@x12i/memorix-retrieval 1.30.0 → 1.32.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (95) hide show
  1. package/catalox-seeds/inputs/entity-descriptors/assets.json +414 -21
  2. package/catalox-seeds/inputs/entity-descriptors/subnets.json +267 -9
  3. package/catalox-seeds/inputs/entity-descriptors/topology-zones.json +85 -0
  4. package/catalox-seeds/inputs/entity-descriptors/vulnerabilities-groups.json +264 -3
  5. package/catalox-seeds/inputs/entity-descriptors/vulnerabilities.json +410 -11
  6. package/catalox-seeds/inputs/item-descriptors/asset-detail-item.json +63 -15
  7. package/catalox-seeds/inputs/item-descriptors/subnet-detail-item.json +51 -17
  8. package/catalox-seeds/inputs/item-descriptors/vulnerabilities-group-detail-item.json +97 -0
  9. package/catalox-seeds/inputs/item-descriptors/vulnerability-detail-item.json +44 -39
  10. package/catalox-seeds/inputs/item-descriptors/vulnerability-observation-detail-item.json +42 -0
  11. package/catalox-seeds/inputs/list-descriptors/assets-exploitability-decisions-list.json +33 -0
  12. package/catalox-seeds/inputs/list-descriptors/assets-main-list.json +56 -4
  13. package/catalox-seeds/inputs/list-descriptors/assets-potential-impact-decisions-list.json +31 -0
  14. package/catalox-seeds/inputs/list-descriptors/subnets-main-list.json +107 -3
  15. package/catalox-seeds/inputs/list-descriptors/vulnerabilities-exploitability-analysis-list.json +29 -0
  16. package/catalox-seeds/inputs/list-descriptors/vulnerabilities-groups-main-list.json +98 -0
  17. package/catalox-seeds/inputs/list-descriptors/vulnerabilities-main-list.json +9 -1
  18. package/catalox-seeds/inputs/list-descriptors/vulnerabilities-observations-list.json +43 -0
  19. package/catalox-seeds/inputs/list-descriptors/vulnerabilities-triage-analysis-list.json +30 -0
  20. package/catalox-seeds/inputs/list-descriptors/vulnerable-assets-list.json +102 -0
  21. package/catalox-seeds/memorix-retrieval-descriptors.manifest.json +2803 -331
  22. package/dist/analysis/analyze-vulnerability-coverage.d.ts +101 -0
  23. package/dist/analysis/analyze-vulnerability-coverage.d.ts.map +1 -0
  24. package/dist/analysis/analyze-vulnerability-coverage.js +150 -0
  25. package/dist/analysis/analyze-vulnerability-coverage.js.map +1 -0
  26. package/dist/analysis/count-assets-with-vulnerabilities.d.ts +89 -0
  27. package/dist/analysis/count-assets-with-vulnerabilities.d.ts.map +1 -0
  28. package/dist/analysis/count-assets-with-vulnerabilities.js +143 -0
  29. package/dist/analysis/count-assets-with-vulnerabilities.js.map +1 -0
  30. package/dist/analysis/derive-subnet-ip.d.ts +18 -0
  31. package/dist/analysis/derive-subnet-ip.d.ts.map +1 -0
  32. package/dist/analysis/derive-subnet-ip.js +32 -0
  33. package/dist/analysis/derive-subnet-ip.js.map +1 -0
  34. package/dist/descriptors/content-type-labels.d.ts.map +1 -1
  35. package/dist/descriptors/content-type-labels.js +4 -5
  36. package/dist/descriptors/content-type-labels.js.map +1 -1
  37. package/dist/descriptors/descriptor-types.d.ts +86 -0
  38. package/dist/descriptors/descriptor-types.d.ts.map +1 -1
  39. package/dist/descriptors/validate-descriptor.d.ts +1 -0
  40. package/dist/descriptors/validate-descriptor.d.ts.map +1 -1
  41. package/dist/descriptors/validate-descriptor.js +27 -0
  42. package/dist/descriptors/validate-descriptor.js.map +1 -1
  43. package/dist/explorer/collection-records.d.ts.map +1 -1
  44. package/dist/explorer/collection-records.js +22 -2
  45. package/dist/explorer/collection-records.js.map +1 -1
  46. package/dist/explorer/raw-collection-records.d.ts +2 -0
  47. package/dist/explorer/raw-collection-records.d.ts.map +1 -1
  48. package/dist/explorer/raw-collection-records.js +1 -1
  49. package/dist/explorer/raw-collection-records.js.map +1 -1
  50. package/dist/index.d.ts +3 -2
  51. package/dist/index.d.ts.map +1 -1
  52. package/dist/index.js +2 -1
  53. package/dist/index.js.map +1 -1
  54. package/dist/mongo/env.d.ts +18 -0
  55. package/dist/mongo/env.d.ts.map +1 -1
  56. package/dist/mongo/env.js +82 -1
  57. package/dist/mongo/env.js.map +1 -1
  58. package/dist/retrieval/fetch-list.d.ts.map +1 -1
  59. package/dist/retrieval/fetch-list.js +3 -1
  60. package/dist/retrieval/fetch-list.js.map +1 -1
  61. package/dist/retrieval/fetch-narratives.d.ts +13 -0
  62. package/dist/retrieval/fetch-narratives.d.ts.map +1 -1
  63. package/dist/retrieval/fetch-narratives.js +130 -10
  64. package/dist/retrieval/fetch-narratives.js.map +1 -1
  65. package/dist/retrieval/narrative-list-filters.d.ts +30 -0
  66. package/dist/retrieval/narrative-list-filters.d.ts.map +1 -0
  67. package/dist/retrieval/narrative-list-filters.js +179 -0
  68. package/dist/retrieval/narrative-list-filters.js.map +1 -0
  69. package/dist/retrieval/resolve-filters.d.ts +11 -1
  70. package/dist/retrieval/resolve-filters.d.ts.map +1 -1
  71. package/dist/retrieval/resolve-filters.js +34 -7
  72. package/dist/retrieval/resolve-filters.js.map +1 -1
  73. package/dist/seeds/default-seed-spec.d.ts.map +1 -1
  74. package/dist/seeds/default-seed-spec.js +9 -0
  75. package/dist/seeds/default-seed-spec.js.map +1 -1
  76. package/dist/tests/analyze-vulnerability-coverage.test.d.ts +2 -0
  77. package/dist/tests/analyze-vulnerability-coverage.test.d.ts.map +1 -0
  78. package/dist/tests/analyze-vulnerability-coverage.test.js +66 -0
  79. package/dist/tests/analyze-vulnerability-coverage.test.js.map +1 -0
  80. package/dist/tests/count-assets-with-vulnerabilities.test.d.ts +2 -0
  81. package/dist/tests/count-assets-with-vulnerabilities.test.d.ts.map +1 -0
  82. package/dist/tests/count-assets-with-vulnerabilities.test.js +95 -0
  83. package/dist/tests/count-assets-with-vulnerabilities.test.js.map +1 -0
  84. package/dist/tests/derive-subnet-ip.test.d.ts +2 -0
  85. package/dist/tests/derive-subnet-ip.test.d.ts.map +1 -0
  86. package/dist/tests/derive-subnet-ip.test.js +17 -0
  87. package/dist/tests/derive-subnet-ip.test.js.map +1 -0
  88. package/dist/tests/env.test.js +1 -1
  89. package/dist/tests/env.test.js.map +1 -1
  90. package/dist/tests/fetch-narratives.test.js +191 -5
  91. package/dist/tests/fetch-narratives.test.js.map +1 -1
  92. package/dist/tests/resolve-filters.test.js +81 -4
  93. package/dist/tests/resolve-filters.test.js.map +1 -1
  94. package/docs/MEMORIX-CATALOX-CONTRACTS.md +2 -0
  95. package/package.json +5 -5
@@ -288,6 +288,18 @@
288
288
  "collection": "assets-scoped",
289
289
  "dataRoot": "data",
290
290
  "isCanonical": false
291
+ },
292
+ "analysis": {
293
+ "postfix": "analysis",
294
+ "collection": "assets-analysis",
295
+ "dataRoot": "data",
296
+ "isCanonical": false
297
+ },
298
+ "decisions": {
299
+ "postfix": "decision",
300
+ "collection": "assets-decision",
301
+ "dataRoot": "data",
302
+ "isCanonical": false
291
303
  }
292
304
  },
293
305
  "properties": {
@@ -295,7 +307,7 @@
295
307
  "label": "IP Address",
296
308
  "source": {
297
309
  "contentType": "snapshots",
298
- "path": "data.ip_address"
310
+ "path": "data.assetIp"
299
311
  },
300
312
  "humanReadable": true,
301
313
  "sortable": true,
@@ -304,31 +316,31 @@
304
316
  "item": true,
305
317
  "valueType": "string"
306
318
  },
307
- "subnetIp": {
308
- "label": "Subnet IP",
319
+ "subnetCidrs": {
320
+ "label": "Subnet CIDRs",
309
321
  "source": {
310
322
  "contentType": "snapshots",
311
- "path": "data.subnetIp"
323
+ "path": "data.subnetCidrs"
312
324
  },
313
325
  "humanReadable": true,
314
- "sortable": true,
326
+ "sortable": false,
315
327
  "filterable": true,
316
- "list": true,
328
+ "list": false,
317
329
  "item": true,
318
- "valueType": "string"
330
+ "valueType": "array"
319
331
  },
320
- "subnetCidr": {
321
- "label": "Subnet CIDR",
332
+ "subnets": {
333
+ "label": "Resolved Subnets",
322
334
  "source": {
323
335
  "contentType": "snapshots",
324
- "path": "data.subnetCidr"
336
+ "path": "data.subnets"
325
337
  },
326
- "humanReadable": true,
327
- "sortable": true,
328
- "filterable": true,
338
+ "humanReadable": false,
339
+ "sortable": false,
340
+ "filterable": false,
329
341
  "list": false,
330
342
  "item": true,
331
- "valueType": "string"
343
+ "valueType": "array"
332
344
  },
333
345
  "source": {
334
346
  "label": "Source",
@@ -408,19 +420,6 @@
408
420
  "item": true,
409
421
  "valueType": "datetime"
410
422
  },
411
- "hasVulnerabilities": {
412
- "label": "Has Vulnerabilities",
413
- "source": {
414
- "contentType": "snapshots",
415
- "path": "data.hasVulnerabilities"
416
- },
417
- "humanReadable": true,
418
- "sortable": true,
419
- "filterable": true,
420
- "list": true,
421
- "item": true,
422
- "valueType": "boolean"
423
- },
424
423
  "criticalVulnerabilities": {
425
424
  "label": "Critical Vulnerabilities",
426
425
  "source": {
@@ -473,6 +472,20 @@
473
472
  "item": true,
474
473
  "valueType": "number"
475
474
  },
475
+ "findingsCount": {
476
+ "label": "Findings",
477
+ "source": {
478
+ "contentType": "snapshots",
479
+ "path": "analytics.findings.total"
480
+ },
481
+ "humanReadable": true,
482
+ "sortable": true,
483
+ "filterable": true,
484
+ "list": true,
485
+ "item": true,
486
+ "valueType": "number",
487
+ "format": "count"
488
+ },
476
489
  "potentialImpactLevel": {
477
490
  "label": "Potential Impact",
478
491
  "source": {
@@ -537,34 +550,468 @@
537
550
  "list": false,
538
551
  "item": true,
539
552
  "valueType": "object"
553
+ },
554
+ "observedUsers": {
555
+ "label": "Users",
556
+ "source": {
557
+ "contentType": "snapshots",
558
+ "path": "data.observedUsers"
559
+ },
560
+ "humanReadable": true,
561
+ "sortable": false,
562
+ "filterable": true,
563
+ "list": true,
564
+ "item": true,
565
+ "valueType": "array"
566
+ },
567
+ "analysisBriefSummary": {
568
+ "label": "Brief Summary",
569
+ "source": {
570
+ "contentType": "analysis",
571
+ "path": "data.brief.summary"
572
+ },
573
+ "humanReadable": true,
574
+ "list": true,
575
+ "item": true,
576
+ "valueType": "string"
577
+ },
578
+ "analysisBriefTakeaway": {
579
+ "label": "Brief Takeaway",
580
+ "source": {
581
+ "contentType": "analysis",
582
+ "path": "data.brief.takeaway"
583
+ },
584
+ "humanReadable": true,
585
+ "list": false,
586
+ "item": true,
587
+ "valueType": "string"
588
+ },
589
+ "analysisBriefConfidence": {
590
+ "label": "Brief Confidence",
591
+ "source": {
592
+ "contentType": "analysis",
593
+ "path": "data.brief.confidence"
594
+ },
595
+ "humanReadable": true,
596
+ "list": false,
597
+ "item": true,
598
+ "valueType": "string"
599
+ },
600
+ "analysisContext": {
601
+ "label": "Context",
602
+ "source": {
603
+ "contentType": "analysis",
604
+ "path": "data.context"
605
+ },
606
+ "humanReadable": false,
607
+ "list": false,
608
+ "item": true,
609
+ "valueType": "object"
610
+ },
611
+ "analysisReachability": {
612
+ "label": "Reachability",
613
+ "source": {
614
+ "contentType": "analysis",
615
+ "path": "data.reachability"
616
+ },
617
+ "humanReadable": false,
618
+ "list": false,
619
+ "item": true,
620
+ "valueType": "object"
621
+ },
622
+ "analysisPaths": {
623
+ "label": "Paths",
624
+ "source": {
625
+ "contentType": "analysis",
626
+ "path": "data.paths"
627
+ },
628
+ "humanReadable": false,
629
+ "list": false,
630
+ "item": true,
631
+ "valueType": "object"
632
+ },
633
+ "attackPathExistence": {
634
+ "label": "Attack Path Existence",
635
+ "source": {
636
+ "contentType": "analysis",
637
+ "path": "data.paths.attackPathExistence"
638
+ },
639
+ "humanReadable": true,
640
+ "sortable": true,
641
+ "filterable": true,
642
+ "list": true,
643
+ "item": true,
644
+ "valueType": "string"
645
+ },
646
+ "decisionOverviewSummary": {
647
+ "label": "Decision Summary",
648
+ "source": {
649
+ "contentType": "decisions",
650
+ "path": "data.overview.summary"
651
+ },
652
+ "humanReadable": true,
653
+ "list": true,
654
+ "item": true,
655
+ "valueType": "string"
656
+ },
657
+ "decisionOverviewDetailedAnalysis": {
658
+ "label": "Decision Detailed Analysis",
659
+ "source": {
660
+ "contentType": "decisions",
661
+ "path": "data.overview.detailedAnalysis"
662
+ },
663
+ "humanReadable": true,
664
+ "list": true,
665
+ "item": true,
666
+ "valueType": "string"
667
+ },
668
+ "decisionExploitability": {
669
+ "label": "Exploitability Analysis",
670
+ "source": {
671
+ "contentType": "decisions",
672
+ "path": "data.exploitability"
673
+ },
674
+ "humanReadable": false,
675
+ "list": false,
676
+ "item": true,
677
+ "valueType": "object"
678
+ },
679
+ "decisionLabel": {
680
+ "label": "Decision",
681
+ "source": {
682
+ "contentType": "decisions",
683
+ "path": "data.decision.decision"
684
+ },
685
+ "humanReadable": true,
686
+ "sortable": true,
687
+ "filterable": true,
688
+ "list": true,
689
+ "item": true,
690
