Understanding the reporting data model: Facts

The following facts are provided by the Reporting Data Model. Each fact table provides access to only information allowed by the configuration of the report. Any vulnerability status, severity or category filters will be applied in the facts, only allowing those results, findings, and counts for vulnerabilities in the scope to be exposed. Similarly, only assets within the scope of the report configuration are made available in the fact tables. By default, all facts are interpreted to be asset-centric, and therefore expose information for all assets in the scope of the report, regardless as to whether they were configured to be in scope with the use of an asset, scan, asset group, or site selection.

Data model 2.0.0 exposes information about linking assets across sites. All previous information is still available, and in the same format. As of data model 2.0.0, there is a sites column in the dim_asset dimension that lists the sites to which an asset belongs.

For each fact, a dimensional star or snowflake schema is provided. For brevity and readability, only one level in a snowflake schema is detailed, and only two levels of dimensions are displayed. For more information on the attributes of these dimensions, refer to the Dimensions section below.

When dates are displayed as measures of facts, they will always be converted to match the time zone specified in the report configuration.

Only data from fully completed scans of assets are included in the facts. Results from aborted or interrupted scans will not be included.

Common measures

It will be helpful to keep in mind some characteristics of certain measures that appear in the following tables.

asset_compliance

This attribute measures the ratio of assets that are compliant with the policy rule to the total number of assets that were tested for the policy rule.

assets

This attribute measures the number of assets within a particular level of aggregation.

compliant_assets

This attribute measures the number of assets that are compliant with the policy rule (taking into account policy rule overrides.)

exploits

This attribute measures the number of distinct exploit modules that can be used exploit vulnerabilities on each asset. When the level of grain aggregates multiple assets, the total is the summation of the exploits value for each asset. If there are no vulnerabilities found on the asset or there are no vulnerabilities that can be exploited with a exploit module, the count will be zero.

malware_kits

This attribute measures the number of distinct malware kits that can be used exploit vulnerabilities on each asset. When the level of grain aggregates multiple assets, the total is the summation of the malware kits value for each asset. If there are no vulnerabilities found on the asset or there are no vulnerabilities that can be exploited with a malware kit, the count will be zero.

noncompliant_assets

This attribute measures the number of assets that are not compliant with the policy rule (taking into account policy rule overrides.)

not_applicable_assets

This attribute measures the number of assets that are not applicable for the policy rule (taking into account policy rule overrides.)

riskscore

This attribute measures the risk score of each asset, which is based on the vulnerabilities found on that asset. When the level of grain aggregates multiple assets, the total is the summation of the riskscore value for each asset.

rule_compliance

This attribute measures the ratio of policy rule test result that are compliant or not applicable to the total number of rule test results.

vulnerabilities

This attribute measures the number of vulnerabilities discovered on each asset. When the level of grain aggregates multiple assets, the total is the summation of the vulnerabilities on each asset.

If a vulnerability was discovered multiple times on the same asset, it will only be counted once per asset. This count may be zero if no vulnerabilities were found vulnerable on any asset in the latest scan, or if the scan was not configured to perform vulnerability checks (as in the case of discovery scans).

The vulnerabilities count is also provided for each severity level:

  • Critical: The number of vulnerabilities that are critical.
  • Severe: The number of vulnerabilities that are severe.
  • Moderate: The number of vulnerabilities that are moderate.

vulnerabilities_with_exploit

This attribute measures the total number of a vulnerabilities on all assets that can be exploited with a published exploit module. When the level of grain aggregates multiple assets, the total is the summation of the vulnerabilities_with_exploit value for each asset. This value is guaranteed to be less than the total number of vulnerabilities. If no vulnerabilities are present, or none are subject to an exploit, the value will be zero.

vulnerabilities_with_malware_kit

This attribute measures the number of vulnerabilities on each asset that are exploitable with a malware kit. When the level of grain aggregates multiple assets, the total is the summation of the vulnerabilities_with_malware_kit value for each asset. This value is guaranteed to be less than the total number of vulnerabilities. If no vulnerabilities are present, or none are subject to a malware kit, the value will be zero.

vulnerability_instances

This attribute measures the number of occurrences of all vulnerabilities found on each asset. When the level of grain aggregates multiple assets, the total is the summation of the vulnerability_instances value for each asset. This value will count each instance of a vulnerability on each asset. This value may be zero if no instances were tested or found vulnerable (e.g. discover scans).

Attributes with a timestamp datatype, such as a first_discovered, honor the time zone specified in the report configuration.

fact_all

added in version 1.1.0

Level of Grain: The summary of the current state of all assets within the scope of the report.

Fact Type: accumulating snapshot

Description: Summaries of the latest vulnerability details across the entire report. This is an accumulating snapshot fact that updates after every scan of any asset within the report completes. This fact will include the data for the most recent scan of each asset that is contained within the scope of the report. As the level of aggregation is all assets in the report, this fact table is guaranteed to return one and only one row always.

Columns

ColumnData TypeNullableDescriptionAssociated Dimension
vulnerabilitiesbigintNoThe number of vulnerabilities across all assets.
critical_vulnerabilitiesbigintNoThe number of critical vulnerabilities across all assets.
severe_vulnerabilitiesbigintNoThe number of severe vulnerabilities across all assets.
moderate_vulnerabilitiesbigintNoThe number of moderate vulnerabilities across all assets.
malware_kitsintegerNoThe number of malware kits across all assets.
exploitsintegerNoThe number of exploit modules across all assets.
vulnerabilities_with_malware_kitintegerNoThe number of vulnerabilities with a malware kit across all assets.
vulnerabilities_with_exploitintegerNoThe number of vulnerabilities with an exploit module across all assets.
vulnerability_instancesbigintNoThe number of vulnerability instances across all assets.
riskscoredouble precisionNoThe risk score across all assets.
pci_statustextNoThe PCI compliance status; either Pass or Fail.

Dimensional model

fact_asset

Level of Grain: An asset and its current summary information.

Fact Type: accumulating snapshot

Description: The fact_asset fact table provides the most recent information for each asset within the scope of the report. For every asset in scope there will be one record in the fact table.

Columns

ColumnData TypeNullableDescriptionAssociated Dimension
asset_idbigintNoThe identifier of the asset.dim_asset
last_scan_idbigintNoThe identifier of the scan with the most recent information being summarized.dim_scan
scan_startedtimestamp with time zoneNoThe date and time at which the latest scan for the asset started.
scan_finishedtimestamp with time zoneNoThe date and time at which the latest scan for the asset completed.
vulnerabilitiesbigintNoThe number of all distinct vulnerabilities on the asset
critical_vulnerabilitiesbigintNoThe number of critical vulnerabilities on the asset.
severe_vulnerabilitiesbigintNoThe number of severe vulnerabilities on the asset.
moderate_vulnerabilitiesbigintNoThe number of moderate vulnerabilities on the asset.
malware_kitsintegerNoThe number of malware kits associated with any vulnerabilities discovered on the asset.
exploitsintegerNoThe number of exploits associated with any vulnerabilities discovered on the asset.
vulnerabilities_with_malware_kitintegerNoThe number of vulnerabilities with a known malware kit discovered on the asset.
vulnerabilities_with_exploitintegerNoThe number of vulnerabilities with a known exploit discovered on the asset.
vulnerability_instancesbigintNoThe number of vulnerability instances discovered on the asset
riskscoredouble precisionNoThe risk score of the asset.
pci_statustextNoThe PCI compliance status; either Pass or Fail.
aggregated_credential_status_idintegerNoThe status aggregated across all available services for the given asset in the given scan.dim_aggregated_credential_status

Dimensional model

fact_asset_date (startDate, endDate, dateInterval)

Added in version 1.1.0

Level of Grain: An asset and its summary information on a specific date.

