Class: KbArticle
The KB Article object contains metadata that describes the patch or update.
URI: ocsf:KbArticle
classDiagram
class KbArticle
click KbArticle href "../KbArticle/"
Object <|-- KbArticle
click Object href "../Object/"
KbArticle : avg_timespan
KbArticle --> "0..1" Timespan : avg_timespan
click Timespan href "../Timespan/"
KbArticle : bulletin
KbArticle : classification
KbArticle : created_time
KbArticle : install_state
KbArticle : install_state_id
KbArticle --> "0..1 _recommended_" InstallStateIdEnum : install_state_id
click InstallStateIdEnum href "../InstallStateIdEnum/"
KbArticle : is_superseded
KbArticle : os
KbArticle --> "0..1 _recommended_" Os : os
click Os href "../Os/"
KbArticle : product
KbArticle --> "0..1" Product : product
click Product href "../Product/"
KbArticle : severity
KbArticle : size
KbArticle : src_url
KbArticle : title
KbArticle : uid
Inheritance
- OcsfObject
- Object
- KbArticle
- Object
Slots
| Name | Cardinality and Range | Description | Inheritance |
|---|---|---|---|
| avg_timespan | 0..1 Timespan |
The average time to patch | direct |
| bulletin | 0..1 String |
The kb article bulletin identifier | direct |
| classification | 0..1 String |
The vendors classification of the kb article | direct |
| created_time | 0..1 TimestampT |
The date the kb article was released by the vendor | direct |
| install_state | 0..1 recommended String |
The install state of the kb article | direct |
| install_state_id | 0..1 recommended InstallStateIdEnum |
The normalized install state ID of the kb article | direct |
| is_superseded | 0..1 Boolean |
The kb article has been replaced by another | direct |
| os | 0..1 recommended Os |
The operating system the kb article applies | direct |
| product | 0..1 Product |
The product details the kb article applies | direct |
| severity | 0..1 recommended String |
The severity of the kb article | direct |
| size | 0..1 Integer |
The size in bytes for the kb article | direct |
| src_url | 0..1 UrlT |
The kb article link from the source vendor | direct |
| title | 0..1 recommended String |
The title of the kb article | direct |
| uid | 0..1 recommended String |
The unique identifier for the kb article | direct |
Usages
| used by | used in | type | used |
|---|---|---|---|
| Remediation | kb_article_list | range | KbArticle |
| Vulnerability | kb_article_list | range | KbArticle |
| Compliance | compliance_references | range | KbArticle |
| Compliance | compliance_standards | range | KbArticle |
| PatchState | kb_article_list | range | KbArticle |
Rules
| Rule Applied | Preconditions | Postconditions | Elseconditions |
|---|---|---|---|
| any_of | [{'slot_conditions': {'uid': {'required': True}}}, {'slot_conditions': {'src_url': {'required': True}}}] |
In Subsets
Aliases
- KB Article
Identifier and Mapping Information
Annotations
| property | value |
|---|---|
| ocsf_constraints | {"at_least_one": ["uid", "src_url"]} |
Schema Source
- from schema: https://w3id.org/lmodel/ocsf
Mappings
| Mapping Type | Mapped Value |
|---|---|
| self | ocsf:KbArticle |
| native | ocsf:KbArticle |
LinkML Source
Direct
name: KbArticle
annotations:
ocsf_constraints:
tag: ocsf_constraints
value: '{"at_least_one": ["uid", "src_url"]}'
description: The KB Article object contains metadata that describes the patch or update.
in_subset:
- objects_subset
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- KB Article
is_a: Object
slots:
- avg_timespan
- bulletin
- classification
- created_time
- install_state
- install_state_id
- is_superseded
- os
- product
- severity
- size
- src_url
- title
- uid
slot_usage:
avg_timespan:
name: avg_timespan
description: The average time to patch.
bulletin:
name: bulletin
description: The kb article bulletin identifier.
classification:
name: classification
description: The vendors classification of the kb article.