+ "valueType": "string"
691
+ },
692
+ "decisionStatus": {
693
+ "label": "Decision Status",
694
+ "source": {
695
+ "contentType": "decisions",
696
+ "path": "data.decision.status"
697
+ },
698
+ "humanReadable": true,
699
+ "sortable": true,
700
+ "filterable": true,
701
+ "list": true,
702
+ "item": true,
703
+ "valueType": "string"
704
+ },
705
+ "decisionRiskScore": {
706
+ "label": "Decision Score",
707
+ "source": {
708
+ "contentType": "decisions",
709
+ "path": "data.decision.riskScore"
710
+ },
711
+ "humanReadable": true,
712
+ "sortable": true,
713
+ "filterable": true,
714
+ "list": true,
715
+ "item": true,
716
+ "valueType": "number"
717
+ },
718
+ "decisionUrgencyScore": {
719
+ "label": "Urgency Score",
720
+ "source": {
721
+ "contentType": "decisions",
722
+ "path": "data.decision.urgencyScore"
723
+ },
724
+ "humanReadable": true,
725
+ "sortable": true,
726
+ "filterable": true,
727
+ "list": true,
728
+ "item": true,
729
+ "valueType": "number"
540
730
  }
541
731
  },
542
732
  "associatedProperties": [
543
733
  {
544
- "name": "associatedData",
734
+ "name": "associatedSubnetsSnapshots",
545
735
  "contentType": "snapshots",
546
736
  "kind": "associated",
547
737
  "valueShape": "array<object>",
548
738
  "linkedObjectType": "subnets",
549
739
  "linkedContentType": "snapshots",
550
- "description": "Subnet snapshot payloads copied from subnets-snapshots.data when asset data.subnetCidrs matches subnet data.cidr.",
740
+ "description": "Subnet snapshot payloads copied from subnets-snapshots.data when asset data.subnetCidrs matches subnet data.cidr. Each item includes linked recordId.",
551
741
  "managed": true,
552
742
  "refreshRuleKey": "assets.subnets.snapshots.by-cidr",
553
743
  "sourceCollection": "subnets-snapshots"
554
744
  },
555
745
  {
556
- "name": "associatedInferred",
746
+ "name": "associatedSubnetsDiscovery",
747
+ "contentType": "snapshots",
748
+ "kind": "associated",
749
+ "valueShape": "array<object>",
750
+ "linkedObjectType": "subnets",
751
+ "linkedContentType": "discovery",
752
+ "description": "Subnet discovery payloads copied from subnets-discovery.data when asset data.subnetCidrs matches subnet data.cidr.",
753
+ "managed": true,
754
+ "refreshRuleKey": "assets.subnets.discovery.by-cidr",
755
+ "sourceCollection": "subnets-discovery"
756
+ },
757
+ {
758
+ "name": "associatedAssetsSnapshots",
759
+ "contentType": "snapshots",
760
+ "kind": "associated",
761
+ "valueShape": "array<object>",
762
+ "linkedObjectType": "assets",
763
+ "linkedContentType": "snapshots",
764
+ "description": "Root-level self-association: other asset snapshot data payloads sharing a data.subnetCidr value. Each item includes linked recordId. Capped at 99 items.",
765
+ "managed": true,
766
+ "refreshRuleKey": "assets.assets.snapshots.by-cidr",
767
+ "sourceCollection": "assets-snapshots"
768
+ },
769
+ {
770
+ "name": "associatedTopology",
771
+ "contentType": "snapshots",
772
+ "kind": "associated",
773
+ "valueShape": "array<object>",
774
+ "linkedObjectType": "subnets",
775
+ "linkedContentType": "snapshots",
776
+ "description": "Normalized subnet topology objects derived from associatedData and canonical subnet lookup. Each item includes kind, source, cidr, zone, vr, and exposure/reachability fields. subnetId is omitted.",
777
+ "managed": true,
778
+ "refreshRuleKey": "assets.associated-topology.by-associated-data",
779
+ "sourceCollection": "subnets-snapshots"
780
+ },
781
+ {
782
+ "name": "associatedSubnetsSnapshots",
783
+ "contentType": "snapshots",
784
+ "kind": "associated",
785
+ "valueShape": "array<object>",
786
+ "linkedObjectType": "subnets",
787
+ "linkedContentType": "snapshots",
788
+ "description": "Explicit subnet snapshot payloads copied from subnets-snapshots.data when asset data.subnetCidrs matches subnet data.cidr.",
789
+ "managed": true,
790
+ "refreshRuleKey": "assets.subnets.snapshots.explicit.by-cidr",
791
+ "sourceCollection": "subnets-snapshots"
792
+ },
793
+ {
794
+ "name": "associatedSubnetsDiscovery",
795
+ "contentType": "snapshots",
796
+ "kind": "associated",
797
+ "valueShape": "array<object>",
798
+ "linkedObjectType": "subnets",
799
+ "linkedContentType": "discovery",
800
+ "description": "Explicit subnet discovery payloads copied from subnets-discovery when asset data.subnetCidrs matches subnet CIDR.",
801
+ "managed": true,
802
+ "refreshRuleKey": "assets.subnets.discovery.explicit.by-cidr",
803
+ "sourceCollection": "subnets-discovery"
804
+ },
805
+ {
806
+ "name": "associatedSubnetsAnalysis",
557
807
  "contentType": "snapshots",
558
808
  "kind": "associated",
559
809
  "valueShape": "array<object>",
560
810
  "linkedObjectType": "subnets",
561
- "linkedContentType": "inferences",
562
- "description": "Subnet discovery payloads copied from subnets-inferences.data when asset data.subnetCidrs matches subnet data.cidr.",
811
+ "linkedContentType": "analysis",
812
+ "description": "Explicit subnet analysis payloads copied from subnets-analysis when asset data.subnetCidrs matches subnet CIDR.",
813
+ "managed": true,
814
+ "refreshRuleKey": "assets.subnets.analysis.explicit.by-cidr",
815
+ "sourceCollection": "subnets-analysis"
816
+ },
817
+ {
818
+ "name": "associatedTopologyZonesAnalysis",
819
+ "contentType": "snapshots",
820
+ "kind": "associated",
821
+ "valueShape": "array<object>",
822
+ "linkedObjectType": "topology-zones",
823
+ "linkedContentType": "analysis",
824
+ "description": "Zone cyber-analysis payloads joined by host data.zones or associatedTopology.zone to topology-zones-analysis.data.name.",
825
+ "managed": true,
826
+ "refreshRuleKey": "assets.topology-zones.analysis.by-zone-name",
827
+ "sourceCollection": "topology-zones-analysis"
828
+ },
829
+ {
830
+ "name": "associatedVulnerabilitiesAnalysis",
831
+ "contentType": "snapshots",
832
+ "kind": "associated",
833
+ "valueShape": "array<object>",
834
+ "linkedObjectType": "vulnerabilities",
835
+ "linkedContentType": "analysis",
836
+ "description": "Vulnerability analysis payloads copied from vulnerabilities-analysis.data after matching vulnerabilities-snapshots by asset IP and resolving content by snapshot recordId.",
837
+ "managed": true,
838
+ "refreshRuleKey": "assets.vulnerabilities.analysis.by-assetIp",
839
+ "sourceCollection": "vulnerabilities-analysis"
840
+ },
841
+ {
842
+ "name": "associatedTopVulnerabilitiesAnalysis",
843
+ "contentType": "snapshots",
844
+ "kind": "associated",
845
+ "valueShape": "array<object>",
846
+ "linkedObjectType": "vulnerabilities",
847
+ "linkedContentType": "analysis",
848
+ "description": "Top vulnerability analysis payloads (default 5), ranked by vulnerabilities-snapshots.data.severity after IP match and content resolve by snapshot recordId. Omitted when empty.",
563
849
  "managed": true,
564
- "refreshRuleKey": "assets.subnets.inferences.by-cidr",
565
- "sourceCollection": "subnets-inferences"
850
+ "top": true,
851
+ "maxItems": 5,
852
+ "refreshRuleKey": "assets.vulnerabilities.analysis.top.by-assetIp",
853
+ "sourceCollection": "vulnerabilities-analysis"
566
854
  }
567
855
  ],
856
+ "processing": {
857
+ "entityRoutes": [
858
+ {
859
+ "routeKey": "subnets-to-assets",
860
+ "parentObjectType": "subnets",
861
+ "childObjectType": "assets",
862
+ "relationshipName": "assetSubnet",
863
+ "direction": "parentToChild",
864
+ "source": {
865
+ "contentType": "snapshots",
866
+ "path": "data.subnetCidrs"
867
+ },
868
+ "target": {
869
+ "contentType": "snapshots",
870
+ "path": "data.cidr"
871
+ }
872
+ }
873
+ ],
874
+ "resolvers": [
875
+ {
876
+ "processorId": "assets.subnet-cidr",
877
+ "resolverType": "subnet-cidr",
878
+ "kind": "function",
879
+ "config": {
880
+ "mode": "resolve",
881
+ "assetIpPaths": [
882
+ "data.assetIps",
883
+ "data.assetIp"
884
+ ],
885
+ "canonicalCollection": {
886
+ "db": "neo-memorix-entities",
887
+ "collection": "subnets-snapshots"
888
+ }
889
+ }
890
+ },
891
+ {
892
+ "processorId": "assets.topology-extractor",
893
+ "resolverType": "topology-extractor",
894
+ "kind": "function",
895
+ "config": {
896
+ "mode": "from-associated-data",
897
+ "sourcePaths": [
898
+ "associatedSubnetsSnapshots"
899
+ ],
900
+ "outputPath": "associatedTopology"
901
+ }
902
+ }
903
+ ],
904
+ "associatedContent": {
905
+ "rollParentSnapshots": true,
906
+ "excludePostfixes": [
907
+ "raw"
908
+ ]
909
+ }
910
+ },
911
+ "narratives": {
912
+ "has-vulnerabilities": {
913
+ "label": "Has vulnerabilities",
914
+ "displayName": "Has vulnerabilities",
915
+ "kind": "having-signal",
916
+ "visibility": "user",
917
+ "sourceRef": "assetVulnerabilities",
918
+ "targetEntity": "vulnerabilities"
919
+ },
920
+ "has-medium-vulnerabilities": {
921
+ "label": "Has medium vulnerabilities",
922
+ "displayName": "Medium vulnerabilities",
923
+ "kind": "association-common-property",
924
+ "visibility": "user",
925
+ "sourceRef": "assetVulnerabilities",
926
+ "targetEntity": "vulnerabilities",
927
+ "property": "severity",
928
+ "value": "medium"
929
+ },
930
+ "is-triaged": {
931
+ "label": "Is triaged",
932
+ "displayName": "Triaged",
933
+ "kind": "product-narrative",
934
+ "visibility": "user"
935
+ },
936
+ "has-triage-decision": {
937
+ "label": "Has triage decision",
938
+ "displayName": "Has triage decision",
939
+ "kind": "rollup",
940
+ "visibility": "user"
941
+ },
942
+ "has-no-vulnerabilities": {
943
+ "label": "No vulnerabilities",
944
+ "displayName": "No vulnerabilities",
945
+ "kind": "product-narrative",
946
+ "visibility": "user"
947
+ },
948
+ "has-accept-decision": {
949
+ "label": "Accept",
950
+ "displayName": "Accept Risk",
951
+ "kind": "rollup",
952
+ "visibility": "user"
953
+ },
954
+ "has-mitigate-decision": {
955
+ "label": "Mitigate",
956
+ "displayName": "Mitigate",
957
+ "kind": "rollup",
958
+ "visibility": "user"
959
+ },
960
+ "has-high-or-critical-exploitability": {
961
+ "label": "High or critical exploitability",
962
+ "displayName": "High exploitability",
963
+ "kind": "rollup",
964
+ "visibility": "user"
965
+ },
966
+ "has-lateral-movement-risk": {
967
+ "label": "Lateral movement risk",
968
+ "displayName": "Lateral movement risk",
969
+ "kind": "rollup",
970
+ "visibility": "user"
971
+ },
972
+ "has-critical-predicted-impact": {
973
+ "label": "Critical predicted impact",
974
+ "displayName": "Critical impact",
975
+ "kind": "rollup",
976
+ "visibility": "user"
977
+ },
978
+ "has-high-predicted-impact": {
979
+ "label": "High predicted impact",
980
+ "displayName": "High impact",
981
+ "kind": "rollup",
982
+ "visibility": "user"
983
+ },
984
+ "has-medium-predicted-impact": {
985
+ "label": "Medium predicted impact",
986
+ "displayName": "Medium impact",
987
+ "kind": "rollup",
988
+ "visibility": "user"
989
+ },
990
+ "has-low-predicted-impact": {
991
+ "label": "Low predicted impact",
992
+ "displayName": "Low impact",
993
+ "kind": "rollup",
994
+ "visibility": "user"
995
+ },
996
+ "has-palo-alto-firewall-source": {
997
+ "label": "Palo Alto Firewall",
998
+ "displayName": "Palo Alto Firewall",
999
+ "kind": "rollup",
1000
+ "visibility": "user"
1001
+ },
1002
+ "has-palo-alto-xdr-source": {
1003
+ "label": "Palo Alto XDR",
1004
+ "displayName": "Palo Alto XDR",
1005
+ "kind": "rollup",
1006
+ "visibility": "user"
1007
+ },
1008
+ "has-tenable-nessus-source": {
1009
+ "label": "Tenable Nessus",
1010
+ "displayName": "Tenable Nessus",
1011
+ "kind": "rollup",
1012
+ "visibility": "user"
1013
+ }
1014
+ },
568
1015
  "relations": {
569
1016
  "assetSubnet": {
570
1017
  "type": "manyToOne",
@@ -577,10 +1024,12 @@
577
1024
  "path": "data.cidr"
578
1025
  },
579
1026
  "defaultMode": "array",
580
- "defaultArrayProperty": "associatedData",
1027
+ "defaultArrayProperty": "associatedSubnetsSnapshots",
581
1028
  "targetFields": [
582
1029
  "cidr",
583
- "subnetIp",
1030
+ "networkAddress",
1031
+ "prefixLength",
1032
+ "mask",
584
1033
  "zone",
585
1034
  "vr"
586
1035
  ],
@@ -654,14 +1103,9 @@
654
1103
  "collection": "subnets-snapshots",
655
1104
  "isCanonical": true
656
1105
  },
657
- "core": {
658
- "postfix": "core",
659
- "collection": "subnets-core",
660
- "isCanonical": false
661
- },
662
- "inferences": {
663
- "postfix": "inferences",
664
- "collection": "subnets-inferences",
1106
+ "discovery": {
1107
+ "postfix": "discovery",
1108
+ "collection": "subnets-discovery",
665
1109
  "isCanonical": false
666
1110
  },
667
1111
  "scoped": {
@@ -673,6 +1117,24 @@
673
1117
  "postfix": "legacy",
674
1118
  "collection": "subnets-legacy",
675
1119
  "isCanonical": false
1120
+ },
1121
+ "analysis": {
1122
+ "postfix": "analysis",
1123
+ "collection": "subnets-analysis",
1124
+ "dataRoot": "data",
1125
+ "isCanonical": false
1126
+ }
1127
+ },
1128
+ "rootProperties": {
1129
+ "possiblePaths": {
1130
