@x12i/memorix-retrieval 1.31.0 → 1.32.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (64) hide show
  1. package/catalox-seeds/inputs/entity-descriptors/assets.json +312 -7
  2. package/catalox-seeds/inputs/entity-descriptors/subnets.json +207 -2
  3. package/catalox-seeds/inputs/entity-descriptors/topology-zones.json +85 -0
  4. package/catalox-seeds/inputs/entity-descriptors/vulnerabilities-groups.json +255 -0
  5. package/catalox-seeds/inputs/entity-descriptors/vulnerabilities.json +294 -10
  6. package/catalox-seeds/inputs/item-descriptors/asset-detail-item.json +63 -14
  7. package/catalox-seeds/inputs/item-descriptors/subnet-detail-item.json +51 -17
  8. package/catalox-seeds/inputs/item-descriptors/vulnerabilities-group-detail-item.json +97 -0
  9. package/catalox-seeds/inputs/item-descriptors/vulnerability-detail-item.json +44 -40
  10. package/catalox-seeds/inputs/item-descriptors/vulnerability-observation-detail-item.json +42 -0
  11. package/catalox-seeds/inputs/list-descriptors/assets-exploitability-decisions-list.json +33 -0
  12. package/catalox-seeds/inputs/list-descriptors/assets-main-list.json +56 -2
  13. package/catalox-seeds/inputs/list-descriptors/assets-potential-impact-decisions-list.json +31 -0
  14. package/catalox-seeds/inputs/list-descriptors/subnets-main-list.json +107 -3
  15. package/catalox-seeds/inputs/list-descriptors/vulnerabilities-exploitability-analysis-list.json +29 -0
  16. package/catalox-seeds/inputs/list-descriptors/vulnerabilities-groups-main-list.json +98 -0
  17. package/catalox-seeds/inputs/list-descriptors/vulnerabilities-main-list.json +7 -1
  18. package/catalox-seeds/inputs/list-descriptors/vulnerabilities-observations-list.json +43 -0
  19. package/catalox-seeds/inputs/list-descriptors/vulnerabilities-triage-analysis-list.json +30 -0
  20. package/catalox-seeds/inputs/list-descriptors/vulnerable-assets-list.json +102 -0
  21. package/catalox-seeds/memorix-retrieval-descriptors.manifest.json +2512 -367
  22. package/dist/descriptors/descriptor-types.d.ts +38 -0
  23. package/dist/descriptors/descriptor-types.d.ts.map +1 -1
  24. package/dist/descriptors/validate-descriptor.d.ts +1 -0
  25. package/dist/descriptors/validate-descriptor.d.ts.map +1 -1
  26. package/dist/descriptors/validate-descriptor.js +27 -0
  27. package/dist/descriptors/validate-descriptor.js.map +1 -1
  28. package/dist/explorer/collection-records.d.ts.map +1 -1
  29. package/dist/explorer/collection-records.js +22 -2
  30. package/dist/explorer/collection-records.js.map +1 -1
  31. package/dist/explorer/raw-collection-records.d.ts +2 -0
  32. package/dist/explorer/raw-collection-records.d.ts.map +1 -1
  33. package/dist/explorer/raw-collection-records.js +1 -1
  34. package/dist/explorer/raw-collection-records.js.map +1 -1
  35. package/dist/index.d.ts +3 -2
  36. package/dist/index.d.ts.map +1 -1
  37. package/dist/index.js +2 -1
  38. package/dist/index.js.map +1 -1
  39. package/dist/mongo/env.d.ts +17 -0
  40. package/dist/mongo/env.d.ts.map +1 -1
  41. package/dist/mongo/env.js +73 -0
  42. package/dist/mongo/env.js.map +1 -1
  43. package/dist/retrieval/fetch-list.d.ts.map +1 -1
  44. package/dist/retrieval/fetch-list.js +3 -1
  45. package/dist/retrieval/fetch-list.js.map +1 -1
  46. package/dist/retrieval/fetch-narratives.d.ts +8 -0
  47. package/dist/retrieval/fetch-narratives.d.ts.map +1 -1
  48. package/dist/retrieval/fetch-narratives.js +39 -9
  49. package/dist/retrieval/fetch-narratives.js.map +1 -1
  50. package/dist/retrieval/narrative-list-filters.d.ts +30 -0
  51. package/dist/retrieval/narrative-list-filters.d.ts.map +1 -0
  52. package/dist/retrieval/narrative-list-filters.js +179 -0
  53. package/dist/retrieval/narrative-list-filters.js.map +1 -0
  54. package/dist/retrieval/resolve-filters.d.ts +11 -1
  55. package/dist/retrieval/resolve-filters.d.ts.map +1 -1
  56. package/dist/retrieval/resolve-filters.js +34 -7
  57. package/dist/retrieval/resolve-filters.js.map +1 -1
  58. package/dist/seeds/default-seed-spec.d.ts.map +1 -1
  59. package/dist/seeds/default-seed-spec.js +9 -0
  60. package/dist/seeds/default-seed-spec.js.map +1 -1
  61. package/dist/tests/resolve-filters.test.js +81 -4
  62. package/dist/tests/resolve-filters.test.js.map +1 -1
  63. package/docs/MEMORIX-CATALOX-CONTRACTS.md +2 -0
  64. package/package.json +5 -5
@@ -288,6 +288,18 @@
288
288
  "collection": "assets-scoped",
289
289
  "dataRoot": "data",
290
290
  "isCanonical": false
291
+ },
292
+ "analysis": {
293
+ "postfix": "analysis",
294
+ "collection": "assets-analysis",
295
+ "dataRoot": "data",
296
+ "isCanonical": false
297
+ },
298
+ "decisions": {
299
+ "postfix": "decision",
300
+ "collection": "assets-decision",
301
+ "dataRoot": "data",
302
+ "isCanonical": false
291
303
  }
292
304
  },
293
305
  "properties": {
@@ -460,6 +472,20 @@
460
472
  "item": true,
461
473
  "valueType": "number"
462
474
  },
475
+ "findingsCount": {
476
+ "label": "Findings",
477
+ "source": {
478
+ "contentType": "snapshots",
479
+ "path": "analytics.findings.total"
480
+ },
481
+ "humanReadable": true,
482
+ "sortable": true,
483
+ "filterable": true,
484
+ "list": true,
485
+ "item": true,
486
+ "valueType": "number",
487
+ "format": "count"
488
+ },
463
489
  "potentialImpactLevel": {
464
490
  "label": "Potential Impact",
465
491
  "source": {
@@ -524,11 +550,188 @@
524
550
  "list": false,
525
551
  "item": true,
526
552
  "valueType": "object"
553
+ },
554
+ "observedUsers": {
555
+ "label": "Users",
556
+ "source": {
557
+ "contentType": "snapshots",
558
+ "path": "data.observedUsers"
559
+ },
560
+ "humanReadable": true,
561
+ "sortable": false,
562
+ "filterable": true,
563
+ "list": true,
564
+ "item": true,
565
+ "valueType": "array"
566
+ },
567
+ "analysisBriefSummary": {
568
+ "label": "Brief Summary",
569
+ "source": {
570
+ "contentType": "analysis",
571
+ "path": "data.brief.summary"
572
+ },
573
+ "humanReadable": true,
574
+ "list": true,
575
+ "item": true,
576
+ "valueType": "string"
577
+ },
578
+ "analysisBriefTakeaway": {
579
+ "label": "Brief Takeaway",
580
+ "source": {
581
+ "contentType": "analysis",
582
+ "path": "data.brief.takeaway"
583
+ },
584
+ "humanReadable": true,
585
+ "list": false,
586
+ "item": true,
587
+ "valueType": "string"
588
+ },
589
+ "analysisBriefConfidence": {
590
+ "label": "Brief Confidence",
591
+ "source": {
592
+ "contentType": "analysis",
593
+ "path": "data.brief.confidence"
594
+ },
595
+ "humanReadable": true,
596
+ "list": false,
597
+ "item": true,
598
+ "valueType": "string"
599
+ },
600
+ "analysisContext": {
601
+ "label": "Context",
602
+ "source": {
603
+ "contentType": "analysis",
604
+ "path": "data.context"
605
+ },
606
+ "humanReadable": false,
607
+ "list": false,
608
+ "item": true,
609
+ "valueType": "object"
610
+ },
611
+ "analysisReachability": {
612
+ "label": "Reachability",
613
+ "source": {
614
+ "contentType": "analysis",
615
+ "path": "data.reachability"
616
+ },
617
+ "humanReadable": false,
618
+ "list": false,
619
+ "item": true,
620
+ "valueType": "object"
621
+ },
622
+ "analysisPaths": {
623
+ "label": "Paths",
624
+ "source": {
625
+ "contentType": "analysis",
626
+ "path": "data.paths"
627
+ },
628
+ "humanReadable": false,
629
+ "list": false,
630
+ "item": true,
631
+ "valueType": "object"
632
+ },
633
+ "attackPathExistence": {
634
+ "label": "Attack Path Existence",
635
+ "source": {
636
+ "contentType": "analysis",
637
+ "path": "data.paths.attackPathExistence"
638
+ },
639
+ "humanReadable": true,
640
+ "sortable": true,
641
+ "filterable": true,
642
+ "list": true,
643
+ "item": true,
644
+ "valueType": "string"
645
+ },
646
+ "decisionOverviewSummary": {
647
+ "label": "Decision Summary",
648
+ "source": {
649
+ "contentType": "decisions",
650
+ "path": "data.overview.summary"
651
+ },
652
+ "humanReadable": true,
653
+ "list": true,
654
+ "item": true,
655
+ "valueType": "string"
656
+ },
657
+ "decisionOverviewDetailedAnalysis": {
658
+ "label": "Decision Detailed Analysis",
659
+ "source": {
660
+ "contentType": "decisions",
661
+ "path": "data.overview.detailedAnalysis"
662
+ },
663
+ "humanReadable": true,
664
+ "list": true,
665
+ "item": true,
666
+ "valueType": "string"
667
+ },
668
+ "decisionExploitability": {
669
+ "label": "Exploitability Analysis",
670
+ "source": {
671
+ "contentType": "decisions",
672
+ "path": "data.exploitability"
673
+ },
674
+ "humanReadable": false,
675
+ "list": false,
676
+ "item": true,
677
+ "valueType": "object"
678
+ },
679
+ "decisionLabel": {
680
+ "label": "Decision",
681
+ "source": {
682
+ "contentType": "decisions",
683
+ "path": "data.decision.decision"
684
+ },
685
+ "humanReadable": true,
686
+ "sortable": true,
687
+ "filterable": true,
688
+ "list": true,
689
+ "item": true,
690
+ "valueType": "string"
691
+ },
692
+ "decisionStatus": {
693
+ "label": "Decision Status",
694
+ "source": {
695
+ "contentType": "decisions",
696
+ "path": "data.decision.status"
697
+ },
698
+ "humanReadable": true,
699
+ "sortable": true,
700
+ "filterable": true,
701
+ "list": true,
702
+ "item": true,
703
+ "valueType": "string"
704
+ },
705
+ "decisionRiskScore": {
706
+ "label": "Decision Score",
707
+ "source": {
708
+ "contentType": "decisions",
709
+ "path": "data.decision.riskScore"
710
+ },
711
+ "humanReadable": true,
712
+ "sortable": true,
713
+ "filterable": true,
714
+ "list": true,
715
+ "item": true,
716
+ "valueType": "number"
717
+ },
718
+ "decisionUrgencyScore": {
719
+ "label": "Urgency Score",
720
+ "source": {
721
+ "contentType": "decisions",
722
+ "path": "data.decision.urgencyScore"
723
+ },
724
+ "humanReadable": true,
725
+ "sortable": true,
726
+ "filterable": true,
727
+ "list": true,
728
+ "item": true,
729
+ "valueType": "number"
527
730
  }
528
731
  },
529
732
  "associatedProperties": [
530
733
  {
531
- "name": "associatedData",
734
+ "name": "associatedSubnetsSnapshots",
532
735
  "contentType": "snapshots",
533
736
  "kind": "associated",
534
737
  "valueShape": "array<object>",
@@ -540,7 +743,7 @@
540
743
  "sourceCollection": "subnets-snapshots"
541
744
  },
542
745
  {
543
- "name": "associatedDiscovery",
746
+ "name": "associatedSubnetsDiscovery",
544
747
  "contentType": "snapshots",
545
748
  "kind": "associated",
546
749
  "valueShape": "array<object>",
@@ -552,7 +755,7 @@
552
755
  "sourceCollection": "subnets-discovery"
553
756
  },
554
757
  {
555
- "name": "associatedSiblings",
758
+ "name": "associatedAssetsSnapshots",
556
759
  "contentType": "snapshots",
557
760
  "kind": "associated",
558
761
  "valueShape": "array<object>",
@@ -576,7 +779,7 @@
576
779
  "sourceCollection": "subnets-snapshots"
577
780
  },
578
781
  {
579
- "name": "associatedSubnets",
782
+ "name": "associatedSubnetsSnapshots",
580
783
  "contentType": "snapshots",
581
784
  "kind": "associated",
582
785
  "valueShape": "array<object>",
@@ -610,6 +813,44 @@
610
813
  "managed": true,
611
814
  "refreshRuleKey": "assets.subnets.analysis.explicit.by-cidr",
612
815
  "sourceCollection": "subnets-analysis"
816
+ },
817
+ {
818
+ "name": "associatedTopologyZonesAnalysis",
819
+ "contentType": "snapshots",
820
+ "kind": "associated",
821
+ "valueShape": "array<object>",
822
+ "linkedObjectType": "topology-zones",
823
+ "linkedContentType": "analysis",
824