Fact Type: periodic snapshot

Description: This fact table provides a periodic snapshot for summarized values on an asset by date. The fact table takes three dynamic arguments, which refine what data is returned. Starting from startDate and ending on endDate, a summarized value for each asset in the scope of the report will be returned for every dateInterval period of time. This will allow trending on asset information by a customizable interval of time. In terms of a chart, startDate represents the lowest value in the range, the endDate the largest value in the range, and the dateInterval is the separation of the ticks of the range axis. If an asset did not exist prior to a summarization date, it will have no record for that date value. The summarized values of an asset represent the state of the asset in the most recent scan prior to the date being summarized; therefore, if an asset has not been scanned before the next summary interval, the values for the asset will remain the same.

For example, fact_asset_date(‘2013-01-01’, ‘2014-01-01’, INTERVAL ‘1 month’) will return a row for each asset for every month in the year 2013.

Arguments

Column

Data Type

Description

startDate

date

The first date to return summarizations for.

endDate

date

The last date to return summarizations for.

dateInterval

interval

The interval between the start and end date to return summarizations for.

Columns

ColumnData TypeNullableDescriptionAssociated Dimension
asset_idbigintNoThe identifier of the asset.dim_asset
last_scan_idbigintNoThe identifier of the scan with the most recent information being summarized.dim_scan
scan_startedtimestamp with time zoneNoThe date and time at which the latest scan for the asset started.
scan_finishedtimestamp with time zoneNoThe date and time at which the latest scan for the asset completed.
vulnerabilitiesbigintNoThe number of all distinct vulnerabilities on the asset.
critical_vulnerabilitiesbigintNoThe number of critical vulnerabilities on the asset.
severe_vulnerabilitiesbigintNoThe number of severe vulnerabilities on the asset.
moderate_vulnerabilitiesbigintNoThe number of moderate vulnerabilities on the asset.
malware_kitsintegerNoThe number of malware kits associated with any vulnerabilities discovered on the asset.
exploitsintegerNoThe number of exploits associated with any vulnerabilities discovered on the asset.
vulnerabilities_with_malware_kitintegerNoThe number of vulnerabilities with a known malware kit discovered on the asset.
vulnerabilities_with_exploitintegerNoThe number of vulnerabilities with a known exploit discovered on the asset.
vulnerability_instancesbigintNoThe number of vulnerability instances discovered on the asset
riskscoredouble precisionNoThe risk score of the asset.
pci_statustextNoThe PCI compliance status; either Pass or Fail.
daydateNoThe date of the summarization of the asset.

Dimensional model

fact_asset_discovery

Level of Grain: A snapshot of the discovery dates for an asset.

Fact Type: accumulating snapshot

Description: The fact_asset_discovery fact table provides an accumulating snapshot for each asset within the scope of the report and details when the asset was first and last discovered. The discovery date is interpreted as the precise time that the asset was first communicated with during a scan, during the discovery phase of the scan. If an asset has only been scanned once both the first_discovered and last_discovered dates will be the same.

Columns

Column

Data Type

Nullable

Description

Associated Dimension

asset_id

big_int

No

The identifier of the asset.

dim_asset

first_discovered

timestamp without time zone

No

The date and time the asset was first discovered during any scan.

last_discovered

timestamp without time zone

No

The date and time the asset was last discovered during any scan.

Dimensional model

fact_asset_group

Level of Grain: An asset group and its current summary information.

Fact Type: accumulating snapshot

Description: The fact_asset_group fact table provides the most recent information for each asset group within the scope of the report. Every asset group that any asset within the scope of the report is currently a member of will be available within the scope (not just those specified in the configuration of the report). There will be one fact record for every asset group in the scope of the report. As scans are performed against assets, the information in the fact table will accumulate the most recent information for the asset group (including discovery scans).

Columns

ColumnData TypeNullableDescriptionAssociated Dimension
asset_group_id (as named in versions 1.2.0 and later of the data model) group_id(as named in version 1.1.0)bigintNoThe identifier of the asset group.dim_asset_group
assetsbigintNoThe number of distinct assets associated to the asset group. If the asset group contains no assets, the count will be zero.
vulnerabilitiesbigintNoThe number of all vulnerabilities discovered on assets in the asset group.
critical_vulnerabilitiesbigintNoThe number of all critical vulnerabilities discovered on assets in the asset group.
severe_vulnerabilitiesbigintNoThe number of all severe vulnerabilities discovered on assets in the asset group.
moderate_vulnerabilitiesbigintNoThe number of all moderate vulnerabilities discovered on assets in the asset group.
malware_kitsintegerNoThe number of malware kits associated with vulnerabilities discovered on assets in the asset group.
exploitsintegerNoThe number of exploits associated with vulnerabilities discovered on assets in the asset group.
vulnerabilities_with_malware_kitintegerNoThe number of vulnerabilities with a known malware kit discovered on assets in the asset group.
vulnerabilities_with_exploitintegerNoThe number of vulnerabilities with a known exploit discovered on assets in the asset group.
vulnerability_instancesbigintNoThe number of vulnerability instances discovered on assets in the asset group.
riskscoredouble precisionNoThe risk score of the asset group.
pci_statustextNoThe PCI compliance status; either Pass or Fail.

Dimensional model

fact_asset_group_date (startDate, endDate, dateInterval)

Added in version 1.1.0

Level of Grain: An asset group and its summary information on a specific date.

Fact Type: periodic snapshot

Description: This fact table provides a periodic snapshot for summarized values on an asset group by date. The fact table takes three dynamic arguments, which refine what data is returned. Starting from startDate and ending on endDate, a summarized value for each asset group in the scope of the report will be returned for every dateInterval period of time. This will allow trending on asset group information by a customizable interval of time. In terms of a chart, startDate represents the lowest value in the range, the endDate the largest value in the range, and the dateInterval is the separation of the ticks of the range axis. If an asset group did not exist prior to a summarization date, it will have no record for that date value. The summarized values of an asset group represent the state of the asset group prior to the date being summarized; therefore, if the assets in an asset group have not been scanned before the next summary interval, the values for the asset group will remain the same.

For example, fact_asset_group_date(‘2013-01-01’, ‘2014-01-01’, INTERVAL ‘1 month’) will return a row for each asset group for every month in the year 2013.

Arguments

ColumnData TypeNullableDescription
startDatedateNoThe first date to return summarizations for.
endDatedateNoThe last date to return summarizations for.
dateIntervalintervalNoThe interval between the start and end date to return summarizations for.

Columns

ColumnData TypeNullableDescriptionAssociated Dimension
group_idbigintNoThe identifier of the asset group.dim_asset_group
assetsbigintNoThe number of distinct assets associated to the asset group. If the asset group contains no assets, the count will be zero.
vulnerabilitiesbigintNoThe number of all vulnerabilities discovered on assets in the asset group.
critical_vulnerabilitiesbigintNoThe number of all critical vulnerabilities discovered on assets in the asset group.
severe_vulnerabilitiesbigintNoThe number of all severe vulnerabilities discovered on assets in the asset group.
moderate_vulnerabilitiesbigintNoThe number of all moderate vulnerabilities discovered on assets in the asset group.
malware_kitsintegerNoThe number of malware kits associated with vulnerabilities discovered on assets in the asset group.
exploitsintegerNoThe number of exploits associated with vulnerabilities discovered on assets in the asset group.
vulnerabilities_with_malware_kitintegerNoThe number of vulnerabilities with a known malware kit discovered on assets in the asset group.
vulnerabilities_with_exploitintegerNoThe number of vulnerabilities with a known exploit discovered on assets in the asset group.
vulnerability_instancesbigintNoThe number of vulnerability instances discovered on assets in the asset group.
riskscoredouble precisionNoThe risk score of the asset group.
pci_statustextNoThe PCI compliance status; either Pass or Fail.
daydateNoThe date of the summarization of the asset.

Dimensional model

fact_asset_group_policy_date

added in version 1.3.0

Type: Periodic snapshot

Description: This fact table provides a periodic snapshot for summarized policy values on an asset group by date. The fact table takes three dynamic arguments, which refine what data is returned. Starting from startDate and ending on endDate, the summarized policy value for each asset group in the scope of the report will be returned for every dateInterval period of time. This will allow trending on asset group information by a customizable interval of time. In terms of a chart, startDate represents the lowest value in the range, the endDate the largest value in the range, and the dateInterval is the separation of the ticks of the range axis. If an asset group did not exist prior to a summarization date, it will have no record for that date value. The summarized policy values of an asset group represent the state of the asset group prior to the date being summarized; therefore, if the assets in an asset group have not been scanned before the next summary interval, the values for the asset group will remain the same.