+ "label": "Possible Paths",
1131
+ "source": {
1132
+ "contentType": "snapshots",
1133
+ "path": "possiblePaths"
1134
+ },
1135
+ "valueShape": "object",
1136
+ "description": "Subnet-specific topology path facts stored at the snapshot root.",
1137
+ "managed": true
676
1138
  }
677
1139
  },
678
1140
  "properties": {
@@ -702,11 +1164,11 @@
702
1164
  "item": true,
703
1165
  "valueType": "string"
704
1166
  },
705
- "subnetIp": {
706
- "label": "Subnet network address",
1167
+ "networkAddress": {
1168
+ "label": "Network Address",
707
1169
  "source": {
708
1170
  "contentType": "snapshots",
709
- "path": "data.subnetIp"
1171
+ "path": "data.networkAddress"
710
1172
  },
711
1173
  "humanReadable": true,
712
1174
  "sortable": true,
@@ -715,6 +1177,32 @@
715
1177
  "item": true,
716
1178
  "valueType": "string"
717
1179
  },
1180
+ "prefixLength": {
1181
+ "label": "Prefix Length",
1182
+ "source": {
1183
+ "contentType": "snapshots",
1184
+ "path": "data.prefixLength"
1185
+ },
1186
+ "humanReadable": true,
1187
+ "sortable": true,
1188
+ "filterable": true,
1189
+ "list": false,
1190
+ "item": true,
1191
+ "valueType": "number"
1192
+ },
1193
+ "mask": {
1194
+ "label": "Subnet Mask",
1195
+ "source": {
1196
+ "contentType": "snapshots",
1197
+ "path": "data.mask"
1198
+ },
1199
+ "humanReadable": true,
1200
+ "sortable": true,
1201
+ "filterable": true,
1202
+ "list": false,
1203
+ "item": true,
1204
+ "valueType": "string"
1205
+ },
718
1206
  "zone": {
719
1207
  "label": "Zone",
720
1208
  "source": {
@@ -871,6 +1359,100 @@
871
1359
  "item": true,
872
1360
  "valueType": "string"
873
1361
  },
1362
+ "assetsCount": {
1363
+ "label": "Assets #",
1364
+ "source": {
1365
+ "contentType": "snapshots",
1366
+ "path": "analytics.assets.total"
1367
+ },
1368
+ "humanReadable": true,
1369
+ "sortable": true,
1370
+ "filterable": true,
1371
+ "list": true,
1372
+ "item": true,
1373
+ "valueType": "number",
1374
+ "format": "count"
1375
+ },
1376
+ "findingsCount": {
1377
+ "label": "Findings #",
1378
+ "source": {
1379
+ "contentType": "snapshots",
1380
+ "path": "analytics.findings.total"
1381
+ },
1382
+ "humanReadable": true,
1383
+ "sortable": true,
1384
+ "filterable": true,
1385
+ "list": true,
1386
+ "item": true,
1387
+ "valueType": "number",
1388
+ "format": "count"
1389
+ },
1390
+ "vulnerabilitiesCount": {
1391
+ "label": "Vulnerabilities #",
1392
+ "source": {
1393
+ "contentType": "snapshots",
1394
+ "path": "analytics.vulnerabilities.total"
1395
+ },
1396
+ "humanReadable": true,
1397
+ "sortable": true,
1398
+ "filterable": true,
1399
+ "list": true,
1400
+ "item": true,
1401
+ "valueType": "number",
1402
+ "format": "count"
1403
+ },
1404
+ "criticalVulnerabilities": {
1405
+ "label": "Critical Vulnerabilities",
1406
+ "source": {
1407
+ "contentType": "snapshots",
1408
+ "path": "analytics.vulnerabilities.critical"
1409
+ },
1410
+ "humanReadable": true,
1411
+ "sortable": true,
1412
+ "filterable": true,
1413
+ "list": true,
1414
+ "item": true,
1415
+ "valueType": "number"
1416
+ },
1417
+ "highVulnerabilities": {
1418
+ "label": "High Vulnerabilities",
1419
+ "source": {
1420
+ "contentType": "snapshots",
1421
+ "path": "analytics.vulnerabilities.high"
1422
+ },
1423
+ "humanReadable": true,
1424
+ "sortable": true,
1425
+ "filterable": true,
1426
+ "list": true,
1427
+ "item": true,
1428
+ "valueType": "number"
1429
+ },
1430
+ "mediumVulnerabilities": {
1431
+ "label": "Medium Vulnerabilities",
1432
+ "source": {
1433
+ "contentType": "snapshots",
1434
+ "path": "analytics.vulnerabilities.medium"
1435
+ },
1436
+ "humanReadable": true,
1437
+ "sortable": true,
1438
+ "filterable": true,
1439
+ "list": true,
1440
+ "item": true,
1441
+ "valueType": "number"
1442
+ },
1443
+ "lowVulnerabilities": {
1444
+ "label": "Low Vulnerabilities",
1445
+ "source": {
1446
+ "contentType": "snapshots",
1447
+ "path": "analytics.vulnerabilities.low"
1448
+ },
1449
+ "humanReadable": true,
1450
+ "sortable": true,
1451
+ "filterable": true,
1452
+ "list": true,
1453
+ "item": true,
1454
+ "valueType": "number"
1455
+ },
874
1456
  "quarantineReason": {
875
1457
  "label": "Quarantine Reason",
876
1458
  "source": {
@@ -883,6 +1465,195 @@
883
1465
  "list": false,
884
1466
  "item": true,
885
1467
  "valueType": "string"
1468
+ },
1469
+ "analysisOverview": {
1470
+ "label": "Overview",
1471
+ "source": {
1472
+ "contentType": "analysis",
1473
+ "path": "data.overview"
1474
+ },
1475
+ "humanReadable": false,
1476
+ "list": false,
1477
+ "item": true,
1478
+ "valueType": "object"
1479
+ },
1480
+ "analysisOverviewSummary": {
1481
+ "label": "Overview Summary",
1482
+ "source": {
1483
+ "contentType": "analysis",
1484
+ "path": "data.overview.summary"
1485
+ },
1486
+ "humanReadable": true,
1487
+ "list": true,
1488
+ "item": true,
1489
+ "valueType": "string"
1490
+ },
1491
+ "analysisRole": {
1492
+ "label": "Role",
1493
+ "source": {
1494
+ "contentType": "analysis",
1495
+ "path": "data.cyberRoleInterpretation"
1496
+ },
1497
+ "humanReadable": false,
1498
+ "list": false,
1499
+ "item": true,
1500
+ "valueType": "object"
1501
+ },
1502
+ "analysisExposure": {
1503
+ "label": "Exposure",
1504
+ "source": {
1505
+ "contentType": "analysis",
1506
+ "path": "data.externalAndLowerTrustReachability"
1507
+ },
1508
+ "humanReadable": false,
1509
+ "list": false,
1510
+ "item": true,
1511
+ "valueType": "object"
1512
+ },
1513
+ "analysisTrust": {
1514
+ "label": "Trust",
1515
+ "source": {
1516
+ "contentType": "analysis",
1517
+ "path": "data.trustPositionInterpretation"
1518
+ },
1519
+ "humanReadable": false,
1520
+ "list": false,
1521
+ "item": true,
1522
+ "valueType": "object"
1523
+ },
1524
+ "analysisAttackPath": {
1525
+ "label": "Attack Path",
1526
+ "source": {
1527
+ "contentType": "analysis",
1528
+ "path": "data.possibleAttackPathAnalysis"
1529
+ },
1530
+ "humanReadable": false,
1531
+ "list": false,
1532
+ "item": true,
1533
+ "valueType": "object"
1534
+ },
1535
+ "analysisMovement": {
1536
+ "label": "Movement",
1537
+ "source": {
1538
+ "contentType": "analysis",
1539
+ "path": "data.outboundAndBlastPathInterpretation"
1540
+ },
1541
+ "humanReadable": false,
1542
+ "list": false,
1543
+ "item": true,
1544
+ "valueType": "object"
1545
+ },
1546
+ "analysisContext": {
1547
+ "label": "Context",
1548
+ "source": {
1549
+ "contentType": "analysis",
1550
+ "path": "data.aggregateContextInterpretation"
1551
+ },
1552
+ "humanReadable": false,
1553
+ "list": false,
1554
+ "item": true,
1555
+ "valueType": "object"
1556
+ }
1557
+ },
1558
+ "associatedProperties": [
1559
+ {
1560
+ "name": "associatedAssetsSnapshots",
1561
+ "contentType": "snapshots",
1562
+ "kind": "associated",
1563
+ "valueShape": "array<object>",
1564
+ "linkedObjectType": "assets",
1565
+ "linkedContentType": "snapshots",
1566
+ "description": "Asset snapshot data payloads whose data.subnetCidrs contains this subnet data.cidr. Each item includes linked recordId. Capped at 99 items.",
1567
+ "managed": true,
1568
+ "refreshRuleKey": "subnets.assets.snapshots.by-cidr",
1569
+ "sourceCollection": "assets-snapshots"
1570
+ },
1571
+ {
1572
+ "name": "associatedTopologyZonesAnalysis",
1573
+ "contentType": "snapshots",
1574
+ "kind": "associated",
1575
+ "valueShape": "array<object>",
1576
+ "linkedObjectType": "topology-zones",
1577
+ "linkedContentType": "analysis",
1578
+ "description": "Zone cyber-analysis joined from subnet data.zone to topology-zones-analysis.data.name.",
1579
+ "managed": true,
1580
+ "refreshRuleKey": "subnets.topology-zones.analysis.by-zone-name",
1581
+ "sourceCollection": "topology-zones-analysis"
1582
+ }
1583
+ ],
1584
+ "processing": {
1585
+ "entityRoutes": [
1586
+ {
1587
+ "routeKey": "zones-to-subnets",
1588
+ "parentObjectType": "topology-zones",
1589
+ "childObjectType": "subnets",
1590
+ "relationshipName": "subnetZone",
1591
+ "direction": "parentToChild",
1592
+ "source": {
1593
+ "contentType": "snapshots",
1594
+ "path": "data.zone"
1595
+ },
1596
+ "target": {
1597
+ "contentType": "snapshots",
1598
+ "path": "data.name"
1599
+ }
1600
+ }
1601
+ ],
1602
+ "resolvers": [
1603
+ {
1604
+ "processorId": "subnets.subnet-key",
1605
+ "resolverType": "subnet-key",
1606
+ "kind": "function",
1607
+ "config": {
1608
+ "mode": "from-cidr",
1609
+ "sourcePath": "data.cidr"
1610
+ }
1611
+ },
1612
+ {
1613
+ "processorId": "subnets.zone-from-topology",
1614
+ "resolverType": "zone-from-topology",
1615
+ "kind": "function",
1616
+ "config": {
1617
+ "onlyWhenZoneIs": "UNKNOWN",
1618
+ "topologyRaw": {
1619
+ "db": "memorix-knowledge",
1620
+ "collection": "topology-raw"
1621
+ },
1622
+ "zonesRegistry": {
1623
+ "db": "neo-memorix-entities",
1624
+ "collection": "topology-zones-snapshots"
1625
+ }
1626
+ }
1627
+ }
1628
+ ],
1629
+ "insightStages": [
1630
+ {
1631
+ "processorId": "network.cidr-topology-path-resolver",
1632
+ "kind": "function",
1633
+ "inputKind": "cidr",
1634
+ "outputKind": "cidr-path-facts",
1635
+ "writeToInsights": false,
1636
+ "sources": {
1637
+ "topologyDb": "memorix-knowledge",
1638
+ "topologyCollection": "topology-raw"
1639
+ }
1640
+ },
1641
+ {
1642
+ "processorId": "network.cidr-zone-path-insights",
1643
+ "kind": "function",
1644
+ "inputKind": "cidr-path-facts",
1645
+ "outputKind": "insights",
1646
+ "writeToInsights": true,
1647
+ "sources": {
1648
+ "zonesCollection": "topology-zones-snapshots"
1649
+ }
1650
+ }
1651
+ ],
1652
+ "associatedContent": {
1653
+ "rollParentSnapshots": true,
1654
+ "excludePostfixes": [
1655
+ "raw"
1656
+ ]
886
1657
  }
887
1658
  },
888
1659
  "relations": {},
@@ -937,6 +1708,21 @@
937
1708
  "snapshot.capturedAt",
938
1709
  "data.enrichment.enrichedAt"
939
1710
  ]
1711
+ },
1712
+ "discovery": {
1713
+ "postfix": "discovery",
1714
+ "collection": "vulnerabilities-discovery",
1715
+ "dataRoot": "data"
1716
+ },
1717
+ "decisions": {
1718
+ "postfix": "decisions",
1719
+ "collection": "vulnerabilities-decisions",
1720
+ "dataRoot": "data"
1721
+ },
1722
+ "analysis": {
1723
+ "postfix": "analysis",
1724
+ "collection": "vulnerabilities-analysis",
1725
+ "dataRoot": "data"
940
1726
  }
941
1727
  },
942
1728
  "properties": {
@@ -966,6 +1752,19 @@
966
1752
  "item": true,
967
1753
  "valueType": "string"
968
1754
  },
1755
+ "subnetIp": {
1756
+ "label": "Subnet IP",
1757
+ "source": {
1758
+ "contentType": "snapshots",
1759
+ "path": "data.subnetIp"
1760
+ },
1761
+ "humanReadable": true,
1762
+ "sortable": true,
1763
+ "filterable": true,
1764
+ "list": true,
1765
+ "item": true,
1766
+ "valueType": "string"
1767
+ },
969
1768
  "assetType": {
970
1769
  "label": "Asset Type",
971
1770
  "source": {
@@ -1264,58 +2063,462 @@
1264
2063
  "list": false,
1265
2064
  "item": true,
1266
2065
  "valueType": "object"
1267
- }
1268
- },
1269
- "associatedProperties": [
1270
- {
1271
- "name": "associatedData",
1272
- "contentType": "snapshots",
1273
- "kind": "associated",
1274
- "valueShape": "array<object>",
1275
- "linkedObjectType": "vulnerabilities-groups",
1276
- "linkedContentType": "snapshots",
1277
- "description": "Vulnerability group snapshot payloads copied from vulnerabilities-groups-snapshots.data when data.vulnerabilityName matches group data.name.",
1278
- "managed": true,
1279
- "refreshRuleKey": "vulnerabilities.vulnerability-groups.snapshots.by-name",
1280
- "sourceCollection": "vulnerabilities-groups-snapshots"
1281
2066
  },
1282
- {
1283
- "name": "associatedInferred",
1284
- "contentType": "snapshots",
1285
- "kind": "associated",
1286
- "valueShape": "array<object>",
1287
- "linkedObjectType": "vulnerabilities-groups",
1288
- "linkedContentType": "inferences",
1289
- "description": "Vulnerability group discovery payloads copied from vulnerabilities-groups-inferences.data via group name bridge.",
1290
- "managed": true,
1291
- "refreshRuleKey": "vulnerabilities.vulnerability-groups.inferences.by-name",
1292
- "sourceCollection": "vulnerabilities-groups-inferences"
2067
+ "analysisBriefSummary": {
2068
+ "label": "Brief Summary",
2069
+ "source": {
2070
+ "contentType": "analysis",
2071
+ "path": "data.brief.summary"
2072
+ },
2073
+ "humanReadable": true,
2074
+ "list": true,
2075
+ "item": true,
2076
+ "valueType": "string"
1293
2077
  },
1294
- {
1295
- "name": "associatedAnalysis",
1296
- "contentType": "snapshots",
1297
- "kind": "associated",
1298
- "valueShape": "array<object>",
1299
- "linkedObjectType": "vulnerabilities-groups",
1300
- "linkedContentType": "analysis",
1301
- "description": "Vulnerability group analysis payloads copied from vulnerabilities-groups-analysis.data via group name bridge.",
1302
- "managed": true,
1303
- "refreshRuleKey": "vulnerabilities.vulnerability-groups.analysis.by-name",
1304
- "sourceCollection": "vulnerabilities-groups-analysis"