+ "description": "Zone cyber-analysis payloads joined by host data.zones or associatedTopology.zone to topology-zones-analysis.data.name.",
825
+ "managed": true,
826
+ "refreshRuleKey": "assets.topology-zones.analysis.by-zone-name",
827
+ "sourceCollection": "topology-zones-analysis"
828
+ },
829
+ {
830
+ "name": "associatedVulnerabilitiesAnalysis",
831
+ "contentType": "snapshots",
832
+ "kind": "associated",
833
+ "valueShape": "array<object>",
834
+ "linkedObjectType": "vulnerabilities",
835
+ "linkedContentType": "analysis",
836
+ "description": "Vulnerability analysis payloads copied from vulnerabilities-analysis.data after matching vulnerabilities-snapshots by asset IP and resolving content by snapshot recordId.",
837
+ "managed": true,
838
+ "refreshRuleKey": "assets.vulnerabilities.analysis.by-assetIp",
839
+ "sourceCollection": "vulnerabilities-analysis"
840
+ },
841
+ {
842
+ "name": "associatedTopVulnerabilitiesAnalysis",
843
+ "contentType": "snapshots",
844
+ "kind": "associated",
845
+ "valueShape": "array<object>",
846
+ "linkedObjectType": "vulnerabilities",
847
+ "linkedContentType": "analysis",
848
+ "description": "Top vulnerability analysis payloads (default 5), ranked by vulnerabilities-snapshots.data.severity after IP match and content resolve by snapshot recordId. Omitted when empty.",
849
+ "managed": true,
850
+ "top": true,
851
+ "maxItems": 5,
852
+ "refreshRuleKey": "assets.vulnerabilities.analysis.top.by-assetIp",
853
+ "sourceCollection": "vulnerabilities-analysis"
613
854
  }
614
855
  ],
615
856
  "processing": {
@@ -646,6 +887,18 @@
646
887
  "collection": "subnets-snapshots"
647
888
  }
648
889
  }
890
+ },
891
+ {
892
+ "processorId": "assets.topology-extractor",
893
+ "resolverType": "topology-extractor",
894
+ "kind": "function",
895
+ "config": {
896
+ "mode": "from-associated-data",
897
+ "sourcePaths": [
898
+ "associatedSubnetsSnapshots"
899
+ ],
900
+ "outputPath": "associatedTopology"
901
+ }
649
902
  }
650
903
  ],
651
904
  "associatedContent": {
@@ -658,16 +911,105 @@
658
911
  "narratives": {
659
912
  "has-vulnerabilities": {
660
913
  "label": "Has vulnerabilities",
914
+ "displayName": "Has vulnerabilities",
661
915
  "kind": "having-signal",
916
+ "visibility": "user",
662
917
  "sourceRef": "assetVulnerabilities",
663
918
  "targetEntity": "vulnerabilities"
664
919
  },
665
920
  "has-medium-vulnerabilities": {
921
+ "label": "Has medium vulnerabilities",
922
+ "displayName": "Medium vulnerabilities",
666
923
  "kind": "association-common-property",
924
+ "visibility": "user",
667
925
  "sourceRef": "assetVulnerabilities",
668
926
  "targetEntity": "vulnerabilities",
669
927
  "property": "severity",
670
928
  "value": "medium"
929
+ },
930
+ "is-triaged": {
931
+ "label": "Is triaged",
932
+ "displayName": "Triaged",
933
+ "kind": "product-narrative",
934
+ "visibility": "user"
935
+ },
936
+ "has-triage-decision": {
937
+ "label": "Has triage decision",
938
+ "displayName": "Has triage decision",
939
+ "kind": "rollup",
940
+ "visibility": "user"
941
+ },
942
+ "has-no-vulnerabilities": {
943
+ "label": "No vulnerabilities",
944
+ "displayName": "No vulnerabilities",
945
+ "kind": "product-narrative",
946
+ "visibility": "user"
947
+ },
948
+ "has-accept-decision": {
949
+ "label": "Accept",
950
+ "displayName": "Accept Risk",
951
+ "kind": "rollup",
952
+ "visibility": "user"
953
+ },
954
+ "has-mitigate-decision": {
955
+ "label": "Mitigate",
956
+ "displayName": "Mitigate",
957
+ "kind": "rollup",
958
+ "visibility": "user"
959
+ },
960
+ "has-high-or-critical-exploitability": {
961
+ "label": "High or critical exploitability",
962
+ "displayName": "High exploitability",
963
+ "kind": "rollup",
964
+ "visibility": "user"
965
+ },
966
+ "has-lateral-movement-risk": {
967
+ "label": "Lateral movement risk",
968
+ "displayName": "Lateral movement risk",
969
+ "kind": "rollup",
970
+ "visibility": "user"
971
+ },
972
+ "has-critical-predicted-impact": {
973
+ "label": "Critical predicted impact",
974
+ "displayName": "Critical impact",
975
+ "kind": "rollup",
976
+ "visibility": "user"
977
+ },
978
+ "has-high-predicted-impact": {
979
+ "label": "High predicted impact",
980
+ "displayName": "High impact",
981
+ "kind": "rollup",
982
+ "visibility": "user"
983
+ },
984
+ "has-medium-predicted-impact": {
985
+ "label": "Medium predicted impact",
986
+ "displayName": "Medium impact",
987
+ "kind": "rollup",
988
+ "visibility": "user"
989
+ },
990
+ "has-low-predicted-impact": {
991
+ "label": "Low predicted impact",
992
+ "displayName": "Low impact",
993
+ "kind": "rollup",
994
+ "visibility": "user"
995
+ },
996
+ "has-palo-alto-firewall-source": {
997
+ "label": "Palo Alto Firewall",
998
+ "displayName": "Palo Alto Firewall",
999
+ "kind": "rollup",
1000
+ "visibility": "user"
1001
+ },
1002
+ "has-palo-alto-xdr-source": {
1003
+ "label": "Palo Alto XDR",
1004
+ "displayName": "Palo Alto XDR",
1005
+ "kind": "rollup",
1006
+ "visibility": "user"
1007
+ },
1008
+ "has-tenable-nessus-source": {
1009
+ "label": "Tenable Nessus",
1010
+ "displayName": "Tenable Nessus",
1011
+ "kind": "rollup",
1012
+ "visibility": "user"
671
1013
  }
672
1014
  },
673
1015
  "relations": {
@@ -682,7 +1024,7 @@
682
1024
  "path": "data.cidr"
683
1025
  },
684
1026
  "defaultMode": "array",
685
- "defaultArrayProperty": "associatedData",
1027
+ "defaultArrayProperty": "associatedSubnetsSnapshots",
686
1028
  "targetFields": [
687
1029
  "cidr",
688
1030
  "networkAddress",
@@ -775,6 +1117,12 @@
775
1117
  "postfix": "legacy",
776
1118
  "collection": "subnets-legacy",
777
1119
  "isCanonical": false
1120
+ },
1121
+ "analysis": {
1122
+ "postfix": "analysis",
1123
+ "collection": "subnets-analysis",
1124
+ "dataRoot": "data",
1125
+ "isCanonical": false
778
1126
  }
779
1127
  },
780
1128
  "rootProperties": {
@@ -1011,81 +1359,302 @@
1011
1359
  "item": true,
1012
1360
  "valueType": "string"
1013
1361
  },
1014
- "quarantineReason": {
1015
- "label": "Quarantine Reason",
1362
+ "assetsCount": {
1363
+ "label": "Assets #",
1016
1364
  "source": {
1017
- "contentType": "legacy",
1018
- "path": "_system.quarantine.reason"
1365
+ "contentType": "snapshots",
1366
+ "path": "analytics.assets.total"
1019
1367
  },
1020
1368
  "humanReadable": true,
1021
- "sortable": false,
1369
+ "sortable": true,
1022
1370
  "filterable": true,
1023
- "list": false,
1371
+ "list": true,
1024
1372
  "item": true,
1025
- "valueType": "string"
1026
- }
1027
- },
1028
- "associatedProperties": [
1029
- {
1030
- "name": "associatedChildren",
1031
- "contentType": "snapshots",
1032
- "kind": "associated",
1033
- "valueShape": "array<object>",
1034
- "linkedObjectType": "assets",
1035
- "linkedContentType": "snapshots",
1036
- "description": "Asset snapshot data payloads whose data.subnetCidrs contains this subnet data.cidr. Each item includes linked recordId. Capped at 99 items.",
1037
- "managed": true,
1038
- "refreshRuleKey": "subnets.assets.snapshots.by-cidr",
1039
- "sourceCollection": "assets-snapshots"
1040
- }
1041
- ],
1042
- "processing": {
1043
- "entityRoutes": [
1044
- {
1045
- "routeKey": "zones-to-subnets",
1046
- "parentObjectType": "topology-zones",
1047
- "childObjectType": "subnets",
1048
- "relationshipName": "subnetZone",
1049
- "direction": "parentToChild",
1050
- "source": {
1051
- "contentType": "snapshots",
1052
- "path": "data.zone"
1053
- },
1054
- "target": {
1055
- "contentType": "snapshots",
1056
- "path": "data.name"
1057
- }
1058
- }
1059
- ],
1060
- "insightStages": [
1061
- {
1062
- "processorId": "network.cidr-topology-path-resolver",
1063
- "kind": "function",
1064
- "inputKind": "cidr",
1065
- "outputKind": "cidr-path-facts",
1066
- "writeToInsights": false,
1067
- "sources": {
1068
- "topologyDb": "memorix-knowledge",
1069
- "topologyCollection": "topology-raw"
1070
- }
1373
+ "valueType": "number",
1374
+ "format": "count"
1375
+ },
1376
+ "findingsCount": {
1377
+ "label": "Findings #",
1378
+ "source": {
1379
+ "contentType": "snapshots",
1380
+ "path": "analytics.findings.total"
1071
1381
  },
1072
- {
1073
- "processorId": "network.cidr-zone-path-insights",
1074
- "kind": "function",
1075
- "inputKind": "cidr-path-facts",
1076
- "outputKind": "insights",
1077
- "writeToInsights": true,
1078
- "sources": {
1079
- "zonesCollection": "topology-zones-snapshots"
1080
- }
1081
- }
1082
- ],
1083
- "associatedContent": {
1084
- "rollParentSnapshots": true,
1085
- "excludePostfixes": [
1086
- "raw"
1087
- ]
1088
- }
1382
+ "humanReadable": true,
1383
+ "sortable": true,
1384
+ "filterable": true,
1385
+ "list": true,
1386
+ "item": true,
1387
+ "valueType": "number",
1388
+ "format": "count"
1389
+ },
1390
+ "vulnerabilitiesCount": {
1391
+ "label": "Vulnerabilities #",
1392
+ "source": {
1393
+ "contentType": "snapshots",
1394
+ "path": "analytics.vulnerabilities.total"
1395
+ },
1396
+ "humanReadable": true,
1397
+ "sortable": true,
1398
+ "filterable": true,
1399
+ "list": true,
1400
+ "item": true,
1401
+ "valueType": "number",
1402
+ "format": "count"
1403
+ },
1404
+ "criticalVulnerabilities": {
1405
+ "label": "Critical Vulnerabilities",
1406
+ "source": {
1407
+ "contentType": "snapshots",
1408
+ "path": "analytics.vulnerabilities.critical"
1409
+ },
1410
+ "humanReadable": true,
1411
+ "sortable": true,
1412
+ "filterable": true,
1413
+ "list": true,
1414
+ "item": true,
1415
+ "valueType": "number"
1416
+ },
1417
+ "highVulnerabilities": {
1418
+ "label": "High Vulnerabilities",
1419
+ "source": {
1420
+ "contentType": "snapshots",
1421
+ "path": "analytics.vulnerabilities.high"
1422
+ },
1423
+ "humanReadable": true,
1424
+ "sortable": true,
1425
+ "filterable": true,
1426
+ "list": true,
1427
+ "item": true,
1428
+ "valueType": "number"
1429
+ },
1430
+ "mediumVulnerabilities": {
1431
+ "label": "Medium Vulnerabilities",
1432
+ "source": {
1433
+ "contentType": "snapshots",
1434
+ "path": "analytics.vulnerabilities.medium"
1435
+ },
1436
+ "humanReadable": true,
1437
+ "sortable": true,
1438
+ "filterable": true,
1439
+ "list": true,
1440
+ "item": true,
1441
+ "valueType": "number"
1442
+ },
1443
+ "lowVulnerabilities": {
1444
+ "label": "Low Vulnerabilities",
1445
+ "source": {
1446
+ "contentType": "snapshots",
1447
+ "path": "analytics.vulnerabilities.low"
1448
+ },
1449
+ "humanReadable": true,
1450
+ "sortable": true,
1451
+ "filterable": true,
1452
+ "list": true,
1453
+ "item": true,
1454
+ "valueType": "number"
1455
+ },
1456
+ "quarantineReason": {
1457
+ "label": "Quarantine Reason",
1458
+ "source": {
1459
+ "contentType": "legacy",
1460
+ "path": "_system.quarantine.reason"
1461
+ },
1462
+ "humanReadable": true,
1463
+ "sortable": false,
1464
+ "filterable": true,
1465
+ "list": false,
1466
+ "item": true,
1467
+ "valueType": "string"
1468
+ },
1469
+ "analysisOverview": {
1470
+ "label": "Overview",
1471
+ "source": {
1472
+ "contentType": "analysis",
1473
+ "path": "data.overview"
1474
+ },
1475
+ "humanReadable": false,
1476
+ "list": false,
1477
+ "item": true,
1478
+ "valueType": "object"
1479
+ },
1480
+ "analysisOverviewSummary": {
1481
+ "label": "Overview Summary",
1482
+ "source": {
1483
+ "contentType": "analysis",
1484
+ "path": "data.overview.summary"
1485
+ },
1486
+ "humanReadable": true,
1487
+ "list": true,
1488
+ "item": true,
1489
