@x12i/memorix-retrieval 1.30.0 → 1.32.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (95) hide show
  1. package/catalox-seeds/inputs/entity-descriptors/assets.json +414 -21
  2. package/catalox-seeds/inputs/entity-descriptors/subnets.json +267 -9
  3. package/catalox-seeds/inputs/entity-descriptors/topology-zones.json +85 -0
  4. package/catalox-seeds/inputs/entity-descriptors/vulnerabilities-groups.json +264 -3
  5. package/catalox-seeds/inputs/entity-descriptors/vulnerabilities.json +410 -11
  6. package/catalox-seeds/inputs/item-descriptors/asset-detail-item.json +63 -15
  7. package/catalox-seeds/inputs/item-descriptors/subnet-detail-item.json +51 -17
  8. package/catalox-seeds/inputs/item-descriptors/vulnerabilities-group-detail-item.json +97 -0
  9. package/catalox-seeds/inputs/item-descriptors/vulnerability-detail-item.json +44 -39
  10. package/catalox-seeds/inputs/item-descriptors/vulnerability-observation-detail-item.json +42 -0
  11. package/catalox-seeds/inputs/list-descriptors/assets-exploitability-decisions-list.json +33 -0
  12. package/catalox-seeds/inputs/list-descriptors/assets-main-list.json +56 -4
  13. package/catalox-seeds/inputs/list-descriptors/assets-potential-impact-decisions-list.json +31 -0
  14. package/catalox-seeds/inputs/list-descriptors/subnets-main-list.json +107 -3
  15. package/catalox-seeds/inputs/list-descriptors/vulnerabilities-exploitability-analysis-list.json +29 -0
  16. package/catalox-seeds/inputs/list-descriptors/vulnerabilities-groups-main-list.json +98 -0
  17. package/catalox-seeds/inputs/list-descriptors/vulnerabilities-main-list.json +9 -1
  18. package/catalox-seeds/inputs/list-descriptors/vulnerabilities-observations-list.json +43 -0
  19. package/catalox-seeds/inputs/list-descriptors/vulnerabilities-triage-analysis-list.json +30 -0
  20. package/catalox-seeds/inputs/list-descriptors/vulnerable-assets-list.json +102 -0
  21. package/catalox-seeds/memorix-retrieval-descriptors.manifest.json +2803 -331
  22. package/dist/analysis/analyze-vulnerability-coverage.d.ts +101 -0
  23. package/dist/analysis/analyze-vulnerability-coverage.d.ts.map +1 -0
  24. package/dist/analysis/analyze-vulnerability-coverage.js +150 -0
  25. package/dist/analysis/analyze-vulnerability-coverage.js.map +1 -0
  26. package/dist/analysis/count-assets-with-vulnerabilities.d.ts +89 -0
  27. package/dist/analysis/count-assets-with-vulnerabilities.d.ts.map +1 -0
  28. package/dist/analysis/count-assets-with-vulnerabilities.js +143 -0
  29. package/dist/analysis/count-assets-with-vulnerabilities.js.map +1 -0
  30. package/dist/analysis/derive-subnet-ip.d.ts +18 -0
  31. package/dist/analysis/derive-subnet-ip.d.ts.map +1 -0
  32. package/dist/analysis/derive-subnet-ip.js +32 -0
  33. package/dist/analysis/derive-subnet-ip.js.map +1 -0
  34. package/dist/descriptors/content-type-labels.d.ts.map +1 -1
  35. package/dist/descriptors/content-type-labels.js +4 -5
  36. package/dist/descriptors/content-type-labels.js.map +1 -1
  37. package/dist/descriptors/descriptor-types.d.ts +86 -0
  38. package/dist/descriptors/descriptor-types.d.ts.map +1 -1
  39. package/dist/descriptors/validate-descriptor.d.ts +1 -0
  40. package/dist/descriptors/validate-descriptor.d.ts.map +1 -1
