no software packages enumerated in a scan there will be no records in this fact.

Columns

ColumnData TypeNullableDescriptionAssociated Dimension
scan_idbiginNoThe identifier of the scan.dim_scan
asset_ idbigintNoThe identifier of the asset.dim_asset
software_idbigintNoThe identifier of the software fingerprinted.dim_software
fingerprint_source_idintegerNoThe identifier of the source that was used to acquire the fingerprint. If a fingerprint was not found, the value will be -1.dim_fingerprint_source

Dimensional model

fact_asset_scan_service

fact_asset_scan_service

Level of Grain: A service detected on an asset in a scan.

Fact Type: transaction

Description: The fact_asset_scan_service fact table provides the services detected during a scan of an asset. If an asset had no services enumerated in a scan there will be no records in this fact.

Columns

ColumnData TypeNullableDescriptionAssociated Dimension
scan_idbiginNoThe identifier of the scan.dim_scan
asset_ idbigintNoThe identifier of the asset.dim_asset
datetimestamp without timezoneNoThe date and time at which the service was enumerated.
service_idintegerNoThe identifier of the service.dim_service
protocol_idsmallintNoThe identifier of the protocol the service was utilizing.dim_protocol
portintegerNoThe port the service was running on.
service_fingerprint_idbigintNoThe identifier of the fingerprint of the service describing the configuration of the service.dim_service_fingerprint
credential_status_idsmallintNoThe result of the user-provided credentials per asset per scan per service. Services for which credential status is assessed are: SNMP, SSH, Telnet and CIFS.dim_credential_status

Dimensional model

Asset Scan Vulnerabilities

fact_asset_scan_vulnerability

fact_asset_scan_vulnerability

Note: This is a category so there is no table to view.

fact_asset_scan_vulnerability_finding

Level of Grain: A vulnerability finding on an asset in a scan.

Fact Type: transaction

Description: This fact tables provides an accumulating snapshot for all vulnerability findings on an asset in every scan of the asset. This table will display a record for each unique vulnerability discovered on each asset in the every scan of the asset. If multiple occurrences of the same vulnerability are found on the asset, they will be rolled up into a single row with a vulnerability_instances count greater than one. Only vulnerabilities with no active exceptions applies will be displayed.

Dimensional model

fact_asset_scan_vulnerability_instance

fact_asset_scan_vulnerability_instance

Level of Grain: A vulnerability instance on an asset in a scan.

Fact Type: transaction

Description: The > fact_asset_scan_vulnerability_instance fact table provides the details of a vulnerability instance discovered during a scan of an asset. Only vulnerability instances found to be vulnerable and with no exceptions actively applied will be present within the fact table. A vulnerability instance is a unique vulnerability result found discovered on the asset. If the multiple occurrences of the same vulnerability are found on the asset, one row will be present for each instance.

Columns

ColumnData TypeNullableDescriptionAssociated Dimension
scan_idbiginNoThe identifier of the scan.dim_scan
asset_ idbigintNoThe identifier of the asset.dim_asset
vulnerability_idintegerNoThe identifier of the vulnerability the finding is for.dim_vulnerability
datetimestamp without timezoneNoThe date and time at which the vulnerability finding was detected. This time is the time at which the asset completed scanning during the scan.
status_idcharacter(1)NoThe identifier of the status of the vulnerability finding that indicated the level of confidence in the finding.dim_vulnerability_status
prooftextNoThe proof indicating the reason that the vulnerability exists. The proof is exposed in formatting markup that can be striped using the function proofAsText
keytextYesThe secondary identifier of the vulnerability finding that discriminates the result from similar results of the same vulnerability on the same asset. This value is optional and will be null when a vulnerability does not need a secondary discriminator.
service_idintegerNoThe service the vulnerability was discovered on, or -1 if the vulnerability is not associated with a service.dim_service
portintegerNoThe port on which the vulnerable service was running, or -1 if the vulnerability is not associated with a service.
protocol_idintegerNoThe protocol the vulnerable service was running, or -1 if the vulnerability is not associate with a service.dim_protocol

Dimensional model

fact_asset_scan_vulnerability_instance_excluded

fact_asset_scan_vulnerability_instance_excluded

Level of Grain: A vulnerability instance on an asset in a scan with an active vulnerability exception applied.

Fact Type: transaction

Description: The fact_asset_scan_vulnerability_instance_excluded fact table provides the details of a vulnerability instance discovered during a scan of an asset with an exception applied. Only vulnerability instances found to be vulnerable and with exceptions actively applied will be present within the fact table. If the multiple occurrences of the same vulnerability are found on the asset, one row will be present for each instance.