2078
+ "analysisBriefAnalysis": {
2079
+ "label": "Brief Analysis",
2080
+ "source": {
2081
+ "contentType": "analysis",
2082
+ "path": "data.brief.analysis"
2083
+ },
2084
+ "humanReadable": true,
2085
+ "list": true,
2086
+ "item": true,
2087
+ "valueType": "string"
2088
+ },
2089
+ "analysisBriefEvidence": {
2090
+ "label": "Brief Evidence",
2091
+ "source": {
2092
+ "contentType": "analysis",
2093
+ "path": "data.brief.evidence"
2094
+ },
2095
+ "humanReadable": true,
2096
+ "list": false,
2097
+ "item": true,
2098
+ "valueType": "string"
2099
+ },
2100
+ "analysisBriefGaps": {
2101
+ "label": "Brief Gaps",
2102
+ "source": {
2103
+ "contentType": "analysis",
2104
+ "path": "data.brief.gaps"
2105
+ },
2106
+ "humanReadable": true,
2107
+ "list": false,
2108
+ "item": true,
2109
+ "valueType": "string"
2110
+ },
2111
+ "analysisApplicability": {
2112
+ "label": "Applicability",
2113
+ "source": {
2114
+ "contentType": "analysis",
2115
+ "path": "data.applicability"
2116
+ },
2117
+ "humanReadable": false,
2118
+ "list": false,
2119
+ "item": true,
2120
+ "valueType": "object"
2121
+ },
2122
+ "analysisExploitability": {
2123
+ "label": "Exploitability",
2124
+ "source": {
2125
+ "contentType": "analysis",
2126
+ "path": "data.exploitability"
2127
+ },
2128
+ "humanReadable": false,
2129
+ "list": false,
2130
+ "item": true,
2131
+ "valueType": "object"
2132
+ },
2133
+ "analysisImpact": {
2134
+ "label": "Impact",
2135
+ "source": {
2136
+ "contentType": "analysis",
2137
+ "path": "data.impact"
2138
+ },
2139
+ "humanReadable": false,
2140
+ "list": false,
2141
+ "item": true,
2142
+ "valueType": "object"
2143
+ },
2144
+ "analysisThreat": {
2145
+ "label": "Threat",
2146
+ "source": {
2147
+ "contentType": "analysis",
2148
+ "path": "data.threat"
2149
+ },
2150
+ "humanReadable": false,
2151
+ "list": false,
2152
+ "item": true,
2153
+ "valueType": "object"
2154
+ },
2155
+ "analysisMitre": {
2156
+ "label": "MITRE",
2157
+ "source": {
2158
+ "contentType": "analysis",
2159
+ "path": "data.mitre"
2160
+ },
2161
+ "humanReadable": false,
2162
+ "list": false,
2163
+ "item": true,
2164
+ "valueType": "array"
2165
+ },
2166
+ "analysisClassType": {
2167
+ "label": "Analysis Class",
2168
+ "source": {
2169
+ "contentType": "analysis",
2170
+ "path": "data.class.type"
2171
+ },
2172
+ "humanReadable": true,
2173
+ "list": true,
2174
+ "item": true,
2175
+ "valueType": "string"
2176
+ },
2177
+ "analysisExploitabilityLevel": {
2178
+ "label": "Exploitability Level (analysis)",
2179
+ "source": {
2180
+ "contentType": "analysis",
2181
+ "path": "data.exploitability.exploitability"
2182
+ },
2183
+ "humanReadable": true,
2184
+ "list": true,
2185
+ "item": true,
2186
+ "valueType": "string"
2187
+ }
2188
+ },
2189
+ "importanceIndicator": {
2190
+ "path": "data.severity",
2191
+ "valueKind": "severity",
2192
+ "order": "desc",
2193
+ "description": "Default vulnerability importance: critical > high > medium > low > none"
2194
+ },
2195
+ "associatedProperties": [
2196
+ {
2197
+ "name": "associatedVulnerabilitiesGroupsSnapshots",
2198
+ "contentType": "snapshots",
2199
+ "kind": "associated",
2200
+ "valueShape": "array<object>",
2201
+ "linkedObjectType": "vulnerabilities-groups",
2202
+ "linkedContentType": "snapshots",
2203
+ "description": "Vulnerability group snapshot payloads copied from vulnerabilities-groups-snapshots.data when data.vulnerabilityName matches group data.name.",
2204
+ "managed": true,
2205
+ "refreshRuleKey": "vulnerabilities.vulnerability-groups.snapshots.by-name",
2206
+ "sourceCollection": "vulnerabilities-groups-snapshots"
2207
+ },
2208
+ {
2209
+ "name": "associatedVulnerabilitiesGroupsEnrichment",
2210
+ "contentType": "snapshots",
2211
+ "kind": "associated",
2212
+ "valueShape": "array<object>",
2213
+ "linkedObjectType": "vulnerabilities-groups",
2214
+ "linkedContentType": "snapshots",
2215
+ "description": "Vulnerability group enrichment payloads (CVSS/EPSS/KEV/compositeScore) copied flat from vulnerabilities-groups-snapshots.enrichment when data.vulnerabilityName matches group data.name. Omitted when enrichment is missing or empty.",
2216
+ "managed": true,
2217
+ "refreshRuleKey": "vulnerabilities.vulnerability-groups.enrichment.by-name",
2218
+ "sourceCollection": "vulnerabilities-groups-snapshots"
2219
+ },
2220
+ {
2221
+ "name": "associatedVulnerabilitiesGroupsDiscovery",
2222
+ "contentType": "snapshots",
2223
+ "kind": "associated",
2224
+ "valueShape": "array<object>",
2225
+ "linkedObjectType": "vulnerabilities-groups",
2226
+ "linkedContentType": "discovery",
2227
+ "description": "Vulnerability group discovery payloads copied from vulnerabilities-groups-discovery.data via group name bridge.",
2228
+ "managed": true,
2229
+ "refreshRuleKey": "vulnerabilities.vulnerability-groups.discovery.by-name",
2230
+ "sourceCollection": "vulnerabilities-groups-discovery"
2231
+ },
2232
+ {
2233
+ "name": "associatedVulnerabilitiesGroupsAnalysis",
2234
+ "contentType": "snapshots",
2235
+ "kind": "associated",
2236
+ "valueShape": "array<object>",
2237
+ "linkedObjectType": "vulnerabilities-groups",
2238
+ "linkedContentType": "analysis",
2239
+ "description": "Vulnerability group analysis payloads copied from vulnerabilities-groups-analysis.data via group name bridge.",
2240
+ "managed": true,
2241
+ "refreshRuleKey": "vulnerabilities.vulnerability-groups.analysis.by-name",
2242
+ "sourceCollection": "vulnerabilities-groups-analysis"
1305
2243
  },
1306
2244
  {
1307
- "name": "associatedAssets",
2245
+ "name": "associatedAssetsSnapshots",
1308
2246
  "contentType": "snapshots",
1309
2247
  "kind": "associated",
1310
2248
  "valueShape": "array<object>",
1311
2249
  "linkedObjectType": "assets",
1312
2250
  "linkedContentType": "snapshots",
1313
- "description": "Optional asset snapshot payloads copied from assets-snapshots.data when data.assetIp matches asset data.assetIps.",
2251
+ "description": "Optional asset snapshot payloads copied from assets-snapshots.data when data.assetIp exactly matches asset data.assetIps, data.assetIp, or legacy data.ip_address. At most one item per vulnerability.",
1314
2252
  "managed": true,
1315
2253
  "refreshRuleKey": "vulnerabilities.assets.snapshots.by-assetIp",
1316
2254
  "sourceCollection": "assets-snapshots"
2255
+ },
2256
+ {
2257
+ "name": "associatedTopology",
2258
+ "contentType": "snapshots",
2259
+ "kind": "associated",
2260
+ "valueShape": "array<object>",
2261
+ "linkedObjectType": "subnets",
2262
+ "linkedContentType": "snapshots",
2263
+ "description": "Normalized subnet topology objects from associatedData roll-down and canonical subnet lookup by data.assetIp. May contain both associatedData and subnetLookup sources for the same CIDR.",
2264
+ "managed": true,
2265
+ "refreshRuleKey": "vulnerabilities.associated-topology.by-associated-data-and-subnet-lookup",
2266
+ "sourceCollection": "subnets-snapshots"
2267
+ },
2268
+ {
2269
+ "name": "associatedVulnerabilitiesGroupsSnapshots",
2270
+ "contentType": "snapshots",
2271
+ "kind": "associated",
2272
+ "valueShape": "array<object>",
2273
+ "linkedObjectType": "vulnerabilities-groups",
2274
+ "linkedContentType": "snapshots",
2275
+ "description": "Explicit vulnerability group snapshot payloads copied from vulnerabilities-groups-snapshots.data when data.vulnerabilityName matches group data.name.",
2276
+ "managed": true,
2277
+ "refreshRuleKey": "vulnerabilities.vulnerability-groups.snapshots.explicit.by-name",
2278
+ "sourceCollection": "vulnerabilities-groups-snapshots"
2279
+ },
2280
+ {
2281
+ "name": "associatedVulnerabilitiesGroupsDiscovery",
2282
+ "contentType": "snapshots",
2283
+ "kind": "associated",
2284
+ "valueShape": "array<object>",
2285
+ "linkedObjectType": "vulnerabilities-groups",
2286
+ "linkedContentType": "discovery",
2287
+ "description": "Explicit vulnerability group discovery payloads copied from vulnerabilities-groups-discovery via group name bridge.",
2288
+ "managed": true,
2289
+ "refreshRuleKey": "vulnerabilities.vulnerability-groups.discovery.explicit.by-name",
2290
+ "sourceCollection": "vulnerabilities-groups-discovery"
2291
+ },
2292
+ {
2293
+ "name": "associatedVulnerabilitiesGroupsAnalysis",
2294
+ "contentType": "snapshots",
2295
+ "kind": "associated",
2296
+ "valueShape": "array<object>",
2297
+ "linkedObjectType": "vulnerabilities-groups",
2298
+ "linkedContentType": "analysis",
2299
+ "description": "Explicit vulnerability group analysis payloads copied from vulnerabilities-groups-analysis via group name bridge.",
2300
+ "managed": true,
2301
+ "refreshRuleKey": "vulnerabilities.vulnerability-groups.analysis.explicit.by-name",
2302
+ "sourceCollection": "vulnerabilities-groups-analysis"
2303
+ },
2304
+ {
2305
+ "name": "associatedVulnerabilitiesDiscovery",
2306
+ "contentType": "snapshots",
2307
+ "kind": "associated",
2308
+ "valueShape": "array<object>",
2309
+ "linkedObjectType": "vulnerabilities",
2310
+ "linkedContentType": "discovery",
2311
+ "description": "Vulnerability discovery payloads copied from vulnerabilities-discovery.data after matching vulnerabilities-snapshots by data.assetIp and resolving content by snapshot recordId.",
2312
+ "managed": true,
2313
+ "refreshRuleKey": "vulnerabilities.vulnerabilities.discovery.by-assetIp",
2314
+ "sourceCollection": "vulnerabilities-discovery"
2315
+ },
2316
+ {
2317
+ "name": "associatedVulnerabilitiesDecisions",
2318
+ "contentType": "snapshots",
2319
+ "kind": "associated",
2320
+ "valueShape": "array<object>",
2321
+ "linkedObjectType": "vulnerabilities",
2322
+ "linkedContentType": "decisions",
2323
+ "description": "Vulnerability decision payloads copied from vulnerabilities-decisions.data after matching vulnerabilities-snapshots by data.assetIp and resolving content by snapshot recordId.",
2324
+ "managed": true,
2325
+ "refreshRuleKey": "vulnerabilities.vulnerabilities.decisions.by-assetIp",
2326
+ "sourceCollection": "vulnerabilities-decisions"
1317
2327
  }
1318
2328
  ],
2329
+ "processing": {
2330
+ "entityRoutes": [
2331
+ {
2332
+ "routeKey": "groups-to-vulnerabilities",
2333
+ "parentObjectType": "vulnerabilities-groups",
2334
+ "childObjectType": "vulnerabilities",
2335
+ "relationshipName": "vulnerabilityGroup",
2336
+ "direction": "parentToChild",
2337
+ "source": {
2338
+ "contentType": "snapshots",
2339
+ "path": "data.vulnerabilityName"
2340
+ },
2341
+ "target": {
2342
+ "contentType": "snapshots",
2343
+ "path": "data.name"
2344
+ },
2345
+ "prerequisites": [
2346
+ {
2347
+ "parentObjectType": "vulnerabilities-groups",
2348
+ "parentContentPostfix": "analysis",
2349
+ "lifecycleProcess": "entity-insights-processed",
2350
+ "onMissing": "defer"
2351
+ }
2352
+ ]
2353
+ },
2354
+ {
2355
+ "routeKey": "assets-to-vulnerabilities",
2356
+ "parentObjectType": "assets",
2357
+ "childObjectType": "vulnerabilities",
2358
+ "relationshipName": "affectedAsset",
2359
+ "direction": "parentToChild",
2360
+ "source": {
2361
+ "contentType": "snapshots",
2362
+ "path": "data.assetIp"
2363
+ },
2364
+ "target": {
2365
+ "contentType": "snapshots",
2366
+ "path": "data.assetIps"
2367
+ }
2368
+ }
2369
+ ],
2370
+ "resolvers": [
2371
+ {
2372
+ "processorId": "vulnerabilities.topology-extractor",
2373
+ "resolverType": "topology-extractor",
2374
+ "kind": "function",
2375
+ "config": {
2376
+ "mode": "subnet-lookup",
2377
+ "assetIpPath": "data.assetIp",
2378
+ "sourcePaths": [
2379
+ "associatedVulnerabilitiesGroupsSnapshots"
2380
+ ],
2381
+ "outputPath": "associatedTopology",
2382
+ "canonicalCollection": {
2383
+ "db": "neo-memorix-entities",
2384
+ "collection": "subnets-snapshots"
2385
+ }
2386
+ }
2387
+ }
2388
+ ],
2389
+ "associatedContent": {
2390
+ "rollParentSnapshots": true,
2391
+ "excludePostfixes": [
2392
+ "raw"
2393
+ ]
2394
+ }
2395
+ },
2396
+ "narratives": {
2397
+ "has-assets": {
2398
+ "label": "Has assets",
2399
+ "displayName": "Has assets",
2400
+ "kind": "having-signal",
2401
+ "visibility": "user",
2402
+ "sourceRef": "affectedAsset",
2403
+ "targetEntity": "assets"
2404
+ },
2405
+ "lack-analysis-decision": {
2406
+ "label": "Analysis without decision",
2407
+ "displayName": "Analysis without decision",
2408
+ "description": "Linked vulnerabilities-analysis exists but data.decision is missing or empty.",
2409
+ "kind": "association-common-property",
2410
+ "visibility": "internal",
2411
+ "sourceRef": "vulnerabilities-analysis",
2412
+ "property": "decision"
2413
+ },
2414
+ "has-vulnerability-lack-analysis-decision": {
2415
+ "label": "Has vulnerability lacking analysis decision",
2416
+ "displayName": "Lacking analysis decision",
2417
+ "description": "Alias of lack-analysis-decision for has-* consumers.",
2418
+ "kind": "association-common-property",
2419