  41. package/dist/descriptors/validate-descriptor.js +27 -0
  42. package/dist/descriptors/validate-descriptor.js.map +1 -1
  43. package/dist/explorer/collection-records.d.ts.map +1 -1
  44. package/dist/explorer/collection-records.js +22 -2
  45. package/dist/explorer/collection-records.js.map +1 -1
  46. package/dist/explorer/raw-collection-records.d.ts +2 -0
  47. package/dist/explorer/raw-collection-records.d.ts.map +1 -1
  48. package/dist/explorer/raw-collection-records.js +1 -1
  49. package/dist/explorer/raw-collection-records.js.map +1 -1
  50. package/dist/index.d.ts +3 -2
  51. package/dist/index.d.ts.map +1 -1
  52. package/dist/index.js +2 -1
  53. package/dist/index.js.map +1 -1
  54. package/dist/mongo/env.d.ts +18 -0
  55. package/dist/mongo/env.d.ts.map +1 -1
  56. package/dist/mongo/env.js +82 -1
  57. package/dist/mongo/env.js.map +1 -1
  58. package/dist/retrieval/fetch-list.d.ts.map +1 -1
  59. package/dist/retrieval/fetch-list.js +3 -1
  60. package/dist/retrieval/fetch-list.js.map +1 -1
  61. package/dist/retrieval/fetch-narratives.d.ts +13 -0
  62. package/dist/retrieval/fetch-narratives.d.ts.map +1 -1
  63. package/dist/retrieval/fetch-narratives.js +130 -10
  64. package/dist/retrieval/fetch-narratives.js.map +1 -1
  65. package/dist/retrieval/narrative-list-filters.d.ts +30 -0
  66. package/dist/retrieval/narrative-list-filters.d.ts.map +1 -0
  67. package/dist/retrieval/narrative-list-filters.js +179 -0
  68. package/dist/retrieval/narrative-list-filters.js.map +1 -0
  69. package/dist/retrieval/resolve-filters.d.ts +11 -1
  70. package/dist/retrieval/resolve-filters.d.ts.map +1 -1
  71. package/dist/retrieval/resolve-filters.js +34 -7
  72. package/dist/retrieval/resolve-filters.js.map +1 -1
  73. package/dist/seeds/default-seed-spec.d.ts.map +1 -1
  74. package/dist/seeds/default-seed-spec.js +9 -0
  75. package/dist/seeds/default-seed-spec.js.map +1 -1
  76. package/dist/tests/analyze-vulnerability-coverage.test.d.ts +2 -0
  77. package/dist/tests/analyze-vulnerability-coverage.test.d.ts.map +1 -0
  78. package/dist/tests/analyze-vulnerability-coverage.test.js +66 -0
  79. package/dist/tests/analyze-vulnerability-coverage.test.js.map +1 -0
  80. package/dist/tests/count-assets-with-vulnerabilities.test.d.ts +2 -0
  81. package/dist/tests/count-assets-with-vulnerabilities.test.d.ts.map +1 -0
  82. package/dist/tests/count-assets-with-vulnerabilities.test.js +95 -0
  83. package/dist/tests/count-assets-with-vulnerabilities.test.js.map +1 -0
  84. package/dist/tests/derive-subnet-ip.test.d.ts +2 -0
  85. package/dist/tests/derive-subnet-ip.test.d.ts.map +1 -0
  86. package/dist/tests/derive-subnet-ip.test.js +17 -0
  87. package/dist/tests/derive-subnet-ip.test.js.map +1 -0
  88. package/dist/tests/env.test.js +1 -1
  89. package/dist/tests/env.test.js.map +1 -1
  90. package/dist/tests/fetch-narratives.test.js +191 -5
  91. package/dist/tests/fetch-narratives.test.js.map +1 -1
  92. package/dist/tests/resolve-filters.test.js +81 -4
  93. package/dist/tests/resolve-filters.test.js.map +1 -1
  94. package/docs/MEMORIX-CATALOX-CONTRACTS.md +2 -0
  95. package/package.json +5 -5
@@ -35,6 +35,21 @@
35
35
  "snapshot.capturedAt",
36
36
  "data.enrichment.enrichedAt"