created_time:
name: created_time
description: The date the kb article was released by the vendor.
install_state:
name: install_state
description: The install state of the kb article.
recommended: true
install_state_id:
name: install_state_id
description: The normalized install state ID of the kb article.
recommended: true
is_superseded:
name: is_superseded
description: The kb article has been replaced by another.
os:
name: os
description: The operating system the kb article applies.
recommended: true
product:
name: product
description: The product details the kb article applies.
severity:
name: severity
description: The severity of the kb article.
recommended: true
size:
name: size
description: The size in bytes for the kb article.
src_url:
name: src_url
description: The kb article link from the source vendor.
title:
name: title
description: The title of the kb article.
recommended: true
uid:
name: uid
description: The unique identifier for the kb article.
recommended: true
rules:
- postconditions:
any_of:
- slot_conditions:
uid:
name: uid
required: true
- slot_conditions:
src_url:
name: src_url
required: true
description: 'OCSF at_least_one: at least one of [''uid'', ''src_url''] must be
set.'
Induced
name: KbArticle
annotations:
ocsf_constraints:
tag: ocsf_constraints
value: '{"at_least_one": ["uid", "src_url"]}'
description: The KB Article object contains metadata that describes the patch or update.
in_subset:
- objects_subset
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- KB Article
is_a: Object
slot_usage:
avg_timespan:
name: avg_timespan
description: The average time to patch.
bulletin:
name: bulletin
description: The kb article bulletin identifier.
classification:
name: classification
description: The vendors classification of the kb article.
created_time:
name: created_time
description: The date the kb article was released by the vendor.
install_state:
name: install_state
description: The install state of the kb article.
recommended: true
install_state_id:
name: install_state_id
description: The normalized install state ID of the kb article.
recommended: true
is_superseded:
name: is_superseded
description: The kb article has been replaced by another.
os:
name: os
description: The operating system the kb article applies.
recommended: true
product:
name: product
description: The product details the kb article applies.
severity:
name: severity
description: The severity of the kb article.
recommended: true
size:
name: size
description: The size in bytes for the kb article.
src_url:
name: src_url
description: The kb article link from the source vendor.
title:
name: title
description: The title of the kb article.
recommended: true
uid:
name: uid
description: The unique identifier for the kb article.
recommended: true
attributes:
avg_timespan:
name: avg_timespan
description: The average time to patch.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Average Timespan
rank: 1000
alias: avg_timespan
owner: KbArticle
domain_of:
- Advisory
- KbArticle
range: Timespan
bulletin:
name: bulletin
description: The kb article bulletin identifier.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Patch Bulletin
rank: 1000
alias: bulletin
owner: KbArticle
domain_of:
- Advisory
- KbArticle
range: string
classification:
name: classification
description: The vendors classification of the kb article.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Classification
rank: 1000
alias: classification
owner: KbArticle
domain_of:
- Advisory
- KbArticle
- LoadBalancer
- DroneFlightsActivity
range: string
created_time:
name: created_time
description: The date the kb article was released by the vendor.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Created Time
rank: 1000
alias: created_time
owner: KbArticle
domain_of:
- Osint
- RelatedEvent
- Sbom
- Scim
- Session
- Sso
- Token
- Whois
- Resource
- Advisory
- AuthenticationToken
- Certificate
- Cve
- Database
- Databucket
- DigitalSignature
- Enrichment
- Epss
- File
- FindingObject
- FindingInfo
- Job
- KbArticle
- LdapPerson
- ProcessEntity
- Table
- Device
range: TimestampT
install_state:
name: install_state
description: The install state of the kb article.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Install State
rank: 1000
alias: install_state
owner: KbArticle
domain_of:
- Advisory
- KbArticle
range: string
recommended: true
install_state_id:
name: install_state_id
annotations:
sibling:
tag: sibling
value: install_state
description: The normalized install state ID of the kb article.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Install State ID
rank: 1000
alias: install_state_id
owner: KbArticle
domain_of:
- Advisory
- KbArticle
range: InstallStateIdEnum
recommended: true
is_superseded:
name: is_superseded
description: The kb article has been replaced by another.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- The patch is superseded.