Columns

ColumnData TypeNullableDescriptionAssociated Dimension
scan_idbiginNoThe identifier of the scan.dim_scan
asset_ idbigintNoThe identifier of the asset.dim_asset
vulnerability_idintegerNoThe identifier of the vulnerability the finding is for.dim_vulnerability
datetimestamp without timezoneNoThe date and time at which the vulnerability finding was detected. This time is the time at which the asset completed scanning during the scan.
status_idcharacter(1)NoThe identifier of the status of the vulnerability finding that indicated the level of confidence in the finding.dim_vulnerability_status
prooftextNoThe proof indicating the reason that the vulnerability exists. The proof is exposed in formatting markup that can be striped using the function proofAsText
keytextYesThe secondary identifier of the vulnerability finding that discriminates the result from similar results of the same vulnerability on the same asset. This value is optional and will be null when a vulnerability does not need a secondary discriminator.
service_idintegerNoThe service the vulnerability was discovered on, or -1 if the vulnerability is not associated with a service.dim_service
portintegerNoThe port on which the vulnerable service was running, or -1 if the vulnerability is not associated with a service.
protocol_idintegerNoThe protocol the vulnerable service was running, or -1 if the vulnerability is not associate with a service.dim_protocol

Dimensional model

fact_asset_vulnerability

fact_asset_vulnerability

Note: This is a category so there is no table to view.

fact_asset_vulnerability_age

Added in version 1.2.0

Level of Grain: A vulnerability on an asset.

Fact Type: accumulating snapshot

Description: This fact table provides an accumulating snapshot for vulnerability age and occurrence information on an asset. For every vulnerability to which an asset is currently vulnerable, there will be one fact record. The record indicates when the vulnerability was first found, last found, and its current age. The age is computed as the difference between the time the vulnerability was first discovered on the asset, and the current time. If the vulnerability was temporarily remediated, but rediscovered, the age will be from the first discovery time. If a vulnerability was found on a service, remediated and discovered on another service, the age is still computed as the first time the vulnerability was found on any service on the asset.

Columns

ColumnData TypeNullableDescriptionAssociated Dimension
asset_idbigintNoThe unique identifier of the asset.dim_asset
vulnerability_idintegerNoThe unique identifier of the vulnerability.dim_vulnerability
ageintervalNoThe age of the vulnerability on the asset, in the interval format.
age_in_daysnumericNoThe age of the vulnerability on the asset, specified in days.
first_discoveredtimestamp without timezoneNoThe date on which the vulnerability was first discovered on the asset.
most_recently_discoveredtimestamp without timezoneNoThe date on which the vulnerability was most recently discovered on the asset.
fact_asset_vulnerability_finding

fact_asset_vulnerability_finding

Added in version 1.2.0

Level of Grain: A vulnerability finding on an asset.

Fact Type: accumulating snapshot

Description: This fact tables provides an accumulating snapshot for all current vulnerability findings on an asset. This table will display a record for each unique vulnerability discovered on each asset in the most recent scan of the asset. If multiple occurrences of the same vulnerability are found on the asset, they will be rolled up into a single row with a vulnerability_instances count greater than one. Only vulnerabilities with no active exceptions applies will be displayed.

Columns

ColumnData TypeNullableDescriptionAssociated Dimension
asset_idbigintNoThe unique identifier of the asset.dim_asset
scan_idbigintNoThe identifier of the last scan for the asset in which the vulnerability was detected.dim_scan
vulnerability_idintegerNoThe unique identifier of the vulnerability.dim_vulnerability
vulnerability_instancesbigintNoThe number of occurences of the vulnerability detected on the asset, guaranteed to be greater than or equal to one.

Dimensional model

fact_asset_vulnerability_instance

fact_asset_vulnerability_instance

Level of Grain: A vulnerability instance on an asset.

Fact Type: accumulating snapshot

Description: This table provides an accumulating snapshot for all current vulnerability instances on an asset. Only vulnerability instance found to be vulnerable and with no exceptions actively applied will be present within the fact table. If the multiple occurrences of the same vulnerability are found on the asset, a row will be present for each instance.