37
37
  ]
38
+ },
39
+ "discovery": {
40
+ "postfix": "discovery",
41
+ "collection": "vulnerabilities-discovery",
42
+ "dataRoot": "data"
43
+ },
44
+ "decisions": {
45
+ "postfix": "decisions",
46
+ "collection": "vulnerabilities-decisions",
47
+ "dataRoot": "data"
48
+ },
49
+ "analysis": {
50
+ "postfix": "analysis",
51
+ "collection": "vulnerabilities-analysis",
52
+ "dataRoot": "data"
38
53
  }
39
54
  },
40
55
  "properties": {
@@ -64,6 +79,19 @@
64
79
  "item": true,
65
80
  "valueType": "string"
66
81
  },
82
+ "subnetIp": {
83
+ "label": "Subnet IP",
84
+ "source": {
85
+ "contentType": "snapshots",
86
+ "path": "data.subnetIp"
87
+ },
88
+ "humanReadable": true,
89
+ "sortable": true,
90
+ "filterable": true,
91
+ "list": true,
92
+ "item": true,
93
+ "valueType": "string"
94
+ },
67
95
  "assetType": {
68
96
  "label": "Asset Type",
69
97
  "source": {
@@ -362,11 +390,105 @@
362
390
  "list": false,
363
391
  "item": true,
364
392
  "valueType": "object"
393
+ },
394
+ "analysisBriefSummary": {
395
+ "label": "Brief Summary",
396
+ "source": { "contentType": "analysis", "path": "data.brief.summary" },
397
+ "humanReadable": true,
398
+ "list": true,
399
+ "item": true,
400
+ "valueType": "string"
401
+ },
402
+ "analysisBriefAnalysis": {
403
+ "label": "Brief Analysis",
404
+ "source": { "contentType": "analysis", "path": "data.brief.analysis" },
405
+ "humanReadable": true,
406
+ "list": true,
407
+ "item": true,
408
+ "valueType": "string"
409
+ },
410
+ "analysisBriefEvidence": {
411
+ "label": "Brief Evidence",
412
+ "source": { "contentType": "analysis", "path": "data.brief.evidence" },
413
+ "humanReadable": true,
414
+ "list": false,
415
+ "item": true,
416
+ "valueType": "string"
417
+ },
418
+ "analysisBriefGaps": {
419
+ "label": "Brief Gaps",
420
+ "source": { "contentType": "analysis", "path": "data.brief.gaps" },
421
+ "humanReadable": true,
422
+ "list": false,
423
+ "item": true,
424
+ "valueType": "string"
425
+ },
426
+ "analysisApplicability": {
427
+ "label": "Applicability",
428
+ "source": { "contentType": "analysis", "path": "data.applicability" },
429
+ "humanReadable": false,
430
+ "list": false,
431
+ "item": true,
432
+ "valueType": "object"
433
+ },
434
+ "analysisExploitability": {
435
+ "label": "Exploitability",
436
+ "source": { "contentType": "analysis", "path": "data.exploitability" },
437
+ "humanReadable": false,
438
+ "list": false,
439
+ "item": true,
440
+ "valueType": "object"
441
+ },
442
+ "analysisImpact": {
443
+ "label": "Impact",
444
+ "source": { "contentType": "analysis", "path": "data.impact" },
445
+ "humanReadable": false,
446
+ "list": false,
447
+ "item": true,
448
+ "valueType": "object"
449
+ },
450
+ "analysisThreat": {
451
+ "label": "Threat",
452
+ "source": { "contentType": "analysis", "path": "data.threat" },
453
+ "humanReadable": false,
454
+ "list": false,
455
+ "item": true,
456
+ "valueType": "object"
457
+ },
458
+ "analysisMitre": {
459
+ "label": "MITRE",
460
+ "source": { "contentType": "analysis", "path": "data.mitre" },
461
+ "humanReadable": false,
462
+ "list": false,
463
+ "item": true,
464
+ "valueType": "array"
465
+ },
466
+ "analysisClassType": {
467
+ "label": "Analysis Class",
468