rank: 1000
alias: is_superseded
owner: KbArticle
domain_of:
- Advisory
- KbArticle
range: boolean
os:
name: os
description: The operating system the kb article applies.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- OS
rank: 1000
alias: os
owner: KbArticle
domain_of:
- Advisory
- Endpoint
- KbArticle
range: Os
recommended: true
product:
name: product
description: The product details the kb article applies.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Product
rank: 1000
alias: product
owner: KbArticle
domain_of:
- RelatedEvent
- Sbom
- Advisory
- Cve
- File
- FindingObject
- FindingInfo
- KbArticle
- Logger
- Metadata
- TransformationInfo
- SoftwareInfo
range: Product
severity:
name: severity
description: The severity of the kb article.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Severity
rank: 1000
alias: severity
owner: KbArticle
domain_of:
- Osint
- RelatedEvent
- VendorAttributes
- Vulnerability
- Check
- Cvss
- KbArticle
- Malware
- BaseEvent
range: string
recommended: true
size:
name: size
description: The size in bytes for the kb article.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Size
rank: 1000
alias: size
owner: KbArticle
domain_of:
- Advisory
- Container
- DataClassification
- Database
- Databucket
- Email
- File
- KbArticle
- Table
- MalwareScanInfo
- MemoryActivity
range: integer
src_url:
name: src_url
description: The kb article link from the source vendor.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Source URL
rank: 1000
alias: src_url
owner: KbArticle
domain_of:
- Osint
- Package
- Ticket
- Advisory
- Cvss
- Cwe
- D3fTactic
- D3fTechnique
- DataClassification
- Enrichment
- FindingObject
- FindingInfo
- KbArticle
- Mitigation
- SubTechnique
- Tactic
- Technique
- IncidentProfile
- IncidentFinding
range: UrlT
title:
name: title
description: The title of the kb article.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Title
rank: 1000
alias: title
owner: KbArticle
domain_of:
- RelatedEvent
- Ticket
- Vulnerability
- Advisory
- Cve
- FindingObject
- FindingInfo
- KbArticle
range: string
recommended: true
uid:
name: uid
description: The unique identifier for the kb article.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Unique ID
rank: 1000
alias: uid
owner: KbArticle
domain_of:
- Osint
- Package
- ProgrammaticCredential
- RelatedEvent
- Request
- Sbom
- Scim
- Script
- Session
- Span
- Sso
- Ticket
- Token
- Trace
- Entity
- Resource
- Account
- Advisory
- Agent
- AiModel
- Aircraft
- Analytic
- ApplicationObject
- Assessment
- Certificate
- Check
- ClassifierDetails
- Container
- Cve
- Cwe
- D3fTactic
- D3fTechnique
- DataClassification
- Database
- Databucket
- DomainContact
- Edge
- Email
- Endpoint
- Evidences
- Extension
- Feature
- File
- FindingObject
- FindingInfo
- Graph
- Group
- HttpRequest
- Idp
- Image
- KbArticle
- LoadBalancer
- Logger
- Malware
- ManagedEntity
- MessageContext
- Metadata
- Mitigation
- NetworkConnectionInfo
- NetworkEndpoint
- NetworkInterface
- Node
- Organization
- PeripheralDevice
- Policy
- ProcessEntity
- Product
- QueryInfo
- Reporter
- Rule
- Scan
- Service
- SubTechnique
- Table
- Tactic
- Technique
- Trait
- TransformationInfo
- UnmannedAerialSystem
- User
- WebResource
- Device
- WinResource
range: string
recommended: true
rules:
- postconditions:
any_of:
- slot_conditions:
uid:
name: uid
required: true
- slot_conditions:
src_url:
name: src_url
required: true
description: 'OCSF at_least_one: at least one of [''uid'', ''src_url''] must be
set.'