Arguments

Column

Data Type

Nullable

Description

startDate

date

No

The first date to return summarizations for.

endDate

date

No

The last date to return summarizations for.

dateInterval

interval

No

The interval between the start and end date to return summarizations for.

Columns

Column

Data Type

Nullable

Description

Associated Dimension

group_id

bigint

Yes

The unique identifier of the asset group.

dim_asset

day

date

No

The date which the summarized policy scan results snapshot is taken.

policy_id

bigint

Yes

The unique identifier of the policy within a scope.

dim_scan

scope

text

Yes

The identifier for scope of policy. Policies that are automatically available have "Built-in" scope, whereas policies created by users have scope as "Custom".

dim_policy

assets

integer

Yes

The total number of assets that are in the scope of the report and associated to the asset group.

compliant_assets

integer

Yes

The number of assets associated to the asset group that have not failed any while passed at least one policy rule test.

noncompliant_assets

integer

Yes

The number of assets associated to the asset group that have failed at least one policy rule test.

not_applicable_assets

integer

Yes

The number of assets associated to the asset group that have neither failed nor passed at least one policy rule test.

rule_compliance

numeric

Yes

The ratio of rule test results that are compliant with or not applicable to the total number of rule test results.

fact_asset_policy

added in version 1.2.0

Level of Grain: A policy result on an asset

Fact Type: accumulating snapshot

Description: This table provides an accumulating snapshot of policy test results on an asset. It displays a record for each policy that was tested on an asset in its most recent scan. Only policies scanned within the scope of report are included.

Columns

Column

Data Type

Nullable

Description

Associated Dimension

asset_id

bigint

No

The identifier of the asset

dim_asset

last_scan_id

bigint

No

The identifier of the scan

dim_scan

policy_id

bigint

No

The identifier of the policy

dim_policy

scope

text

No

The identifier for scope of policy. Policies that are automatically available have "Built-in" scope, whereas policies created by users have scope as "Custom".

date_tested

timestamp without timezone

The end date and time for the scan of the asset that was tested for the policy, in the time zone specified in the report configuration.

compliant_rules

bigint

The total number of each policy's rules in which all assets are compliant with the most recent scan.

noncompliant_rules

bigint

The total number of each policy's rules which at least one asset failed in the most recent scan.

not_applicable_rules

bigint

The total number of each policy's rules that were not applicable to the asset in the most recent scan.

rule_compliance

numeric

The ratio of policy rule test result that are compliant or not applicable to the total number of rule test results.

Dimensional model

fact_asset_policy_date

added in version 1.3.0

Type: Periodic snapshot

Description: This fact table provides a periodic snapshot for summarized policy values on an asset by date. The fact table takes three dynamic arguments, which refine what data is returned. Starting from startDate and ending on endDate, the summarized policy value for each asset in the scope of the report will be returned for every dateInterval period of time. This will allow trending on asset information by a customizable interval of time. In terms of a chart, startDate represents the lowest value in the range, the endDate the largest value in the range, and the dateInterval is the separation of the ticks of the range axis. If an asset did not exist prior to a summarization date, it will have no record for that date value. The summarized policy values of an asset represent the state of the asset prior to the date being summarized; therefore, if the assets in an asset group have not been scanned before the next summary interval, the values for the asset will remain the same.

Arguments

Column

Data Type

Nullable

Description

startDate

date

No

The first date to return summarizations for.

endDate

date

No

The last date to return summarizations for.

dateInterval

interval

No

The interval between the start and end date to return summarizations for.

Columns

Column

Data Type

Nullable

Description

Associated Dimension

asset_id

bigint

Yes

The unique identifier of the asset.

dim_asset

day

date

No

The date which the summarized policy scan results snapshot is taken.

scan_id

bigint

Yes

The unique identifier of the scan.

dim_scan

policy_id

bigint

Yes

The unique identifier of the policy within a scope.

dim_policy

scope

text

Yes

The identifier for scope of policy. Policies that are automatically available have "Built-in" scope, whereas policies created by users have scope as "Custom".

date_tested

timestamp without time zone

Yes

The time the asset was tested with the policy rules.

compliant_rules

integer

Yes

The number of rules that all assets are compliant with in the scan.

noncompliant_rules

integer

Yes

The number of rules that at least one asset failed in the scan.

not_applicable_rules

integer

Yes

The number of rules that are not applicable to the asset.

rule_compliance

numeric

Yes

The ratio of rule test results that are compliant or not applicable to the total number of rule test results.

fact_asset_policy_rule

added in version 1.3.0

Level of Grain: A policy rule result on an asset

Fact Type: accumulating snapshot

Description: This table provides the rule results of the most recent policy scan for an asset within the scope of the report. For each rule, only assets that are subject to that rule and that have a result in the most recent scan are counted.

Columns

Column

Data Type

Nullable

Description

Associated Dimension

asset_id

bigint

No

The identifier of the asset

dim_asset

policy_id

bigint

No

The identifier of the policy

dim_policy

scope

text

No

The identifier for scope of policy. Policies that are automatically available have "Built-in" scope, whereas policies created by users have scope as "Custom".

rule_id

bigint

No

The identifier of the policy rule.

dim_policy_rule

scan_id

bigint

No

The identifier of the scan

dim_scan

date_tested

timestamp without timezone

The end date and time for the scan of the asset that was tested for the policy, in the time zone specified in the report configuration.

status_id

character(1)

No

The identifier of the status for the policy rule finding on the asset (taking into account policy rule overrides.)

dim_policy_rule_status

compliance

boolean

No

Whether the asset is compliant with the rule. True if and only if all of the policy checks for this rule have not failed, or the rule is overridden with the value true on the asset.

proof

text

Yes

The proof of the policy checks on the asset.

override_id

bigint

Yes

The unique identifier of the policy rule override that is applied to the rule on an asset. If multiple overrides apply to the rule at different levels of scope, the identifier of the override having the true effect on the rule (latest override) is returned.

dim_policy_rule_override

override_ids

bigint[]

Yes

The unique identifiers of the policy rule override that are applied to the rule on an asset. If multiple overrides apply to the rule at different levels of scope, the identifier of each override is returned in a comma-separated list.

dim_policy_rule_override

Dimensional model

fact_asset_scan

Level of Grain: A summary of a completed scan of an asset.

Fact Type: transaction

Description: The fact_asset_scan transaction fact provides summary information of the results of a scan for an asset. A fact record will be present for every asset and scan in which the asset was fully scanned in. Only assets configured within the scope of the report and vulnerabilities filtered within the report will take part in the accumulated totals. If no vulnerabilities checks were performed during the scan, for example as a result of a discovery scan, the vulnerability related counts will be zero.

Columns

Column

Data Type

Nullable

Description

Associated Dimension

scan_id

bigint

No

The identifier of the scan.

dim_scan

asset_id

bigint

No

The identifier of the asset.

dim_asset

scan_started

timestamp without time zone

No

The time at which the scan for the asset was started.

scan_finished

timestamp without time zone

No

The time at which the scan for the asset completed.

vulnerabilities

bigint

No

The number of vulnerabilities found on the asset during the scan.

critical_vulnerabilities

bigint

No

The number of critical vulnerabilities found on the asset during the scan.

severe_vulnerabilities

bigint

No

The number of severe vulnerabilities found on the asset during the scan.

moderate_vulnerabilities

bigint

No

The number of moderate vulnerabilities found on the asset during the scan.

malware_kits

integer

No

The number of malware kits associated with vulnerabilities discovered during the scan.

exploits

integer

No

The number of exploits associated with vulnerabilities discovered during the scan.

vulnerabilities_with_malware_kit

integer

No

The number of vulnerabilities with a known malware kit discovered during the scan.

vulnerabilities_with_exploit

integer

No

The number of vulnerabilities with a known exploit discovered during the scan.

vulnerability_instances

bigint

No

The number of vulnerability instances found discovered during the scan.

riskscore

double precision

No

The risk score for the scan.

pci_status

text

No

The PCI compliance status; either Pass or Fail.

aggregated_credential_status_id

integer

No

The status aggregated across all available services for the given asset in the given scan.

dim_aggregated_credential_status

Dimensional model

fact_asset_scan_operating_system

Level of Grain: An operating system fingerprint on an asset in a scan.