+ "visibility": "internal",
2420
+ "sourceRef": "vulnerabilities-analysis",
2421
+ "property": "decision"
2422
+ },
2423
+ "is-vulnerability": {
2424
+ "label": "Is vulnerability",
2425
+ "displayName": "Vulnerability",
2426
+ "description": "Security-impacting scanner result (severity low/medium/high/critical).",
2427
+ "kind": "product-narrative",
2428
+ "visibility": "user"
2429
+ },
2430
+ "is-finding": {
2431
+ "label": "Is finding",
2432
+ "displayName": "Informational finding",
2433
+ "description": "Informational scanner result (severity none/unknown).",
2434
+ "kind": "product-narrative",
2435
+ "visibility": "user"
2436
+ },
2437
+ "has-analysis": {
2438
+ "label": "Has analysis",
2439
+ "displayName": "Has analysis",
2440
+ "kind": "rollup",
2441
+ "visibility": "user"
2442
+ },
2443
+ "has-fix-immediately-decision": {
2444
+ "label": "Fix immediately",
2445
+ "displayName": "Fix Immediately",
2446
+ "kind": "rollup",
2447
+ "visibility": "user"
2448
+ },
2449
+ "has-remediate-soon-decision": {
2450
+ "label": "Remediate soon",
2451
+ "displayName": "Remediate Soon",
2452
+ "kind": "rollup",
2453
+ "visibility": "user"
2454
+ },
2455
+ "has-mitigate-decision": {
2456
+ "label": "Mitigate",
2457
+ "displayName": "Mitigate",
2458
+ "kind": "rollup",
2459
+ "visibility": "user"
2460
+ },
2461
+ "has-accept-decision": {
2462
+ "label": "Accept",
2463
+ "displayName": "Accept Risk",
2464
+ "kind": "rollup",
2465
+ "visibility": "user"
2466
+ },
2467
+ "has-triage-decision": {
2468
+ "label": "Has triage decision",
2469
+ "displayName": "Triaged",
2470
+ "kind": "rollup",
2471
+ "visibility": "user"
2472
+ },
2473
+ "has-breach-vector": {
2474
+ "label": "Breach vector",
2475
+ "displayName": "Breach Vector",
2476
+ "kind": "rollup",
2477
+ "visibility": "user"
2478
+ },
2479
+ "has-critical-severity": {
2480
+ "label": "Critical severity",
2481
+ "displayName": "Critical",
2482
+ "kind": "rollup",
2483
+ "visibility": "user"
2484
+ },
2485
+ "has-high-severity": {
2486
+ "label": "High severity",
2487
+ "displayName": "High",
2488
+ "kind": "rollup",
2489
+ "visibility": "user"
2490
+ },
2491
+ "has-medium-severity": {
2492
+ "label": "Medium severity",
2493
+ "displayName": "Medium",
2494
+ "kind": "rollup",
2495
+ "visibility": "user"
2496
+ },
2497
+ "has-low-severity": {
2498
+ "label": "Low severity",
2499
+ "displayName": "Low",
2500
+ "kind": "rollup",
2501
+ "visibility": "user"
2502
+ },
2503
+ "has-none-severity": {
2504
+ "label": "None severity",
2505
+ "displayName": "None",
2506
+ "kind": "rollup",
2507
+ "visibility": "internal"
2508
+ },
2509
+ "has-tenable-nessus-finding": {
2510
+ "label": "Tenable Nessus finding",
2511
+ "displayName": "Tenable Nessus",
2512
+ "kind": "rollup",
2513
+ "visibility": "user"
2514
+ },
2515
+ "lack-analysis": {
2516
+ "label": "Lack analysis",
2517
+ "displayName": "Missing analysis",
2518
+ "kind": "gap-signal",
2519
+ "visibility": "internal"
2520
+ }
2521
+ },
1319
2522
  "relations": {
1320
2523
  "affectedAsset": {
1321
2524
  "type": "manyToOne",
@@ -1328,7 +2531,7 @@
1328
2531
  "path": "data.assetIps"
1329
2532
  },
1330
2533
  "defaultMode": "array",
1331
- "defaultArrayProperty": "associatedAssets",
2534
+ "defaultArrayProperty": "associatedAssetsSnapshots",
1332
2535
  "targetFields": [
1333
2536
  "ipAddress",
1334
2537
  "hostName",
@@ -1349,7 +2552,7 @@
1349
2552
  "path": "data.name"
1350
2553
  },
1351
2554
  "defaultMode": "array",
1352
- "defaultArrayProperty": "associatedData",
2555
+ "defaultArrayProperty": "associatedVulnerabilitiesGroupsSnapshots",
1353
2556
  "targetFields": [
1354
2557
  "name",
1355
2558
  "severity",
@@ -1406,9 +2609,9 @@
1406
2609
  "dataRoot": "data",
1407
2610
  "isCanonical": true
1408
2611
  },
1409
- "inferences": {
1410
- "postfix": "inferences",
1411
- "collection": "vulnerabilities-groups-inferences",
2612
+ "discovery": {
2613
+ "postfix": "discovery",
2614
+ "collection": "vulnerabilities-groups-discovery",
1412
2615
  "dataRoot": "data",
1413
2616
  "isCanonical": false
1414
2617
  },
@@ -1484,103 +2687,323 @@
1484
2687
  "list": true,
1485
2688
  "item": true,
1486
2689
  "valueType": "number"
1487
- }
1488
- },
1489
- "associatedProperties": [],
1490
- "relations": {
1491
- "groupVulnerabilities": {
1492
- "type": "oneToMany",
1493
- "source": {
1494
- "contentType": "snapshots",
1495
- "path": "data.name"
1496
- },
1497
- "target": {
1498
- "contentType": "snapshots",
1499
- "path": "data.vulnerabilityName"
1500
- },
1501
- "defaultMode": "array",
1502
- "defaultArrayProperty": "vulnerabilities",
1503
- "targetFields": [
1504
- "assetIp",
1505
- "severity",
1506
- "cveId",
1507
- "pluginName"
1508
- ],
1509
- "targetObjectType": "vulnerabilities"
1510
- }
1511
- },
1512
- "schemaVersion": "memorix.objectTypeDescriptor.v2",
1513
- "objectType": "vulnerabilities-groups"
1514
- }
1515
- },
1516
- {
1517
- "catalogId": "memorix-object-type-descriptors",
1518
- "scope": {
1519
- "domains": [
1520
- "network",
1521
- "vulnerabilities"
1522
- ],
1523
- "agents": [
1524
- "neo"
1525
- ]
1526
- },
1527
- "data": {
1528
- "id": "knowledge-playbooks",
1529
- "defaultListDescriptorId": "knowledge-playbooks-main-list",
1530
- "defaultItemDescriptorId": "knowledge-playbook-detail-item",
1531
- "target": "knowledge",
1532
- "collectionPrefix": "knowledge-playbooks",
1533
- "identity": {
1534
- "allowedIdFields": [
1535
- "knowledgeId"
1536
- ],
1537
- "requiredExactlyOne": true,
1538
- "defaultIdField": "knowledgeId"
1539
- },
1540
- "defaults": {
1541
- "canonicalContentType": "snapshots",
1542
- "dataRoot": "data",
1543
- "effectiveDatePath": "capturedAt"
1544
- },
1545
- "contentTypes": {
1546
- "snapshots": {
1547
- "postfix": "snapshots",
1548
- "collection": "knowledge-playbooks-snapshots",
1549
- "dataRoot": "data",
1550
- "isCanonical": true,
1551
- "effectiveDatePath": "capturedAt"
1552
- }
1553
- },
1554
- "properties": {
1555
- "title": {
1556
- "label": "Title",
2690
+ },
2691
+ "affectedEntitiesCount": {
2692
+ "label": "Affected #",
1557
2693
  "source": {
1558
2694
  "contentType": "snapshots",
1559
- "path": "data.title"
2695
+ "path": "analytics.affectedAssets.total"
1560
2696
  },
1561
2697
  "humanReadable": true,
1562
2698
  "sortable": true,
1563
- "filterable": true,
2699
+ "filterable": false,
1564
2700
  "list": true,
1565
2701
  "item": true,
1566
- "valueType": "string"
2702
+ "valueType": "number",
2703
+ "format": "count"
1567
2704
  },
1568
- "summary": {
1569
- "label": "Summary",
2705
+ "findingsCount": {
2706
+ "label": "Findings #",
1570
2707
  "source": {
1571
2708
  "contentType": "snapshots",
1572
- "path": "data.summary"
2709
+ "path": "analytics.findings.total"
1573
2710
  },
1574
2711
  "humanReadable": true,
1575
- "sortable": false,
2712
+ "sortable": true,
2713
+ "filterable": false,
2714
+ "list": true,
2715
+ "item": true,
2716
+ "valueType": "number",
2717
+ "format": "count"
2718
+ },
2719
+ "vulnerabilitiesCount": {
2720
+ "label": "Vulnerabilities #",
2721
+ "source": {
2722
+ "contentType": "snapshots",
2723
+ "path": "analytics.vulnerabilities.total"
2724
+ },
2725
+ "humanReadable": true,
2726
+ "sortable": true,
2727
+ "filterable": false,
2728
+ "list": true,
2729
+ "item": true,
2730
+ "valueType": "number",
2731
+ "format": "count"
2732
+ },
2733
+ "criticalVulnerabilities": {
2734
+ "label": "Critical Vulnerabilities",
2735
+ "source": {
2736
+ "contentType": "snapshots",
2737
+ "path": "analytics.vulnerabilities.critical"
2738
+ },
2739
+ "humanReadable": true,
2740
+ "sortable": true,
2741
+ "filterable": false,
2742
+ "list": true,
2743
+ "item": true,
2744
+ "valueType": "number"
2745
+ },
2746
+ "highVulnerabilities": {
2747
+ "label": "High Vulnerabilities",
2748
+ "source": {
2749
+ "contentType": "snapshots",
2750
+ "path": "analytics.vulnerabilities.high"
2751
+ },
2752
+ "humanReadable": true,
2753
+ "sortable": true,
2754
+ "filterable": false,
2755
+ "list": true,
2756
+ "item": true,
2757
+ "valueType": "number"
2758
+ },
2759
+ "mediumVulnerabilities": {
2760
+ "label": "Medium Vulnerabilities",
2761
+ "source": {
2762
+ "contentType": "snapshots",
2763
+ "path": "analytics.vulnerabilities.medium"
2764
+ },
2765
+ "humanReadable": true,
2766
+ "sortable": true,
2767
+ "filterable": false,
2768
+ "list": true,
2769
+ "item": true,
2770
+ "valueType": "number"
2771
+ },
2772
+ "lowVulnerabilities": {
2773
+ "label": "Low Vulnerabilities",
2774
+ "source": {
2775
+ "contentType": "snapshots",
2776
+ "path": "analytics.vulnerabilities.low"
2777
+ },
2778
+ "humanReadable": true,
2779
+ "sortable": true,
1576
2780
  "filterable": false,
1577
2781
  "list": true,
1578
2782
  "item": true,
2783
+ "valueType": "number"
2784
+ },
2785
+ "riskLevel": {
2786
+ "label": "Risk Level",
2787
+ "source": {
2788
+ "contentType": "snapshots",
2789
+ "path": "data.enrichment.riskLevel"
2790
+ },
2791
+ "humanReadable": true,
2792
+ "sortable": true,
2793
+ "filterable": true,
2794
+ "list": true,
2795
+ "item": true,
2796
+ "valueType": "string"
2797
+ },
2798
+ "priorityScore": {
2799
+ "label": "Priority Score",
2800
+ "source": {
2801
+ "contentType": "snapshots",
2802
+ "path": "data.enrichment.priorityScore"
2803
+ },
2804
+ "humanReadable": true,
2805
+ "sortable": true,
2806
+ "filterable": true,
2807
+ "list": true,
2808
+ "item": true,
2809
+ "valueType": "number"
2810
+ },
2811
+ "knownExploited": {
2812
+ "label": "Known Exploited (KEV)",
2813
+ "source": {
2814
+ "contentType": "snapshots",
2815
+ "path": "data.enrichment.knownExploited"
2816
+ },
2817
+ "humanReadable": true,
2818
+ "sortable": true,
2819
+ "filterable": true,
2820
+ "list": true,
2821
+ "item": true,
2822
+ "valueType": "string"
2823
+ },
2824
+ "vulnerabilityType": {
2825
+ "label": "Type",
2826
+ "source": {
2827
+ "contentType": "snapshots",
2828
+ "path": "data.vulnerability_type"
2829
+ },
2830
+ "humanReadable": true,
2831
+ "sortable": true,
2832
+ "filterable": true,
2833
+ "list": true,
2834
+ "item": true,
2835
+ "valueType": "string"
2836
+ },
2837
+ "analysisBriefSummary": {
2838
+ "label": "Brief Summary",
2839
+ "source": {
2840
+ "contentType": "analysis",
2841
+ "path": "data.brief.summary"
2842
+ },
2843
+ "humanReadable": true,
2844
+ "list": true,
2845
+ "item": true,
2846
+ "valueType": "string"
2847
+ },
2848
+ "analysisBriefAnalysis": {
2849
+ "label": "Brief Analysis",
2850
+ "source": {
2851
+ "contentType": "analysis",
2852
+ "path": "data.brief.analysis"
2853
+ },
2854
+ "humanReadable": true,
2855
+ "list": true,
2856
+ "item": true,
2857
+ "valueType": "string"
2858
+ },
2859
+ "analysisBriefEvidence": {
2860
+ "label": "Brief Evidence",
2861
+ "source": {
2862
+ "contentType": "analysis",
2863
+ "path": "data.brief.evidence"
2864
+ },
2865
+ "humanReadable": true,
2866
+ "list": false,
2867
+ "item": true,
2868
+ "valueType": "string"
2869
+ },
2870
+ "analysisBriefGaps": {
2871
+ "label": "Brief Gaps",
2872
+ "source": {
2873
+ "contentType": "analysis",
2874
+ "path": "data.brief.gaps"
2875
+ },
2876
+ "humanReadable": true,
2877
+ "list": false,
2878
+ "item": true,
1579
2879
  "valueType": "string"
2880
+ },
2881
+ "analysisApplicability": {
2882
+ "label": "Applicability",
2883
+ "source": {
2884
+ "contentType": "analysis",
2885
+ "path": "data.applicability"
2886
+ },
2887
+ "humanReadable": false,
2888
+ "list": false,
2889
+ "item": true,
2890
+ "valueType": "object"
2891
+ },
2892
+ "analysisExploitability": {
2893
+ "label": "Exploitability",
2894
+ "source": {
2895
+ "contentType": "analysis",
2896
+ "path": "data.exploitability"
2897
+ },
2898
+ "humanReadable": false,
2899
+ "list": false,
2900
+ "item": true,
2901
+ "valueType": "object"
2902
+ },
2903
+ "analysisImpact": {
2904
+ "label": "Impact",
2905
+ "source": {
2906
+ "contentType": "analysis",
2907
+ "path": "data.impact"
2908
+ },
2909
+ "humanReadable": false,
2910
+ "list": false,
2911
+ "item": true,
2912
+ "valueType": "object"
2913
+ },
2914
+ "analysisThreat": {
2915
+ "label": "Threat",
2916
+ "source": {
2917
+ "contentType": "analysis",
2918
+ "path": "data.threat"
2919
+ },
2920
+ "humanReadable": false,
2921
+ "list": false,
2922
+ "item": true,
2923
+ "valueType": "object"
2924
+ },
2925
+ "analysisMitre": {
2926
+ "label": "MITRE",
2927
+ "source": {
2928
+ "contentType": "analysis",
2929
+ "path": "data.mitre"
2930
+ },
2931
+ "humanReadable": false,
2932
+ "list": false,
2933
+ "item": true,
2934
+ "valueType": "array"
2935
+ }
2936
+ },
2937
+ "associatedProperties": [],
2938
+ "narratives": {
2939
+ "has-none-severity": {
2940
+ "label": "None severity",
2941
+ "kind": "association-common-property",
2942
+ "sourceRef": "severity",
2943
+ "property": "severity",
2944
+ "value": "none"
2945
+ },
2946