Columns

ColumnData TypeNullableDescriptionAssociated Dimension
asset_idbigintNoThe unique identifier of the asset.dim_asset
scan_idbigintNoThe identifier of the last scan for the asset in which the vulnerability was detected.dim_scan
vulnerability_idintegerNoThe unique identifier of the vulnerability.dim_vulnerability
vulnerability_exception_idintegerYesThe unique identifier of a vulnerability exception that is pending for the vulnerability instance. If a vulnerability instance has no pending exceptions, this value will be null. If multiple pending exceptions apply to the vulnerability at different levels of scope, the identifier of the exception at the lowest (most fine-grained) level is returned.dim_vulnerability_exception
vulnerability_exception_idsintegerYesThe unique identifiers of all vulnerability exceptions that are pending for the vulnerability instance. If a vulnerability instance has no pending exceptions, this value will be null. If multiple pending exceptions apply to the vulnerability at different levels of scope, then the the identifier of all exceptions will be returned in a comma-separated value string.dim_vulnerability_exception
datetimestamp without timezoneNoThe date and time at which the vulnerability finding was detected. This time is the time at which the asset completed scanning during the scan.
prooftextNoThe proof indicating the reason that the vulnerability exists. The proof is exposed in formatting markup that can be striped using the function proofAsText
keytextYesThe secondary identifier of the vulnerability finding that discriminates the result from similar results of the same vulnerability on the same asset. This value is optional and will be null when a vulnerability does not need a secondary discriminator.
service_idintegerNoThe service the vulnerability was discovered on, or -1 if the vulnerability is not associated with a service.dim_service
protocol_idintegerNoThe protocol the vulnerable service was running, or -1 if the vulnerability is not associate with a service.dim_protocol

Dimensional model

fact_asset_vulnerability_instance_excluded

fact_asset_vulnerability_instance_excluded

Level of Grain: A vulnerability instance on an asset with an active vulnerability exception applied.

Fact Type: accumulating snapshot

Description: The fact_asset_vunerability_instance_excluded fact table provides an accumulating snapshot for all current vulnerability instances on an asset. If the multiple occurrences of the same vulnerability are found on the asset, a row will be present for each instance.

Columns

ColumnData TypeNullableDescriptionAssociated Dimension
asset_idbigintNoThe unique identifier of the asset.dim_asset
vulnerability_idintegerNoThe identifier of the vulnerabilitydim_vulnerability
date_testedtimestamp without timezoneNoThe date and time at which the vulnerability finding was detected. This time is the time at which the asset completed scanning during the scan.
status_idcharacter(1)NoThe identifier of the status of the vulnerability finding that indicates the level of confidence of the finding.dim_vulnerability_status
prooftextNoThe proof indicating the reason that the vulnerability exists. The proof is exposed in formatting markup that can be striped using the function proofAsText
keytextYesThe secondary identifier of the vulnerability finding that discriminates the result from similar results of the same vulnerability on the same asset. This value is optional and will be null when a vulnerability does not need a secondary discriminator.
service_idintegerNoThe service the vulnerability was discovered on, or -1 if the vulnerability is not associated with a service.dim_service
portintegerNoThe port on which the vulnerable service was running, or -1 if the vulnerability is not associated with a service.
protocol_idintegerNoThe protocol the vulnerable service was running, or -1 if the vulnerability is not associated with a service.dim_protocol

Dimensional model

PCI Asset Scans

fact_pci_asset_scan

fact_pci_asset_scan

Note: This is a category so there is no table to view.

fact_pci_asset_scan_service_finding

Level of Grain: A service finding on an asset in a scan.

Fact Type: Transaction

Description: The fact_pci_asset_scan_service_finding table is the transaction fact for a service finding on an asset for a scan. This fact provides a record for each service on every asset within the scope of the report for every scan it was included in. The level of grain is a unique service finding. If no services were found on an asset in a scan, it will have no records in this fact table. For PCI purposes, each service finding is mapped to a vulnerability. Services for which a version was fingerprinted are mapped to an additional vulnerability.

Columns

ColumnData TypeNullableDescriptionAssociated Dimension
asset_idbigintNoThe unique identifier of the assetdim_asset
scan_idbigintNoThe unique identifier of the scan the service finding was found in.dim_scan
service_idintegerNoThe identifier of the definition of the service.dim_service
vulnerability_idintegerNoThe unique identifier of the vulnerability.dim_vulnerability
protocol_idsmallintNoThe identifier of the protocol the service was utilizingdim_protocol
portintegerNoThe port the service was running on.
fact_pci_asset_service_finding

fact_pci_asset_service_finding

added in version 1.3.2

Level of Grain: A service finding on an asset from the latest scan of the asset.

Fact Type: Accumulating snapshot

Description: The fact_pci_asset_service_finding fact table provides an accumulating snapshot fact for all service findings on an asset for the latest scan of every asset. The level of grain is a unique service finding. If no services were found on an asset in a scan, it will have no records in this fact table. For PCI purposes, each service finding is mapped to a vulnerability. Services for which a version was fingerprinted are mapped to an additional vulnerability.

Columns

ColumnData TypeNullableDescriptionAssociated Dimension
asset_idbigintNoThe unique identifier of the assetdim_asset
scan_idbigintNoThe unique identifier of the scan the service finding was found in.dim_scan
service_idintegerNoThe identifier of the definition of the service.dim_service
vulnerability_idintegerNoThe unique identifier of the vulnerability.dim_vulnerability
protocol_idsmallintNoThe identifier of the protocol the service was utilizingdim_protocol
portintegerNoThe port the service was running on.
fact_pci_asset_special_note

fact_pci_asset_special_note

added in version 1.3.2

Level of Grain: A note finding on a vulnerability or service on an asset (plus port and protocol, if applicable) from the latest scan of the asset.