+ "source": { "contentType": "analysis", "path": "data.class.type" },
469
+ "humanReadable": true,
470
+ "list": true,
471
+ "item": true,
472
+ "valueType": "string"
473
+ },
474
+ "analysisExploitabilityLevel": {
475
+ "label": "Exploitability Level (analysis)",
476
+ "source": { "contentType": "analysis", "path": "data.exploitability.exploitability" },
477
+ "humanReadable": true,
478
+ "list": true,
479
+ "item": true,
480
+ "valueType": "string"
365
481
  }
366
482
  },
483
+ "importanceIndicator": {
484
+ "path": "data.severity",
485
+ "valueKind": "severity",
486
+ "order": "desc",
487
+ "description": "Default vulnerability importance: critical > high > medium > low > none"
488
+ },
367
489
  "associatedProperties": [
368
490
  {
369
- "name": "associatedData",
491
+ "name": "associatedVulnerabilitiesGroupsSnapshots",
370
492
  "contentType": "snapshots",
371
493
  "kind": "associated",
372
494
  "valueShape": "array<object>",
@@ -378,19 +500,31 @@
378
500
  "sourceCollection": "vulnerabilities-groups-snapshots"
379
501
  },
380
502
  {
381
- "name": "associatedInferred",
503
+ "name": "associatedVulnerabilitiesGroupsEnrichment",
504
+ "contentType": "snapshots",
505
+ "kind": "associated",
506
+ "valueShape": "array<object>",
507
+ "linkedObjectType": "vulnerabilities-groups",
508
+ "linkedContentType": "snapshots",
509
+ "description": "Vulnerability group enrichment payloads (CVSS/EPSS/KEV/compositeScore) copied flat from vulnerabilities-groups-snapshots.enrichment when data.vulnerabilityName matches group data.name. Omitted when enrichment is missing or empty.",
510
+ "managed": true,
511
+ "refreshRuleKey": "vulnerabilities.vulnerability-groups.enrichment.by-name",
512
+ "sourceCollection": "vulnerabilities-groups-snapshots"
513
+ },
514
+ {
515
+ "name": "associatedVulnerabilitiesGroupsDiscovery",
382
516
  "contentType": "snapshots",
383
517
  "kind": "associated",
384
518
  "valueShape": "array<object>",
385
519
  "linkedObjectType": "vulnerabilities-groups",
386
- "linkedContentType": "inferences",
387
- "description": "Vulnerability group discovery payloads copied from vulnerabilities-groups-inferences.data via group name bridge.",
520
+ "linkedContentType": "discovery",
521
+ "description": "Vulnerability group discovery payloads copied from vulnerabilities-groups-discovery.data via group name bridge.",
388
522
  "managed": true,
389
- "refreshRuleKey": "vulnerabilities.vulnerability-groups.inferences.by-name",
390
- "sourceCollection": "vulnerabilities-groups-inferences"
523
+ "refreshRuleKey": "vulnerabilities.vulnerability-groups.discovery.by-name",
524
+ "sourceCollection": "vulnerabilities-groups-discovery"
391
525
  },
392
526
  {
393
- "name": "associatedAnalysis",
527
+ "name": "associatedVulnerabilitiesGroupsAnalysis",
394
528
  "contentType": "snapshots",
395
529
  "kind": "associated",
396
530
  "valueShape": "array<object>",
@@ -402,18 +536,283 @@
402
536
  "sourceCollection": "vulnerabilities-groups-analysis"
403
537
  },
404
538
  {
405
- "name": "associatedAssets",
539
+ "name": "associatedAssetsSnapshots",
406
540
  "contentType": "snapshots",
407
541
  "kind": "associated",
408
542
  "valueShape": "array<object>",
409
543
  "linkedObjectType": "assets",