+ "has-low-severity": {
2947
+ "label": "Low severity",
2948
+ "kind": "association-common-property",
2949
+ "sourceRef": "severity",
2950
+ "property": "severity",
2951
+ "value": "low"
2952
+ },
2953
+ "has-medium-severity": {
2954
+ "label": "Medium severity",
2955
+ "kind": "association-common-property",
2956
+ "sourceRef": "severity",
2957
+ "property": "severity",
2958
+ "value": "medium"
2959
+ },
2960
+ "has-high-severity": {
2961
+ "label": "High severity",
2962
+ "kind": "association-common-property",
2963
+ "sourceRef": "severity",
2964
+ "property": "severity",
2965
+ "value": "high"
2966
+ },
2967
+ "has-critical-severity": {
2968
+ "label": "Critical severity",
2969
+ "kind": "association-common-property",
2970
+ "sourceRef": "severity",
2971
+ "property": "severity",
2972
+ "value": "critical"
2973
+ }
2974
+ },
2975
+ "processing": {
2976
+ "associatedContent": {
2977
+ "rollParentSnapshots": false,
2978
+ "excludePostfixes": [
2979
+ "raw"
2980
+ ]
2981
+ }
2982
+ },
2983
+ "relations": {
2984
+ "groupVulnerabilities": {
2985
+ "type": "oneToMany",
2986
+ "source": {
2987
+ "contentType": "snapshots",
2988
+ "path": "data.name"
2989
+ },
2990
+ "target": {
2991
+ "contentType": "snapshots",
2992
+ "path": "data.vulnerabilityName"
2993
+ },
2994
+ "defaultMode": "array",
2995
+ "defaultArrayProperty": "vulnerabilities",
2996
+ "targetFields": [
2997
+ "assetIp",
2998
+ "severity",
2999
+ "cveId",
3000
+ "pluginName"
3001
+ ],
3002
+ "targetObjectType": "vulnerabilities"
1580
3003
  }
1581
3004
  },
1582
3005
  "schemaVersion": "memorix.objectTypeDescriptor.v2",
1583
- "objectType": "knowledge-playbooks"
3006
+ "objectType": "vulnerabilities-groups"
1584
3007
  }
1585
3008
  },
1586
3009
  {
@@ -1595,11 +3018,11 @@
1595
3018
  ]
1596
3019
  },
1597
3020
  "data": {
1598
- "id": "content-documents",
1599
- "defaultListDescriptorId": "content-documents-main-list",
1600
- "defaultItemDescriptorId": "content-document-detail-item",
3021
+ "id": "knowledge-playbooks",
3022
+ "defaultListDescriptorId": "knowledge-playbooks-main-list",
3023
+ "defaultItemDescriptorId": "knowledge-playbook-detail-item",
1601
3024
  "target": "knowledge",
1602
- "collectionPrefix": "content-documents",
3025
+ "collectionPrefix": "knowledge-playbooks",
1603
3026
  "identity": {
1604
3027
  "allowedIdFields": [
1605
3028
  "knowledgeId"
@@ -1615,24 +3038,9 @@
1615
3038
  "contentTypes": {
1616
3039
  "snapshots": {
1617
3040
  "postfix": "snapshots",
1618
- "collection": "content-documents-snapshots",
3041
+ "collection": "knowledge-playbooks-snapshots",
1619
3042
  "dataRoot": "data",
1620
3043
  "isCanonical": true,
1621
- "cardinality": "1:1",
1622
- "effectiveDatePath": "capturedAt"
1623
- },
1624
- "extractions": {
1625
- "postfix": "extractions",
1626
- "collection": "content-documents-extractions",
1627
- "dataRoot": "data",
1628
- "cardinality": "1:n",
1629
- "effectiveDatePath": "capturedAt"
1630
- },
1631
- "chunks": {
1632
- "postfix": "chunks",
1633
- "collection": "content-documents-chunks",
1634
- "dataRoot": "data",
1635
- "cardinality": "1:n",
1636
3044
  "effectiveDatePath": "capturedAt"
1637
3045
  }
1638
3046
  },
@@ -1662,24 +3070,109 @@
1662
3070
  "list": true,
1663
3071
  "item": true,
1664
3072
  "valueType": "string"
1665
- },
1666
- "language": {
1667
- "label": "Language",
1668
- "source": {
1669
- "contentType": "snapshots",
1670
- "path": "data.language"
1671
- },
1672
- "humanReadable": true,
1673
- "sortable": true,
1674
- "filterable": true,
1675
- "list": true,
1676
- "item": true,
1677
- "valueType": "string"
1678
- },
1679
- "sourceKind": {
1680
- "label": "Source kind",
1681
- "source": {
1682
- "contentType": "snapshots",
3073
+ }
3074
+ },
3075
+ "schemaVersion": "memorix.objectTypeDescriptor.v2",
3076
+ "objectType": "knowledge-playbooks"
3077
+ }
3078
+ },
3079
+ {
3080
+ "catalogId": "memorix-object-type-descriptors",
3081
+ "scope": {
3082
+ "domains": [
3083
+ "network",
3084
+ "vulnerabilities"
3085
+ ],
3086
+ "agents": [
3087
+ "neo"
3088
+ ]
3089
+ },
3090
+ "data": {
3091
+ "id": "content-documents",
3092
+ "defaultListDescriptorId": "content-documents-main-list",
3093
+ "defaultItemDescriptorId": "content-document-detail-item",
3094
+ "target": "knowledge",
3095
+ "collectionPrefix": "content-documents",
3096
+ "identity": {
3097
+ "allowedIdFields": [
3098
+ "knowledgeId"
3099
+ ],
3100
+ "requiredExactlyOne": true,
3101
+ "defaultIdField": "knowledgeId"
3102
+ },
3103
+ "defaults": {
3104
+ "canonicalContentType": "snapshots",
3105
+ "dataRoot": "data",
3106
+ "effectiveDatePath": "capturedAt"
3107
+ },
3108
+ "contentTypes": {
3109
+ "snapshots": {
3110
+ "postfix": "snapshots",
3111
+ "collection": "content-documents-snapshots",
3112
+ "dataRoot": "data",
3113
+ "isCanonical": true,
3114
+ "cardinality": "1:1",
3115
+ "effectiveDatePath": "capturedAt"
3116
+ },
3117
+ "extractions": {
3118
+ "postfix": "extractions",
3119
+ "collection": "content-documents-extractions",
3120
+ "dataRoot": "data",
3121
+ "cardinality": "1:n",
3122
+ "effectiveDatePath": "capturedAt"
3123
+ },
3124
+ "chunks": {
3125
+ "postfix": "chunks",
3126
+ "collection": "content-documents-chunks",
3127
+ "dataRoot": "data",
3128
+ "cardinality": "1:n",
3129
+ "effectiveDatePath": "capturedAt"
3130
+ }
3131
+ },
3132
+ "properties": {
3133
+ "title": {
3134
+ "label": "Title",
3135
+ "source": {
3136
+ "contentType": "snapshots",
3137
+ "path": "data.title"
3138
+ },
3139
+ "humanReadable": true,
3140
+ "sortable": true,
3141
+ "filterable": true,
3142
+ "list": true,
3143
+ "item": true,
3144
+ "valueType": "string"
3145
+ },
3146
+ "summary": {
3147
+ "label": "Summary",
3148
+ "source": {
3149
+ "contentType": "snapshots",
3150
+ "path": "data.summary"
3151
+ },
3152
+ "humanReadable": true,
3153
+ "sortable": false,
3154
+ "filterable": false,
3155
+ "list": true,
3156
+ "item": true,
3157
+ "valueType": "string"
3158
+ },
3159
+ "language": {
3160
+ "label": "Language",
3161
+ "source": {
3162
+ "contentType": "snapshots",
3163
+ "path": "data.language"
3164
+ },
3165
+ "humanReadable": true,
3166
+ "sortable": true,
3167
+ "filterable": true,
3168
+ "list": true,
3169
+ "item": true,
3170
+ "valueType": "string"
3171
+ },
3172
+ "sourceKind": {
3173
+ "label": "Source kind",
3174
+ "source": {
3175
+ "contentType": "snapshots",
1683
3176
  "path": "source.kind"
1684
3177
  },
1685
3178
  "humanReadable": true,
@@ -1715,9 +3208,489 @@
1715
3208
  "item": false,
1716
3209
  "valueType": "string"
1717
3210
  }
1718
- },
1719
- "schemaVersion": "memorix.objectTypeDescriptor.v2",
1720
- "objectType": "content-documents"
3211
+ },
3212
+ "schemaVersion": "memorix.objectTypeDescriptor.v2",
3213
+ "objectType": "content-documents"
3214
+ }
3215
+ },
3216
+ {
3217
+ "catalogId": "lists",
3218
+ "scope": {
3219
+ "domains": [
3220
+ "network",
3221
+ "vulnerabilities"
3222
+ ],
3223
+ "agents": [
3224
+ "neo"
3225
+ ]
3226
+ },
3227
+ "data": {
3228
+ "id": "assets-main-list",
3229
+ "entity": "assets",
3230
+ "title": "Assets",
3231
+ "leadingContentType": "snapshots",
3232
+ "pagination": {
3233
+ "enabled": true,
3234
+ "defaultLimit": 50,
3235
+ "maxLimit": 200
3236
+ },
3237
+ "filters": [],
3238
+ "fields": [
3239
+ "ipAddress",
3240
+ "subnetIp",
3241
+ "subnetCidr",
3242
+ "hostName",
3243
+ "source",
3244
+ "agentType",
3245
+ "xdrOperationalStatus",
3246
+ "xdrAgentStatus",
3247
+ "criticalVulnerabilities",
3248
+ "highVulnerabilities",
3249
+ "findingsCount",
3250
+ "potentialImpactLevel",
3251
+ "pathsCount",
3252
+ "observedUsers",
3253
+ "lastSeen"
3254
+ ],
3255
+ "extensions": [],
3256
+ "includeRelations": [],
3257
+ "allowedSorts": [
3258
+ "ipAddress",
3259
+ "subnetIp",
3260
+ "subnetCidr",
3261
+ "hostName",
3262
+ "source",
3263
+ "agentType",
3264
+ "xdrOperationalStatus",
3265
+ "xdrAgentStatus",
3266
+ "criticalVulnerabilities",
3267
+ "highVulnerabilities",
3268
+ "findingsCount",
3269
+ "potentialImpactLevel",
3270
+ "pathsCount",
3271
+ "lastSeen"
3272
+ ],
3273
+ "defaultSort": {
3274
+ "property": "ipAddress",
3275
+ "direction": "asc"
3276
+ },
3277
+ "allowSortDrivenLeadingOverride": false,
3278
+ "columnDrillDowns": [
3279
+ {
3280
+ "field": "criticalVulnerabilities",
3281
+ "label": "Critical Vulnerabilities",
3282
+ "listQuery": {
3283
+ "entityName": "vulnerabilities",
3284
+ "listDescriptorId": "vulnerabilities-main-list",
3285
+ "narrativeIds": [
3286
+ "is-vulnerability",
3287
+ "has-critical-severity"
3288
+ ],
3289
+ "filters": [
3290
+ {
3291
+ "property": "assetIp",
3292
+ "operator": "eq",
3293
+ "valueFromRow": "ipAddress"
3294
+ }
3295
+ ]
3296
+ }
3297
+ },
3298
+ {
3299
+ "field": "highVulnerabilities",
3300
+ "label": "High Vulnerabilities",
3301
+ "listQuery": {
3302
+ "entityName": "vulnerabilities",
3303
+ "listDescriptorId": "vulnerabilities-main-list",
3304
+ "narrativeIds": [
3305
+ "is-vulnerability",
3306
+ "has-high-severity"
3307
+ ],
3308
+ "filters": [
3309
+ {
3310
+ "property": "assetIp",
3311
+ "operator": "eq",
3312
+ "valueFromRow": "ipAddress"
3313
+ }
3314
+ ]
3315
+ }
3316
+ },
3317
+ {
3318
+ "field": "findingsCount",
3319
+ "label": "Findings",
3320
+ "listQuery": {
3321
+ "entityName": "vulnerabilities",
3322
+ "listDescriptorId": "vulnerabilities-observations-list",
3323
+ "narrativeIds": [
3324
+ "is-finding"
3325
+ ],
3326
+ "filters": [
3327
+ {
3328
+ "property": "assetIp",
3329
+ "operator": "eq",
3330
+ "valueFromRow": "ipAddress"
3331
+ }
3332
+ ]
3333
+ }
3334
+ }
3335
+ ]
3336
+ }
3337
+ },
3338
+ {
3339
+ "catalogId": "lists",
3340
+ "scope": {
3341
+ "domains": [
3342
+ "network",
3343
+ "vulnerabilities"
3344
+ ],
3345
+ "agents": [
3346
+ "neo"
3347
+ ]
3348
+ },
3349
+ "data": {
3350
+ "id": "vulnerable-assets-list",
3351
+ "entity": "assets",
3352
+ "title": "Vulnerable Assets",
3353
+ "leadingContentType": "snapshots",
3354
+ "pagination": {
3355
+ "enabled": true,
3356
+ "defaultLimit": 50,
3357
+ "maxLimit": 200
3358
+ },
3359
+ "filters": [
3360
+ {
3361
+ "property": "narrativeId",
3362
+ "operator": "ne",
3363
+ "value": "has-no-vulnerabilities"
3364
+ }
3365
+ ],
3366
+ "fields": [
3367
+ "ipAddress",
3368
+ "hostName",
3369
+ "source",
3370
+ "pathsCount",
3371
+ "criticalVulnerabilities",
3372
+ "highVulnerabilities",
3373
+ "findingsCount",
3374
+ "agentType",
3375
+ "xdrAgentStatus",
3376
+ "xdrOperationalStatus",
3377
+ "observedUsers",
3378
+ "lastSeen"
3379
+ ],
3380
+ "extensions": [],
3381
+ "includeRelations": [],
3382
+ "allowedSorts": [
3383
+ "ipAddress",
3384
+ "hostName",
3385
+ "source",
3386
+ "pathsCount",
3387
+ "criticalVulnerabilities",
3388
+ "highVulnerabilities",
3389
+ "findingsCount",
3390
+ "agentType",
3391
+ "xdrAgentStatus",
3392
+ "xdrOperationalStatus",
3393
+ "lastSeen"
3394
+ ],
3395
+ "defaultSort": {
3396
+ "property": "ipAddress",
3397
+ "direction": "asc"
3398
+ },
3399
+ "allowSortDrivenLeadingOverride": false,
3400
+ "columnDrillDowns": [
3401
+ {
3402
+ "field": "criticalVulnerabilities",
3403
+ "label": "Critical Vulnerabilities",
3404
+ "listQuery": {
3405
+ "entityName": "vulnerabilities",
3406
+ "listDescriptorId": "vulnerabilities-main-list",
3407
+ "narrativeIds": [
3408
+ "is-vulnerability",
3409
+ "has-critical-severity"
3410
+ ],
3411
+ "filters": [
3412
+ {
3413
+ "property": "assetIp",
3414
+ "operator": "eq",
3415
+ "valueFromRow": "ipAddress"
3416
+ }
3417
+ ]
3418
+ }
3419
+ },
3420
+ {
3421
+ "field": "highVulnerabilities",
3422
+ "label": "High Vulnerabilities",
3423
+ "listQuery": {
3424
+ "entityName": "vulnerabilities",
3425
+ "listDescriptorId": "vulnerabilities-main-list",
3426
+ "narrativeIds": [
3427
+ "is-vulnerability",
3428
+ "has-high-severity"
3429
+ ],
3430
+ "filters": [
3431
+ {
3432
+ "property": "assetIp",
3433
+ "operator": "eq",
3434
+ "valueFromRow": "ipAddress"
3435
+ }
3436
+ ]
3437
+ }
3438
+ },
3439
+ {
3440
+ "field": "findingsCount",
3441
+ "label": "Findings",
3442
+ "listQuery": {
3443
+ "entityName": "vulnerabilities",
3444
+ "listDescriptorId": "vulnerabilities-observations-list",
3445
+ "narrativeIds": [
3446
+ "is-finding"
3447
+ ],
3448
+ "filters": [
3449
+ {
3450
+ "property": "assetIp",
3451
+ "operator": "eq",
3452
+ "valueFromRow": "ipAddress"
3453
+ }
3454
+ ]
3455
+ }
3456
+ }
3457
+ ]
3458
+ }
3459
+ },
3460
+ {
3461
+ "catalogId": "lists",
3462
+ "scope": {
3463
+ "domains": [
3464
+ "network",
3465
+ "vulnerabilities"
3466
+ ],
3467
+ "agents": [
3468
+ "neo"
3469
+ ]
3470
+ },
3471
+ "data": {
3472
+ "id": "assets-exploitability-decisions-list",
3473
+ "entity": "assets",
3474
+ "title": "Assets Exploitability",
3475
+ "leadingContentType": "decisions",
3476
+ "pagination": {
3477
+ "enabled": true,
3478
+ "defaultLimit": 50,
3479
+ "maxLimit": 200