Fact Type: Accumulating snapshot

Description: The fact_pci_asset_special_note fact table provides an accumulating snapshot fact for all vulnerability or service findings with applied special notes on an asset for the latest scan of every asset. The level of grain is a unique vulnerability or service finding, determined by asset, port and protocol.

Columns

ColumnData TypeNullableDescriptionAssociated Dimension
asset_idbigintNoThe unique identifier of the assetdim_asset
scan_idbigintNoThe unique identifier of the scan the service finding was found in.dim_scan
service_idintegerNoThe identifier of the definition of the service.dim_service
protocol_idsmallintNoThe identifier of the protocol the service was utilizingdim_protocol
portintegerNoThe port the service was running on.
pci_note_idintegerNoThe unique identifier of the pci special note applied to the vulnerability or service finding.dim_pci_note
items_notedtextNoA list of distinct identifiers for findings on a given asset, port, and protocol.

Policy

fact_policy

fact_policy

Level of Grain: A summary of findings related to a policy.

Fact Type: accumulating snapshot

Description: This table provides a summary for the results of the most recent policy scan for assets within the scope of the report. For each policy, only assets that are subject to that policy's rules and that have a result in the most recent scan with no overrides are counted.

Columns

As of version 1.3.0, a separate value has been created for not_applicable_assets and is no longer included in compliant_assets.

ColumnData TypeNullableDescriptionAssociated Dimension
policy_idbigintNoThe identifier of the policydim_policy
scopetextNoThe identifier for scope of policy. Policies that are automatically available have "Built-in" scope, whereas policies created by users have scope as "Custom".
rule_compliancenumericNoThe ratio of policy rule test result that are compliant or not applicable to the total number of rule test results.
total_assetsbigintNoThe number of assets within the scope of the report that were tested for the policy.
compliant_assetsbigintNothe number of assets that did not fail but passed at least a rule within the policy in the last test.
non_compliant_assetsbigintNoThe number of assets that failed at least one rule within the policy in the last test.
not_applicable_assetsbigintNoThe number of assets that neither passed nor failed at least a rule within the policy in the last test.
asset_compliancenumericNoThe ratio of assets that are compliant with the policy to the total number of assets that were tested for the policy.

Dimensional model

fact_policy_group

fact_policy_group

Level of Grain: A summary of findings related to a policy group.

Fact Type: accumulating snapshot

Description: This table provides a summary for the group rules's results of the most recent policy scan for assets within the scope of the report. All rules that are directly or indirectly descend from it and are counted.

Columns

ColumnData TypeNullableDescriptionAssociated Dimension
scopetextNoThe identifier for scope of policy. Policies that are automatically available have "Built-in" scope, whereas policies created by users have scope as "Custom".
policy_idbigintNoThe identifier of the policy.dim_policy
group_idbigintNoThe identifier of the policy group.dim_policy_group
non_compliant_rulesintegerNoThe number of rules that doesn't have 100% asset compliance (taking into account policy rule overrides.)
compliant_rulesintegerNoThe number of rules that have 100% asset compliance (taking into account policy rule overrides.)
rule_compliancenumericYesThe ratio of rule test result that are compliant or not applicable to the total number of rule test results within the policy group. If the group has no rule or no testable rules (rule with no check, hence no result exists), this will have a null value.

Dimensional model

fact_policy_rule

fact_policy_rule

Level of Grain: A summary of findings related to a policy rule.

Fact Type: accumulating snapshot

Description: This table provides a summary for the rule results of the most recent policy scan for assets within the scope of the report. For each rule, only assets that are subject to that rule and that have a result in the most recent scan are counted.

Columns

ColumnData TypeNullableDescriptionAssociated Dimension
scopetextNoThe identifier for scope of policy. Policies that are automatically available have "Built-in" scope, whereas policies created by users have scope as "Custom".
policy_idbigintNoThe identifier of the policy.dim_policy
rule_idbigintNoThe identifier of the policy rule.dim_policy_rule
compliant_assetsintegerNoThe number of assets that are compliant with the rule (taking into account policy rule overrides.)
non_compliant_assetsintegerNoThe number of assets that are not compliant with the rule (taking into account policy rule overrides.)
not_applicable_assetsintegerNoThe number of assets that are not applicable for the rule (taking into account policy rule overrides.)
asset_compliancenumericNoThe ratio of assets that are compliant with the policy rule to the total number of assets that were tested for the policy rule.