Fact Type: transaction

Description: The fact_asset_operating_system fact table provides the operating systems fingerprinted on an asset in a scan. The operating system fingerprints represent all the potential fingerprints collected during a scan that can be chosen as the primary or best operating system fingerprint on the asset. If an asset had no fingerprint acquired during a scan, it will have a record with values indicating an unknown fingerprint.

Columns

Column

Data Type

Nullable

Description

Associated Dimension

asset_id

bigint

No

The identifier of the asset the operating system is associated to.

dim_asset

scan_id

bigint

No

The identifier of the scan the asset was fingerprinted in.

dim_scan

operating_system_id

bigint

No

The identifier of the operating system that was fingerprinted on the asset in the scan. If a fingerprint was not found, the value will be -1.

dim_operating_system

fingerprint_source_id

integer

No

The identifier of the source that was used to acquire the fingerprint. If a fingerprint was not found, the value will be -1.

dim_fingerprint_source

certainty

real

No

A value between 0 and 1 that represents the confidence level of the fingerprint. If a fingerprint was not found, the value will be 0.

Dimensional model

fact_asset_scan_policy

Available in version 1.2.0

Level of Grain: A policy result for an asset in a scan

Fact Type: transaction

Description: This table provides the details of policy test results on an asset during a scan. Each record provides the policy test results for an asset for a specific scan. Only policies within the scope of report are included.

Columns

As of version 1.3.0, passed_rules and failed_rules are now called compliant_rules and noncompliant_rules.

Column

Data Type

Nullable

Description

Associated Dimension

asset_id

bigint

No

The identifier of the asset

dim_asset

scan_id

bigint

No

The identifier of the scan

dim_scan

policy_id

bigint

No

The identifier of the policy

dim_policy

scope

text

No

The identifier for scope of policy. Policies that are automatically available have "Built-in" scope, whereas policies created by users have scope as "Custom".

date_tested

timestamp without timezone

The end date and time for the scan of the asset that was tested for the policy, in the time zone specified in the report configuration.

compliant_rules

bigint

The total number of each policy's rules for which the asset passed in the most recent scan.

noncompliant_rules

bigint

The total number of each policy's rules for which the asset failed in the most recent scan.

not_applicable_rules

bigint

The total number of each policy's rules that were not applicable to the asset in the most recent scan.

rule_compliance

numeric

The ratio of policy rule test result that are compliant or not applicable to the total number of rule test results.

Dimensional model

fact_asset_scan_software

Level of Grain: A fingerprint for an installed software on an asset in a scan.

Fact Type: transaction

Description: The fact_asset_scan_software fact table provides the installed software packages enumerated or detected during a scan of an asset. If an asset had no software packages enumerated in a scan there will be no records in this fact.

Columns

Column

Data Type

Nullable

Description

Associated Dimension

asset_id

bigint

No

The identifier of the asset

dim_asset

scan_id

bigint

No

The identifier of the scan

dim_scan

software_id

bigint

No

The identifier of the software fingerprinted.

dim_software

fingerprint_source_id

bigint

No

The identifier of the source used to fingerprint the software.

dim_fingerprint_source

Dimensional model

fact_asset_scan_service

Level of Grain: A service detected on an asset in a scan.

Fact Type: transaction

Description: The fact_asset_scan_service fact table provides the services detected during a scan of an asset. If an asset had no services enumerated in a scan there will be no records in this fact.

Columns

Column

Data Type

Nullable

Description

Associated Dimension

asset_id

bigint

No

The identifier of the asset.

dim_asset

scan_id

bigint

No

The identifier of the scan.

dim_scan

date

timestamp without time zone

No

The date and time at which the service was enumerated.

service_id

integer

No

The identifier of the service.

dim_service

protocol_id

smallint

No

The identifier of the protocol the service was utilizing.

dim_protocol

port

integer

No

The port the service was running on.

service_fingerprint_id

bigint

No

The identifier of the fingerprint of the service describing the configuration of the service.

dim_service_fingerprint

credential_status_id

smallint

No

The result of the user-provided credentials per asset per scan per service. Services for which credential status is assessed are: SNMP, SSH, Telnet and CIFS.

dim_credential_status

Dimensional model

fact_asset_scan_vulnerability_finding

Added in version 1.1.0

Level of Grain: A vulnerability finding on an asset in a scan.

Fact Type: transaction

Description: This fact tables provides an accumulating snapshot for all vulnerability findings on an asset in every scan of the asset. This table will display a record for each unique vulnerability discovered on each asset in the every scan of the asset. If multiple occurrences of the same vulnerability are found on the asset, they will be rolled up into a single row with a vulnerability_instances count greater than one. Only vulnerabilities with no active exceptions applies will be displayed.

Dimensional model

fact_asset_scan_vulnerability_instance

added in version 1.1.0

Level of Grain: A vulnerability instance on an asset in a scan.

Fact Type: transaction

Description: The > fact_asset_scan_vulnerability_instance fact table provides the details of a vulnerability instance discovered during a scan of an asset. Only vulnerability instances found to be vulnerable and with no exceptions actively applied will be present within the fact table. A vulnerability instance is a unique vulnerability result found discovered on the asset. If the multiple occurrences of the same vulnerability are found on the asset, one row will be present for each instance.

Columns

Column

Data Type

Nullable

Description

Associated Dimension

asset_id

bigint

No

The identifier of the asset

dim_asset

scan_id

bigint

No

The identifier of the scan.

dim_scan

vulnerability_id

integer

No

The identifier of the vulnerability the finding is for.

dim_vulnerability

date

timestamp without time zone

No

The date and time at which the vulnerability finding was detected. This time is the time at which the asset completed scanning during the scan.

status_id

character(1)

No

The identifier of the status of the vulnerability finding that indicates the level of confidence of the finding.

dim_vulnerability_status

proof

text

No

The proof indicating the reason that the vulnerability exists. The proof is exposed in formatting markup that can be striped using the function proofAsText

key

text

Yes

The secondary identifier of the vulnerability finding that discriminates the result from similar results of the same vulnerability on the same asset. This value is optional and will be null when a vulnerability does not need a secondary discriminator.

service_id

integer

No

The service the vulnerability was discovered on, or -1 if the vulnerability is not associated with a service.

dim_service

port

integer

No

The port on which the vulnerable service was running, or -1 if the vulnerability is not associated with a service

protocol_id

integer

No

The protocol the vulnerable service was running, or -1 if the vulnerability is not associated with a service.

dim_protocol

Dimensional model

fact_asset_scan_vulnerability_instance_excluded

added in version 1.1.0

Level of Grain: A vulnerability instance on an asset in a scan with an active vulnerability exception applied.

Fact Type: transaction

Description: The fact_asset_scan_vulnerability_instance_excluded fact table provides the details of a vulnerability instance discovered during a scan of an asset with an exception applied. Only vulnerability instances found to be vulnerable and with exceptions actively applied will be present within the fact table. If the multiple occurrences of the same vulnerability are found on the asset, one row will be present for each instance.

Columns

Column

Data Type

Nullable

Description

Associated Dimension

asset_id

bigint

No

The identifier of the asset.

dim_asset

scan_id

bigint

No

The identifier of the scan.

dim_scan

vulnerability_id

integer

No

The identifier of the vulnerability.

dim_vulnerability

date

timestamp without time zone

No

The date and time at which the vulnerability finding was detected. This time is the time at which the asset completed scanning during the scan.

status_id

character(1)

No

The identifier of the status of the vulnerability finding that indicates the level of confidence of the finding.

dim_vulnerability_status

proof

text

No

The proof indicating the reason that the vulnerability exists. The proof is exposed in formatting markup that can be striped using the function
proofAsText

key

text

Yes

The secondary identifier of the vulnerability finding that discriminates the result from similar results of the same vulnerability on the same asset. This value is optional and will be null when a vulnerability does not need a secondary discriminator.

service_id

integer

No

The service the vulnerability was discovered on, or -1 if the vulnerability is not associated with a service.

dim_service

port

integer

No

The port on which the vulnerable service was running, or -1 if the vulnerability is not associated with a service.

protocol_id

integer

No

The protocol the vulnerable service was running, or -1 if the vulnerability is not associated with a service.

dim_protocol

Dimensional model

fact_asset_vulnerability_age

Added in version 1.2.0

Level of Grain: A vulnerability on an asset.