+ "valueType": "string"
1490
+ },
1491
+ "analysisRole": {
1492
+ "label": "Role",
1493
+ "source": {
1494
+ "contentType": "analysis",
1495
+ "path": "data.cyberRoleInterpretation"
1496
+ },
1497
+ "humanReadable": false,
1498
+ "list": false,
1499
+ "item": true,
1500
+ "valueType": "object"
1501
+ },
1502
+ "analysisExposure": {
1503
+ "label": "Exposure",
1504
+ "source": {
1505
+ "contentType": "analysis",
1506
+ "path": "data.externalAndLowerTrustReachability"
1507
+ },
1508
+ "humanReadable": false,
1509
+ "list": false,
1510
+ "item": true,
1511
+ "valueType": "object"
1512
+ },
1513
+ "analysisTrust": {
1514
+ "label": "Trust",
1515
+ "source": {
1516
+ "contentType": "analysis",
1517
+ "path": "data.trustPositionInterpretation"
1518
+ },
1519
+ "humanReadable": false,
1520
+ "list": false,
1521
+ "item": true,
1522
+ "valueType": "object"
1523
+ },
1524
+ "analysisAttackPath": {
1525
+ "label": "Attack Path",
1526
+ "source": {
1527
+ "contentType": "analysis",
1528
+ "path": "data.possibleAttackPathAnalysis"
1529
+ },
1530
+ "humanReadable": false,
1531
+ "list": false,
1532
+ "item": true,
1533
+ "valueType": "object"
1534
+ },
1535
+ "analysisMovement": {
1536
+ "label": "Movement",
1537
+ "source": {
1538
+ "contentType": "analysis",
1539
+ "path": "data.outboundAndBlastPathInterpretation"
1540
+ },
1541
+ "humanReadable": false,
1542
+ "list": false,
1543
+ "item": true,
1544
+ "valueType": "object"
1545
+ },
1546
+ "analysisContext": {
1547
+ "label": "Context",
1548
+ "source": {
1549
+ "contentType": "analysis",
1550
+ "path": "data.aggregateContextInterpretation"
1551
+ },
1552
+ "humanReadable": false,
1553
+ "list": false,
1554
+ "item": true,
1555
+ "valueType": "object"
1556
+ }
1557
+ },
1558
+ "associatedProperties": [
1559
+ {
1560
+ "name": "associatedAssetsSnapshots",
1561
+ "contentType": "snapshots",
1562
+ "kind": "associated",
1563
+ "valueShape": "array<object>",
1564
+ "linkedObjectType": "assets",
1565
+ "linkedContentType": "snapshots",
1566
+ "description": "Asset snapshot data payloads whose data.subnetCidrs contains this subnet data.cidr. Each item includes linked recordId. Capped at 99 items.",
1567
+ "managed": true,
1568
+ "refreshRuleKey": "subnets.assets.snapshots.by-cidr",
1569
+ "sourceCollection": "assets-snapshots"
1570
+ },
1571
+ {
1572
+ "name": "associatedTopologyZonesAnalysis",
1573
+ "contentType": "snapshots",
1574
+ "kind": "associated",
1575
+ "valueShape": "array<object>",
1576
+ "linkedObjectType": "topology-zones",
1577
+ "linkedContentType": "analysis",
1578
+ "description": "Zone cyber-analysis joined from subnet data.zone to topology-zones-analysis.data.name.",
1579
+ "managed": true,
1580
+ "refreshRuleKey": "subnets.topology-zones.analysis.by-zone-name",
1581
+ "sourceCollection": "topology-zones-analysis"
1582
+ }
1583
+ ],
1584
+ "processing": {
1585
+ "entityRoutes": [
1586
+ {
1587
+ "routeKey": "zones-to-subnets",
1588
+ "parentObjectType": "topology-zones",
1589
+ "childObjectType": "subnets",
1590
+ "relationshipName": "subnetZone",
1591
+ "direction": "parentToChild",
1592
+ "source": {
1593
+ "contentType": "snapshots",
1594
+ "path": "data.zone"
1595
+ },
1596
+ "target": {
1597
+ "contentType": "snapshots",
1598
+ "path": "data.name"
1599
+ }
1600
+ }
1601
+ ],
1602
+ "resolvers": [
1603
+ {
1604
+ "processorId": "subnets.subnet-key",
1605
+ "resolverType": "subnet-key",
1606
+ "kind": "function",
1607
+ "config": {
1608
+ "mode": "from-cidr",
1609
+ "sourcePath": "data.cidr"
1610
+ }
1611
+ },
1612
+ {
1613
+ "processorId": "subnets.zone-from-topology",
1614
+ "resolverType": "zone-from-topology",
1615
+ "kind": "function",
1616
+ "config": {
1617
+ "onlyWhenZoneIs": "UNKNOWN",
1618
+ "topologyRaw": {
1619
+ "db": "memorix-knowledge",
1620
+ "collection": "topology-raw"
1621
+ },
1622
+ "zonesRegistry": {
1623
+ "db": "neo-memorix-entities",
1624
+ "collection": "topology-zones-snapshots"
1625
+ }
1626
+ }
1627
+ }
1628
+ ],
1629
+ "insightStages": [
1630
+ {
1631
+ "processorId": "network.cidr-topology-path-resolver",
1632
+ "kind": "function",
1633
+ "inputKind": "cidr",
1634
+ "outputKind": "cidr-path-facts",
1635
+ "writeToInsights": false,
1636
+ "sources": {
1637
+ "topologyDb": "memorix-knowledge",
1638
+ "topologyCollection": "topology-raw"
1639
+ }
1640
+ },
1641
+ {
1642
+ "processorId": "network.cidr-zone-path-insights",
1643
+ "kind": "function",
1644
+ "inputKind": "cidr-path-facts",
1645
+ "outputKind": "insights",
1646
+ "writeToInsights": true,
1647
+ "sources": {
1648
+ "zonesCollection": "topology-zones-snapshots"
1649
+ }
1650
+ }
1651
+ ],
1652
+ "associatedContent": {
1653
+ "rollParentSnapshots": true,
1654
+ "excludePostfixes": [
1655
+ "raw"
1656
+ ]
1657
+ }
1089
1658
  },
1090
1659
  "relations": {},
1091
1660
  "schemaVersion": "memorix.objectTypeDescriptor.v2",
@@ -1139,6 +1708,21 @@
1139
1708
  "snapshot.capturedAt",
1140
1709
  "data.enrichment.enrichedAt"
1141
1710
  ]
1711
+ },
1712
+ "discovery": {
1713
+ "postfix": "discovery",
1714
+ "collection": "vulnerabilities-discovery",
1715
+ "dataRoot": "data"
1716
+ },
1717
+ "decisions": {
1718
+ "postfix": "decisions",
1719
+ "collection": "vulnerabilities-decisions",
1720
+ "dataRoot": "data"
1721
+ },
1722
+ "analysis": {
1723
+ "postfix": "analysis",
1724
+ "collection": "vulnerabilities-analysis",
1725
+ "dataRoot": "data"
1142
1726
  }
1143
1727
  },
1144
1728
  "properties": {
@@ -1479,36 +2063,175 @@
1479
2063
  "list": false,
1480
2064
  "item": true,
1481
2065
  "valueType": "object"
1482
- }
1483
- },
1484
- "associatedProperties": [
1485
- {
1486
- "name": "associatedData",
1487
- "contentType": "snapshots",
1488
- "kind": "associated",
1489
- "valueShape": "array<object>",
1490
- "linkedObjectType": "vulnerabilities-groups",
1491
- "linkedContentType": "snapshots",
1492
- "description": "Vulnerability group snapshot payloads copied from vulnerabilities-groups-snapshots.data when data.vulnerabilityName matches group data.name.",
1493
- "managed": true,
1494
- "refreshRuleKey": "vulnerabilities.vulnerability-groups.snapshots.by-name",
1495
- "sourceCollection": "vulnerabilities-groups-snapshots"
1496
2066
  },
1497
- {
1498
- "name": "associatedDiscovery",
1499
- "contentType": "snapshots",
1500
- "kind": "associated",
1501
- "valueShape": "array<object>",
1502
- "linkedObjectType": "vulnerabilities-groups",
1503
- "linkedContentType": "discovery",
1504
- "description": "Vulnerability group discovery payloads copied from vulnerabilities-groups-discovery.data via group name bridge.",
1505
- "managed": true,
1506
- "refreshRuleKey": "vulnerabilities.vulnerability-groups.discovery.by-name",
1507
- "sourceCollection": "vulnerabilities-groups-discovery"
2067
+ "analysisBriefSummary": {
2068
+ "label": "Brief Summary",
2069
+ "source": {
2070
+ "contentType": "analysis",
2071
+ "path": "data.brief.summary"
2072
+ },
2073
+ "humanReadable": true,
2074
+ "list": true,
2075
+ "item": true,
2076
+ "valueType": "string"
1508
2077
  },
1509
- {
1510
- "name": "associatedAnalysis",
1511
- "contentType": "snapshots",
2078
+ "analysisBriefAnalysis": {
2079
+ "label": "Brief Analysis",
2080
+ "source": {
2081
+ "contentType": "analysis",
2082
+ "path": "data.brief.analysis"
2083
+ },
2084
+ "humanReadable": true,
2085
+ "list": true,
2086
+ "item": true,
2087
+ "valueType": "string"
2088
+ },
2089
+ "analysisBriefEvidence": {
2090
+ "label": "Brief Evidence",
2091
+ "source": {
2092
+ "contentType": "analysis",
2093
+ "path": "data.brief.evidence"
2094
+ },
2095
+ "humanReadable": true,
2096
+ "list": false,
2097
+ "item": true,
2098
+ "valueType": "string"
2099
+ },
2100
+ "analysisBriefGaps": {
2101
+ "label": "Brief Gaps",
2102
+ "source": {
2103
+ "contentType": "analysis",
2104
+ "path": "data.brief.gaps"
2105
+ },
2106
+ "humanReadable": true,
2107
+ "list": false,
2108
+ "item": true,
2109
+ "valueType": "string"
2110
+ },
2111
+ "analysisApplicability": {
2112
+ "label": "Applicability",
2113
+ "source": {
2114
+ "contentType": "analysis",
2115
+ "path": "data.applicability"
2116
+ },
2117
+ "humanReadable": false,
2118
+ "list": false,
2119
+ "item": true,
2120
+ "valueType": "object"
2121
+ },
2122
+ "analysisExploitability": {
2123
+ "label": "Exploitability",
2124
+ "source": {
2125
+ "contentType": "analysis",
2126
+ "path": "data.exploitability"
2127
+ },
2128
+ "humanReadable": false,
2129
+ "list": false,
2130
+ "item": true,
2131
+ "valueType": "object"
2132
+ },
2133
+ "analysisImpact": {
2134
+ "label": "Impact",
2135
+ "source": {
2136
+ "contentType": "analysis",
2137
+ "path": "data.impact"
2138
+ },
2139
+ "humanReadable": false,
2140
+ "list": false,
2141
+ "item": true,
2142
+ "valueType": "object"
2143
+ },
2144
+ "analysisThreat": {
2145
+ "label": "Threat",
2146
+ "source": {
2147
+ "contentType": "analysis",
2148
+ "path": "data.threat"
2149
+ },
2150
+ "humanReadable": false,
2151
+ "list": false,
2152
+ "item": true,
2153
+ "valueType": "object"
2154
+ },
2155
+ "analysisMitre": {
2156
+ "label": "MITRE",
2157
+ "source": {
2158
+ "contentType": "analysis",
2159
+ "path": "data.mitre"
2160
+ },
2161
+ "humanReadable": false,
2162
+ "list": false,
2163
+ "item": true,
2164
+ "valueType": "array"
2165
+ },
2166
+ "analysisClassType": {
2167
+ "label": "Analysis Class",
2168
+ "source": {
2169
+ "contentType": "analysis",
2170
+ "path": "data.class.type"
2171
+ },
2172
+ "humanReadable": true,
2173
+ "list": true,
2174
+ "item": true,
2175
+ "valueType": "string"
2176
+ },
2177
+ "analysisExploitabilityLevel": {
2178
+ "label": "Exploitability Level (analysis)",
2179
+ "source": {
2180
+ "contentType": "analysis",
2181
+ "path": "data.exploitability.exploitability"
2182
+ },
2183
+ "humanReadable": true,
2184
+ "list": true,
2185
+ "item": true,
2186
+ "valueType": "string"
2187
+ }
2188
+ },
2189
+ "importanceIndicator": {
2190
+ "path": "data.severity",
2191
+ "valueKind": "severity",
2192
+ "order": "desc",
2193
+ "description": "Default vulnerability importance: critical > high > medium > low > none"
2194
+ },
2195
+ "associatedProperties": [
2196
+ {
2197
+ "name": "associatedVulnerabilitiesGroupsSnapshots",
2198
+ "contentType": "snapshots",
2199
+ "kind": "associated",
2200
+ "valueShape": "array<object>",
2201
+ "linkedObjectType": "vulnerabilities-groups",
2202
+ "linkedContentType": "snapshots",
2203
+ "description": "Vulnerability group snapshot payloads copied from vulnerabilities-groups-snapshots.data when data.vulnerabilityName matches group data.name.",
2204
+ "managed": true,
2205
+ "refreshRuleKey": "vulnerabilities.vulnerability-groups.snapshots.by-name",
2206
+ "sourceCollection": "vulnerabilities-groups-snapshots"
2207
+ },
2208
+ {
2209
+ "name": "associatedVulnerabilitiesGroupsEnrichment",
2210
+ "contentType": "snapshots",
2211
+ "kind": "associated",
2212
+ "valueShape": "array<object>",
2213
+ "linkedObjectType": "vulnerabilities-groups",
2214
+ "linkedContentType": "snapshots",
2215
+ "description": "Vulnerability group enrichment payloads (CVSS/EPSS/KEV/compositeScore) copied flat from vulnerabilities-groups-snapshots.enrichment when data.vulnerabilityName matches group data.name. Omitted when enrichment is missing or empty.",
2216
+ "managed": true,
2217
+ "refreshRuleKey": "vulnerabilities.vulnerability-groups.enrichment.by-name",