410
544
  "linkedContentType": "snapshots",
411
- "description": "Optional asset snapshot payloads copied from assets-snapshots.data when data.assetIp matches asset data.assetIps.",
545
+ "description": "Optional asset snapshot payloads copied from assets-snapshots.data when data.assetIp exactly matches asset data.assetIps, data.assetIp, or legacy data.ip_address. At most one item per vulnerability.",
412
546
  "managed": true,
413
547
  "refreshRuleKey": "vulnerabilities.assets.snapshots.by-assetIp",
414
548
  "sourceCollection": "assets-snapshots"
549
+ },
550
+ {
551
+ "name": "associatedTopology",
552
+ "contentType": "snapshots",
553
+ "kind": "associated",
554
+ "valueShape": "array<object>",
555
+ "linkedObjectType": "subnets",
556
+ "linkedContentType": "snapshots",
557
+ "description": "Normalized subnet topology objects from associatedData roll-down and canonical subnet lookup by data.assetIp. May contain both associatedData and subnetLookup sources for the same CIDR.",
558
+ "managed": true,
559
+ "refreshRuleKey": "vulnerabilities.associated-topology.by-associated-data-and-subnet-lookup",
560
+ "sourceCollection": "subnets-snapshots"
561
+ },
562
+ {
563
+ "name": "associatedVulnerabilitiesGroupsSnapshots",
564
+ "contentType": "snapshots",
565
+ "kind": "associated",
566
+ "valueShape": "array<object>",
567
+ "linkedObjectType": "vulnerabilities-groups",
568
+ "linkedContentType": "snapshots",
569
+ "description": "Explicit vulnerability group snapshot payloads copied from vulnerabilities-groups-snapshots.data when data.vulnerabilityName matches group data.name.",
570
+ "managed": true,
571
+ "refreshRuleKey": "vulnerabilities.vulnerability-groups.snapshots.explicit.by-name",
572
+ "sourceCollection": "vulnerabilities-groups-snapshots"
573
+ },
574
+ {
575
+ "name": "associatedVulnerabilitiesGroupsDiscovery",
576
+ "contentType": "snapshots",
577
+ "kind": "associated",
578
+ "valueShape": "array<object>",
579
+ "linkedObjectType": "vulnerabilities-groups",
580
+ "linkedContentType": "discovery",
581
+ "description": "Explicit vulnerability group discovery payloads copied from vulnerabilities-groups-discovery via group name bridge.",
582
+ "managed": true,
583
+ "refreshRuleKey": "vulnerabilities.vulnerability-groups.discovery.explicit.by-name",
584
+ "sourceCollection": "vulnerabilities-groups-discovery"
585
+ },
586
+ {
587
+ "name": "associatedVulnerabilitiesGroupsAnalysis",
588
+ "contentType": "snapshots",
589
+ "kind": "associated",
590
+ "valueShape": "array<object>",
591
+ "linkedObjectType": "vulnerabilities-groups",
592
+ "linkedContentType": "analysis",
593
+ "description": "Explicit vulnerability group analysis payloads copied from vulnerabilities-groups-analysis via group name bridge.",
594
+ "managed": true,
595
+ "refreshRuleKey": "vulnerabilities.vulnerability-groups.analysis.explicit.by-name",
596
+ "sourceCollection": "vulnerabilities-groups-analysis"
597
+ },
598
+ {
599
+ "name": "associatedVulnerabilitiesDiscovery",
600
+ "contentType": "snapshots",
601
+ "kind": "associated",
602
+ "valueShape": "array<object>",
603
+ "linkedObjectType": "vulnerabilities",
604
+ "linkedContentType": "discovery",
605