Dimensional model

Fact Remediation

fact_remediation (count, sort_column)

fact_remediation (count, sort_column)

Level of Grain: A solution with the highest level of supercedence and the effect applying that solution would have on the scope of the report.

Fact Type: accumulating snapshot

Description: A function which returns a result set of the top "count" solutions showing their impact as specified by the sorting criteria. The criteria can be used to find solutions that have a desirable impact on the scope of the report, and can be limited to a subset of all solutions. The aggregate effect of applying each solution is computed and returned for each record. Only the highest-level superceding solutions will be selected, in other words, only solutions which have no superceding solution.

Arguments

ColumnData TypeDescription
countintegerThe number of solutions to limit the output of this function to. The sorting and aggregation are performed prior to the limit.
sort_columntextThe name and sort order of the column to sort results by. Any column within the fact can be used to sort the results prior to them being limited. Multiple columns can be sorted using a traditional SQL fragment (Example: 'assets DESC, exploits DESC').

Columns

ColumnData TypeNullableDescriptionAssociated Dimension
solution_idintegerNoThe identifier of the solution.
assetsbigintNoThe number of assets that require the solution to be applied. If the solution applies to a vulnerability not detected on any asset, the value may be zero.
vulnerabilitiesnumericNoThe total number of critical vulnerabilities that would be remediated.
critical_vulnerabilitiesbigintNoThe number of critical vulnerabilities found of the asset during the scan.
severe_vulnerabilitiesbigintNoThe number of severe vulnerabilities found of the asset during the scan.
moderate_vulnerabilitiesbigintNoThe number of moderate vulnerabilities found of the asset during the scan.
malware_kitsintegerNoThe number of malware kits associated with vulnerabilities discovered during the scan.
exploitsintegerNoThe number of exploits associated with vulnerabilities discovered during the scan.
vulnerabilities_with_malware_kitintegerNoThe number of vulnerabilities with a known malware kit discovered during the scan.
vulnerabilities_with_exploitsintegerNoThe number of vulnerabilities with a known exploit discovered during the scan.
vulnerability_instancesbigintNoThe number of vulnerability instances found discovered during the scan.
riskscoredouble precisionNoThe risk score for the scan.
pci_statustextNoThe PCI compliance status; either Pass or Fail.

Dimensional model

fact_remediation_impact (count, sort_column)

fact_remediation_impact (count, sort_column)

added in version 1.1.0

Level of Grain: A solution with the highest level of supercedence and the affect applying that solution would have on the scope of the report.

Fact Type: accumulating snapshot

Description: Fact that provides a summarization of the impact that applying a subset of all remediations would have on the scope of the report. The criteria can be used to find solutions that have a desirable impact on the scope of the report, and can be limited to a subset of all solutions. The aggregate effect of applying all solutions is computed and returned as a single record. This fact will be guaranteed to return one and only one record.

Arguments

ColumnData TypeDescription
countintegerThe number of solutions to limit the output of this function to. The sorting and aggregation are performed prior to the limit.
sort_columntextThe name and sort order of the column to sort results by. Any column within the fact can be used to sort the results prior to them being limited. Multiple columns can be sorted using a traditional SQL fragment (Example: 'assets DESC, exploits DESC').

Columns

ColumnData TypeNullableDescriptionAssociated Dimension
solutionsintegerNoThe number of solutions selected and for which the remediation impact is being summarized (will be less than or equal to count).
assetsbigintNoThe number of assets that require the solution to be applied. If the solution applies to a vulnerability not detected on any asset, the value may be zero.
vulnerabilitiesnumericNoThe total number of critical vulnerabilities that would be remediated.
critical_vulnerabilitiesbigintNoThe number of critical vulnerabilities found of the asset during the scan.
severe_vulnerabilitiesbigintNoThe number of severe vulnerabilities found of the asset during the scan.
moderate_vulnerabilitiesbigintNoThe number of moderate vulnerabilities found of the asset during the scan.
malware_kitsintegerNoThe number of malware kits associated with vulnerabilities discovered during the scan.
exploitsintegerNoThe number of exploits associated with vulnerabilities discovered during the scan.
vulnerabilities_with_malware_kitintegerNoThe number of vulnerabilities with a known malware kit discovered during the scan.
vulnerabilities_with_exploitsintegerNoThe number of vulnerabilities with a known exploit discovered during the scan.
vulnerability_instancesbigintNoThe number of vulnerability instances found discovered during the scan.
riskscoredouble precisionNoThe risk score for the scan.
pci_statustextNoThe PCI compliance status; either Pass or Fail.

Dimensional model

fact_scan

fact_scan

Level of Grain: A summary of the results of a scan.