2218
+ "sourceCollection": "vulnerabilities-groups-snapshots"
2219
+ },
2220
+ {
2221
+ "name": "associatedVulnerabilitiesGroupsDiscovery",
2222
+ "contentType": "snapshots",
2223
+ "kind": "associated",
2224
+ "valueShape": "array<object>",
2225
+ "linkedObjectType": "vulnerabilities-groups",
2226
+ "linkedContentType": "discovery",
2227
+ "description": "Vulnerability group discovery payloads copied from vulnerabilities-groups-discovery.data via group name bridge.",
2228
+ "managed": true,
2229
+ "refreshRuleKey": "vulnerabilities.vulnerability-groups.discovery.by-name",
2230
+ "sourceCollection": "vulnerabilities-groups-discovery"
2231
+ },
2232
+ {
2233
+ "name": "associatedVulnerabilitiesGroupsAnalysis",
2234
+ "contentType": "snapshots",
1512
2235
  "kind": "associated",
1513
2236
  "valueShape": "array<object>",
1514
2237
  "linkedObjectType": "vulnerabilities-groups",
@@ -1519,7 +2242,7 @@
1519
2242
  "sourceCollection": "vulnerabilities-groups-analysis"
1520
2243
  },
1521
2244
  {
1522
- "name": "associatedAssets",
2245
+ "name": "associatedAssetsSnapshots",
1523
2246
  "contentType": "snapshots",
1524
2247
  "kind": "associated",
1525
2248
  "valueShape": "array<object>",
@@ -1543,7 +2266,7 @@
1543
2266
  "sourceCollection": "subnets-snapshots"
1544
2267
  },
1545
2268
  {
1546
- "name": "associatedVulnerabilityGroup",
2269
+ "name": "associatedVulnerabilitiesGroupsSnapshots",
1547
2270
  "contentType": "snapshots",
1548
2271
  "kind": "associated",
1549
2272
  "valueShape": "array<object>",
@@ -1555,7 +2278,7 @@
1555
2278
  "sourceCollection": "vulnerabilities-groups-snapshots"
1556
2279
  },
1557
2280
  {
1558
- "name": "associatedVulnerabilityGroupDiscovery",
2281
+ "name": "associatedVulnerabilitiesGroupsDiscovery",
1559
2282
  "contentType": "snapshots",
1560
2283
  "kind": "associated",
1561
2284
  "valueShape": "array<object>",
@@ -1567,7 +2290,7 @@
1567
2290
  "sourceCollection": "vulnerabilities-groups-discovery"
1568
2291
  },
1569
2292
  {
1570
- "name": "associatedVulnerabilityGroupAnalysis",
2293
+ "name": "associatedVulnerabilitiesGroupsAnalysis",
1571
2294
  "contentType": "snapshots",
1572
2295
  "kind": "associated",
1573
2296
  "valueShape": "array<object>",
@@ -1577,6 +2300,30 @@
1577
2300
  "managed": true,
1578
2301
  "refreshRuleKey": "vulnerabilities.vulnerability-groups.analysis.explicit.by-name",
1579
2302
  "sourceCollection": "vulnerabilities-groups-analysis"
2303
+ },
2304
+ {
2305
+ "name": "associatedVulnerabilitiesDiscovery",
2306
+ "contentType": "snapshots",
2307
+ "kind": "associated",
2308
+ "valueShape": "array<object>",
2309
+ "linkedObjectType": "vulnerabilities",
2310
+ "linkedContentType": "discovery",
2311
+ "description": "Vulnerability discovery payloads copied from vulnerabilities-discovery.data after matching vulnerabilities-snapshots by data.assetIp and resolving content by snapshot recordId.",
2312
+ "managed": true,
2313
+ "refreshRuleKey": "vulnerabilities.vulnerabilities.discovery.by-assetIp",
2314
+ "sourceCollection": "vulnerabilities-discovery"
2315
+ },
2316
+ {
2317
+ "name": "associatedVulnerabilitiesDecisions",
2318
+ "contentType": "snapshots",
2319
+ "kind": "associated",
2320
+ "valueShape": "array<object>",
2321
+ "linkedObjectType": "vulnerabilities",
2322
+ "linkedContentType": "decisions",
2323
+ "description": "Vulnerability decision payloads copied from vulnerabilities-decisions.data after matching vulnerabilities-snapshots by data.assetIp and resolving content by snapshot recordId.",
2324
+ "managed": true,
2325
+ "refreshRuleKey": "vulnerabilities.vulnerabilities.decisions.by-assetIp",
2326
+ "sourceCollection": "vulnerabilities-decisions"
1580
2327
  }
1581
2328
  ],
1582
2329
  "processing": {
@@ -1620,6 +2367,25 @@
1620
2367
  }
1621
2368
  }
1622
2369
  ],
2370
+ "resolvers": [
2371
+ {
2372
+ "processorId": "vulnerabilities.topology-extractor",
2373
+ "resolverType": "topology-extractor",
2374
+ "kind": "function",
2375
+ "config": {
2376
+ "mode": "subnet-lookup",
2377
+ "assetIpPath": "data.assetIp",
2378
+ "sourcePaths": [
2379
+ "associatedVulnerabilitiesGroupsSnapshots"
2380
+ ],
2381
+ "outputPath": "associatedTopology",
2382
+ "canonicalCollection": {
2383
+ "db": "neo-memorix-entities",
2384
+ "collection": "subnets-snapshots"
2385
+ }
2386
+ }
2387
+ }
2388
+ ],
1623
2389
  "associatedContent": {
1624
2390
  "rollParentSnapshots": true,
1625
2391
  "excludePostfixes": [
@@ -1630,9 +2396,127 @@
1630
2396
  "narratives": {
1631
2397
  "has-assets": {
1632
2398
  "label": "Has assets",
2399
+ "displayName": "Has assets",
1633
2400
  "kind": "having-signal",
2401
+ "visibility": "user",
1634
2402
  "sourceRef": "affectedAsset",
1635
2403
  "targetEntity": "assets"
2404
+ },
2405
+ "lack-analysis-decision": {
2406
+ "label": "Analysis without decision",
2407
+ "displayName": "Analysis without decision",
2408
+ "description": "Linked vulnerabilities-analysis exists but data.decision is missing or empty.",
2409
+ "kind": "association-common-property",
2410
+ "visibility": "internal",
2411
+ "sourceRef": "vulnerabilities-analysis",
2412
+ "property": "decision"
2413
+ },
2414
+ "has-vulnerability-lack-analysis-decision": {
2415
+ "label": "Has vulnerability lacking analysis decision",
2416
+ "displayName": "Lacking analysis decision",
2417
+ "description": "Alias of lack-analysis-decision for has-* consumers.",
2418
+ "kind": "association-common-property",
2419
+ "visibility": "internal",
2420
+ "sourceRef": "vulnerabilities-analysis",
2421
+ "property": "decision"
2422
+ },
2423
+ "is-vulnerability": {
2424
+ "label": "Is vulnerability",
2425
+ "displayName": "Vulnerability",
2426
+ "description": "Security-impacting scanner result (severity low/medium/high/critical).",
2427
+ "kind": "product-narrative",
2428
+ "visibility": "user"
2429
+ },
2430
+ "is-finding": {
2431
+ "label": "Is finding",
2432
+ "displayName": "Informational finding",
2433
+ "description": "Informational scanner result (severity none/unknown).",
2434
+ "kind": "product-narrative",
2435
+ "visibility": "user"
2436
+ },
2437
+ "has-analysis": {
2438
+ "label": "Has analysis",
2439
+ "displayName": "Has analysis",
2440
+ "kind": "rollup",
2441
+ "visibility": "user"
2442
+ },
2443
+ "has-fix-immediately-decision": {
2444
+ "label": "Fix immediately",
2445
+ "displayName": "Fix Immediately",
2446
+ "kind": "rollup",
2447
+ "visibility": "user"
2448
+ },
2449
+ "has-remediate-soon-decision": {
2450
+ "label": "Remediate soon",
2451
+ "displayName": "Remediate Soon",
2452
+ "kind": "rollup",
2453
+ "visibility": "user"
2454
+ },
2455
+ "has-mitigate-decision": {
2456
+ "label": "Mitigate",
2457
+ "displayName": "Mitigate",
2458
+ "kind": "rollup",
2459
+ "visibility": "user"
2460
+ },
2461
+ "has-accept-decision": {
2462
+ "label": "Accept",
2463
+ "displayName": "Accept Risk",
2464
+ "kind": "rollup",
2465
+ "visibility": "user"
2466
+ },
2467
+ "has-triage-decision": {
2468
+ "label": "Has triage decision",
2469
+ "displayName": "Triaged",
2470
+ "kind": "rollup",
2471
+ "visibility": "user"
2472
+ },
2473
+ "has-breach-vector": {
2474
+ "label": "Breach vector",
2475
+ "displayName": "Breach Vector",
2476
+ "kind": "rollup",
2477
+ "visibility": "user"
2478
+ },
2479
+ "has-critical-severity": {
2480
+ "label": "Critical severity",
2481
+ "displayName": "Critical",
2482
+ "kind": "rollup",
2483
+ "visibility": "user"
2484
+ },
2485
+ "has-high-severity": {
2486
+ "label": "High severity",
2487
+ "displayName": "High",
2488
+ "kind": "rollup",
2489
+ "visibility": "user"
2490
+ },
2491
+ "has-medium-severity": {
2492
+ "label": "Medium severity",
2493
+ "displayName": "Medium",
2494
+ "kind": "rollup",
2495
+ "visibility": "user"
2496
+ },
2497
+ "has-low-severity": {
2498
+ "label": "Low severity",
2499
+ "displayName": "Low",
2500
+ "kind": "rollup",
2501
+ "visibility": "user"
2502
+ },
2503
+ "has-none-severity": {
2504
+ "label": "None severity",
2505
+ "displayName": "None",
2506
+ "kind": "rollup",
2507
+ "visibility": "internal"
2508
+ },
2509
+ "has-tenable-nessus-finding": {
2510
+ "label": "Tenable Nessus finding",
2511
+ "displayName": "Tenable Nessus",
2512
+ "kind": "rollup",
2513
+ "visibility": "user"
2514
+ },
2515
+ "lack-analysis": {
2516
+ "label": "Lack analysis",
2517
+ "displayName": "Missing analysis",
2518
+ "kind": "gap-signal",
2519
+ "visibility": "internal"
1636
2520
  }
1637
2521
  },
1638
2522
  "relations": {
@@ -1647,7 +2531,7 @@
1647
2531
  "path": "data.assetIps"
1648
2532
  },
1649
2533
  "defaultMode": "array",
1650
- "defaultArrayProperty": "associatedAssets",
2534
+ "defaultArrayProperty": "associatedAssetsSnapshots",
1651
2535
  "targetFields": [
1652
2536
  "ipAddress",
1653
2537
  "hostName",
@@ -1668,7 +2552,7 @@
1668
2552
  "path": "data.name"
1669
2553
  },
1670
2554
  "defaultMode": "array",
1671
- "defaultArrayProperty": "associatedData",
2555
+ "defaultArrayProperty": "associatedVulnerabilitiesGroupsSnapshots",
1672
2556
  "targetFields": [
1673
2557
  "name",
1674
2558
  "severity",
@@ -1803,112 +2687,324 @@
1803
2687
  "list": true,
1804
2688
  "item": true,
1805
2689
  "valueType": "number"
1806
- }
1807
- },
1808
- "associatedProperties": [],
1809
- "processing": {
1810
- "associatedContent": {
1811
- "rollParentSnapshots": false,
1812
- "excludePostfixes": [
1813
- "raw"
1814
- ]
1815
- }
1816
- },
1817
- "relations": {
1818
- "groupVulnerabilities": {
1819
- "type": "oneToMany",
2690
+ },
2691
+ "affectedEntitiesCount": {
2692
+ "label": "Affected #",
1820
2693
  "source": {
1821
2694
  "contentType": "snapshots",
1822
- "path": "data.name"
2695
+ "path": "analytics.affectedAssets.total"
1823
2696
  },
1824
- "target": {
2697
+ "humanReadable": true,
2698
+ "sortable": true,
2699
+ "filterable": false,
2700
+ "list": true,
2701
+ "item": true,
2702
+ "valueType": "number",
2703
+ "format": "count"
2704
+ },
2705
+ "findingsCount": {
2706
+ "label": "Findings #",
2707
+ "source": {
1825
2708
  "contentType": "snapshots",
1826
- "path": "data.vulnerabilityName"
2709
+ "path": "analytics.findings.total"
1827
2710
  },
1828
- "defaultMode": "array",
1829
- "defaultArrayProperty": "vulnerabilities",
1830
- "targetFields": [
1831
- "assetIp",
1832
- "severity",
1833
- "cveId",
1834
- "pluginName"
1835
- ],
1836
- "targetObjectType": "vulnerabilities"
1837
- }
1838
- },
1839
- "schemaVersion": "memorix.objectTypeDescriptor.v2",
1840
- "objectType": "vulnerabilities-groups"
1841
- }
1842
- },
1843
- {
1844
- "catalogId": "memorix-object-type-descriptors",
1845
- "scope": {
1846
- "domains": [
1847
- "network",
1848
- "vulnerabilities"
1849
- ],
1850
- "agents": [
1851
- "neo"
1852
- ]
1853
- },
1854
- "data": {
1855
- "id": "knowledge-playbooks",
1856
- "defaultListDescriptorId": "knowledge-playbooks-main-list",
1857
- "defaultItemDescriptorId": "knowledge-playbook-detail-item",
1858
- "target": "knowledge",
1859
- "collectionPrefix": "knowledge-playbooks",
1860
- "identity": {
1861
- "allowedIdFields": [
1862
- "knowledgeId"
1863
- ],
1864
- "requiredExactlyOne": true,
1865
- "defaultIdField": "knowledgeId"
1866
- },
1867
- "defaults": {
1868
- "canonicalContentType": "snapshots",
1869
- "dataRoot": "data",
1870
- "effectiveDatePath": "capturedAt"
1871
- },
1872
- "contentTypes": {
1873
- "snapshots": {
1874