Fact Type: accumulating snapshot

Description: This fact table provides an accumulating snapshot for vulnerability age and occurrence information on an asset. For every vulnerability to which an asset is currently vulnerable, there will be one fact record. The record indicates when the vulnerability was first found, last found, and its current age. The age is computed as the difference between the time the vulnerability was first discovered on the asset, and the current time. If the vulnerability was temporarily remediated, but rediscovered, the age will be from the first discovery time. If a vulnerability was found on a service, remediated and discovered on another service, the age is still computed as the first time the vulnerability was found on any service on the asset.

Columns

Column

Data Type

Nullable

Desription

Associated Dimension

asset_id

bigint

No

The unique identifier of the asset.

dim_asset

vulnerability_id

integer

No

The unique identifier of the vulnerability.

dim_vulnerability

age

interval

No

The age of the vulnerability on the asset, in the interval format.

age_in_days

numeric

No

The age of the vulnerability on the asset, specified in days.

first_discovered

timestamp without timezone

No

The date on which the vulnerability was first discovered on the asset.

most_recently_discovered

timestamp without timezone

No

The date on which the vulnerability was most recently discovered on the asset.

fact_asset_vulnerability_finding

Added in version 1.2.0

Level of Grain: A vulnerability finding on an asset.

Fact Type: accumulating snapshot

Description: This fact tables provides an accumulating snapshot for all current vulnerability findings on an asset. This table will display a record for each unique vulnerability discovered on each asset in the most recent scan of the asset. If multiple occurrences of the same vulnerability are found on the asset, they will be rolled up into a single row with a vulnerability_instances count greater than one. Only vulnerabilities with no active exceptions applies will be displayed.

Columns

Column

Data Type

Nullable

Description

Associated Dimension

asset_id

bigint

No

The identifier of the asset.

dim_asset

scan_id

bigint

No

The identifier of the last scan for the asset in which the vulnerability was detected.

dim_scan

vulnerability_id

integer

No

The identifier of the vulnerability.

dim_vulnerability

vulnerability_instances

bigint

No

The number of occurrences of the vulnerability detected on the asset, guaranteed to be greater than or equal to one.

vulnerability_instances

bigint

No

The number of occurrences of the vulnerability detected on the asset, guaranteed to be greater than or equal to one.

Dimensional model

fact_asset_vulnerability_instance

Level of Grain: A vulnerability instance on an asset.

Fact Type: accumulating snapshot

Description: This table provides an accumulating snapshot for all current vulnerability instances on an asset. Only vulnerability instance found to be vulnerable and with no exceptions actively applied will be present within the fact table. If the multiple occurrences of the same vulnerability are found on the asset, a row will be present for each instance.

Columns

Column

Data Type

Nullable

Description

Associated Dimension

asset_id

bigint

No

The identifier of the asset.

dim_asset

scan_id

bigint

No

The identifier of the scan the vulnerability instance was found in.

dim_scan

vulnerability_id

integer

No

The identifier of the vulnerability.

dim_vulnerability

vulnerability_exception_id

integer

Yes

The unique identifier of a vulnerability exception that is pending for the vulnerability instance. If a vulnerability instance has no pending exceptions, this value will be null. If multiple pending exceptions apply to the vulnerability at different levels of scope, the identifier of the exception at the lowest (most fine-grained) level is returned.

dim_vulnerability_exception

vulnerability_exception_ids

text

Yes

The unique identifiers of all vulnerability exceptions that are pending for the vulnerability instance. If a vulnerability instance has no pending exceptions, this value will be null. If multiple pending exceptions apply to the vulnerability at different levels of scope, then the the identifier of all exceptions will be returned in a comma-separated value string.

dim_vulnerability_exception

date

timestamp without time zone

No

The date and time at which the vulnerability finding was detected. This time is the time at which the asset completed scanning during the scan.

status_id

character(1)

No

The identifier of the status of the vulnerability finding that indicates the level of confidence of the finding.

dim_vulnerability_status

proof

text

No

The proof indicating the reason that the vulnerability exists. The proof is exposed in formatting markup that can be striped using the function proofAsText

key

text

Yes

The secondary identifier of the vulnerability finding that discriminates the result from similar results of the same vulnerability on the same asset. This value is optional and will be null when a vulnerability does not need a secondary discriminator.

service_id

integer

No

The service the vulnerability was discovered on, or -1 if the vulnerability is not associated with a service.

dim_service

port

integer

No

The port on which the vulnerable service was running, or -1 if the vulnerability is not associated with a service.

protocol_id

integer

No

The protocol the vulnerable service was running, or -1 if the vulnerability is not associated with a service.

dim_protocol

Dimensional model

fact_asset_vulnerability_instance_excluded

Level of Grain: A vulnerability instance on an asset with an active vulnerability exception applied.

Fact Type: accumulating snapshot

Description: The fact_asset_vunerability_instance_excluded fact table provides an accumulating snapshot for all current vulnerability instances on an asset. If the multiple occurrences of the same vulnerability are found on the asset, a row will be present for each instance.

Columns

Column

Data Type

Nullable

Description

Associated Dimension

asset_id

bigint

No

The identifier of the asset.

dim_asset

vulnerability_id

integer

No

The identifier of the vulnerability.

dim_vulnerability

date_tested

timestamp without time zone

No

The date and time at which the vulnerability finding was detected. This time is the time at which the asset completed scanning during the scan.

status_id

character(1)

No

The identifier of the status of the vulnerability finding that indicates the level of confidence of the finding.

dim_vulnerability_status

proof

text

No

The proof indicating the reason that the vulnerability exists. The proof is exposed in formatting markup that can be striped using the function proofAsText

key

text

Yes

The secondary identifier of the vulnerability finding that discriminates the result from similar results of the same vulnerability on the same asset. This value is optional and will be null when a vulnerability does not need a secondary discriminator.

service_id

integer

No

The service the vulnerability was discovered on, or -1 if the vulnerability is not associated with a service.

dim_service

port

integer

No

The port on which the vulnerable service was running, or -1 if the vulnerability is not associated with a service.

protocol_id

integer

No

The protocol the vulnerable service was running, or -1 if the vulnerability is not associated with a service.

dim_protocol

Dimensional model

fact_pci_asset_scan_service_finding

added in version 1.3.2

Level of Grain: A service finding on an asset in a scan.

Fact Type: Transaction

Description: The fact_pci_asset_scan_service_finding table is the transaction fact for a service finding on an asset for a scan. This fact provides a record for each service on every asset within the scope of the report for every scan it was included in. The level of grain is a unique service finding. If no services were found on an asset in a scan, it will have no records in this fact table. For PCI purposes, each service finding is mapped to a vulnerability. Services for which a version was fingerprinted are mapped to an additional vulnerability.

Columns

Column

Data Type

Nullable

Description

Associated Dimension

asset_id

bigint

No

The unique identifier of the asset.

dim_asset

scan_id

bigint

No

The unique identifier of the scan the service finding was found in.

dim_scan

service_id

integer

No

The identifier of the definition of the service.

dim_service

vulnerability_id

integer

No

The unique identifier of the vulnerability.

dim_vulnerability

protocol_id

smallint

No

The identifier of the protocol the service was utilizing.

dim_protocol

port

integer

No

The port the service was running on.

fact_pci_asset_service_finding

added in version 1.3.2

Level of Grain: A service finding on an asset from the latest scan of the asset.