Fact Type: accumulating snapshot

Description: The fact_scan fact provides the summarized information for every scan any asset within the scope of the report was scanned during. For each scan, there will be a record in this fact table with the summarized results.

Columns

ColumnData TypeNullableDescriptionAssociated Dimension
scan_idintegerNoThe identifier of the scan.dim_scan
assetsbigintNoThe number of assets that require the solution to be applied. If the solution applies to a vulnerability not detected on any asset, the value may be zero.
vulnerabilitiesnumericNoThe total number of critical vulnerabilities that would be remediated.
critical_vulnerabilitiesbigintNoThe number of critical vulnerabilities found of the asset during the scan.
severe_vulnerabilitiesbigintNoThe number of severe vulnerabilities found of the asset during the scan.
moderate_vulnerabilitiesbigintNoThe number of moderate vulnerabilities found of the asset during the scan.
malware_kitsintegerNoThe number of malware kits associated with vulnerabilities discovered during the scan.
exploitsintegerNoThe number of exploits associated with vulnerabilities discovered during the scan.
vulnerabilities_with_malware_kitintegerNoThe number of vulnerabilities with a known malware kit discovered during the scan.
vulnerabilities_with_exploitsintegerNoThe number of vulnerabilities with a known exploit discovered during the scan.
vulnerability_instancesbigintNoThe number of vulnerability instances found discovered during the scan.
riskscoredouble precisionNoThe risk score for the scan.
pci_statustextNoThe PCI compliance status; either Pass or Fail.

Dimensional model

Sites

fact_site

fact_site

Level of Grain: A summary of the current state of a site.

Fact Type: accumulating snapshot

Description: The fact_site table provides a summary record at the level of grain for every site that any asset in the scope of the report belongs to. For each site, there will be a record in this fact table with the summarized results, taking into account any vulnerability filters specified in the report configuration. The summary of each site will display the accumulated information for the most recent scan of each asset, not just the most recent scan of the site.

Columns

ColumnData TypeNullableDescriptionAssociated Dimension
site_idintegerNoThe identifier of the site.dim_site
assetsbigintNoThe number of assets that require the solution to be applied. If the solution applies to a vulnerability not detected on any asset, the value may be zero.
last_scan_idbigintNoThe identifier of the most recent scan for the site.
vulnerabilitiesnumericNoThe total number of critical vulnerabilities that would be remediated.
critical_vulnerabilitiesbigintNoThe number of critical vulnerabilities found of the asset during the scan.
severe_vulnerabilitiesbigintNoThe number of severe vulnerabilities found of the asset during the scan.
moderate_vulnerabilitiesbigintNoThe number of moderate vulnerabilities found of the asset during the scan.
malware_kitsintegerNoThe number of malware kits associated with vulnerabilities discovered during the scan.
exploitsintegerNoThe number of exploits associated with vulnerabilities discovered during the scan.
vulnerabilities_with_malware_kitintegerNoThe number of vulnerabilities with a known malware kit discovered during the scan.
vulnerabilities_with_exploitsintegerNoThe number of vulnerabilities with a known exploit discovered during the scan.
vulnerability_instancesbigintNoThe number of vulnerability instances found discovered during the scan.
riskscoredouble precisionNoThe risk score for the scan.
pci_statustextNoThe PCI compliance status; either Pass or Fail.

Dimensional model

fact_site_date (startDate, endDate, dateInterval)

fact_site_date (startDate, endDate, dateInterval)

Added in version 1.1.0

Level of Grain: A site and its summary information on a specific date.

Fact Type: periodic snapshot

Description: This fact table provides a periodic snapshot for summarized values on a site by date. The fact table takes three dynamic arguments, which refine what data is returned. Starting from startDate and ending on endDate, a summarized value for each site in the scope of the report will be returned for every dateInterval period of time. This will allow trending on site information by a customizable interval of time. In terms of a chart, startDate represents the lowest value in the range, the endDate the largest value in the range, and the dateInterval is the separation of the ticks of the range axis. If a site did not exist prior to a summarization date, it will have no record for that date value. The summarized values of a site represent the state of the site in the most recent scans prior to the date being summarized; therefore, if a site has not been scanned before the next summary interval, the values for the site will remain the same.

For example, fact_site_date(‘2013-01-01’, ‘2014-01-01’, INTERVAL ‘1 month’) will return a row for each site for every month in the year 2013.

Arguments

ColumnData TypeDescription
startDatedateThe first date to return summarizations for
endDatedateThe last date to return summarizations for.
dateIntervalintervalThe interval between the start and end dates to return summarizations for.