- "postfix": "snapshots",
1875
- "collection": "knowledge-playbooks-snapshots",
1876
- "dataRoot": "data",
1877
- "isCanonical": true,
1878
- "effectiveDatePath": "capturedAt"
1879
- }
1880
- },
1881
- "properties": {
1882
- "title": {
1883
- "label": "Title",
2711
+ "humanReadable": true,
2712
+ "sortable": true,
2713
+ "filterable": false,
2714
+ "list": true,
2715
+ "item": true,
2716
+ "valueType": "number",
2717
+ "format": "count"
2718
+ },
2719
+ "vulnerabilitiesCount": {
2720
+ "label": "Vulnerabilities #",
1884
2721
  "source": {
1885
2722
  "contentType": "snapshots",
1886
- "path": "data.title"
2723
+ "path": "analytics.vulnerabilities.total"
1887
2724
  },
1888
2725
  "humanReadable": true,
1889
2726
  "sortable": true,
1890
- "filterable": true,
2727
+ "filterable": false,
1891
2728
  "list": true,
1892
2729
  "item": true,
1893
- "valueType": "string"
2730
+ "valueType": "number",
2731
+ "format": "count"
1894
2732
  },
1895
- "summary": {
1896
- "label": "Summary",
2733
+ "criticalVulnerabilities": {
2734
+ "label": "Critical Vulnerabilities",
1897
2735
  "source": {
1898
2736
  "contentType": "snapshots",
1899
- "path": "data.summary"
2737
+ "path": "analytics.vulnerabilities.critical"
1900
2738
  },
1901
2739
  "humanReadable": true,
1902
- "sortable": false,
2740
+ "sortable": true,
1903
2741
  "filterable": false,
1904
2742
  "list": true,
1905
2743
  "item": true,
1906
- "valueType": "string"
1907
- }
1908
- },
1909
- "schemaVersion": "memorix.objectTypeDescriptor.v2",
1910
- "objectType": "knowledge-playbooks"
1911
- }
2744
+ "valueType": "number"
2745
+ },
2746
+ "highVulnerabilities": {
2747
+ "label": "High Vulnerabilities",
2748
+ "source": {
2749
+ "contentType": "snapshots",
2750
+ "path": "analytics.vulnerabilities.high"
2751
+ },
2752
+ "humanReadable": true,
2753
+ "sortable": true,
2754
+ "filterable": false,
2755
+ "list": true,
2756
+ "item": true,
2757
+ "valueType": "number"
2758
+ },
2759
+ "mediumVulnerabilities": {
2760
+ "label": "Medium Vulnerabilities",
2761
+ "source": {
2762
+ "contentType": "snapshots",
2763
+ "path": "analytics.vulnerabilities.medium"
2764
+ },
2765
+ "humanReadable": true,
2766
+ "sortable": true,
2767
+ "filterable": false,
2768
+ "list": true,
2769
+ "item": true,
2770
+ "valueType": "number"
2771
+ },
2772
+ "lowVulnerabilities": {
2773
+ "label": "Low Vulnerabilities",
2774
+ "source": {
2775
+ "contentType": "snapshots",
2776
+ "path": "analytics.vulnerabilities.low"
2777
+ },
2778
+ "humanReadable": true,
2779
+ "sortable": true,
2780
+ "filterable": false,
2781
+ "list": true,
2782
+ "item": true,
2783
+ "valueType": "number"
2784
+ },
2785
+ "riskLevel": {
2786
+ "label": "Risk Level",
2787
+ "source": {
2788
+ "contentType": "snapshots",
2789
+ "path": "data.enrichment.riskLevel"
2790
+ },
2791
+ "humanReadable": true,
2792
+ "sortable": true,
2793
+ "filterable": true,
2794
+ "list": true,
2795
+ "item": true,
2796
+ "valueType": "string"
2797
+ },
2798
+ "priorityScore": {
2799
+ "label": "Priority Score",
2800
+ "source": {
2801
+ "contentType": "snapshots",
2802
+ "path": "data.enrichment.priorityScore"
2803
+ },
2804
+ "humanReadable": true,
2805
+ "sortable": true,
2806
+ "filterable": true,
2807
+ "list": true,
2808
+ "item": true,
2809
+ "valueType": "number"
2810
+ },
2811
+ "knownExploited": {
2812
+ "label": "Known Exploited (KEV)",
2813
+ "source": {
2814
+ "contentType": "snapshots",
2815
+ "path": "data.enrichment.knownExploited"
2816
+ },
2817
+ "humanReadable": true,
2818
+ "sortable": true,
2819
+ "filterable": true,
2820
+ "list": true,
2821
+ "item": true,
2822
+ "valueType": "string"
2823
+ },
2824
+ "vulnerabilityType": {
2825
+ "label": "Type",
2826
+ "source": {
2827
+ "contentType": "snapshots",
2828
+ "path": "data.vulnerability_type"
2829
+ },
2830
+ "humanReadable": true,
2831
+ "sortable": true,
2832
+ "filterable": true,
2833
+ "list": true,
2834
+ "item": true,
2835
+ "valueType": "string"
2836
+ },
2837
+ "analysisBriefSummary": {
2838
+ "label": "Brief Summary",
2839
+ "source": {
2840
+ "contentType": "analysis",
2841
+ "path": "data.brief.summary"
2842
+ },
2843
+ "humanReadable": true,
2844
+ "list": true,
2845
+ "item": true,
2846
+ "valueType": "string"
2847
+ },
2848
+ "analysisBriefAnalysis": {
2849
+ "label": "Brief Analysis",
2850
+ "source": {
2851
+ "contentType": "analysis",
2852
+ "path": "data.brief.analysis"
2853
+ },
2854
+ "humanReadable": true,
2855
+ "list": true,
2856
+ "item": true,
2857
+ "valueType": "string"
2858
+ },
2859
+ "analysisBriefEvidence": {
2860
+ "label": "Brief Evidence",
2861
+ "source": {
2862
+ "contentType": "analysis",
2863
+ "path": "data.brief.evidence"
2864
+ },
2865
+ "humanReadable": true,
2866
+ "list": false,
2867
+ "item": true,
2868
+ "valueType": "string"
2869
+ },
2870
+ "analysisBriefGaps": {
2871
+ "label": "Brief Gaps",
2872
+ "source": {
2873
+ "contentType": "analysis",
2874
+ "path": "data.brief.gaps"
2875
+ },
2876
+ "humanReadable": true,
2877
+ "list": false,
2878
+ "item": true,
2879
+ "valueType": "string"
2880
+ },
2881
+ "analysisApplicability": {
2882
+ "label": "Applicability",
2883
+ "source": {
2884
+ "contentType": "analysis",
2885
+ "path": "data.applicability"
2886
+ },
2887
+ "humanReadable": false,
2888
+ "list": false,
2889
+ "item": true,
2890
+ "valueType": "object"
2891
+ },
2892
+ "analysisExploitability": {
2893
+ "label": "Exploitability",
2894
+ "source": {
2895
+ "contentType": "analysis",
2896
+ "path": "data.exploitability"
2897
+ },
2898
+ "humanReadable": false,
2899
+ "list": false,
2900
+ "item": true,
2901
+ "valueType": "object"
2902
+ },
2903
+ "analysisImpact": {
2904
+ "label": "Impact",
2905
+ "source": {
2906
+ "contentType": "analysis",
2907
+ "path": "data.impact"
2908
+ },
2909
+ "humanReadable": false,
2910
+ "list": false,
2911
+ "item": true,
2912
+ "valueType": "object"
2913
+ },
2914
+ "analysisThreat": {
2915
+ "label": "Threat",
2916
+ "source": {
2917
+ "contentType": "analysis",
2918
+ "path": "data.threat"
2919
+ },
2920
+ "humanReadable": false,
2921
+ "list": false,
2922
+ "item": true,
2923
+ "valueType": "object"
2924
+ },
2925
+ "analysisMitre": {
2926
+ "label": "MITRE",
2927
+ "source": {
2928
+ "contentType": "analysis",
2929
+ "path": "data.mitre"
2930
+ },
2931
+ "humanReadable": false,
2932
+ "list": false,
2933
+ "item": true,
2934
+ "valueType": "array"
2935
+ }
2936
+ },
2937
+ "associatedProperties": [],
2938
+ "narratives": {
2939
+ "has-none-severity": {
2940
+ "label": "None severity",
2941
+ "kind": "association-common-property",
2942
+ "sourceRef": "severity",
2943
+ "property": "severity",
2944
+ "value": "none"
2945
+ },
2946
+ "has-low-severity": {
2947
+ "label": "Low severity",
2948
+ "kind": "association-common-property",
2949
+ "sourceRef": "severity",
2950
+ "property": "severity",
2951
+ "value": "low"
2952
+ },
2953
+ "has-medium-severity": {
2954
+ "label": "Medium severity",
2955
+ "kind": "association-common-property",
2956
+ "sourceRef": "severity",
2957
+ "property": "severity",
2958
+ "value": "medium"
2959
+ },
2960
+ "has-high-severity": {
2961
+ "label": "High severity",
2962
+ "kind": "association-common-property",
2963
+ "sourceRef": "severity",
2964
+ "property": "severity",
2965
+ "value": "high"
2966
+ },
2967
+ "has-critical-severity": {
2968
+ "label": "Critical severity",
2969
+ "kind": "association-common-property",
2970
+ "sourceRef": "severity",
2971
+ "property": "severity",
2972
+ "value": "critical"
2973
+ }
2974
+ },
2975
+ "processing": {
2976
+ "associatedContent": {
2977
+ "rollParentSnapshots": false,
2978
+ "excludePostfixes": [
2979
+ "raw"
2980
+ ]
2981
+ }
2982
+ },
2983
+ "relations": {
2984
+ "groupVulnerabilities": {
2985
+ "type": "oneToMany",
2986
+ "source": {
2987
+ "contentType": "snapshots",
2988
+ "path": "data.name"
2989
+ },
2990
+ "target": {
2991
+ "contentType": "snapshots",
2992
+ "path": "data.vulnerabilityName"
2993
+ },
2994
+ "defaultMode": "array",
2995
+ "defaultArrayProperty": "vulnerabilities",
2996
+ "targetFields": [
2997
+ "assetIp",
2998
+ "severity",
2999
+ "cveId",
3000
+ "pluginName"
3001
+ ],
3002
+ "targetObjectType": "vulnerabilities"
3003
+ }
3004
+ },
3005
+ "schemaVersion": "memorix.objectTypeDescriptor.v2",
3006
+ "objectType": "vulnerabilities-groups"
3007
+ }
1912
3008
  },
1913
3009
  {
1914
3010
  "catalogId": "memorix-object-type-descriptors",
@@ -1922,11 +3018,11 @@
1922
3018
  ]
1923
3019
  },
1924
3020
  "data": {
1925
- "id": "content-documents",
1926
- "defaultListDescriptorId": "content-documents-main-list",
1927
- "defaultItemDescriptorId": "content-document-detail-item",
3021
+ "id": "knowledge-playbooks",
3022
+ "defaultListDescriptorId": "knowledge-playbooks-main-list",
3023
+ "defaultItemDescriptorId": "knowledge-playbook-detail-item",
1928
3024
  "target": "knowledge",
1929
- "collectionPrefix": "content-documents",
3025
+ "collectionPrefix": "knowledge-playbooks",
1930
3026
  "identity": {
1931
3027
  "allowedIdFields": [
1932
3028
  "knowledgeId"
@@ -1942,24 +3038,9 @@
1942
3038
  "contentTypes": {
1943
3039
  "snapshots": {
1944
3040
  "postfix": "snapshots",
1945
- "collection": "content-documents-snapshots",
3041
+ "collection": "knowledge-playbooks-snapshots",
1946
3042
  "dataRoot": "data",
1947
3043
  "isCanonical": true,
1948
- "cardinality": "1:1",
1949
- "effectiveDatePath": "capturedAt"
1950
- },
1951
- "extractions": {
1952
- "postfix": "extractions",
1953
- "collection": "content-documents-extractions",
1954
- "dataRoot": "data",
1955
- "cardinality": "1:n",
1956
- "effectiveDatePath": "capturedAt"
1957
- },
1958
- "chunks": {
1959
- "postfix": "chunks",
1960
- "collection": "content-documents-chunks",
1961
- "dataRoot": "data",
1962
- "cardinality": "1:n",
1963
3044
  "effectiveDatePath": "capturedAt"
1964
3045
  }
1965
3046
  },
@@ -1989,33 +3070,118 @@
1989
3070
  "list": true,
1990
3071
  "item": true,
1991
3072
  "valueType": "string"
3073
+ }
3074
+ },
3075
+ "schemaVersion": "memorix.objectTypeDescriptor.v2",
3076
+ "objectType": "knowledge-playbooks"
3077
+ }
3078
+ },
3079
+ {
3080
+ "catalogId": "memorix-object-type-descriptors",
3081
+ "scope": {
3082
+ "domains": [
3083
+ "network",
3084
+ "vulnerabilities"
3085
+ ],
3086
+ "agents": [
3087
+ "neo"
3088
+ ]
3089
+ },
3090
+ "data": {
3091
+ "id": "content-documents",
3092
+ "defaultListDescriptorId": "content-documents-main-list",
3093
+ "defaultItemDescriptorId": "content-document-detail-item",
3094
+ "target": "knowledge",
3095
+ "collectionPrefix": "content-documents",
3096
+ "identity": {
3097
+ "allowedIdFields": [
3098
+ "knowledgeId"
3099
+ ],
3100
+ "requiredExactlyOne": true,
3101
+ "defaultIdField": "knowledgeId"
3102
+ },
3103
+ "defaults": {
3104
+ "canonicalContentType": "snapshots",
3105
+ "dataRoot": "data",
3106
+ "effectiveDatePath": "capturedAt"
3107
+ },
3108
+ "contentTypes": {
3109
+ "snapshots": {
3110
+ "postfix": "snapshots",
3111
+ "collection": "content-documents-snapshots",
3112
+ "dataRoot": "data",
3113
+ "isCanonical": true,
3114
+ "cardinality": "1:1",
3115
+ "effectiveDatePath": "capturedAt"
3116
+ },
3117
+ "extractions": {
3118
+ "postfix": "extractions",
3119
+ "collection": "content-documents-extractions",
3120
+ "dataRoot": "data",
3121
+ "cardinality": "1:n",
3122
