Weakness
A security weakness identified by a Common Weakness Enumeration (CWE) identifier.
Weakness properties
| Property | Type | Description | Specifications |
|---|---|---|---|
cweId * | string | null | The Common Weakness Enumeration (CWE) identifier of the weakness as a string formatted exactly as CWE-NNN, where NNN is one or more digits. This field must contain only the CWE ID with no additional text or context. For example, CWE-117 is valid, but 'cwe-117: FeedbackSubmit.java (Line: 142)' is invalid. | |
open * | boolean | Indicates whether the CWE weakness is currently open (unresolved) against the entity. This boolean field is true when the weakness is active and false when it is resolved or no longer applicable. If the open status is not provided, it defaults to true. | default: true |
category | string | The category of the vulnerability finding Examples: application, system, infrastructure, other | |
exploitability | string | Indicates the likelihood of exploit. | |
references | array of strings | The array of links to references. |
Inherited properties
| Property | Type | Description | Specifications |
|---|---|---|---|
_class * | string | array of strings | One or more classes conforming to a standard, abstract security data model. For example, an EC2 instance will have '_class':'Host'. | |
_key * | string | An identifier unique within the scope containing the object. For example, for a Bitbucket repo, this will be the GUID of the repo as assigned by Bitbucket. For an IAM Role, this will be the ARN of the role. | minLength: 10 |
_type * | string | The type of object, typically reflecting the vendor and resource type. For example, 'aws_iam_user'. In some cases, a system knows about a type of entity that other systems know about, such as 'user_endpoint' or 'cve'. | minLength: 3 |
displayName * | string | Display name, e.g. a person's preferred name or an AWS account alias | |
name * | string | Name of this entity | |
approved | boolean | If this is record has been reviewed and approved. | |
approvedOn | number | The timestamp (in milliseconds since epoch) when this record was approved. | Format: date-time |
approvers | array of strings | The list of approvers on the record. | |
classification | string | The sensitivity of the data; should match company data classification scheme. For example: critical - confidential - internal - public. Examples: critical, confidential, internal, public | |
content | string | Text content of the record/documentation | |
createdOn | number | The timestamp (in milliseconds since epoch) when the entity was created at the source. This is different than _createdOn which is the timestamp the entity was first ingested into JupiterOne. | Format: date-time |
description | string | An extended description of this entity. | |
exception | boolean | Indicates if this record has an applied exception. For example, exception for a known finding or a PR that is not fully approved. | |
exceptionReason | string | Reason / description of the exception. | |
production | boolean | If this is a production record. For example, a production change management ticket would have this set to true, and have a category = change property. Another example would be a Vulnerability finding in production. | |
public | boolean | If this is a public record. Defaults to false. | default: false |
reportedOn | number | The timestamp (in milliseconds since epoch) when this record was reported/opened. In most cases, this would be the same as createdOn but occasionally a record can be created at a different time than when it was first reported. | Format: date-time |
reporter | string | The person or system that reported or created this record. | |
summary | string | A summary / short description of this entity. | |
updatedOn | number | The timestamp (in milliseconds since epoch) when the entity was last updated at the source. | Format: date-time |
webLink | string | Hyperlink to the location of this record, e.g. URL to a Jira issue | Format: uri |
Required properties
_key_class_typenamedisplayNameopencweId