+ "description": "Vulnerability discovery payloads copied from vulnerabilities-discovery.data after matching vulnerabilities-snapshots by data.assetIp and resolving content by snapshot recordId.",
606
+ "managed": true,
607
+ "refreshRuleKey": "vulnerabilities.vulnerabilities.discovery.by-assetIp",
608
+ "sourceCollection": "vulnerabilities-discovery"
609
+ },
610
+ {
611
+ "name": "associatedVulnerabilitiesDecisions",
612
+ "contentType": "snapshots",
613
+ "kind": "associated",
614
+ "valueShape": "array<object>",
615
+ "linkedObjectType": "vulnerabilities",
616
+ "linkedContentType": "decisions",
617
+ "description": "Vulnerability decision payloads copied from vulnerabilities-decisions.data after matching vulnerabilities-snapshots by data.assetIp and resolving content by snapshot recordId.",
618
+ "managed": true,
619
+ "refreshRuleKey": "vulnerabilities.vulnerabilities.decisions.by-assetIp",
620
+ "sourceCollection": "vulnerabilities-decisions"
415
621
  }
416
622
  ],
623
+ "processing": {
624
+ "entityRoutes": [
625
+ {
626
+ "routeKey": "groups-to-vulnerabilities",
627
+ "parentObjectType": "vulnerabilities-groups",
628
+ "childObjectType": "vulnerabilities",
629
+ "relationshipName": "vulnerabilityGroup",
630
+ "direction": "parentToChild",
631
+ "source": {
632
+ "contentType": "snapshots",
633
+ "path": "data.vulnerabilityName"
634
+ },
635
+ "target": {
636
+ "contentType": "snapshots",
637
+ "path": "data.name"
638
+ },
639
+ "prerequisites": [
640
+ {
641
+ "parentObjectType": "vulnerabilities-groups",
642
+ "parentContentPostfix": "analysis",
643
+ "lifecycleProcess": "entity-insights-processed",
644
+ "onMissing": "defer"
645
+ }
646
+ ]
647
+ },
648
+ {
649
+ "routeKey": "assets-to-vulnerabilities",
650
+ "parentObjectType": "assets",
651
+ "childObjectType": "vulnerabilities",
652
+ "relationshipName": "affectedAsset",
653
+ "direction": "parentToChild",
654
+ "source": {
655
+ "contentType": "snapshots",
656
+ "path": "data.assetIp"
657
+ },
658
+ "target": {
659
+ "contentType": "snapshots",
660
+ "path": "data.assetIps"
661
+ }
662
+ }
663
+ ],
664
+ "resolvers": [
665
+ {
666
+ "processorId": "vulnerabilities.topology-extractor",
667
+ "resolverType": "topology-extractor",
668
+ "kind": "function",
669
+ "config": {
670
+ "mode": "subnet-lookup",
671
+ "assetIpPath": "data.assetIp",
672
+ "sourcePaths": [
673
+ "associatedVulnerabilitiesGroupsSnapshots"
674
+ ],
675
+ "outputPath": "associatedTopology",
676
+ "canonicalCollection": {
677
+ "db": "neo-memorix-entities",
678
+ "collection": "subnets-snapshots"
679
+ }
680
+ }
681
+ }
682
+ ],
683
+ "associatedContent": {
684
+ "rollParentSnapshots": true,
685
+ "excludePostfixes": [
686
+ "raw"
687
+ ]
688
+ }
689
+ },
690
+ "narratives": {
691
+ "has-assets": {
692
+ "label": "Has assets",
693
+ "displayName": "Has assets",
694
+ "kind": "having-signal",
695
+ "visibility": "user",
696
+ "sourceRef": "affectedAsset",
697
+ "targetEntity": "assets"
698
+ },
699
+ "lack-analysis-decision": {
700
+ "label": "Analysis without decision",
701
+ "displayName": "Analysis without decision",
702
+ "description": "Linked vulnerabilities-analysis exists but data.decision is missing or empty.",
703
+ "kind": "association-common-property",
704
+ "visibility": "internal",
705