Fact Type: Accumulating snapshot

Description: The fact_pci_asset_service_finding fact table provides an accumulating snapshot fact for all service findings on an asset for the latest scan of every asset. The level of grain is a unique service finding. If no services were found on an asset in a scan, it will have no records in this fact table. For PCI purposes, each service finding is mapped to a vulnerability. Services for which a version was fingerprinted are mapped to an additional vulnerability.

Columns

Column

Data Type

Nullable

Description

Associated Dimension

asset_id

bigint

No

The unique identifier of the asset.

dim_asset

scan_id

bigint

No

The unique identifier of the scan the service finding was found in.

dim_scan

service_id

integer

No

The identifier of the definition of the service.

dim_service

vulnerability_id

integer

No

The unique identifier of the vulnerability.

dim_vulnerability

protocol_id

smallint

No

The identifier of the protocol the service was utilizing.

dim_protocol

port

integer

No

The port the service was running on.

fact_pci_asset_special_note

added in version 1.3.2

Level of Grain: A note finding on a vulnerability or service on an asset (plus port and protocol, if applicable) from the latest scan of the asset.

Fact Type: Accumulating snapshot

Description: The fact_pci_asset_special_note fact table provides an accumulating snapshot fact for all vulnerability or service findings with applied special notes on an asset for the latest scan of every asset. The level of grain is a unique vulnerability or service finding, determined by asset, port and protocol.

Columns

Column

Data Type

Nullable

Description

Associated Dimension

asset_id

bigint

No

The unique identifier of the asset.

dim_asset

scan_id

bigint

No

The unique identifier of the scan.

dim_scan

service_id

integer

No

The identifier of the definition of the service.

dim_service

protocol_id

smallint

No

The identifier of the protocol the service was utilizing.

dim_protocol

port

integer

No

The port the service was running on.

pci_note_id

integer

No

The unique identifier of the pci special note applied to the vulnerability or service finding.

dim_pci_note

items_noted

text

No

A list of distinct identifiers for findings on a given asset, port, and protocol.

fact_policy

added in version 1.2.0

Level of Grain: A summary of findings related to a policy.

Fact Type: accumulating snapshot

Description: This table provides a summary for the results of the most recent policy scan for assets within the scope of the report. For each policy, only assets that are subject to that policy's rules and that have a result in the most recent scan with no overrides are counted.

Columns

As of version 1.3.0, a separate value has been created for not_applicable_assets and is no longer included in compliant_assets.

Column

Data Type

Nullable

Description

Associated Dimension

policy_id

bigint

No

The identifier of the policy.

dim_policy

scope

text

No

The identifier for scope of policy. Policies that are automatically available have "Built-in" scope, whereas policies created by users have scope as "Custom".

rule_compliance

numeric

No

The ratio of policy rule test result that are compliant or not applicable to the total number of rule test results.

total_assets

bigint

No

The number of assets within the scope of the report that were tested for the policy.

compliant_assets

bigint

No

The number of assets that did not fail but passed at least a rule within the policy in the last test.

non_compliant_assets

bigint

No

The number of assets that failed at least one rule within the policy in the last test.

not_applicable_assets

bigint

No

The number of assets that neither passed nor failed at least a rule within the policy in the last test.

asset_compliance

numeric

No

The ratio of assets that are compliant with the policy to the total number of assets that were tested for the policy.

Dimensional model

fact_policy_group

added in version 1.3.0

Level of Grain: A summary of findings related to a policy group.

Fact Type: accumulating snapshot

Description: This table provides a summary for the group rules's results of the most recent policy scan for assets within the scope of the report. All rules that are directly or indirectly descend from it and are counted.

Columns

Column

Data Type

Nullable

Description

Associated Dimension

scope

text

No

The identifier for scope of policy. Policies that are automatically available have "Built-in" scope, whereas policies created by users have scope as "Custom".

policy_id

bigint

No

The identifier of the policy.

dim_policy

group_id

bigint

No

The identifier of the policy group.

dim_policy_group

non_compliant_rules

integer

No

The number of rules that doesn't have 100% asset compliance (taking into account policy rule overrides.)

compliant_rules

integer

No

The number of rules that have 100% asset compliance (taking into account policy rule overrides.)

rule_compliance

numeric

True

The ratio of rule test result that are compliant or not applicable to the total number of rule test results within the policy group. If the group has no rule or no testable rules (rule with no check, hence no result exists), this will have a null value.

Dimensional model

fact_policy_rule

added in version 1.3.0

Level of Grain: A summary of findings related to a policy rule.

Fact Type: accumulating snapshot

Description: This table provides a summary for the rule results of the most recent policy scan for assets within the scope of the report. For each rule, only assets that are subject to that rule and that have a result in the most recent scan are counted.

Columns

Column

Data Type

Nullable

Description

Associated Dimension

scope

text

No

The identifier for scope of policy. Policies that are automatically available have "Built-in" scope, whereas policies created by users have scope as "Custom".

policy_id

bigint

No

The identifier of the policy.

dim_policy

rule_id

bigint

No

The identifier of the policy rule.

dim_policy_rule

compliant_assets

integer

No

The number of assets that are compliant with the rule (taking into account policy rule overrides.)

noncompliant_assets

integer

No

The number of assets that are not compliant with the rule (taking into account policy rule overrides.)

not_applicable_asset

integer

No

The number of assets that are not applicable for the rule (taking into account policy rule overrides.)

asset_compliance

numeric

No

The ratio of assets that are compliant with the policy rule to the total number of assets that were tested for the policy rule.

Dimensional model

fact_remediation (count, sort_column)

added in version 1.1.0

Level of Grain: A solution with the highest level of supercedence and the effect applying that solution would have on the scope of the report.

Fact Type: accumulating snapshot

Description: A function which returns a result set of the top "count" solutions showing their impact as specified by the sorting criteria. The criteria can be used to find solutions that have a desirable impact on the scope of the report, and can be limited to a subset of all solutions. The aggregate effect of applying each solution is computed and returned for each record. Only the highest-level superceding solutions will be selected, in other words, only solutions which have no superceding solution.

Arguments

Column

Data Type

Description

count

integer

The number of solutions to limit the output of this function to. The sorting and aggregation are performed prior to the limit.

sort_column

text

The name and sort order of the column to sort results by. Any column within the fact can be used to sort the results prior to them being limited. Multiple columns can be sorted using a traditional SQL fragment (Example: 'assets DESC, exploits DESC').

Columns

Column

Data Type

Nullable

Description

Associated Dimension

solution_id

integer

No

The identifier of the solution.

assets

bigint

No

The number of assets that require the solution to be applied. If the solution applies to a vulnerability not detected on any asset, the value may be zero.

vulnerabilities

numeric

No

The total number of vulnerabilities that would be remediated.

critical_vulnerabilities

numeric

No

The total number of critical vulnerabilities that would be remediated.

severe_vulnerabilities

numeric

No

The total number of severe vulnerabilities that would be remediated.

moderate_vulnerabilities

numeric

No

The total number of moderate vulnerabilities that would be remediated.

malware_kits

integer

No

The total number of malware kits that would no longer be used to exploit vulnerabilities if the solution were applied.

exploits

integer

No

The total number of exploits that could no longer be used to exploit vulnerabilities if the solution were applied.

vulnerabilities_with_malware_kit

integer

No

The total number of vulnerabilities with a known malware kit that would remediated by the solution.

vulnerabilities_with_exploit

integer

No

The total number of vulnerabilities with a published exploit module that would remediated by the solution.

vulnerability_instances

numeric

No

The total number of occurrences of any vulnerabilities that are remediated by the solution.

riskscore

double precision

No

The risk score that is reduced by performing the remediation.

pci_status

text

No

The PCI compliance status; either Pass or Fail.

Dimensional model

fact_remediation_impact (count, sort_column)

added in version 1.1.0

Level of Grain: A solution with the highest level of supercedence and the affect applying that solution would have on the scope of the report.

Fact Type: accumulating snapshot

Description: Fact that provides a summarization of the impact that applying a subset of all remediations would have on the scope of the report. The criteria can be used to find solutions that have a desirable impact on the scope of the report, and can be limited to a subset of all solutions. The aggregate effect of applying all solutions is computed and returned as a single record. This fact will be guaranteed to return one and only one record.