+ "effectiveDatePath": "capturedAt"
3123
+ },
3124
+ "chunks": {
3125
+ "postfix": "chunks",
3126
+ "collection": "content-documents-chunks",
3127
+ "dataRoot": "data",
3128
+ "cardinality": "1:n",
3129
+ "effectiveDatePath": "capturedAt"
3130
+ }
3131
+ },
3132
+ "properties": {
3133
+ "title": {
3134
+ "label": "Title",
3135
+ "source": {
3136
+ "contentType": "snapshots",
3137
+ "path": "data.title"
3138
+ },
3139
+ "humanReadable": true,
3140
+ "sortable": true,
3141
+ "filterable": true,
3142
+ "list": true,
3143
+ "item": true,
3144
+ "valueType": "string"
3145
+ },
3146
+ "summary": {
3147
+ "label": "Summary",
3148
+ "source": {
3149
+ "contentType": "snapshots",
3150
+ "path": "data.summary"
3151
+ },
3152
+ "humanReadable": true,
3153
+ "sortable": false,
3154
+ "filterable": false,
3155
+ "list": true,
3156
+ "item": true,
3157
+ "valueType": "string"
3158
+ },
3159
+ "language": {
3160
+ "label": "Language",
3161
+ "source": {
3162
+ "contentType": "snapshots",
3163
+ "path": "data.language"
3164
+ },
3165
+ "humanReadable": true,
3166
+ "sortable": true,
3167
+ "filterable": true,
3168
+ "list": true,
3169
+ "item": true,
3170
+ "valueType": "string"
3171
+ },
3172
+ "sourceKind": {
3173
+ "label": "Source kind",
3174
+ "source": {
3175
+ "contentType": "snapshots",
3176
+ "path": "source.kind"
3177
+ },
3178
+ "humanReadable": true,
3179
+ "sortable": true,
3180
+ "filterable": true,
3181
+ "list": true,
3182
+ "item": true,
3183
+ "valueType": "string"
1992
3184
  },
1993
- "language": {
1994
- "label": "Language",
1995
- "source": {
1996
- "contentType": "snapshots",
1997
- "path": "data.language"
1998
- },
1999
- "humanReadable": true,
2000
- "sortable": true,
2001
- "filterable": true,
2002
- "list": true,
2003
- "item": true,
2004
- "valueType": "string"
2005
- },
2006
- "sourceKind": {
2007
- "label": "Source kind",
2008
- "source": {
2009
- "contentType": "snapshots",
2010
- "path": "source.kind"
2011
- },
2012
- "humanReadable": true,
2013
- "sortable": true,
2014
- "filterable": true,
2015
- "list": true,
2016
- "item": true,
2017
- "valueType": "string"
2018
- },
2019
3185
  "sourceUri": {
2020
3186
  "label": "Source URI",
2021
3187
  "source": {
@@ -2043,8 +3209,555 @@
2043
3209
  "valueType": "string"
2044
3210
  }
2045
3211
  },
2046
- "schemaVersion": "memorix.objectTypeDescriptor.v2",
2047
- "objectType": "content-documents"
3212
+ "schemaVersion": "memorix.objectTypeDescriptor.v2",
3213
+ "objectType": "content-documents"
3214
+ }
3215
+ },
3216
+ {
3217
+ "catalogId": "lists",
3218
+ "scope": {
3219
+ "domains": [
3220
+ "network",
3221
+ "vulnerabilities"
3222
+ ],
3223
+ "agents": [
3224
+ "neo"
3225
+ ]
3226
+ },
3227
+ "data": {
3228
+ "id": "assets-main-list",
3229
+ "entity": "assets",
3230
+ "title": "Assets",
3231
+ "leadingContentType": "snapshots",
3232
+ "pagination": {
3233
+ "enabled": true,
3234
+ "defaultLimit": 50,
3235
+ "maxLimit": 200
3236
+ },
3237
+ "filters": [],
3238
+ "fields": [
3239
+ "ipAddress",
3240
+ "subnetIp",
3241
+ "subnetCidr",
3242
+ "hostName",
3243
+ "source",
3244
+ "agentType",
3245
+ "xdrOperationalStatus",
3246
+ "xdrAgentStatus",
3247
+ "criticalVulnerabilities",
3248
+ "highVulnerabilities",
3249
+ "findingsCount",
3250
+ "potentialImpactLevel",
3251
+ "pathsCount",
3252
+ "observedUsers",
3253
+ "lastSeen"
3254
+ ],
3255
+ "extensions": [],
3256
+ "includeRelations": [],
3257
+ "allowedSorts": [
3258
+ "ipAddress",
3259
+ "subnetIp",
3260
+ "subnetCidr",
3261
+ "hostName",
3262
+ "source",
3263
+ "agentType",
3264
+ "xdrOperationalStatus",
3265
+ "xdrAgentStatus",
3266
+ "criticalVulnerabilities",
3267
+ "highVulnerabilities",
3268
+ "findingsCount",
3269
+ "potentialImpactLevel",
3270
+ "pathsCount",
3271
+ "lastSeen"
3272
+ ],
3273
+ "defaultSort": {
3274
+ "property": "ipAddress",
3275
+ "direction": "asc"
3276
+ },
3277
+ "allowSortDrivenLeadingOverride": false,
3278
+ "columnDrillDowns": [
3279
+ {
3280
+ "field": "criticalVulnerabilities",
3281
+ "label": "Critical Vulnerabilities",
3282
+ "listQuery": {
3283
+ "entityName": "vulnerabilities",
3284
+ "listDescriptorId": "vulnerabilities-main-list",
3285
+ "narrativeIds": [
3286
+ "is-vulnerability",
3287
+ "has-critical-severity"
3288
+ ],
3289
+ "filters": [
3290
+ {
3291
+ "property": "assetIp",
3292
+ "operator": "eq",
3293
+ "valueFromRow": "ipAddress"
3294
+ }
3295
+ ]
3296
+ }
3297
+ },
3298
+ {
3299
+ "field": "highVulnerabilities",
3300
+ "label": "High Vulnerabilities",
3301
+ "listQuery": {
3302
+ "entityName": "vulnerabilities",
3303
+ "listDescriptorId": "vulnerabilities-main-list",
3304
+ "narrativeIds": [
3305
+ "is-vulnerability",
3306
+ "has-high-severity"
3307
+ ],
3308
+ "filters": [
3309
+ {
3310
+ "property": "assetIp",
3311
+ "operator": "eq",
3312
+ "valueFromRow": "ipAddress"
3313
+ }
3314
+ ]
3315
+ }
3316
+ },
3317
+ {
3318
+ "field": "findingsCount",
3319
+ "label": "Findings",
3320
+ "listQuery": {
3321
+ "entityName": "vulnerabilities",
3322
+ "listDescriptorId": "vulnerabilities-observations-list",
3323
+ "narrativeIds": [
3324
+ "is-finding"
3325
+ ],
3326
+ "filters": [
3327
+ {
3328
+ "property": "assetIp",
3329
+ "operator": "eq",
3330
+ "valueFromRow": "ipAddress"
3331
+ }
3332
+ ]
3333
+ }
3334
+ }
3335
+ ]
3336
+ }
3337
+ },
3338
+ {
3339
+ "catalogId": "lists",
3340
+ "scope": {
3341
+ "domains": [
3342
+ "network",
3343
+ "vulnerabilities"
3344
+ ],
3345
+ "agents": [
3346
+ "neo"
3347
+ ]
3348
+ },
3349
+ "data": {
3350
+ "id": "vulnerable-assets-list",
3351
+ "entity": "assets",
3352
+ "title": "Vulnerable Assets",
3353
+ "leadingContentType": "snapshots",
3354
+ "pagination": {
3355
+ "enabled": true,
3356
+ "defaultLimit": 50,
3357
+ "maxLimit": 200
3358
+ },
3359
+ "filters": [
3360
+ {
3361
+ "property": "narrativeId",
3362
+ "operator": "ne",
3363
+ "value": "has-no-vulnerabilities"
3364
+ }
3365
+ ],
3366
+ "fields": [
3367
+ "ipAddress",
3368
+ "hostName",
3369
+ "source",
3370
+ "pathsCount",
3371
+ "criticalVulnerabilities",
3372
+ "highVulnerabilities",
3373
+ "findingsCount",
3374
+ "agentType",
3375
+ "xdrAgentStatus",
3376
+ "xdrOperationalStatus",
3377
+ "observedUsers",
3378
+ "lastSeen"
3379
+ ],
3380
+ "extensions": [],
3381
+ "includeRelations": [],
3382
+ "allowedSorts": [
3383
+ "ipAddress",
3384
+ "hostName",
3385
+ "source",
3386
+ "pathsCount",
3387
+ "criticalVulnerabilities",
3388
+ "highVulnerabilities",
3389
+ "findingsCount",
3390
+ "agentType",
3391
+ "xdrAgentStatus",
3392
+ "xdrOperationalStatus",
3393
+ "lastSeen"
3394
+ ],
3395
+ "defaultSort": {
3396
+ "property": "ipAddress",
3397
+ "direction": "asc"
3398
+ },
3399
+ "allowSortDrivenLeadingOverride": false,
3400
+ "columnDrillDowns": [
3401
+ {
3402
+ "field": "criticalVulnerabilities",
3403
+ "label": "Critical Vulnerabilities",
3404
+ "listQuery": {
3405
+ "entityName": "vulnerabilities",
3406
+ "listDescriptorId": "vulnerabilities-main-list",
3407
+ "narrativeIds": [
3408
+ "is-vulnerability",
3409
+ "has-critical-severity"
3410
+ ],
3411
+ "filters": [
3412
+ {
3413
+ "property": "assetIp",
3414
+ "operator": "eq",
3415
+ "valueFromRow": "ipAddress"
3416
+ }
3417
+ ]
3418
+ }
3419
+ },
3420
+ {
3421
+ "field": "highVulnerabilities",
3422
+ "label": "High Vulnerabilities",
3423
+ "listQuery": {
3424
+ "entityName": "vulnerabilities",
3425
+ "listDescriptorId": "vulnerabilities-main-list",
3426
+ "narrativeIds": [
3427
+ "is-vulnerability",
3428
+ "has-high-severity"
3429
+ ],
3430
+ "filters": [
3431
+ {
3432
+ "property": "assetIp",
3433
+ "operator": "eq",
3434
+ "valueFromRow": "ipAddress"
3435
+ }
3436
+ ]
3437
+ }
3438
+ },
3439
+ {
3440
+ "field": "findingsCount",
3441
+ "label": "Findings",
3442
+ "listQuery": {
3443
+ "entityName": "vulnerabilities",
3444
+ "listDescriptorId": "vulnerabilities-observations-list",
3445
+ "narrativeIds": [
3446
+ "is-finding"
3447
+ ],
3448
+ "filters": [
3449
+ {
3450
+ "property": "assetIp",
3451
+ "operator": "eq",
3452
+ "valueFromRow": "ipAddress"
3453
+ }
3454
+ ]
3455
+ }
3456
+ }
3457
+ ]
3458
+ }
3459
+ },
3460
+ {
3461
+ "catalogId": "lists",
3462
+ "scope": {
3463
+ "domains": [
3464
+ "network",
3465
+ "vulnerabilities"
3466
+ ],
3467
+ "agents": [
3468
+ "neo"
3469
+ ]
3470
+ },
3471
+ "data": {
3472
+ "id": "assets-exploitability-decisions-list",
3473
+ "entity": "assets",
3474
+ "title": "Assets Exploitability",
3475
+ "leadingContentType": "decisions",
3476
+ "pagination": {
3477
+ "enabled": true,
3478
+ "defaultLimit": 50,
3479
+ "maxLimit": 200
3480
+ },
3481
+ "filters": [],
3482
+ "fields": [
3483
+ "decisionOverviewSummary",
3484
+ "decisionOverviewDetailedAnalysis",
3485
+ "decisionLabel",
3486
+ "decisionStatus",
3487
+ "decisionRiskScore",
3488
+ "decisionUrgencyScore"
3489
+ ],
3490
+ "extensions": [],
3491
+ "includeRelations": [],
3492
+ "allowedSorts": [
3493
+ "decisionRiskScore",
3494
+ "decisionUrgencyScore",
3495
+ "decisionStatus",
3496
+ "decisionLabel"
3497
+ ],
3498
+ "defaultSort": {
3499
+ "property": "decisionRiskScore",
3500
+ "direction": "desc"
3501
+ },
3502
+ "allowSortDrivenLeadingOverride": false
3503
+ }
3504
+ },
3505
+ {
3506
+ "catalogId": "lists",
3507
+ "scope": {
3508
+ "domains": [
3509
+ "network",
3510
+ "vulnerabilities"
3511
+ ],
3512
+ "agents": [
3513
+ "neo"
3514
+ ]
3515
+ },
3516
+ "data": {
3517
+ "id": "assets-potential-impact-decisions-list",
3518
+ "entity": "assets",
3519
+ "title": "Asset's Potential Impact",
3520
+ "leadingContentType": "decisions",
3521
+ "pagination": {
3522
+ "enabled": true,
3523
+ "defaultLimit": 50,
3524
+ "maxLimit": 200
3525
+ },
3526
+ "filters": [],
3527
+ "fields": [
3528
+ "decisionOverviewSummary",
3529
+ "decisionOverviewDetailedAnalysis",
3530
+ "decisionLabel",
3531
+ "decisionStatus",
3532
+ "decisionRiskScore"
3533
+ ],
3534
+ "extensions": [],
3535
+ "includeRelations": [],
3536
+ "allowedSorts": [
3537
+ "decisionRiskScore",
3538
+ "decisionStatus",
3539
+ "decisionLabel"
3540
+ ],
3541
+ "defaultSort": {
3542
+ "property": "decisionRiskScore",
3543
+ "direction": "desc"
3544
+ },
3545
+ "allowSortDrivenLeadingOverride": false
3546
+ }
3547
+ },
3548
+ {
3549
+ "catalogId": "lists",
3550
+ "scope": {
3551
+ "domains": [
3552
+ "network",
3553
+ "vulnerabilities"
3554
+ ],
3555
+ "agents": [
3556
+ "neo"
3557
+ ]
3558
+ },
3559
+ "data": {
3560
+ "id": "subnets-main-list",
3561
+ "entity": "subnets",
3562
+ "title": "Networks",
3563
+ "leadingContentType": "snapshots",
3564
+ "fields": [
3565
+ "subnetIp",
3566
+ "cidr",
3567
+ "zone",
3568
+ "zoneClass",
3569
+ "vr",
3570
+ "networkAddress",
3571
+ "assetsCount",
3572
+ "findingsCount",
3573
+ "vulnerabilitiesCount",
3574
+ "criticalVulnerabilities",
3575
+ "highVulnerabilities",
3576
+ "outsideExposureClass",
3577
+ "internalReachabilityClass",
3578
+ "recordId"
3579
+ ],
3580
+ "defaultSort": {
3581
+ "property": "cidr",
3582
+ "direction": "asc"
3583
+ },
3584
+ "allowedSorts": [
3585
+ "subnetIp",
3586
+ "cidr",
3587
+ "zone",
3588
+ "zoneClass",
3589
+ "vr",
3590
+ "assetsCount",
3591
+ "findingsCount",
3592
+ "vulnerabilitiesCount",
3593
+ "criticalVulnerabilities",
3594
+ "highVulnerabilities",
3595
+ "outsideExposureClass",
3596
+ "internalReachabilityClass"
3597
+ ],
3598
+ "pagination": {
3599
+ "enabled": true,
3600
+ "defaultLimit": 50,
3601
+ "maxLimit": 200
3602