+ "sourceRef": "vulnerabilities-analysis",
706
+ "property": "decision"
707
+ },
708
+ "has-vulnerability-lack-analysis-decision": {
709
+ "label": "Has vulnerability lacking analysis decision",
710
+ "displayName": "Lacking analysis decision",
711
+ "description": "Alias of lack-analysis-decision for has-* consumers.",
712
+ "kind": "association-common-property",
713
+ "visibility": "internal",
714
+ "sourceRef": "vulnerabilities-analysis",
715
+ "property": "decision"
716
+ },
717
+ "is-vulnerability": {
718
+ "label": "Is vulnerability",
719
+ "displayName": "Vulnerability",
720
+ "description": "Security-impacting scanner result (severity low/medium/high/critical).",
721
+ "kind": "product-narrative",
722
+ "visibility": "user"
723
+ },
724
+ "is-finding": {
725
+ "label": "Is finding",
726
+ "displayName": "Informational finding",
727
+ "description": "Informational scanner result (severity none/unknown).",
728
+ "kind": "product-narrative",
729
+ "visibility": "user"
730
+ },
731
+ "has-analysis": {
732
+ "label": "Has analysis",
733
+ "displayName": "Has analysis",
734
+ "kind": "rollup",
735
+ "visibility": "user"
736
+ },
737
+ "has-fix-immediately-decision": {
738
+ "label": "Fix immediately",
739
+ "displayName": "Fix Immediately",
740
+ "kind": "rollup",
741
+ "visibility": "user"
742
+ },
743
+ "has-remediate-soon-decision": {
744
+ "label": "Remediate soon",
745
+ "displayName": "Remediate Soon",
746
+ "kind": "rollup",
747
+ "visibility": "user"
748
+ },
749
+ "has-mitigate-decision": {
750
+ "label": "Mitigate",
751
+ "displayName": "Mitigate",
752
+ "kind": "rollup",
753
+ "visibility": "user"
754
+ },
755
+ "has-accept-decision": {
756
+ "label": "Accept",
757
+ "displayName": "Accept Risk",
758
+ "kind": "rollup",
759
+ "visibility": "user"
760
+ },
761
+ "has-triage-decision": {
762
+ "label": "Has triage decision",
763
+ "displayName": "Triaged",
764
+ "kind": "rollup",
765
+ "visibility": "user"
766
+ },
767
+ "has-breach-vector": {
768
+ "label": "Breach vector",
769
+ "displayName": "Breach Vector",
770
+ "kind": "rollup",
771
+ "visibility": "user"
772
+ },
773
+ "has-critical-severity": {
774
+ "label": "Critical severity",
775
+ "displayName": "Critical",
776
+ "kind": "rollup",
777
+ "visibility": "user"
778
+ },
779
+ "has-high-severity": {
780
+ "label": "High severity",
781
+ "displayName": "High",
782
+ "kind": "rollup",
783
+ "visibility": "user"
784
+ },
785
+ "has-medium-severity": {
786
+ "label": "Medium severity",
787
+ "displayName": "Medium",
788
+ "kind": "rollup",
789
+ "visibility": "user"
790
+ },
791
+ "has-low-severity": {
792
+ "label": "Low severity",
793
+ "displayName": "Low",
794
+ "kind": "rollup",
795
+ "visibility": "user"
796
+ },
797
+ "has-none-severity": {
798
+ "label": "None severity",
799
+ "displayName": "None",
800
+ "kind": "rollup",
801
+ "visibility": "internal"
802
+ },
803
+ "has-tenable-nessus-finding": {
804
+ "label": "Tenable Nessus finding",
805
+ "displayName": "Tenable Nessus",
806
+ "kind": "rollup",
807
+ "visibility": "user"
808
+ },
809
+ "lack-analysis": {
810
+ "label": "Lack analysis",
811
+ "displayName": "Missing analysis",
812
+ "kind": "gap-signal",
813
+ "visibility": "internal"
814
+ }
815
+ },
417