Columns

ColumnData TypeNullableDescriptionAssociated Dimension
site_idintegerNoThe identifier of the site.dim_site
assetsbigintNoThe number of assets that require the solution to be applied. If the solution applies to a vulnerability not detected on any asset, the value may be zero.
last_scan_idbigintNoThe identifier of the most recent scan for the site.
vulnerabilitiesnumericNoThe total number of critical vulnerabilities that would be remediated.
critical_vulnerabilitiesbigintNoThe number of critical vulnerabilities found of the asset during the scan.
severe_vulnerabilitiesbigintNoThe number of severe vulnerabilities found of the asset during the scan.
moderate_vulnerabilitiesbigintNoThe number of moderate vulnerabilities found of the asset during the scan.
malware_kitsintegerNoThe number of malware kits associated with vulnerabilities discovered during the scan.
exploitsintegerNoThe number of exploits associated with vulnerabilities discovered during the scan.
vulnerabilities_with_malware_kitintegerNoThe number of vulnerabilities with a known malware kit discovered during the scan.
vulnerabilities_with_exploitsintegerNoThe number of vulnerabilities with a known exploit discovered during the scan.
vulnerability_instancesbigintNoThe number of vulnerability instances found discovered during the scan.
riskscoredouble precisionNoThe risk score for the scan.
pci_statustextNoThe PCI compliance status; either Pass or Fail.
daydateNoThe date of the summarization of the asset.

Dimensional model

fact_site_policy_date

fact_site_policy_date

added in version 1.3.0

Type: Periodic snapshot

Description: This fact table provides a periodic snapshot for summarized policy values on site by date. The fact table takes three dynamic arguments, which refine what data is returned. Starting from startDate and ending on endDate, the summarized policy value for each site in the scope of the report will be returned for every dateInterval period of time. This will allow trending on site information by a customizable interval of time. In terms of a chart, startDate represents the lowest value in the range, the endDate the largest value in the range, and the dateInterval is the separation of the ticks of the range axis. If a site did not exist prior to a summarization date, it will have no record for that date value. The summarized policy values of a site represent the state of the site prior to the date being summarized; therefore, if the site has not been scanned before the next summary interval, the values for the site will remain the same.

Arguments

ColumnData TypeDescription
startDatedateThe first date to return summarizations for
endDatedateThe last date to return summarizations for.
dateIntervalintervalThe interval between the start and end dates to return summarizations for.

Columns

ColumnData TypeNullableDescriptionAssociated Dimension
site_idbigintYesThe unique identifier of the site.dim_site
daydateNoThe date when the summarized policy scan results snapshot is taken.
policy_idbigintYesThe unique identifier of the policy.dim_site
scopetextYesThe identifier for scope of policy. Policies that are automatically available have "Built-in" scope, whereas policies created by users have scope as "Custom".
assetsintegerYesThe total number of assets that are in the scope of the report and associated to the asset group.
rule_compliancenumericNoThe ratio of policy rule test result that are compliant or not applicable to the total number of rule test results.
compliant_assetsbigintNothe number of assets that did not fail but passed at least a rule within the policy in the last test.
non_compliant_assetsbigintNoThe number of assets that failed at least one rule within the policy in the last test.
not_applicable_assetsbigintNoThe number of assets that neither passed nor failed at least a rule within the policy in the last test.

Tags

fact_tag

fact_tag

Level of Grain: The current summary information for a tag.

Fact Type: Accumulating snapshot

Description: The fact_tag table provides an accumulating snapshot fact for the summary information of a tag. The summary information provided is based on the most recent scan of every asset associated with the tag. If a tag has no accessible assets, there will be a fact record with zero counts. Only tags associated with assets, sites, or asset groups in the scope of the report will be present in this fact.

Columns

ColumnData TypeNullableDescriptionAssociated Dimension
tag_idintegerNoThe identifier of the tag.dim_tag
assetsbigintNoThe number of assets that require the solution to be applied. If the solution applies to a vulnerability not detected on any asset, the value may be zero.
vulnerabilitiesnumericNoThe total number of critical vulnerabilities that would be remediated.
critical_vulnerabilitiesbigintNoThe number of critical vulnerabilities found of the asset during the scan.
severe_vulnerabilitiesbigintNoThe number of severe vulnerabilities found of the asset during the scan.
moderate_vulnerabilitiesbigintNoThe number of moderate vulnerabilities found of the asset during the scan.
malware_kitsintegerNoThe number of malware kits associated with vulnerabilities discovered during the scan.
exploitsintegerNoThe number of exploits associated with vulnerabilities discovered during the scan.
vulnerabilities_with_malware_kitintegerNoThe number of vulnerabilities with a known malware kit discovered during the scan.
vulnerabilities_with_exploitsintegerNoThe number of vulnerabilities with a known exploit discovered during the scan.
vulnerability_instancesbigintNoThe number of vulnerability instances found discovered during the scan.
riskscoredouble precisionNoThe risk score for the scan.
pci_statustextNoThe PCI compliance status; either Pass or Fail.
fact_tag_date

fact_tag_date

added in version 1.2.1

Type: Periodic snapshot

Description: The fact_tag_date table provides a periodic snapshot fact for summarized scan results for a tag over time. Each fact record represents the summary information for a tag in a scan in which the assets associated with that tag were fully and successfully scanned in that day or in the closest prior day.