Arguments

Column

Data Type

Description

count

integer

The number of solutions to determine the impact for. The sorting and aggregation are performed prior to the limit.

sort_column

text

The name and sort order of the column to sort results by. Any column within the fact can be used to sort the results prior to them being limited. Multiple columns can be sorted using a traditional SQL fragment (Example: 'assets DESC, exploits DESC').

Columns

Column

Data Type

Nullable

Description

Associated Dimension

solutions

integer

No

The number of solutions selected and for which the remediation impact is being summarized (will be less than or equal to count).

assets

bigint

No

The total number of assets that require a remediation to be applied.

vulnerabilities

bigint

No

The total number of vulnerabilities that would be remediated.

critical_vulnerabilities

bigint

No

The total number of critical vulnerabilities that would be remediated.

severe_vulnerabilities

bigint

No

The total number of severe vulnerabilities that would be remediated.

moderate_vulnerabilities

bigint

No

The total number of moderate vulnerabilities that would be remediated.

malware_kits

integer

No

The total number of malware kits that would no longer be used to exploit vulnerabilities if all selected remediations were applied.

exploits

integer

No

The total number of exploits that would no longer be used to exploit vulnerabilities if all selected remediations were applied.

vulnerabilities_with_malware_kit

integer

No

The number of vulnerabilities with a known malware kit that would be remediated.

vulnerabilities_with_exploit

integer

No

The number of vulnerabilities with a known exploit that would be remediated.

vulnerability_instances

bigint

No

The total number of occurrences of any vulnerabilities that are remediated by any remediation selected.

riskscore

double precision

No

The risk score that is reduced by performing all the selected remediations.

pci_status

text

No

The PCI compliance status; either Pass or Fail.

Dimensional model

fact_scan

Level of Grain: A summary of the results of a scan.

Fact Type: accumulating snapshot

Description: The fact_scan fact provides the summarized information for every scan any asset within the scope of the report was scanned during. For each scan, there will be a record in this fact table with the summarized results.

Columns

Column

Data Type

Nullable

Description

Associated Dimension

scan_id

bigint

No

The identifier of the scan

dim_scan

assets

bigint

No

The number of assets that were scanned

vulnerabilities

bigint

No

The number of all vulnerabilities discovered in the scan.

critical_vulnerabilities

bigint

No

The number of all critical vulnerabilities discovered in the scan.

severe_vulnerabilities

bigint

No

The number of all severe vulnerabilities discovered in the scan.

moderate_vulnerabilities

bigint

No

The number of all moderate vulnerabilities discovered in the scan.

malware_kits

integer

No

The number of malware kits associated with vulnerabilities discovered in the scan.

exploits

integer

No

The number of exploits associated with vulnerabilities discovered in the scan.

vulnerabilities_with_malware_kit

integer

No

The number of vulnerabilities with a malware kit discovered in the scan.

vulnerabilities_with_exploit

integer

No

The number of vulnerabilities with an exploit discovered in the scan.

vulnerability_instances

bigint

No

The number of vulnerability instances discovered during the scan.

riskscore

double precision

No

The risk score for the scan results

pci_status

text

No

The PCI compliance status; either Pass or Fail.

Dimensional model

fact_site

Level of Grain: A summary of the current state of a site.

Fact Type: accumulating snapshot

Description: The fact_site table provides a summary record at the level of grain for every site that any asset in the scope of the report belongs to. For each site, there will be a record in this fact table with the summarized results, taking into account any vulnerability filters specified in the report configuration. The summary of each site will display the accumulated information for the most recent scan of each asset, not just the most recent scan of the site.

Columns

Column

Data Type

Nullable

Description

Associated Dimension

site_id

bigint

No

The identifier of the site.

dim_site

assets

bigint

No

The total number of assets in the site.

last_scan_id

bigint

No

The identifier of the most recent scan for the site.

vulnerabilities

bigint

No

The number of vulnerabilities discovered on assets in the site.

critical_vulnerabilities

bigint

No

The number of critical vulnerabilities discovered on assets in the site.

severe_vulnerabilities

bigint

No

The number of severe vulnerabilities discovered on assets in the site.

moderate_vulnerabilities

bigint

No

The number of moderate vulnerabilities discovered on assets in the site.

malware_kits

integer

No

The number malware kits associated with vulnerabilities discovered on assets in the site.

exploits

integer

No

The number exploits associated with vulnerabilities discovered on assets in the site.

vulnerabilities_with_malware_kit

integer

No

The number of vulnerabilities with a malware kit discovered on assets in the site.

vulnerabilities_with_exploit

integer

No

The number of vulnerabilities with an exploit kit discovered on assets in the site.

vulnerability_instances

bigint

No

The number of vulnerability instances discovered on assets in the site.

riskscore

double precision

No

The risk score of the site.

pci_status

text

No

The PCI compliance status; either Pass or Fail.

Dimensional model

fact_site_date (startDate, endDate, dateInterval)

Added in version 1.1.0

Level of Grain: A site and its summary information on a specific date.

Fact Type: periodic snapshot

Description: This fact table provides a periodic snapshot for summarized values on a site by date. The fact table takes three dynamic arguments, which refine what data is returned. Starting from startDate and ending on endDate, a summarized value for each site in the scope of the report will be returned for every dateInterval period of time. This will allow trending on site information by a customizable interval of time. In terms of a chart, startDate represents the lowest value in the range, the endDate the largest value in the range, and the dateInterval is the separation of the ticks of the range axis. If a site did not exist prior to a summarization date, it will have no record for that date value. The summarized values of a site represent the state of the site in the most recent scans prior to the date being summarized; therefore, if a site has not been scanned before the next summary interval, the values for the site will remain the same.

For example, fact_site_date(‘2013-01-01’, ‘2014-01-01’, INTERVAL ‘1 month’) will return a row for each site for every month in the year 2013.

Arguments

Column

Data Type

Description

startDate

date

The first date to return summarizations for.

endDate

date

The last date to return summarizations for.

dateInterval

interval

The interval between the start and end date to return summarizations for.

Columns

Column

Data Type

Nullable

Description

Associated Dimension

site_id

bigint

No

The identifier of the site.

dim_site

assets

bigint

No

The total number of assets in the site.

last_scan_id

bigint

No

The identifier of the most recent scan for the site.

vulnerabilities

bigint

No

The number of vulnerabilities discovered on assets in the site.

critical_vulnerabilities

bigint

No

The number of critical vulnerabilities discovered on assets in the site.

severe_vulnerabilities

bigint

No

The number of severe vulnerabilities discovered on assets in the site.

moderate_vulnerabilities

bigint

No

The number of moderate vulnerabilities discovered on assets in the site.

malware_kits

integer

No

The number malware kits associated with vulnerabilities discovered on assets in the site.

exploits

integer

No

The number exploits associated with vulnerabilities discovered on assets in the site.

vulnerabilities_with_malware_kit

integer

No

The number of vulnerabilities with a malware kit discovered on assets in the site.

vulnerabilities_with_exploit

integer

No

The number of vulnerabilities with an exploit kit discovered on assets in the site.

vulnerability_instances

bigint

No

The number of vulnerability instances discovered on assets in the site.

riskscore

double precision

No

The risk score of the site.

pci_status

text

No

The PCI compliance status; either Pass or Fail.

day

date

No

The date of the summarization of the asset

Dimensional model

fact_site_policy_date

added in version 1.3.0

Type: Periodic snapshot

Description: This fact table provides a periodic snapshot for summarized policy values on site by date. The fact table takes three dynamic arguments, which refine what data is returned. Starting from startDate and ending on endDate, the summarized policy value for each site in the scope of the report will be returned for every dateInterval period of time. This will allow trending on site information by a customizable interval of time. In terms of a chart, startDate represents the lowest value in the range, the endDate the largest value in the range, and the dateInterval is the separation of the ticks of the range axis. If a site did not exist prior to a summarization date, it will have no record for that date value. The summarized policy values of a site represent the state of the site prior to the date being summarized; therefore, if the site has not been scanned before the next summary interval, the values for the site will remain the same.