3480
+ },
3481
+ "filters": [],
3482
+ "fields": [
3483
+ "decisionOverviewSummary",
3484
+ "decisionOverviewDetailedAnalysis",
3485
+ "decisionLabel",
3486
+ "decisionStatus",
3487
+ "decisionRiskScore",
3488
+ "decisionUrgencyScore"
3489
+ ],
3490
+ "extensions": [],
3491
+ "includeRelations": [],
3492
+ "allowedSorts": [
3493
+ "decisionRiskScore",
3494
+ "decisionUrgencyScore",
3495
+ "decisionStatus",
3496
+ "decisionLabel"
3497
+ ],
3498
+ "defaultSort": {
3499
+ "property": "decisionRiskScore",
3500
+ "direction": "desc"
3501
+ },
3502
+ "allowSortDrivenLeadingOverride": false
3503
+ }
3504
+ },
3505
+ {
3506
+ "catalogId": "lists",
3507
+ "scope": {
3508
+ "domains": [
3509
+ "network",
3510
+ "vulnerabilities"
3511
+ ],
3512
+ "agents": [
3513
+ "neo"
3514
+ ]
3515
+ },
3516
+ "data": {
3517
+ "id": "assets-potential-impact-decisions-list",
3518
+ "entity": "assets",
3519
+ "title": "Asset's Potential Impact",
3520
+ "leadingContentType": "decisions",
3521
+ "pagination": {
3522
+ "enabled": true,
3523
+ "defaultLimit": 50,
3524
+ "maxLimit": 200
3525
+ },
3526
+ "filters": [],
3527
+ "fields": [
3528
+ "decisionOverviewSummary",
3529
+ "decisionOverviewDetailedAnalysis",
3530
+ "decisionLabel",
3531
+ "decisionStatus",
3532
+ "decisionRiskScore"
3533
+ ],
3534
+ "extensions": [],
3535
+ "includeRelations": [],
3536
+ "allowedSorts": [
3537
+ "decisionRiskScore",
3538
+ "decisionStatus",
3539
+ "decisionLabel"
3540
+ ],
3541
+ "defaultSort": {
3542
+ "property": "decisionRiskScore",
3543
+ "direction": "desc"
3544
+ },
3545
+ "allowSortDrivenLeadingOverride": false
3546
+ }
3547
+ },
3548
+ {
3549
+ "catalogId": "lists",
3550
+ "scope": {
3551
+ "domains": [
3552
+ "network",
3553
+ "vulnerabilities"
3554
+ ],
3555
+ "agents": [
3556
+ "neo"
3557
+ ]
3558
+ },
3559
+ "data": {
3560
+ "id": "subnets-main-list",
3561
+ "entity": "subnets",
3562
+ "title": "Networks",
3563
+ "leadingContentType": "snapshots",
3564
+ "fields": [
3565
+ "subnetIp",
3566
+ "cidr",
3567
+ "zone",
3568
+ "zoneClass",
3569
+ "vr",
3570
+ "networkAddress",
3571
+ "assetsCount",
3572
+ "findingsCount",
3573
+ "vulnerabilitiesCount",
3574
+ "criticalVulnerabilities",
3575
+ "highVulnerabilities",
3576
+ "outsideExposureClass",
3577
+ "internalReachabilityClass",
3578
+ "recordId"
3579
+ ],
3580
+ "defaultSort": {
3581
+ "property": "cidr",
3582
+ "direction": "asc"
3583
+ },
3584
+ "allowedSorts": [
3585
+ "subnetIp",
3586
+ "cidr",
3587
+ "zone",
3588
+ "zoneClass",
3589
+ "vr",
3590
+ "assetsCount",
3591
+ "findingsCount",
3592
+ "vulnerabilitiesCount",
3593
+ "criticalVulnerabilities",
3594
+ "highVulnerabilities",
3595
+ "outsideExposureClass",
3596
+ "internalReachabilityClass"
3597
+ ],
3598
+ "pagination": {
3599
+ "enabled": true,
3600
+ "defaultLimit": 50,
3601
+ "maxLimit": 200
3602
+ },
3603
+ "columnDrillDowns": [
3604
+ {
3605
+ "field": "assetsCount",
3606
+ "label": "Assets #",
3607
+ "listQuery": {
3608
+ "entityName": "assets",
3609
+ "listDescriptorId": "assets-main-list",
3610
+ "filters": [
3611
+ {
3612
+ "property": "subnetCidrs",
3613
+ "operator": "eq",
3614
+ "valueFromRow": "cidr"
3615
+ }
3616
+ ]
3617
+ }
3618
+ },
3619
+ {
3620
+ "field": "findingsCount",
3621
+ "label": "Findings #",
3622
+ "listQuery": {
3623
+ "entityName": "vulnerabilities",
3624
+ "listDescriptorId": "vulnerabilities-observations-list",
3625
+ "narrativeIds": [
3626
+ "is-finding"
3627
+ ],
3628
+ "filters": [
3629
+ {
3630
+ "property": "subnetIp",
3631
+ "operator": "eq",
3632
+ "valueFromRow": "networkAddress"
3633
+ }
3634
+ ]
3635
+ }
3636
+ },
3637
+ {
3638
+ "field": "vulnerabilitiesCount",
3639
+ "label": "Vulnerabilities #",
3640
+ "listQuery": {
3641
+ "entityName": "vulnerabilities",
3642
+ "listDescriptorId": "vulnerabilities-main-list",
3643
+ "narrativeIds": [
3644
+ "is-vulnerability"
3645
+ ],
3646
+ "filters": [
3647
+ {
3648
+ "property": "subnetIp",
3649
+ "operator": "eq",
3650
+ "valueFromRow": "networkAddress"
3651
+ }
3652
+ ]
3653
+ }
3654
+ },
3655
+ {
3656
+ "field": "criticalVulnerabilities",
3657
+ "label": "Critical Vulnerabilities",
3658
+ "listQuery": {
3659
+ "entityName": "vulnerabilities",
3660
+ "listDescriptorId": "vulnerabilities-main-list",
3661
+ "narrativeIds": [
3662
+ "is-vulnerability",
3663
+ "has-critical-severity"
3664
+ ],
3665
+ "filters": [
3666
+ {
3667
+ "property": "subnetIp",
3668
+ "operator": "eq",
3669
+ "valueFromRow": "networkAddress"
3670
+ }
3671
+ ]
3672
+ }
3673
+ },
3674
+ {
3675
+ "field": "highVulnerabilities",
3676
+ "label": "High Vulnerabilities",
3677
+ "listQuery": {
3678
+ "entityName": "vulnerabilities",
3679
+ "listDescriptorId": "vulnerabilities-main-list",
3680
+ "narrativeIds": [
3681
+ "is-vulnerability",
3682
+ "has-high-severity"
3683
+ ],
3684
+ "filters": [
3685
+ {
3686
+ "property": "subnetIp",
3687
+ "operator": "eq",
3688
+ "valueFromRow": "networkAddress"
3689
+ }
3690
+ ]
3691
+ }
3692
+ }
3693
+ ]
1721
3694
  }
1722
3695
  },
1723
3696
  {
@@ -1732,52 +3705,57 @@
1732
3705
  ]
1733
3706
  },
1734
3707
  "data": {
1735
- "id": "assets-main-list",
1736
- "entity": "assets",
1737
- "title": "Assets",
3708
+ "id": "vulnerabilities-main-list",
3709
+ "entity": "vulnerabilities",
3710
+ "title": "Vulnerabilities",
1738
3711
  "leadingContentType": "snapshots",
1739
3712
  "pagination": {
1740
3713
  "enabled": true,
1741
3714
  "defaultLimit": 50,
1742
3715
  "maxLimit": 200
1743
3716
  },
1744
- "filters": [],
3717
+ "filters": [
3718
+ {
3719
+ "property": "narrativeId",
3720
+ "operator": "eq",
3721
+ "value": "is-vulnerability"
3722
+ }
3723
+ ],
1745
3724
  "fields": [
1746
- "ipAddress",
3725
+ "vulnerabilityId",
3726
+ "assetIp",
1747
3727
  "subnetIp",
1748
- "subnetCidr",
1749
- "hostName",
1750
- "source",
1751
- "agentType",
1752
- "xdrOperationalStatus",
1753
- "xdrAgentStatus",
1754
- "hasVulnerabilities",
1755
- "criticalVulnerabilities",
1756
- "highVulnerabilities",
1757
- "potentialImpactLevel",
1758
- "pathsCount"
3728
+ "pluginName",
3729
+ "pluginFamily",
3730
+ "severity",
3731
+ "cveId",
3732
+ "riskLevel",
3733
+ "priorityScore",
3734
+ "epss",
3735
+ "knownExploited",
3736
+ "exploitabilityLevel",
3737
+ "networkExposure"
1759
3738
  ],
1760
3739
  "extensions": [],
1761
3740
  "includeRelations": [],
1762
3741
  "allowedSorts": [
1763
- "ipAddress",
3742
+ "vulnerabilityId",
3743
+ "assetIp",
1764
3744
  "subnetIp",
1765
- "subnetCidr",
1766
- "hostName",
1767
- "source",
1768
- "agentType",
1769
- "xdrOperationalStatus",
1770
- "xdrAgentStatus",
1771
- "hasVulnerabilities",
1772
- "criticalVulnerabilities",
1773
- "highVulnerabilities",
1774
- "potentialImpactLevel",
1775
- "pathsCount",
1776
- "lastSeen"
3745
+ "pluginName",
3746
+ "pluginFamily",
3747
+ "severity",
3748
+ "riskLevel",
3749
+ "priorityScore",
3750
+ "epss",
3751
+ "knownExploited",
3752
+ "exploitabilityScore",
3753
+ "exploitabilityLevel",
3754
+ "networkExposure"
1777
3755
  ],
1778
3756
  "defaultSort": {
1779
- "property": "ipAddress",
1780
- "direction": "asc"
3757
+ "property": "priorityScore",
3758
+ "direction": "desc"
1781
3759
  },
1782
3760
  "allowSortDrivenLeadingOverride": false
1783
3761
  }
@@ -1794,26 +3772,88 @@
1794
3772
  ]
1795
3773
  },
1796
3774
  "data": {
1797
- "id": "subnets-main-list",
1798
- "entity": "subnets",
1799
- "title": "Subnets",
3775
+ "id": "vulnerabilities-observations-list",
3776
+ "entity": "vulnerabilities",
3777
+ "title": "Observations",
1800
3778
  "leadingContentType": "snapshots",
3779
+ "pagination": {
3780
+ "enabled": true,
3781
+ "defaultLimit": 50,
3782
+ "maxLimit": 200
3783
+ },
3784
+ "filters": [
3785
+ {
3786
+ "property": "narrativeId",
3787
+ "operator": "eq",
3788
+ "value": "is-finding"
3789
+ }
3790
+ ],
1801
3791
  "fields": [
1802
- "cidr",
1803
- "subnetIp",
1804
- "zone",
1805
- "vr",
1806
- "recordId"
3792
+ "assetIp",
3793
+ "pluginName",
3794
+ "severity",
3795
+ "riskLevel",
3796
+ "priorityScore",
3797
+ "knownExploited",
3798
+ "cveId",
3799
+ "subnetIp"
3800
+ ],
3801
+ "extensions": [],
3802
+ "includeRelations": [],
3803
+ "allowedSorts": [
3804
+ "assetIp",
3805
+ "pluginName",
3806
+ "severity",
3807
+ "riskLevel",
3808
+ "priorityScore",
3809
+ "knownExploited"
1807
3810
  ],
1808
3811
  "defaultSort": {
1809
- "property": "cidr",
3812
+ "property": "pluginName",
1810
3813
  "direction": "asc"
1811
3814
  },
3815
+ "allowSortDrivenLeadingOverride": false
3816
+ }
3817
+ },
3818
+ {
3819
+ "catalogId": "lists",
3820
+ "scope": {
3821
+ "domains": [
3822
+ "network",
3823
+ "vulnerabilities"
3824
+ ],
3825
+ "agents": [
3826
+ "neo"
3827
+ ]
3828
+ },
3829
+ "data": {
3830
+ "id": "vulnerabilities-exploitability-analysis-list",
3831
+ "entity": "vulnerabilities",
3832
+ "title": "Vulnerabilities Exploitability",
3833
+ "leadingContentType": "analysis",
1812
3834
  "pagination": {
1813
3835
  "enabled": true,
1814
3836
  "defaultLimit": 50,
1815
3837
  "maxLimit": 200
1816
- }
3838
+ },
3839
+ "filters": [],
3840
+ "fields": [
3841
+ "analysisBriefSummary",
3842
+ "analysisBriefAnalysis",
3843
+ "analysisExploitabilityLevel",
3844
+ "analysisClassType"
3845
+ ],
3846
+ "extensions": [],
3847
+ "includeRelations": [],
3848
+ "allowedSorts": [
3849
+ "analysisExploitabilityLevel",
3850
+ "analysisClassType"
3851
+ ],
3852
+ "defaultSort": {
3853
+ "property": "analysisExploitabilityLevel",
3854
+ "direction": "asc"
3855
+ },
3856
+ "allowSortDrivenLeadingOverride": false
1817
3857
  }
1818
3858
  },
1819
3859
  {
@@ -1828,9 +3868,51 @@
1828
3868
  ]
1829
3869
  },
1830
3870
  "data": {
1831
- "id": "vulnerabilities-main-list",
3871
+ "id": "vulnerabilities-triage-analysis-list",
1832
3872
  "entity": "vulnerabilities",
1833
- "title": "Vulnerabilities",
3873
+ "title": "Vulnerabilities Triage",
3874
+ "leadingContentType": "analysis",
3875
+ "pagination": {
3876
+ "enabled": true,
3877
+ "defaultLimit": 50,
3878
+ "maxLimit": 200
3879
+ },
3880
+ "filters": [],
3881
+ "fields": [
3882
+ "analysisBriefSummary",
3883
+ "analysisBriefAnalysis",
3884
+ "analysisExploitabilityLevel",
3885
+ "analysisClassType",
3886
+ "analysisImpact"
3887
+ ],
3888
+ "extensions": [],
3889
+ "includeRelations": [],
3890
+ "allowedSorts": [
3891
+ "analysisExploitabilityLevel",
3892
+ "analysisClassType"
3893
+ ],
3894
+ "defaultSort": {
3895
+ "property": "analysisExploitabilityLevel",
3896
+ "direction": "asc"
3897
+ },
3898
+ "allowSortDrivenLeadingOverride": false
3899
+ }
3900
+ },
3901
+ {
3902
+ "catalogId": "lists",
3903
+ "scope": {
3904
+ "domains": [
3905
+ "network",
3906
+ "vulnerabilities"
3907
+ ],
3908
+ "agents": [
3909
+ "neo"
3910
+ ]
3911
+ },
3912
+ "data": {
3913
+ "id": "vulnerabilities-groups-main-list",
3914
+ "entity": "vulnerabilities-groups",
3915
+ "title": "Vulnerability Groups",
1834
3916
  "leadingContentType": "snapshots",
1835
3917
  "pagination": {
1836
3918
  "enabled": true,
@@ -1839,40 +3921,97 @@
1839
3921
  },
1840
3922
  "filters": [],
1841
3923
  "fields": [
1842
- "vulnerabilityId",
1843
- "assetIp",
1844
- "pluginName",
1845
- "pluginFamily",
3924
+ "name",
3925
+ "vulnerabilityType",
1846
3926
  "severity",
1847
- "cveId",
3927
+ "affectedEntitiesCount",
3928
+ "findingsCount",
3929
+ "vulnerabilitiesCount",
3930
+ "criticalVulnerabilities",
3931
+ "highVulnerabilities",
1848
3932
  "riskLevel",
1849
3933
  "priorityScore",
1850
- "epss",
1851
3934
  "knownExploited",
1852
- "exploitabilityLevel",
1853
- "networkExposure"
3935
+ "cveId",
3936
+ "pluginId",
3937
+ "compositeScore"
1854
3938
  ],
1855
3939
  "extensions": [],
1856
3940
  "includeRelations": [],
1857
3941
  "allowedSorts": [
1858
- "vulnerabilityId",
1859
- "assetIp",
1860
- "pluginName",
1861
- "pluginFamily",
3942
+ "name",
1862
3943
  "severity",
3944
+ "affectedEntitiesCount",
3945
+ "findingsCount",
3946
+ "vulnerabilitiesCount",
3947
+ "criticalVulnerabilities",
3948
+ "highVulnerabilities",
1863
3949
  "riskLevel",
1864
3950
  "priorityScore",
1865
- "epss",
1866
3951
  "knownExploited",
1867
- "exploitabilityScore",
1868
- "exploitabilityLevel",
1869
- "networkExposure"
3952
+ "compositeScore"
1870
3953
  ],
1871
3954
  "defaultSort": {
1872
3955
  "property": "priorityScore",
1873
3956
  "direction": "desc"
1874
3957
  },
1875
- "allowSortDrivenLeadingOverride": false
3958
+ "allowSortDrivenLeadingOverride": false,
3959
+ "columnDrillDowns": [
3960
+ {
3961
+ "field": "affectedEntitiesCount",
3962
+ "label": "Affected #",
3963
+ "listQuery": {
3964
+ "entityName": "vulnerabilities",
3965
+ "listDescriptorId": "vulnerabilities-main-list",
3966
+ "narrativeIds": [
3967
+ "is-vulnerability"
3968
+ ],
3969
+ "filters": [
3970
+ {
3971
+ "property": "pluginName",
3972
+ "operator": "eq",
3973
+ "valueFromRow": "name"
3974
+ }
