Security Assessment Result domain
Records the results of vulnerability assessment processes. This topic describes the domain's entities and attributes.
Available to roles: admin
Assessment Result Header Entity
This entity is created for each task in the assessment results set.
| Attribute | Description |
|---|---|
| Assessment Result ID | Identifies the assessment results set. Only available to users with the admin role. |
| Assessment ID | Identifies the assessment. Only available to users with the admin role. |
| Task ID | Identifies the task within the assessment. Only available to users with the admin role. |
| Parameter Modified Flag | Indicates if parameters modified since last run. |
| Execution Date | Date that the assessment was run. |
| Received By All | Indicates whether or not these results have been received by all receivers on the distribution list. |
| Overall Score | Overall score for the assessment. |
| From Date | From date for the assessment. |
| To Date | To date for the assessment. |
| Assessment Description | Assessment name from the definition. |
| Filter Client IP | Clients selected: exact IP address, address with wildcards (*), or empty to select all. |
| Filter Server IP | Servers selected: exact IP address, address with wildcards (*), or empty to select all. |
| Recommendation | Recommendation returned for the task. |
Test Result Entity
This entity is created for each set of test results.
| Attribute | Description |
|---|---|
| Test Result Id | Identifies the test result. Only available to users with the admin role. |
| Assessment Result Id | Identifies the assessment results set. Only available to users with the admin role. |
| Test Id1 | Identifies the test. |
| Assessment Test Id | Identifies the assessment test (task). Only available to users with the admin role. |
| Test Score | Returned test score. |
| Report Result Id | Identifies the report result. |
| Parameter Modified Flag | Indicates if parameters were modified since the last test. |
| Result Text | Text returned by the test. |
| Test Description | Description from the test definition. |
| Recommendation | Recommendation returned by the test. |
| Score Description | Description of the score. |
| Threshold String | The threshold prompt for the test (e.g. Maximum Number of Different IP's Allowed per user) |
| Severity | Severity assigned for the test result. |
| Category | Category for the test result. |
| Assessment Result data source Id1 | Identifies the test result data source. |
| Result Details | Details of the test. |
| Exceptions Group Desc | Exceptions Group Description. Populated when test is executed. |
VA summary entity
| Attribute | Description |
|---|---|
| Cumulative Fail Age | Number of days in fail status since first run |
| Cumulative Pass Age | Number of days in pass status since first run |
| Current Score | Score of the last run |
| Current Score Since | Date when the current score became effective |
| Data Source Name | Name of the datasource |
| Db Host | Database host |
| Db Type | Database type |
| First Execution Datetime | Date and time on which the test was first executed |
| First Fail Datetime | Date and time when the test failed for the first time |
| First Pass Datetime | Date and time when the test passed for the first time |
| Last Execution Datetime | Last date and time the test was executed |
| Last Fail Datetime | Last date and time the test failed |
| Last Pass Datetime | Last date and time the test passed |
| Port | Database port |
| Service Name | Database service name |
| Test Description | Description of the test |
| Test Id | ID of the test |
| Timestamp | When was this specific summary record updated |
| VA Summary ID | Id of the Summary record |
Assessment Result CVSS info Entity
| Attribute | Description |
|---|---|
| CVSS Access Complexity | CVSS Access Complexity |
| CVSS Access Vector | CVSS Access Vector |
| CVSS Authentication | CVSS Authentication |
| CVSS Availability Impact | CVSS Availability Impact |
| CVSS Confidentiality Impact | CVSS Confidentiality Impact |
| CVSS Generated Date Time | CVSS Generated Date Time |
| CVSS Integrity Impact | CVSS Integrity Impact |
| CVSS Score | CVSS Score |
| CVSS Source | CVSS Source |
Assessment Result CVE reference Entity
| Attribute | Description |
|---|---|
| CVE Reference Source | CVE Reference Source |
| Reference HREF | Reference HREF |
| Reference Type | Reference Type |
Assessment Result Datasource Entity
This entity is identifies a datasource accessed by the assessment test.
| Attribute | Description |
|---|---|
| Assessment Result data source ID | Identifies a results set for a datasource. Accessible only by users with the admin role. |
| Assessment Result ID | Identifies the result. Accessible only by users with the admin role. |
| DB Type | Database type: Oracle, MS-SQL, DB2®, Sybase, Informix®, etc. |
| DB Name | Database name. |
| Version Level | Version level of the database. |
| Patch Level | Patch level of the database. |
| Full Version Info | Full version information for the datasource |
| Datasource name | Name of the datasource. |
| Description | Datasource description. |
| Host | Host name for the datasource. |
| Port | Port number on the host. |
| Service Name | Service name for the datasource. |
| User Name | User name used for datasource access. |
Severity Entity
The incident severity for an incident or policy violation
| Attribute | Description |
|---|---|
| Severity Description | The severity code is one of: INFO, LOW, MED, HIGH |
Assessment Log Entity
This entity is created each time that an assessment is run.
| Attribute | Description |
|---|---|
| Assessment Log ID | Uniquely identifies the assessment. Accessible only by users with the admin role. |
| Timestamp | Timestamp for the assessment. |
| Timestamp Date | Date portion of timestamp. |
| Timestamp Time | Time portion of the timestamp. |
| Assessment Log Type | Predefined, query or custom test. |
| Assessment Log Severity | The assessment test severity: Critical, Major, Minor, Cautionary, Informational. This is an ordered list of the level of severity classifications. Assessment test severity: Critical, Major, Minor, Cautionary, Informational. The highest severity is the first classification in this list. The lowest severity is the last classification in this list. |
| Assessment Result Id1 | Identifies the assessment results set. |
| Message | Message returned by the assessment. |
| Details | Details for this assessment. |