Arguments

Column

Data Type

Nullable

Description

startDate

date

No

The first date to return summarizations for.

endDate

date

No

The end of the period where the scan results of an asset will be returned. If it is later the the current date, it will be replaced by the later.

dateInterval

interva

No

The interval between the start and end date to return summarizations for.

Columns

Column

Data Type

Nullable

Description

Associated Dimension

site_id

bigint

Yes

The unique identifier of the site.

dim_site

day

date

No

The date when the summarized policy scan results snapshot is taken.

policy_id

bigint

Yes

The unique identifier of the policy within a scope.

dim_site

scope

text

Yes

The identifier for scope of policy. Policies that are automatically available have "Built-in" scope, whereas policies created by users have scope as "Custom".

assets

integer

Yes

The total number of assets that are in the scope of the report and associated to the asset group.

compliant_assets

integer

Yes

The number of assets associated to the asset group that have not failed any while passed at least one policy rule test.

noncompliant_assets

integer

Yes

The number of assets associated to the asset group that have failed at least one policy rule test.

not_applicable_assets

integer

Yes

The number of assets associated to the asset group that have neither failed nor passed at least one policy rule test.

rule_compliance

numeric

Yes

The ratio of policy rule test result that are compliant or not applicable to the total number of rule test results.

fact_tag

added in version 1.2.0

Level of Grain: The current summary information for a tag.

Fact Type: Accumulating snapshot

Description: The fact_tag table provides an accumulating snapshot fact for the summary information of a tag. The summary information provided is based on the most recent scan of every asset associated with the tag. If a tag has no accessible assets, there will be a fact record with zero counts. Only tags associated with assets, sites, or asset groups in the scope of the report will be present in this fact.

Columns

Column

Data Type

Nullable

Description

Associated Dimension

tag_id

integer

No

The unique identifier of the tag.

dim_tag

assets

bigint

No

The total number of accessible assets associated with the tag. If the tag has no accessible assets in the current scope or membership, this value can be zero.

vulnerabilities

bigint

No

The sum of the count of vulnerabilities on each asset. This value is equal to the sum of the critical_vulnerabilities, severe_vulnerabilities, and moderate_vulnerabilities columns.

critical_vulnerabilities

bigint

No

The sum of the count of critical vulnerabilities on each asset.

severe_vulnerabilities

bigint

No

The sum of the count of severe vulnerabilities on each asset.

moderate_vulnerabilities

bigint

No

The sum of the count of moderate vulnerabilities on each asset.

malware_kits

integer

No

The sum of the count of malware kits on each asset.

exploits

integer

No

The sum of the count of exploits on each asset.

vulnerabilities_with_malware_kit

integer

No

The sum of the count of vulnerabilities with malware kits on each asset.

vulnerabilities_with_exploit

integer

No

The sum of the count of vulnerabilities with exploits on each asset.

vulnerability_instances

bigint

No

The sum of the vulnerability instances on each asset.

riskscore

double precision

No

The sum of the risk score on each asset.

pci_status

text

No

The PCI compliance status; either Pass or Fail of the assets that have the tag.

fact_tag_date

added in version 1.2.1

Type: Periodic snapshot

Description: The fact_tag_date table provides a periodic snapshot fact for summarized scan results for a tag over time. Each fact record represents the summary information for a tag in a scan in which the assets associated with that tag were fully and successfully scanned in that day or in the closest prior day.

This function takes a start date, end date and interval as arguments. If the end date is after the current date, then it will be replaced by the current date. Snapshots will be generated from the start date to the end date based on the interval value. If on a certain day no scan data can be found, a record for that day for all fields, except for the day and assets field, will have a null value.

Arguments

Column

Data Type

Nullable

Description

startDate

date

No

The first date to return summarizations for.

endDate

date

No

The end of the period where the scan results of a tag will be returned. If it is later than the current date, it will be replaced by the current date.

dateInterval

interval

No

The interval between the start and end date to return summarizations for.

Columns

Column

Data Type

Nullable

Description

Associated Dimension

tag_id

bigint

Yes

The unique identifier of the tag.

dim_tag

day

date

No

The date the summary tag results are for.

assets

bigint

No

The total number of assets that are in the scope of the report and associated with the tag. If the tag has no assets in the current scope or membership, this value can be zero.

vulnerabilities

bigint

No

The sum of the counts of vulnerabilities associated with the tag. This value is equal to the sum of the critical_vulnerabilities, severe_vulnerabilities, and moderate_vulnerabilities columns.

critical_vulnerabilities

bigint

No

The sum of the counts of critical vulnerabilities associated with the tag.

severe_vulnerabilities

bigint

No

The sum of the counts of severe vulnerabilities associated with the tag.

moderate_vulnerabilities

bigint

No

The sum of the counts of moderate vulnerabilities associated with the tag.

malware_kits

integer

No

The sum of the counts of malware kits associated with the tag.

exploits

integer

No

The sum of the counts of exploits associated with the tag.

vulnerabilities_with_malware_kit

integer

No

The sum of the counts of vulnerabilities with malware kits associated with the tag.

vulnerabilities_with_exploit

integer

No

The sum of the counts of vulnerabilities with exploits associated with the tag.

vulnerability_instances

bigint

No

The sum of the instances of vulnerabilities associated with the tag.

riskscore

double precision

No

The sum of the risk scores associated with the tag.

pci_status

text

No

The compliance level ('Pass' or 'Fail') of the tag according to PCI standards.

fact_tag_policy_date

added in version 1.3.0

Type: Periodic snapshot

Description: The fact_tag_policy_date table provides an accumulating snapshot fact for summarized policy information of a tag. The summarized policy information provided is based on the most recent scan of every asset associated with the tag. If a tag has no accessible assets, there will be a fact record with zero counts. Only tags associated with assets, sites, or asset groups in the scope of the report will be present in this fact.

Arguments

Column

Data Type

Nullable

Description

startDate

date

No

The first date to return summarizations for.

endDate

date

No

The end of the period where the scan results of an asset will be returned. If it is later the the current date, it will be replaced by the later.

dateInterval

interval

No

The interval between the start and end date to return summarizations for.

Columns

Column

Data Type

Nullable

Description

Associated Dimension

tag_id

bigint

Yes

The unique identifier of the tag.

dim_tag

day

date

No

The date which the summarized policy scan results snapshot is taken.

policy_id

bigint

Yes

The unique identifier of the policy within a scope.

dim_policy

scope

text

Yes

The identifier for scope of policy. Policies that are automatically available have "Built-in" scope, whereas policies created by users have scope as "Custom".

assets

integer

Yes

The total number of assets that are in the scope of the report and associated to the asset group.

compliant_assets

integer

Yes

The number of assets associated to the asset group that have not failed any while passed at least one policy rule test.

noncompliant_assets

integer

Yes

The number of assets associated to the asset group that have failed at least one policy rule test.

not_applicable_assets

integer

Yes

The number of assets associated to the asset group that have neither failed nor passed at least one policy rule test.

rule_compliance

numeric

Yes

The ratio of PASS or NOT APPLICABLE results for the rules to the total number rule results.

fact_vulnerability

added in version 1.1.0

Level of Grain: A summary of findings of a vulnerability.

Fact Type: accumulating snapshot

Description: The fact_vulnerability table provides a summarized record for each vulnerability within the scope of the report. For each vulnerability, the count of assets subject to the vulnerability is measured. Only assets with a finding in their most recent scan with no exception applied are included in the totals.

Columns

Column

Data Type

Nullable

Description

Associated Dimension

vulnerability_id

integer

No

The identifier of the vulnerability

dim_vulnerability

affected_assets

bigint

No

The number of assets that have the vulnerability. This count may be zero if no assets are vulnerable.

vulnerability_instances

bigint

No

The number of instances or occurrences of the vulnerability across all assets.

most_recently_discovered

timestamp without time zone

No

The most recent date and time at which any asset within the scope of the report was discovered to be vulnerable to the vulnerability.

Dimensional model