3975
+ ]
3976
+ }
3977
+ },
3978
+ {
3979
+ "field": "findingsCount",
3980
+ "label": "Findings #",
3981
+ "listQuery": {
3982
+ "entityName": "vulnerabilities",
3983
+ "listDescriptorId": "vulnerabilities-observations-list",
3984
+ "narrativeIds": [
3985
+ "is-finding"
3986
+ ],
3987
+ "filters": [
3988
+ {
3989
+ "property": "pluginName",
3990
+ "operator": "eq",
3991
+ "valueFromRow": "name"
3992
+ }
3993
+ ]
3994
+ }
3995
+ },
3996
+ {
3997
+ "field": "vulnerabilitiesCount",
3998
+ "label": "Vulnerabilities #",
3999
+ "listQuery": {
4000
+ "entityName": "vulnerabilities",
4001
+ "listDescriptorId": "vulnerabilities-main-list",
4002
+ "narrativeIds": [
4003
+ "is-vulnerability"
4004
+ ],
4005
+ "filters": [
4006
+ {
4007
+ "property": "pluginName",
4008
+ "operator": "eq",
4009
+ "valueFromRow": "name"
4010
+ }
4011
+ ]
4012
+ }
4013
+ }
4014
+ ]
1876
4015
  }
1877
4016
  },
1878
4017
  {
@@ -2104,20 +4243,95 @@
2104
4243
  },
2105
4244
  "contentTypes": [
2106
4245
  {
2107
- "contentType": "snapshots",
2108
- "required": true,
2109
- "multiMatch": {
2110
- "strategy": "last",
2111
- "effectiveDatePath": "data.lastSeen",
2112
- "fallbackEffectiveDatePaths": [
2113
- "capturedAt",
2114
- "snapshot.capturedAt",
2115
- "data.lastSeen"
2116
- ]
2117
- }
2118
- }
2119
- ],
2120
- "sections": [
4246
+ "contentType": "snapshots",
4247
+ "required": true,
4248
+ "multiMatch": {
4249
+ "strategy": "last",
4250
+ "effectiveDatePath": "data.lastSeen",
4251
+ "fallbackEffectiveDatePaths": [
4252
+ "capturedAt",
4253
+ "snapshot.capturedAt",
4254
+ "data.lastSeen"
4255
+ ]
4256
+ }
4257
+ },
4258
+ {
4259
+ "contentType": "analysis",
4260
+ "required": false,
4261
+ "multiMatch": {
4262
+ "strategy": "last",
4263
+ "effectiveDatePath": "capturedAt",
4264
+ "fallbackEffectiveDatePaths": [
4265
+ "modifiedAt",
4266
+ "createdAt"
4267
+ ]
4268
+ }
4269
+ },
4270
+ {
4271
+ "contentType": "decisions",
4272
+ "required": false,
4273
+ "multiMatch": {
4274
+ "strategy": "last",
4275
+ "effectiveDatePath": "capturedAt",
4276
+ "fallbackEffectiveDatePaths": [
4277
+ "modifiedAt",
4278
+ "createdAt"
4279
+ ]
4280
+ }
4281
+ }
4282
+ ],
4283
+ "sections": [
4284
+ {
4285
+ "id": "brief",
4286
+ "title": "Brief",
4287
+ "fields": [
4288
+ "analysisBriefSummary",
4289
+ "analysisBriefTakeaway",
4290
+ "analysisBriefConfidence"
4291
+ ]
4292
+ },
4293
+ {
4294
+ "id": "context",
4295
+ "title": "Context",
4296
+ "fields": [
4297
+ "analysisContext"
4298
+ ]
4299
+ },
4300
+ {
4301
+ "id": "reachability",
4302
+ "title": "Reachability",
4303
+ "fields": [
4304
+ "analysisReachability"
4305
+ ]
4306
+ },
4307
+ {
4308
+ "id": "paths",
4309
+ "title": "Paths",
4310
+ "fields": [
4311
+ "analysisPaths",
4312
+ "attackPathExistence",
4313
+ "pathsCount"
4314
+ ]
4315
+ },
4316
+ {
4317
+ "id": "exploitability",
4318
+ "title": "Exploitability",
4319
+ "fields": [
4320
+ "decisionExploitability"
4321
+ ]
4322
+ },
4323
+ {
4324
+ "id": "decision",
4325
+ "title": "Decision",
4326
+ "fields": [
4327
+ "decisionOverviewSummary",
4328
+ "decisionOverviewDetailedAnalysis",
4329
+ "decisionLabel",
4330
+ "decisionStatus",
4331
+ "decisionRiskScore",
4332
+ "decisionUrgencyScore"
4333
+ ]
4334
+ },
2121
4335
  {
2122
4336
  "id": "summary",
2123
4337
  "title": "Summary",
@@ -2130,6 +4344,7 @@
2130
4344
  "agentType",
2131
4345
  "xdrOperationalStatus",
2132
4346
  "xdrAgentStatus",
4347
+ "observedUsers",
2133
4348
  "lastSeen",
2134
4349
  "pathsCount"
2135
4350
  ]
@@ -2138,11 +4353,11 @@
2138
4353
  "id": "vulnerabilitySummary",
2139
4354
  "title": "Vulnerability Summary",
2140
4355
  "fields": [
2141
- "hasVulnerabilities",
2142
4356
  "criticalVulnerabilities",
2143
4357
  "highVulnerabilities",
2144
4358
  "mediumVulnerabilities",
2145
- "lowVulnerabilities"
4359
+ "lowVulnerabilities",
4360
+ "findingsCount"
2146
4361
  ]
2147
4362
  },
2148
4363
  {
@@ -2153,13 +4368,6 @@
2153
4368
  "potentialImpactConfidence",
2154
4369
  "potentialImpactStory"
2155
4370
  ]
2156
- },
2157
- {
2158
- "id": "xdr",
2159
- "title": "XDR",
2160
- "fields": [
2161
- "rawXdr"
2162
- ]
2163
4371
  }
2164
4372
  ],
2165
4373
  "includeRelations": [
@@ -2225,6 +4433,18 @@
2225
4433
  ]
2226
4434
  }
2227
4435
  },
4436
+ {
4437
+ "contentType": "analysis",
4438
+ "required": false,
4439
+ "multiMatch": {
4440
+ "strategy": "last",
4441
+ "effectiveDatePath": "capturedAt",
4442
+ "fallbackEffectiveDatePaths": [
4443
+ "modifiedAt",
4444
+ "createdAt"
4445
+ ]
4446
+ }
4447
+ },
2228
4448
  {
2229
4449
  "contentType": "legacy",
2230
4450
  "required": false,
@@ -2239,6 +4459,57 @@
2239
4459
  }
2240
4460
  ],
2241
4461
  "sections": [
4462
+ {
4463
+ "id": "overview",
4464
+ "title": "Overview",
4465
+ "fields": [
4466
+ "analysisOverview",
4467
+ "analysisOverviewSummary"
4468
+ ]
4469
+ },
4470
+ {
4471
+ "id": "role",
4472
+ "title": "Role",
4473
+ "fields": [
4474
+ "analysisRole"
4475
+ ]
4476
+ },
4477
+ {
4478
+ "id": "exposure",
4479
+ "title": "Exposure",
4480
+ "fields": [
4481
+ "analysisExposure",
4482
+ "outsideExposureClass"
4483
+ ]
4484
+ },
4485
+ {
4486
+ "id": "trust",
4487
+ "title": "Trust",
4488
+ "fields": [
4489
+ "analysisTrust"
4490
+ ]
4491
+ },
4492
+ {
4493
+ "id": "attack-path",
4494
+ "title": "Attack Path",
4495
+ "fields": [
4496
+ "analysisAttackPath"
4497
+ ]
4498
+ },
4499
+ {
4500
+ "id": "movement",
4501
+ "title": "Movement",
4502
+ "fields": [
4503
+ "analysisMovement"
4504
+ ]
4505
+ },
4506
+ {
4507
+ "id": "context",
4508
+ "title": "Context",
4509
+ "fields": [
4510
+ "analysisContext"
4511
+ ]
4512
+ },
2242
4513
  {
2243
4514
  "id": "summary",
2244
4515
  "title": "Summary",
@@ -2248,6 +4519,11 @@
2248
4519
  "zone",
2249
4520
  "zoneClass",
2250
4521
  "vr",
4522
+ "assetsCount",
4523
+ "findingsCount",
4524
+ "vulnerabilitiesCount",
4525
+ "criticalVulnerabilities",
4526
+ "highVulnerabilities",
2251
4527
  "recordId"
2252
4528
  ]
2253
4529
  },
@@ -2263,15 +4539,6 @@
2263
4539
  "reachableFromZones",
2264
4540
  "zoneMappingConfidence"
2265
4541
  ]
2266
- },
2267
- {
2268
- "id": "legacy",
2269
- "title": "Legacy (quarantined)",
2270
- "fields": [
2271
- "quarantineLegacy",
2272
- "legacySubnetIp",
2273
- "quarantineReason"
2274
- ]
2275
4542
  }
2276
4543
  ],
2277
4544
  "includeRelations": [],
@@ -2311,61 +4578,84 @@
2311
4578
  "data.enrichment.enrichedAt"
2312
4579
  ]
2313
4580
  }
4581
+ },
4582
+ {
4583
+ "contentType": "analysis",
4584
+ "required": false,
4585
+ "multiMatch": {
4586
+ "strategy": "last",
4587
+ "effectiveDatePath": "capturedAt",
4588
+ "fallbackEffectiveDatePaths": [
4589
+ "modifiedAt",
4590
+ "createdAt"
4591
+ ]
4592
+ }
2314
4593
  }
2315
4594
  ],
2316
4595
  "sections": [
2317
4596
  {
2318
- "id": "summary",
2319
- "title": "Summary",
4597
+ "id": "brief",
4598
+ "title": "Brief",
2320
4599
  "fields": [
2321
- "vulnerabilityId",
2322
- "pluginName",
2323
- "pluginFamily",
2324
- "severity",
2325
- "cveId"
4600
+ "analysisBriefSummary",
4601
+ "analysisBriefAnalysis",
4602
+ "analysisBriefEvidence",
4603
+ "analysisBriefGaps"
2326
4604
  ]
2327
4605
  },
2328
4606
  {
2329
- "id": "asset",
2330
- "title": "Affected Asset",
4607
+ "id": "applicability",
4608
+ "title": "Applicability",
2331
4609
  "fields": [
2332
- "assetIp",
2333
- "assetType",
2334
- "assetZone",
2335
- "assetHostname",
2336
- "assetMatched"
4610
+ "analysisApplicability"
2337
4611
  ]
2338
4612
  },
2339
4613
  {
2340
- "id": "risk",
2341
- "title": "Risk",
4614
+ "id": "exploitability",
4615
+ "title": "Exploitability",
2342
4616
  "fields": [
2343
- "riskLevel",
2344
- "priorityScore",
2345
- "compositeScore",
2346
- "exploitabilityScore",
2347
- "exploitabilityLevel"
4617
+ "analysisExploitability",
4618
+ "analysisExploitabilityLevel"
4619
+ ]
4620
+ },
4621
+ {
4622
+ "id": "impact",
4623
+ "title": "Impact",
4624
+ "fields": [
4625
+ "analysisImpact"
2348
4626
  ]
2349
4627
  },
2350
4628
  {
2351
- "id": "threatIntelligence",
2352
- "title": "Threat Intelligence",
4629
+ "id": "threat",
4630
+ "title": "Threat",
2353
4631
  "fields": [
2354
- "epss",
2355
- "epssPercentile",
4632
+ "analysisThreat",
2356
4633
  "knownExploited",
2357
- "cvssBaseScore",
2358
- "cvssVector"
4634
+ "epss"
2359
4635
  ]
2360
4636
  },
2361
4637
  {
2362
- "id": "networkAndMitre",
2363
- "title": "Network & MITRE",
4638
+ "id": "mitre",
4639
+ "title": "Mitre",
2364
4640
  "fields": [
2365
- "networkExposure",
4641
+ "analysisMitre",
2366
4642
  "mitreTechniques",
2367
4643
  "mitreAnalysis"
2368
4644
  ]
4645
+ },
4646
+ {
4647
+ "id": "summary",
4648
+ "title": "Summary",
4649
+ "fields": [
4650
+ "vulnerabilityId",
4651
+ "pluginName",
4652
+ "pluginFamily",
4653
+ "severity",
4654
+ "cveId",
4655
+ "assetIp",
4656
+ "riskLevel",
4657
+ "priorityScore"
4658
+ ]
2369
4659
  }
2370
4660
  ],
2371
4661
  "includeRelations": [
@@ -2398,6 +4688,188 @@
2398
4688
  }
2399
4689
  }
2400
4690
  },
4691
+ {
4692
+ "catalogId": "memorix-item-descriptors",
4693
+ "scope": {
4694
+ "domains": [
4695
+ "network",
4696
+ "vulnerabilities"
4697
+ ],
4698
+ "agents": [
4699
+ "neo"
4700
+ ]
4701
+ },
4702
+ "data": {
4703
+ "id": "vulnerability-observation-detail-item",
4704
+ "entity": "vulnerabilities",
4705
+ "title": "Observation Detail",
4706
+ "identity": {
4707
+ "idField": "recordId"
4708
+ },
4709
+ "contentTypes": [
4710
+ {
4711
+ "contentType": "snapshots",
4712
+ "required": true,
4713
+ "multiMatch": {
4714
+ "strategy": "last",
4715
+ "effectiveDatePath": "data.lastSeen",
4716
+ "fallbackEffectiveDatePaths": [
4717
+ "capturedAt",
4718
+ "snapshot.capturedAt",
4719
+ "data.enrichment.enrichedAt"
4720
+ ]
4721
+ }
4722
+ }
4723
+ ],
4724
+ "sections": [
4725
+ {
4726
+ "id": "brief",
4727
+ "title": "Brief",
4728
+ "fields": [
4729
+ "assetIp",
4730
+ "pluginName",
4731
+ "severity",
4732
+ "cveId",
4733
+ "riskLevel",
4734
+ "priorityScore",
4735
+ "knownExploited"
4736
+ ]
4737
+ }
4738
+ ],
4739
+ "includeRelations": [],
4740
+ "content": {
4741
+ "allowed": false
4742
+ }
4743
+ }
4744
+ },
4745
+ {
4746
+ "catalogId": "memorix-item-descriptors",
4747
+ "scope": {
4748
+ "domains": [
4749
+ "network",
4750
+ "vulnerabilities"
4751
+ ],
4752
+ "agents": [
4753
+ "neo"
4754
+ ]
4755
+ },
4756
+ "data": {
4757
+ "id": "vulnerabilities-group-detail-item",
4758
+ "entity": "vulnerabilities-groups",
4759
+ "title": "Vulnerability Group Detail",
4760
+ "identity": {
4761
+ "idField": "recordId"
4762
+ },
4763
+ "contentTypes": [
4764
+ {
4765
+ "contentType": "snapshots",
4766
+ "required": true,
4767
+ "multiMatch": {
4768
+ "strategy": "last",
4769
+ "effectiveDatePath": "capturedAt",
4770
+ "fallbackEffectiveDatePaths": [
4771
+ "modifiedAt",
4772
+ "createdAt",
4773
+ "data.enrichment.enrichedAt"
4774
+ ]
4775
+ }
4776
+ },
4777
+ {
4778
+ "contentType": "analysis",
4779
+ "required": false,
4780
+ "multiMatch": {
4781
+ "strategy": "last",
4782
+ "effectiveDatePath": "capturedAt",
4783
+ "fallbackEffectiveDatePaths": [
4784
+ "modifiedAt",
4785
+ "createdAt"
4786
+ ]
4787
+ }
4788
+ }
4789
+ ],
4790
+ "sections": [
4791
+ {
4792
+ "id": "brief",
4793
+ "title": "Brief",
4794
+ "fields": [
4795
+ "analysisBriefSummary",
4796
+ "analysisBriefAnalysis",
4797
+ "analysisBriefEvidence",
4798
+ "analysisBriefGaps"
4799
+ ]
4800
+ },
4801
+ {
4802
+ "id": "applicability",
4803
+ "title": "Applicability",
4804
+ "fields": [
4805
+ "analysisApplicability"
4806
+ ]
4807
+ },
4808
+ {
4809
+ "id": "exploitability",
4810
+ "title": "Exploitability",
4811
+ "fields": [
4812
+ "analysisExploitability"
4813
+ ]
4814
+ },
4815
+ {
4816
+ "id": "impact",
4817
+ "title": "Impact",
4818
+ "fields": [
4819
+ "analysisImpact"
4820
+ ]
4821
+ },
4822
+ {
4823
+ "id": "threat",
4824
+ "title": "Threat",
4825
+ "fields": [
4826
+ "analysisThreat",
4827
+ "knownExploited"
4828
+ ]
4829
+ },
4830
+ {
4831
+ "id": "mitre",
4832
+ "title": "Mitre",
4833
+ "fields": [
4834
+ "analysisMitre"
4835
+ ]
4836
+ },
4837
+ {
4838
+ "id": "summary",
4839
+ "title": "Summary",
4840
+ "fields": [
4841
+ "name",
4842
+ "vulnerabilityType",
4843
+ "cveId",
4844
+ "pluginId",
4845
+ "severity",
4846
+ "affectedEntitiesCount",
4847
+ "findingsCount",
4848
+ "vulnerabilitiesCount",
4849
+ "riskLevel",
4850
+ "priorityScore"
4851
+ ]
4852
+ }
4853
+ ],
4854
+ "includeRelations": [
4855
+ {
4856
+ "relation": "groupVulnerabilities",
4857
+ "mode": "array",
4858
+ "arrayProperty": "vulnerabilities",
4859
+ "limit": 200,
4860
+ "fields": [
4861
+ "assetIp",
4862
+ "severity",
4863
+ "cveId",
4864
+ "pluginName"
4865
+ ]
4866
+ }
4867
+ ],
4868
+ "content": {
4869
+ "allowed": false
4870
+ }
4871
+ }
4872
+ },
2401
4873
  {
2402
4874
  "catalogId": "memorix-item-descriptors",
2403
4875
  "scope": {