Skip to main content

Problem

A problem identified from the analysis and correlation of assets and findings that is a notable issue worthy of action. It could be (or become) the cause, or potential cause, of one or more incidents or findings.

Inherited properties
PropertyTypeDescriptionSpecifications
_class *
string |
array of strings
One or more classes conforming to a standard, abstract security data model. For example, an EC2 instance will have '_class':'Host'.
_key *
stringAn identifier unique within the scope containing the object. For example, for a Bitbucket repo, this will be the GUID of the repo as assigned by Bitbucket. For an IAM Role, this will be the ARN of the role.minLength: 10
_type *
stringThe type of object, typically reflecting the vendor and resource type. For example, 'aws_iam_user'. In some cases, a system knows about a type of entity that other systems know about, such as 'user_endpoint' or 'cve'.minLength: 3
category *
string | array **** nullThe category of the finding.

Examples: data, application, host, network, endpoint, malware, event
displayName *
stringDisplay name, e.g. a person's preferred name or an AWS account alias
name *
stringName of this entity
numericSeverity *
number | nullSeverity rating based on impact and exploitability.

Examples: 1, 2, 3, 4, 5, 6, 7, 8, 9, 10
open *
boolean | nullIndicates if this is an open vulnerability.
severity *
string | nullSeverity rating based on impact and exploitability.

Examples: none, informational, low, medium, high, critical
approvedbooleanIf this is record has been reviewed and approved.
approvedOnnumberThe timestamp (in milliseconds since epoch) when this record was approved.
Format: date-time

approversarray of stringsThe list of approvers on the record.
assessmentstring | nullThe name/id of the assessment that produced this finding.
blocksProductionboolean | nullIndicates whether this vulnerability finding is a blocking issue. If true, it should block a production deploy. Defaults to false.
classificationstringThe sensitivity of the data; should match company data classification scheme. For example: critical - confidential - internal - public.

Examples: critical, confidential, internal, public
contentstringText content of the record/documentation
createdOnnumberThe timestamp (in milliseconds since epoch) when the entity was created at the source. This is different than _createdOn which is the timestamp the entity was first ingested into JupiterOne.
Format: date-time

descriptionstringAn extended description of this entity.
exceptionbooleanIndicates if this record has an applied exception. For example, exception for a known finding or a PR that is not fully approved.
exceptionReasonstringReason / description of the exception.
exploitabilitynumber | nullThe exploitability score/rating.
impactnumber | nullThe impact description or rating.
prioritystring | nullPriority level mapping to Severity rating. Can be a string such as 'critical', 'high', 'medium', 'low', 'info'. Or an integer usually between 0-5.
productionboolean | nullIndicates if this vulnerability is in production.
publicboolean | nullIndicates if this is a publicly disclosed vulnerability. If yes, this is usually a CVE and the 'webLink' should be set to 'https://nvd.nist.gov/vuln/detail/${CVE-Number}' or to a vendor URL. If not, it is most likely a custom application vulnerability.
recommendationstring | nullRecommendation on how to remediate/fix this finding.deprecated: true
recommendedActionsstring | nullRecommended remediation actions or steps to address a finding, vulnerability or weakness. This field supports markdown formatting for rich text content including links, code blocks, and structured lists. Markdown-formatted text describing remediation steps is preferred.
referencesarray | nullThe array of links to references.
remediationSLAinteger | nullThe number of days that the Vulnerability must be remediated within, based on SLA set by the organization's internal vulnerability management program policy. The actually due date is set by 'remediationDueOn' property on the IMPACTS relationship between the Vulnerability and its impacted resource entity.
reportedOnnumberThe timestamp (in milliseconds since epoch) when this record was reported/opened. In most cases, this would be the same as createdOn but occasionally a record can be created at a different time than when it was first reported.
Format: date-time

reporterstringThe person or system that reported or created this record.
scorenumber | nullThe overall vulnerability score, e.g. CVSSv3.
statusstring | nullStatus of the vulnerability
stepsToReproducearray | nullSteps to reproduce this finding.
summarystringA summary / short description of this entity.
targetDetailsarray | nullAdditional details about the targets. Can be a string or an array.
targetsarray | nullThe target listing of projects, applications, repos or systems this vulnerability impacts. Specifying either the project/repo name or the application URL here will auto-map this Vulnerability to the corresponding Project/CodeRepo/Application entity if a match is found.
updatedOnnumberThe timestamp (in milliseconds since epoch) when the entity was last updated at the source.
Format: date-time

validatedboolean | nullIndicates if this Vulnerability finding has been validated by the security team.
vectorstring | nullThe vulnerability attack vector. (e.g. a CVSSv3 vector looks like this - 'AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N')
webLinkstringHyperlink to the location of this record, e.g. URL to a Jira issue
Format: uri

Required properties
  • _key
  • _class
  • _type
  • name
  • displayName
  • category
  • severity
  • numericSeverity
  • open