This function takes a start date, end date and interval as arguments. If the end date is after the current date, then it will be replaced by the current date. Snapshots will be generated from the start date to the end date based on the interval value. If on a certain day no scan data can be found, a record for that day for all fields, except for the day and assets field, will have a null value.

Arguments

ColumnData TypeDescription
startDatedateThe first date to return summarizations for
endDatedateThe last date to return summarizations for.
dateIntervalintervalThe interval between the start and end dates to return summarizations for.

Columns

ColumnData TypeNullableDescriptionAssociated Dimension
tag_idintegerNoThe identifier of the tag.dim_tag
daydateNoThe date the summary tag results are for.
assetsbigintNoThe number of assets that require the solution to be applied. If the solution applies to a vulnerability not detected on any asset, the value may be zero.
vulnerabilitiesnumericNoThe total number of critical vulnerabilities that would be remediated.
critical_vulnerabilitiesbigintNoThe number of critical vulnerabilities found of the asset during the scan.
severe_vulnerabilitiesbigintNoThe number of severe vulnerabilities found of the asset during the scan.
moderate_vulnerabilitiesbigintNoThe number of moderate vulnerabilities found of the asset during the scan.
malware_kitsintegerNoThe number of malware kits associated with vulnerabilities discovered during the scan.
exploitsintegerNoThe number of exploits associated with vulnerabilities discovered during the scan.
vulnerabilities_with_malware_kitintegerNoThe number of vulnerabilities with a known malware kit discovered during the scan.
vulnerabilities_with_exploitsintegerNoThe number of vulnerabilities with a known exploit discovered during the scan.
vulnerability_instancesbigintNoThe number of vulnerability instances found discovered during the scan.
riskscoredouble precisionNoThe risk score for the scan.
pci_statustextNoThe PCI compliance status; either Pass or Fail.
fact_tag_policy_date

fact_tag_policy_date

added in version 1.3.0

Type: Periodic snapshot

Description: The fact_tag_policy_date table provides an accumulating snapshot fact for summarized policy information of a tag. The summarized policy information provided is based on the most recent scan of every asset associated with the tag. If a tag has no accessible assets, there will be a fact record with zero counts. Only tags associated with assets, sites, or asset groups in the scope of the report will be present in this fact.

Arguments

ColumnData TypeDescription
startDatedateThe first date to return summarizations for
endDatedateThe end of the period where the scan results of an asset will be returned. If it is later the the current date, it will be replaced by the later.
dateIntervalintervalThe interval between the start and end dates to return summarizations for.

Columns

ColumnData TypeNullableDescriptionAssociated Dimension
tag_idbigintYesThe unique identifier of the tag.dim_tag
daydateNoThe date which the summarized policy scan results snapshot is taken.
policy_idbigintYesThe unique identifier of the policy within a scope.dim_policy
scopetextYesThe identifier for scope of policy. Policies that are automatically available have "Built-in" scope, whereas policies created by users have scope as "Custom".
assetsintegerYesThe total number of assets that are in the scope of the report and associated to the asset group.
rule_compliancenumericNoThe ratio of policy rule test result that are compliant or not applicable to the total number of rule test results.
compliant_assetsbigintNothe number of assets that did not fail but passed at least a rule within the policy in the last test.
non_compliant_assetsbigintNoThe number of assets that failed at least one rule within the policy in the last test.
not_applicable_assetsbigintNoThe number of assets that neither passed nor failed at least a rule within the policy in the last test.

Vulnerabilities

fact_vulnerability

fact_vulnerability

Level of Grain: A summary of findings of a vulnerability.

Fact Type: accumulating snapshot

Description: The fact_vulnerability table provides a summarized record for each vulnerability within the scope of the report. For each vulnerability, the count of assets subject to the vulnerability is measured. Only assets with a finding in their most recent scan with no exception applied are included in the totals.

Columns

ColumnData TypeNullableDescriptionAssociated Dimension
vulnerability_idintegerNoThe identifier of the vulnerability.dim_vulnerability
affected_assetsbigintNoThe number of assets that have the vulnerability. This count may be zero if no assets are vulnerable.
vulnerability_instancesbigintNoThe number of instances or occurrences of the vulnerability across all assets.
most_recently_discoveredtimestamp without timezoneNoThe most recent date and time at which any asset within the scope of the report was discovered to be vulnerable to the vulnerability.

Dimensional model