Skip to content

Finding

The Finding object describes metadata related to a security finding generated by a security tool or system.

Attributes

Section titled “Attributes”

title

  • Type: string_t
  • Requirement: required

A title or a brief phrase summarizing the reported finding.

uid

  • Type: string_t
  • Requirement: required

The unique identifier of the reported finding.

created_time

  • Type: timestamp_t
  • Requirement: optional

The time when the finding was created.

created_time_dt

  • Type: datetime_t
  • Requirement: optional

The time when the finding was created.

desc

  • Type: string_t
  • Requirement: optional

The description of the reported finding.

first_seen_time

  • Type: timestamp_t
  • Requirement: optional

The time when the finding was first observed.

first_seen_time_dt

  • Type: datetime_t
  • Requirement: optional

The time when the finding was first observed.

last_seen_time

  • Type: timestamp_t
  • Requirement: optional

The time when the finding was most recently observed.

last_seen_time_dt

  • Type: datetime_t
  • Requirement: optional

The time when the finding was most recently observed.

modified_time

  • Type: timestamp_t
  • Requirement: optional

The time when the finding was last modified.

modified_time_dt

  • Type: datetime_t
  • Requirement: optional

The time when the finding was last modified.

product

  • Type: product
  • Requirement: optional

Details about the product that reported the finding.

product_uid

  • Type: string_t
  • Requirement: optional

The unique identifier of the product that reported the finding.

related_events

Describes events and/or other findings related to the finding as identified by the security product. Note that these events may or may not be in OCSF.

remediation

Describes the recommended remediation steps to address identified issue(s).

src_url

  • Type: url_t
  • Requirement: optional

The URL pointing to the source of the finding.

supporting_data

  • Type: json_t
  • Requirement: optional

Additional data supporting a finding as provided by security tool

types

  • Type: string_t
  • Requirement: optional

One or more types of the reported finding.

Used By

Section titled “Used By”