+ },
3603
+ "columnDrillDowns": [
3604
+ {
3605
+ "field": "assetsCount",
3606
+ "label": "Assets #",
3607
+ "listQuery": {
3608
+ "entityName": "assets",
3609
+ "listDescriptorId": "assets-main-list",
3610
+ "filters": [
3611
+ {
3612
+ "property": "subnetCidrs",
3613
+ "operator": "eq",
3614
+ "valueFromRow": "cidr"
3615
+ }
3616
+ ]
3617
+ }
3618
+ },
3619
+ {
3620
+ "field": "findingsCount",
3621
+ "label": "Findings #",
3622
+ "listQuery": {
3623
+ "entityName": "vulnerabilities",
3624
+ "listDescriptorId": "vulnerabilities-observations-list",
3625
+ "narrativeIds": [
3626
+ "is-finding"
3627
+ ],
3628
+ "filters": [
3629
+ {
3630
+ "property": "subnetIp",
3631
+ "operator": "eq",
3632
+ "valueFromRow": "networkAddress"
3633
+ }
3634
+ ]
3635
+ }
3636
+ },
3637
+ {
3638
+ "field": "vulnerabilitiesCount",
3639
+ "label": "Vulnerabilities #",
3640
+ "listQuery": {
3641
+ "entityName": "vulnerabilities",
3642
+ "listDescriptorId": "vulnerabilities-main-list",
3643
+ "narrativeIds": [
3644
+ "is-vulnerability"
3645
+ ],
3646
+ "filters": [
3647
+ {
3648
+ "property": "subnetIp",
3649
+ "operator": "eq",
3650
+ "valueFromRow": "networkAddress"
3651
+ }
3652
+ ]
3653
+ }
3654
+ },
3655
+ {
3656
+ "field": "criticalVulnerabilities",
3657
+ "label": "Critical Vulnerabilities",
3658
+ "listQuery": {
3659
+ "entityName": "vulnerabilities",
3660
+ "listDescriptorId": "vulnerabilities-main-list",
3661
+ "narrativeIds": [
3662
+ "is-vulnerability",
3663
+ "has-critical-severity"
3664
+ ],
3665
+ "filters": [
3666
+ {
3667
+ "property": "subnetIp",
3668
+ "operator": "eq",
3669
+ "valueFromRow": "networkAddress"
3670
+ }
3671
+ ]
3672
+ }
3673
+ },
3674
+ {
3675
+ "field": "highVulnerabilities",
3676
+ "label": "High Vulnerabilities",
3677
+ "listQuery": {
3678
+ "entityName": "vulnerabilities",
3679
+ "listDescriptorId": "vulnerabilities-main-list",
3680
+ "narrativeIds": [
3681
+ "is-vulnerability",
3682
+ "has-high-severity"
3683
+ ],
3684
+ "filters": [
3685
+ {
3686
+ "property": "subnetIp",
3687
+ "operator": "eq",
3688
+ "valueFromRow": "networkAddress"
3689
+ }
3690
+ ]
3691
+ }
3692
+ }
3693
+ ]
3694
+ }
3695
+ },
3696
+ {
3697
+ "catalogId": "lists",
3698
+ "scope": {
3699
+ "domains": [
3700
+ "network",
3701
+ "vulnerabilities"
3702
+ ],
3703
+ "agents": [
3704
+ "neo"
3705
+ ]
3706
+ },
3707
+ "data": {
3708
+ "id": "vulnerabilities-main-list",
3709
+ "entity": "vulnerabilities",
3710
+ "title": "Vulnerabilities",
3711
+ "leadingContentType": "snapshots",
3712
+ "pagination": {
3713
+ "enabled": true,
3714
+ "defaultLimit": 50,
3715
+ "maxLimit": 200
3716
+ },
3717
+ "filters": [
3718
+ {
3719
+ "property": "narrativeId",
3720
+ "operator": "eq",
3721
+ "value": "is-vulnerability"
3722
+ }
3723
+ ],
3724
+ "fields": [
3725
+ "vulnerabilityId",
3726
+ "assetIp",
3727
+ "subnetIp",
3728
+ "pluginName",
3729
+ "pluginFamily",
3730
+ "severity",
3731
+ "cveId",
3732
+ "riskLevel",
3733
+ "priorityScore",
3734
+ "epss",
3735
+ "knownExploited",
3736
+ "exploitabilityLevel",
3737
+ "networkExposure"
3738
+ ],
3739
+ "extensions": [],
3740
+ "includeRelations": [],
3741
+ "allowedSorts": [
3742
+ "vulnerabilityId",
3743
+ "assetIp",
3744
+ "subnetIp",
3745
+ "pluginName",
3746
+ "pluginFamily",
3747
+ "severity",
3748
+ "riskLevel",
3749
+ "priorityScore",
3750
+ "epss",
3751
+ "knownExploited",
3752
+ "exploitabilityScore",
3753
+ "exploitabilityLevel",
3754
+ "networkExposure"
3755
+ ],
3756
+ "defaultSort": {
3757
+ "property": "priorityScore",
3758
+ "direction": "desc"
3759
+ },
3760
+ "allowSortDrivenLeadingOverride": false
2048
3761
  }
2049
3762
  },
2050
3763
  {
@@ -2059,49 +3772,44 @@
2059
3772
  ]
2060
3773
  },
2061
3774
  "data": {
2062
- "id": "assets-main-list",
2063
- "entity": "assets",
2064
- "title": "Assets",
3775
+ "id": "vulnerabilities-observations-list",
3776
+ "entity": "vulnerabilities",
3777
+ "title": "Observations",
2065
3778
  "leadingContentType": "snapshots",
2066
3779
  "pagination": {
2067
3780
  "enabled": true,
2068
3781
  "defaultLimit": 50,
2069
3782
  "maxLimit": 200
2070
3783
  },
2071
- "filters": [],
3784
+ "filters": [
3785
+ {
3786
+ "property": "narrativeId",
3787
+ "operator": "eq",
3788
+ "value": "is-finding"
3789
+ }
3790
+ ],
2072
3791
  "fields": [
2073
- "ipAddress",
2074
- "subnetIp",
2075
- "subnetCidr",
2076
- "hostName",
2077
- "source",
2078
- "agentType",
2079
- "xdrOperationalStatus",
2080
- "xdrAgentStatus",
2081
- "criticalVulnerabilities",
2082
- "highVulnerabilities",
2083
- "potentialImpactLevel",
2084
- "pathsCount"
3792
+ "assetIp",
3793
+ "pluginName",
3794
+ "severity",
3795
+ "riskLevel",
3796
+ "priorityScore",
3797
+ "knownExploited",
3798
+ "cveId",
3799
+ "subnetIp"
2085
3800
  ],
2086
3801
  "extensions": [],
2087
3802
  "includeRelations": [],
2088
3803
  "allowedSorts": [
2089
- "ipAddress",
2090
- "subnetIp",
2091
- "subnetCidr",
2092
- "hostName",
2093
- "source",
2094
- "agentType",
2095
- "xdrOperationalStatus",
2096
- "xdrAgentStatus",
2097
- "criticalVulnerabilities",
2098
- "highVulnerabilities",
2099
- "potentialImpactLevel",
2100
- "pathsCount",
2101
- "lastSeen"
3804
+ "assetIp",
3805
+ "pluginName",
3806
+ "severity",
3807
+ "riskLevel",
3808
+ "priorityScore",
3809
+ "knownExploited"
2102
3810
  ],
2103
3811
  "defaultSort": {
2104
- "property": "ipAddress",
3812
+ "property": "pluginName",
2105
3813
  "direction": "asc"
2106
3814
  },
2107
3815
  "allowSortDrivenLeadingOverride": false
@@ -2119,26 +3827,75 @@
2119
3827
  ]
2120
3828
  },
2121
3829
  "data": {
2122
- "id": "subnets-main-list",
2123
- "entity": "subnets",
2124
- "title": "Subnets",
2125
- "leadingContentType": "snapshots",
3830
+ "id": "vulnerabilities-exploitability-analysis-list",
3831
+ "entity": "vulnerabilities",
3832
+ "title": "Vulnerabilities Exploitability",
3833
+ "leadingContentType": "analysis",
3834
+ "pagination": {
3835
+ "enabled": true,
3836
+ "defaultLimit": 50,
3837
+ "maxLimit": 200
3838
+ },
3839
+ "filters": [],
2126
3840
  "fields": [
2127
- "cidr",
2128
- "subnetIp",
2129
- "zone",
2130
- "vr",
2131
- "recordId"
3841
+ "analysisBriefSummary",
3842
+ "analysisBriefAnalysis",
3843
+ "analysisExploitabilityLevel",
3844
+ "analysisClassType"
3845
+ ],
3846
+ "extensions": [],
3847
+ "includeRelations": [],
3848
+ "allowedSorts": [
3849
+ "analysisExploitabilityLevel",
3850
+ "analysisClassType"
2132
3851
  ],
2133
3852
  "defaultSort": {
2134
- "property": "cidr",
3853
+ "property": "analysisExploitabilityLevel",
2135
3854
  "direction": "asc"
2136
3855
  },
3856
+ "allowSortDrivenLeadingOverride": false
3857
+ }
3858
+ },
3859
+ {
3860
+ "catalogId": "lists",
3861
+ "scope": {
3862
+ "domains": [
3863
+ "network",
3864
+ "vulnerabilities"
3865
+ ],
3866
+ "agents": [
3867
+ "neo"
3868
+ ]
3869
+ },
3870
+ "data": {
3871
+ "id": "vulnerabilities-triage-analysis-list",
3872
+ "entity": "vulnerabilities",
3873
+ "title": "Vulnerabilities Triage",
3874
+ "leadingContentType": "analysis",
2137
3875
  "pagination": {
2138
3876
  "enabled": true,
2139
3877
  "defaultLimit": 50,
2140
3878
  "maxLimit": 200
2141
- }
3879
+ },
3880
+ "filters": [],
3881
+ "fields": [
3882
+ "analysisBriefSummary",
3883
+ "analysisBriefAnalysis",
3884
+ "analysisExploitabilityLevel",
3885
+ "analysisClassType",
3886
+ "analysisImpact"
3887
+ ],
3888
+ "extensions": [],
3889
+ "includeRelations": [],
3890
+ "allowedSorts": [
3891
+ "analysisExploitabilityLevel",
3892
+ "analysisClassType"
3893
+ ],
3894
+ "defaultSort": {
3895
+ "property": "analysisExploitabilityLevel",
3896
+ "direction": "asc"
3897
+ },
3898
+ "allowSortDrivenLeadingOverride": false
2142
3899
  }
2143
3900
  },
2144
3901
  {
@@ -2153,9 +3910,9 @@
2153
3910
  ]
2154
3911
  },
2155
3912
  "data": {
2156
- "id": "vulnerabilities-main-list",
2157
- "entity": "vulnerabilities",
2158
- "title": "Vulnerabilities",
3913
+ "id": "vulnerabilities-groups-main-list",
3914
+ "entity": "vulnerabilities-groups",
3915
+ "title": "Vulnerability Groups",
2159
3916
  "leadingContentType": "snapshots",
2160
3917
  "pagination": {
2161
3918
  "enabled": true,
@@ -2164,42 +3921,97 @@
2164
3921
  },
2165
3922
  "filters": [],
2166
3923
  "fields": [
2167
- "vulnerabilityId",
2168
- "assetIp",
2169
- "subnetIp",
2170
- "pluginName",
2171
- "pluginFamily",
3924
+ "name",
3925
+ "vulnerabilityType",
2172
3926
  "severity",
2173
- "cveId",
3927
+ "affectedEntitiesCount",
3928
+ "findingsCount",
3929
+ "vulnerabilitiesCount",
3930
+ "criticalVulnerabilities",
3931
+ "highVulnerabilities",
2174
3932
  "riskLevel",
2175
3933
  "priorityScore",
2176
- "epss",
2177
3934
  "knownExploited",
2178
- "exploitabilityLevel",
2179
- "networkExposure"
3935
+ "cveId",
3936
+ "pluginId",
3937
+ "compositeScore"
2180
3938
  ],
2181
3939
  "extensions": [],
2182
3940
  "includeRelations": [],
2183
3941
  "allowedSorts": [
2184
- "vulnerabilityId",
2185
- "assetIp",
2186
- "subnetIp",
2187
- "pluginName",
2188
- "pluginFamily",
3942
+ "name",
2189
3943
  "severity",
3944
+ "affectedEntitiesCount",
3945
+ "findingsCount",
3946
+ "vulnerabilitiesCount",
3947
+ "criticalVulnerabilities",
3948
+ "highVulnerabilities",
2190
3949
  "riskLevel",
2191
3950
  "priorityScore",
2192
- "epss",
2193
3951
  "knownExploited",
2194
- "exploitabilityScore",
2195
- "exploitabilityLevel",
2196
- "networkExposure"
3952
+ "compositeScore"
2197
3953
  ],
2198
3954
  "defaultSort": {
2199
3955
  "property": "priorityScore",
2200
3956
  "direction": "desc"
2201
3957
  },
2202
- "allowSortDrivenLeadingOverride": false
3958
+ "allowSortDrivenLeadingOverride": false,
3959
+ "columnDrillDowns": [
3960
+ {
3961
+ "field": "affectedEntitiesCount",
3962
+ "label": "Affected #",
3963
+ "listQuery": {
3964
+ "entityName": "vulnerabilities",
3965
+ "listDescriptorId": "vulnerabilities-main-list",
3966
+ "narrativeIds": [
3967
+ "is-vulnerability"
3968
+ ],
3969
+ "filters": [
3970
+ {
3971
+ "property": "pluginName",
3972
+ "operator": "eq",
3973
+ "valueFromRow": "name"
3974
+ }
3975
+ ]
3976
+ }
3977
+ },
3978
+ {
3979
+ "field": "findingsCount",
3980
+ "label": "Findings #",
3981
+ "listQuery": {
3982
+ "entityName": "vulnerabilities",
3983
+ "listDescriptorId": "vulnerabilities-observations-list",
3984
+ "narrativeIds": [
3985
+ "is-finding"
3986
+ ],
3987
+ "filters": [
3988
+ {
3989
+ "property": "pluginName",
3990
+ "operator": "eq",
3991
+ "valueFromRow": "name"
3992
+ }
3993
+ ]
3994
+ }
3995
+ },
3996
+ {
3997
+ "field": "vulnerabilitiesCount",
3998
+ "label": "Vulnerabilities #",
3999
+ "listQuery": {
4000
+ "entityName": "vulnerabilities",
4001
+ "listDescriptorId": "vulnerabilities-main-list",
4002
+ "narrativeIds": [
4003
+ "is-vulnerability"
4004
+ ],
4005
+ "filters": [
4006
+ {
4007
+ "property": "pluginName",
4008
+ "operator": "eq",
4009
+ "valueFromRow": "name"
4010
+ }
4011
+ ]
4012
+ }
4013
+ }
4014
+ ]
2203
4015
  }
2204
4016
  },
2205
4017
  {
@@ -2431,20 +4243,95 @@
2431
4243
  },
2432
4244
  "contentTypes": [
2433
4245
  {
2434
- "contentType": "snapshots",
2435
- "required": true,
2436
- "multiMatch": {
2437
- "strategy": "last",
2438
- "effectiveDatePath": "data.lastSeen",
2439
- "fallbackEffectiveDatePaths": [
2440
- "capturedAt",
2441
- "snapshot.capturedAt",
2442
- "data.lastSeen"
2443
- ]
2444
- }
2445
- }
2446
- ],
2447
- "sections": [
4246