816
  "relations": {
418
817
  "affectedAsset": {
419
818
  "targetEntity": "assets",
@@ -427,7 +826,7 @@
427
826
  "path": "data.assetIps"
428
827
  },
429
828
  "defaultMode": "array",
430
- "defaultArrayProperty": "associatedAssets",
829
+ "defaultArrayProperty": "associatedAssetsSnapshots",
431
830
  "targetFields": [
432
831
  "ipAddress",
433
832
  "hostName",
@@ -448,7 +847,7 @@
448
847
  "path": "data.name"
449
848
  },
450
849
  "defaultMode": "array",
451
- "defaultArrayProperty": "associatedData",
850
+ "defaultArrayProperty": "associatedVulnerabilitiesGroupsSnapshots",
452
851
  "targetFields": [
453
852
  "name",
454
853
  "severity",
@@ -18,9 +18,68 @@
18
18
  "data.lastSeen"
19
19
  ]
20
20
  }
21
+ },
22
+ {
23
+ "contentType": "analysis",
24
+ "required": false,
25
+ "multiMatch": {
26
+ "strategy": "last",
27
+ "effectiveDatePath": "capturedAt",
28
+ "fallbackEffectiveDatePaths": ["modifiedAt", "createdAt"]
29
+ }
30
+ },
31
+ {
32
+ "contentType": "decisions",
33
+ "required": false,
34
+ "multiMatch": {
35
+ "strategy": "last",
36
+ "effectiveDatePath": "capturedAt",
37
+ "fallbackEffectiveDatePaths": ["modifiedAt", "createdAt"]
38
+ }
21
39
  }
22
40
  ],
23
41
  "sections": [
42
+ {
43
+ "id": "brief",
44
+ "title": "Brief",
45
+ "fields": [
46
+ "analysisBriefSummary",
47
+ "analysisBriefTakeaway",
48
+ "analysisBriefConfidence"
49
+ ]
50
+ },
51
+ {
52
+ "id": "context",
53
+ "title": "Context",
54
+ "fields": ["analysisContext"]
55
+ },
56
+ {
57
+ "id": "reachability",
58
+ "title": "Reachability",
59
+ "fields": ["analysisReachability"]
60
+ },
61
+ {
62
+ "id": "paths",
63
+ "title": "Paths",
64
+ "fields": ["analysisPaths", "attackPathExistence", "pathsCount"]
65
+ },
66
+ {
67
+ "id": "exploitability",
68
+ "title": "Exploitability",
69
+ "fields": ["decisionExploitability"]
70
+ },
71
+ {
72
+ "id": "decision",
73
+ "title": "Decision",
74
+ "fields": [
75
+ "decisionOverviewSummary",
76
+ "decisionOverviewDetailedAnalysis",
77
+ "decisionLabel",
78
+ "decisionStatus",
79
+ "decisionRiskScore",
80
+ "decisionUrgencyScore"
81
+ ]
82
+ },
24
83
  {
25
84
  "id": "summary",
26
85
  "title": "Summary",
@@ -33,6 +92,7 @@
33
92
  "agentType",
34
93
  "xdrOperationalStatus",
35
94
  "xdrAgentStatus",
95
+ "observedUsers",
36
96
  "lastSeen",
37
97
  "pathsCount"
38
98
  ]
@@ -41,11 +101,11 @@
41
101
  "id": "vulnerabilitySummary",
42
102
  "title": "Vulnerability Summary",
43
103
  "fields": [
44
- "hasVulnerabilities",
45
104
  "criticalVulnerabilities",
46
105
  "highVulnerabilities",
47
106
  "mediumVulnerabilities",
48
- "lowVulnerabilities"
107
+ "lowVulnerabilities",
108
+ "findingsCount"
49
109
  ]
50
110
  },
51
111
  {
@@ -56,13 +116,6 @@
56
116
  "potentialImpactConfidence",
57
117
  "potentialImpactStory"
58
118
  ]
59
- },
60
- {
61
- "id": "xdr",
62
- "title": "XDR",
63
- "fields": [
64
- "rawXdr"
65
- ]
66
119
  }
67
120
  ],
68
121
  "includeRelations": [
@@ -70,12 +123,7 @@
70
123
  "relation": "assetSubnet",
71
124
  "mode": "record",
72
125
  "limit": 1,
73
- "fields": [
74
- "cidr",
75
- "subnetIp",
76
- "zone",
77
- "vr"
78
- ]
126
+ "fields": ["cidr", "subnetIp", "zone", "vr"]
79
127
  },
80
128
  {
81
129
  "relation": "assetVulnerabilities",