+ "contentType": "snapshots",
4247
+ "required": true,
4248
+ "multiMatch": {
4249
+ "strategy": "last",
4250
+ "effectiveDatePath": "data.lastSeen",
4251
+ "fallbackEffectiveDatePaths": [
4252
+ "capturedAt",
4253
+ "snapshot.capturedAt",
4254
+ "data.lastSeen"
4255
+ ]
4256
+ }
4257
+ },
4258
+ {
4259
+ "contentType": "analysis",
4260
+ "required": false,
4261
+ "multiMatch": {
4262
+ "strategy": "last",
4263
+ "effectiveDatePath": "capturedAt",
4264
+ "fallbackEffectiveDatePaths": [
4265
+ "modifiedAt",
4266
+ "createdAt"
4267
+ ]
4268
+ }
4269
+ },
4270
+ {
4271
+ "contentType": "decisions",
4272
+ "required": false,
4273
+ "multiMatch": {
4274
+ "strategy": "last",
4275
+ "effectiveDatePath": "capturedAt",
4276
+ "fallbackEffectiveDatePaths": [
4277
+ "modifiedAt",
4278
+ "createdAt"
4279
+ ]
4280
+ }
4281
+ }
4282
+ ],
4283
+ "sections": [
4284
+ {
4285
+ "id": "brief",
4286
+ "title": "Brief",
4287
+ "fields": [
4288
+ "analysisBriefSummary",
4289
+ "analysisBriefTakeaway",
4290
+ "analysisBriefConfidence"
4291
+ ]
4292
+ },
4293
+ {
4294
+ "id": "context",
4295
+ "title": "Context",
4296
+ "fields": [
4297
+ "analysisContext"
4298
+ ]
4299
+ },
4300
+ {
4301
+ "id": "reachability",
4302
+ "title": "Reachability",
4303
+ "fields": [
4304
+ "analysisReachability"
4305
+ ]
4306
+ },
4307
+ {
4308
+ "id": "paths",
4309
+ "title": "Paths",
4310
+ "fields": [
4311
+ "analysisPaths",
4312
+ "attackPathExistence",
4313
+ "pathsCount"
4314
+ ]
4315
+ },
4316
+ {
4317
+ "id": "exploitability",
4318
+ "title": "Exploitability",
4319
+ "fields": [
4320
+ "decisionExploitability"
4321
+ ]
4322
+ },
4323
+ {
4324
+ "id": "decision",
4325
+ "title": "Decision",
4326
+ "fields": [
4327
+ "decisionOverviewSummary",
4328
+ "decisionOverviewDetailedAnalysis",
4329
+ "decisionLabel",
4330
+ "decisionStatus",
4331
+ "decisionRiskScore",
4332
+ "decisionUrgencyScore"
4333
+ ]
4334
+ },
2448
4335
  {
2449
4336
  "id": "summary",
2450
4337
  "title": "Summary",
@@ -2457,6 +4344,7 @@
2457
4344
  "agentType",
2458
4345
  "xdrOperationalStatus",
2459
4346
  "xdrAgentStatus",
4347
+ "observedUsers",
2460
4348
  "lastSeen",
2461
4349
  "pathsCount"
2462
4350
  ]
@@ -2468,7 +4356,8 @@
2468
4356
  "criticalVulnerabilities",
2469
4357
  "highVulnerabilities",
2470
4358
  "mediumVulnerabilities",
2471
- "lowVulnerabilities"
4359
+ "lowVulnerabilities",
4360
+ "findingsCount"
2472
4361
  ]
2473
4362
  },
2474
4363
  {
@@ -2479,13 +4368,6 @@
2479
4368
  "potentialImpactConfidence",
2480
4369
  "potentialImpactStory"
2481
4370
  ]
2482
- },
2483
- {
2484
- "id": "xdr",
2485
- "title": "XDR",
2486
- "fields": [
2487
- "rawXdr"
2488
- ]
2489
4371
  }
2490
4372
  ],
2491
4373
  "includeRelations": [
@@ -2551,6 +4433,18 @@
2551
4433
  ]
2552
4434
  }
2553
4435
  },
4436
+ {
4437
+ "contentType": "analysis",
4438
+ "required": false,
4439
+ "multiMatch": {
4440
+ "strategy": "last",
4441
+ "effectiveDatePath": "capturedAt",
4442
+ "fallbackEffectiveDatePaths": [
4443
+ "modifiedAt",
4444
+ "createdAt"
4445
+ ]
4446
+ }
4447
+ },
2554
4448
  {
2555
4449
  "contentType": "legacy",
2556
4450
  "required": false,
@@ -2565,6 +4459,57 @@
2565
4459
  }
2566
4460
  ],
2567
4461
  "sections": [
4462
+ {
4463
+ "id": "overview",
4464
+ "title": "Overview",
4465
+ "fields": [
4466
+ "analysisOverview",
4467
+ "analysisOverviewSummary"
4468
+ ]
4469
+ },
4470
+ {
4471
+ "id": "role",
4472
+ "title": "Role",
4473
+ "fields": [
4474
+ "analysisRole"
4475
+ ]
4476
+ },
4477
+ {
4478
+ "id": "exposure",
4479
+ "title": "Exposure",
4480
+ "fields": [
4481
+ "analysisExposure",
4482
+ "outsideExposureClass"
4483
+ ]
4484
+ },
4485
+ {
4486
+ "id": "trust",
4487
+ "title": "Trust",
4488
+ "fields": [
4489
+ "analysisTrust"
4490
+ ]
4491
+ },
4492
+ {
4493
+ "id": "attack-path",
4494
+ "title": "Attack Path",
4495
+ "fields": [
4496
+ "analysisAttackPath"
4497
+ ]
4498
+ },
4499
+ {
4500
+ "id": "movement",
4501
+ "title": "Movement",
4502
+ "fields": [
4503
+ "analysisMovement"
4504
+ ]
4505
+ },
4506
+ {
4507
+ "id": "context",
4508
+ "title": "Context",
4509
+ "fields": [
4510
+ "analysisContext"
4511
+ ]
4512
+ },
2568
4513
  {
2569
4514
  "id": "summary",
2570
4515
  "title": "Summary",
@@ -2574,6 +4519,11 @@
2574
4519
  "zone",
2575
4520
  "zoneClass",
2576
4521
  "vr",
4522
+ "assetsCount",
4523
+ "findingsCount",
4524
+ "vulnerabilitiesCount",
4525
+ "criticalVulnerabilities",
4526
+ "highVulnerabilities",
2577
4527
  "recordId"
2578
4528
  ]
2579
4529
  },
@@ -2589,15 +4539,6 @@
2589
4539
  "reachableFromZones",
2590
4540
  "zoneMappingConfidence"
2591
4541
  ]
2592
- },
2593
- {
2594
- "id": "legacy",
2595
- "title": "Legacy (quarantined)",
2596
- "fields": [
2597
- "quarantineLegacy",
2598
- "legacySubnetIp",
2599
- "quarantineReason"
2600
- ]
2601
4542
  }
2602
4543
  ],
2603
4544
  "includeRelations": [],
@@ -2637,62 +4578,84 @@
2637
4578
  "data.enrichment.enrichedAt"
2638
4579
  ]
2639
4580
  }
4581
+ },
4582
+ {
4583
+ "contentType": "analysis",
4584
+ "required": false,
4585
+ "multiMatch": {
4586
+ "strategy": "last",
4587
+ "effectiveDatePath": "capturedAt",
4588
+ "fallbackEffectiveDatePaths": [
4589
+ "modifiedAt",
4590
+ "createdAt"
4591
+ ]
4592
+ }
2640
4593
  }
2641
4594
  ],
2642
4595
  "sections": [
2643
4596
  {
2644
- "id": "summary",
2645
- "title": "Summary",
4597
+ "id": "brief",
4598
+ "title": "Brief",
2646
4599
  "fields": [
2647
- "vulnerabilityId",
2648
- "pluginName",
2649
- "pluginFamily",
2650
- "severity",
2651
- "cveId"
4600
+ "analysisBriefSummary",
4601
+ "analysisBriefAnalysis",
4602
+ "analysisBriefEvidence",
4603
+ "analysisBriefGaps"
2652
4604
  ]
2653
4605
  },
2654
4606
  {
2655
- "id": "asset",
2656
- "title": "Affected Asset",
4607
+ "id": "applicability",
4608
+ "title": "Applicability",
2657
4609
  "fields": [
2658
- "assetIp",
2659
- "subnetIp",
2660
- "assetType",
2661
- "assetZone",
2662
- "assetHostname",
2663
- "assetMatched"
4610
+ "analysisApplicability"
2664
4611
  ]
2665
4612
  },
2666
4613
  {
2667
- "id": "risk",
2668
- "title": "Risk",
4614
+ "id": "exploitability",
4615
+ "title": "Exploitability",
2669
4616
  "fields": [
2670
- "riskLevel",
2671
- "priorityScore",
2672
- "compositeScore",
2673
- "exploitabilityScore",
2674
- "exploitabilityLevel"
4617
+ "analysisExploitability",
4618
+ "analysisExploitabilityLevel"
4619
+ ]
4620
+ },
4621
+ {
4622
+ "id": "impact",
4623
+ "title": "Impact",
4624
+ "fields": [
4625
+ "analysisImpact"
2675
4626
  ]
2676
4627
  },
2677
4628
  {
2678
- "id": "threatIntelligence",
2679
- "title": "Threat Intelligence",
4629
+ "id": "threat",
4630
+ "title": "Threat",
2680
4631
  "fields": [
2681
- "epss",
2682
- "epssPercentile",
4632
+ "analysisThreat",
2683
4633
  "knownExploited",
2684
- "cvssBaseScore",
2685
- "cvssVector"
4634
+ "epss"
2686
4635
  ]
2687
4636
  },
2688
4637
  {
2689
- "id": "networkAndMitre",
2690
- "title": "Network & MITRE",
4638
+ "id": "mitre",
4639
+ "title": "Mitre",
2691
4640
  "fields": [
2692
- "networkExposure",
4641
+ "analysisMitre",
2693
4642
  "mitreTechniques",
2694
4643
  "mitreAnalysis"
2695
4644
  ]
4645
+ },
4646
+ {
4647
+ "id": "summary",
4648
+ "title": "Summary",
4649
+ "fields": [
4650
+ "vulnerabilityId",
4651
+ "pluginName",
4652
+ "pluginFamily",
4653
+ "severity",
4654
+ "cveId",
4655
+ "assetIp",
4656
+ "riskLevel",
4657
+ "priorityScore"
4658
+ ]
2696
4659
  }
2697
4660
  ],
2698
4661
  "includeRelations": [
@@ -2725,6 +4688,188 @@
2725
4688
  }
2726
4689
  }
2727
4690
  },
4691
+ {
4692
+ "catalogId": "memorix-item-descriptors",
4693
+ "scope": {
4694
+ "domains": [
4695
+ "network",
4696
+ "vulnerabilities"
4697
+ ],
4698
+ "agents": [
4699
+ "neo"
4700
+ ]
4701
+ },
4702
+ "data": {
4703
+ "id": "vulnerability-observation-detail-item",
4704
+ "entity": "vulnerabilities",
4705
+ "title": "Observation Detail",
4706
+ "identity": {
4707
+ "idField": "recordId"
4708
+ },
4709
+ "contentTypes": [
4710
+ {
4711
+ "contentType": "snapshots",
4712
+ "required": true,
4713
+ "multiMatch": {
4714
+ "strategy": "last",
4715
+ "effectiveDatePath": "data.lastSeen",
4716
+ "fallbackEffectiveDatePaths": [
4717
+ "capturedAt",
4718
+ "snapshot.capturedAt",
4719
+ "data.enrichment.enrichedAt"
4720
+ ]
4721
+ }
4722
+ }
4723
+ ],
4724
+ "sections": [
4725
+ {
4726
+ "id": "brief",
4727
+ "title": "Brief",
4728
+ "fields": [
4729
+ "assetIp",
4730
+ "pluginName",
4731
+ "severity",
4732
+ "cveId",
4733
+ "riskLevel",
4734
+ "priorityScore",
4735
+ "knownExploited"
4736
+ ]
4737
+ }
4738
+ ],
4739
+ "includeRelations": [],
4740
+ "content": {
4741
+ "allowed": false
4742
+ }
4743
+ }
4744
+ },
4745
+ {
4746
+ "catalogId": "memorix-item-descriptors",
4747
+ "scope": {
4748
+ "domains": [
4749
+ "network",
4750
+ "vulnerabilities"
4751
+ ],
4752
+ "agents": [
4753
+ "neo"
4754
+ ]
4755
+ },
4756
+ "data": {
4757
+ "id": "vulnerabilities-group-detail-item",
4758
+ "entity": "vulnerabilities-groups",
4759
+ "title": "Vulnerability Group Detail",
4760
+ "identity": {
4761
+ "idField": "recordId"
4762
+ },
4763
+ "contentTypes": [
4764
+ {
4765
+ "contentType": "snapshots",
4766
+ "required": true,
4767
+ "multiMatch": {
4768
+ "strategy": "last",
4769
+ "effectiveDatePath": "capturedAt",
4770
+ "fallbackEffectiveDatePaths": [
4771
+ "modifiedAt",
4772
+ "createdAt",
4773
+ "data.enrichment.enrichedAt"
4774
+ ]
4775
+ }
4776
+ },
4777
+ {
4778
+ "contentType": "analysis",
4779
+ "required": false,
4780
+ "multiMatch": {
4781
+ "strategy": "last",
4782
+ "effectiveDatePath": "capturedAt",
4783
+ "fallbackEffectiveDatePaths": [
4784
+ "modifiedAt",
4785
+ "createdAt"
4786
+ ]
4787
+ }
4788
+ }
4789
+ ],
4790
+ "sections": [
4791
+ {
4792
+ "id": "brief",
4793
+ "title": "Brief",
4794
+ "fields": [
4795
+ "analysisBriefSummary",
4796
+ "analysisBriefAnalysis",
4797
+ "analysisBriefEvidence",
4798
+ "analysisBriefGaps"
4799
+ ]
4800
+ },
4801
+ {
4802
+ "id": "applicability",
4803
+ "title": "Applicability",
4804
+ "fields": [
4805
+ "analysisApplicability"
4806
+ ]
4807
+ },
4808
+ {
4809
+ "id": "exploitability",
4810
+ "title": "Exploitability",
4811
+ "fields": [
4812
+ "analysisExploitability"
4813
+ ]
4814
+ },
4815
+ {
4816
+ "id": "impact",
4817
+ "title": "Impact",
4818
+ "fields": [
4819
+ "analysisImpact"
4820
+ ]
4821
+ },
4822
+ {
4823
+ "id": "threat",
4824
+ "title": "Threat",
4825
+ "fields": [
4826
+ "analysisThreat",
4827
+ "knownExploited"
4828
+ ]
4829
+ },
4830
+ {
4831
+ "id": "mitre",
4832
+ "title": "Mitre",
4833
+ "fields": [
4834
+ "analysisMitre"
4835
+ ]
4836
+ },
4837
+ {
4838
+ "id": "summary",
4839
+ "title": "Summary",
4840
+ "fields": [
4841
+ "name",
4842
+ "vulnerabilityType",
4843
+ "cveId",
4844
+ "pluginId",
4845
+ "severity",
4846
+ "affectedEntitiesCount",
4847
+ "findingsCount",
4848
+ "vulnerabilitiesCount",
4849
+ "riskLevel",
4850
+ "priorityScore"
4851
+ ]
4852
+ }
4853
+ ],
4854
+ "includeRelations": [
4855
+ {
4856
+ "relation": "groupVulnerabilities",
4857
+ "mode": "array",
4858
+ "arrayProperty": "vulnerabilities",
4859
+ "limit": 200,
4860
+ "fields": [
4861
+ "assetIp",
4862
+ "severity",
4863
+ "cveId",
4864
+ "pluginName"
4865
+ ]
4866
+ }
4867
+ ],
4868
+ "content": {
4869
+ "allowed": false
4870
+ }
4871
+ }
4872
+ },
2728
4873
  {
2729
4874
  "catalogId": "memorix-item-descriptors",
2730
4875
  "scope": {