IVR Schema

The tables in this section provide detailed information about IVR schema.

Table 1. IVR.schemaThe IVR.schema table provides the information on the schema version.
Name	Type	Description
`version`	nvarchar(10)	This is the version of the schema.

Table 2. IVR.findingsThe `IVR.findings` table stores the number of findings based on a device and vulnerability mapping.
Name	Type	Description
`port`	int	Part of unique key for a finding.
`protocol`	nvarchar(32)	Part of unique key for a finding.
`global_computer_id` (FK)	bigint	The unique computer ID assigned by Insights to a machine. References: dbo.datasource_devices
`vulnerability_id` (FK)	nvarchar(50)	ID of the vulnerability as assigned by IVR (This will be defined as: QID, Plugin_Id or CVE). In the case of a CVE being used as a Vulnerability_ID, the ParentID should be a QID or PluginId. References: IVR.vulnearbilities
`source_hash` (PK)	nvarchar(8)	Hash of the adapter configuration, which allows for purging of records based upon configuration change.
`custom_severity`	int	Nullable
`device_correlation_score`	int	Calculated Coorelation Confidence score (This is represented as a weighted score, the higher the score the higher the confidence is around the coorelation of the associated computer). Value calculated based on cvss_base*applicable_computers as 'weighted score'.
`first_detected`	datetime2(0), null	Time stamp for first detection.
`last_detected`	datetime2(0), null	Time stamp for last detection.
`last_fixed`	datetime2(0), null	Time stamp when the vulnerability was last confirmed as not vulnerable.
`results`	nvarchar(1024), null	This is provided by the IVR datasource and may contain a brief description as to why the vulnerability has been identified.
`sequence`	timestamp, not null	System generated unique number to identified delta changes.

Table 3. IVR.VulnerabilitiesThe `IVR.vulnerabilities` table stores vulnerability details.
Name	Type	Description
`vulnerability_id`	nvarchar(50), not null	ID of the vulnerability. Possible ID references include Tenable Plugin ID, Qualys ID (QID), or CVE ID. In the case that a vulnerability_id is a CVE, the ParentID field should be a Tenable Plugin ID or QID that maps to the vulnerability_id. References: IVR.vulnerability_fixlet_nexus
`parent_id`	nvarchar(50), null	Parent_ID facilitates the hierarchy between QID/PluginID and CVEs. It will be a QID or PluginID, when a CVE is represented by the Vulnerability ID.
`source_hash`	nvarchar(8), not null	Hash of the adapter's configuration, which allows for purging of records based upon configuration change.
`cve`	nvarchar(50), null	CVE ID of a given vulnerability. (Tenable: note plugin id's are not singularly represented by a CVE, there is an individual record for CVEs as well.) Qualys: provides vulnerabilty ID.
`title`	nvarchar(150), null	Vulnerability title as defined by Tenable or Qualys.
`type`	nvarchar(50), null	Vulnerability Type. Possible values for Qualys include: "potential vulnerability", or "information". Tenable: no data represented.
`vendor_rating`	nvarchar(50), null	Represents the external rating of the vulnerability to facilitate prioritization. If the data source is Tenable, this field will refer to the Tenable Vulnerability Priority Rating (VPR). If the data source is Qualys, this field will refer to the Qualys Severity rating.
`severity`	nvarchar(50), null	The Fixlet severity. Possible Qualys values: 1- minimal, 2 - medium, 3 - serious, 4 - critical, 5 - urgent. For reference, please see: https://qualysguard.qg2.apps.qualys.com/qwebhelp/fo_portal/knowledgebase/severity_levels.htm Tenable values: 0 - information, 1-4 Low, 5-6 Medium, 7-9 High, 10 - Critical
`cvss_base`	float, null	Common Vulnerability Scoring System (CVSS) base score calculated according to the formula defined here: https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator. Note that this field is based on CVSS v2.
`cvss_temporal`	float, null	Common Vulnerability Scoring System (CVSS) temporal score metric calculated according to the formula defined here: https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator. Note that this field is based on CVSS v2.
`cvss_severity`	nvarchar(50), null	Severity ratings for CVSS v2 base score ranges. Possible values include "low", "medium", "high". Please refer to the following link for more information: https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator. Note that this field is based on CVSS v2.
`cvss3_base`	float, null	Common Vulnerability Scoring System (CVSS) base score calculated according to the formula defined here: https://nvd.nist.gov/vuln-metrics/cvss. Qualys: no data represented.
`cvss3_temporal`	float, null	Common Vulnerability Scoring System (CVSS) temporal score value calculated according to the formula defined here: https://nvd.nist.gov/vuln-metrics/cvss. Note that this field is based on CVSS v3.
`cvss3_severity`	nvarchar(50), null	Severity ratings for CVSS v3 base score ranges. Possible values include "none", "low", "medium", "high", "critical". Please refer to the following link for more information: https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator, https://nvd.nist.gov/vuln-metrics/cvss. Note that this field is based on CVSS v3.
`impact`	nvarchar(max), null	Impact includes a description of the possible consequences that may occur if the vulnerability is successfully exploited. Note, this value is truncated to 150 characters in the Insights database.
`solution`	nvarchar(max), null	The Solution section provides a suggested solution to fix the vulnerability or a reference defering to the vendor.
`exploitability`	nvarchar(max), null	Exploitability information correlates with detected vulnerabilities when known exploits are pulished.
`category`	varchar(150), null	The value of the category.Every vulnerability is mapped to one vulnerability category, typically this represents the type of software or operating system that is affected.
`description`	nvarchar(max), null	Summarized description of the vulnerability as defined by Tenable or Qualys.
`date_published`	datetime2(0), null	The date when the vulnerability is published.
`last_updated`	datetime2(0), null	Date record was last updated.
`source_adapter_type`	int, not null	For Qualys the value is 1 , for Tenable IO the value is 2, for Tenable SC the value is 3 and for Insights the value is 4.
`sequence`	timestamp, not null	Internal field. Database-generated row identifier. Changes to the row results in a default change to this value.

Table 4. IVR.vulnerability_fixlet_nexusThe `IVR.vulnerability_fixlet_nexus` table stores vulnerability fixlet mapping with weighted score.
Name	Type	Description
`vulnerability_id`	nvarchar(50), not null	ID of the vulnerability as assigned by UVM (This will be defined as: QID, Plugin_Id or CVE). In the case of a CVE being used as a Vulnerability_ID, the ParentID should be a QID or PluginId.
`global_fixlet_id`	bigint, not null	The fixlet id coorelates to the insights datasource fixlet id. References: dbo.datasource_fixlets, dbo.fixlet_dimensions
`source_hash`	nvarchar(8), not null	This is the sourcehash of the adapter to confirm ingestion parameters.
`parent_id`	nvarchar(50), null	Parent_ID facilitates the hierarchy between QID/PluginID and CVEs. It will be a QID or PluginID, when a CVE is represented by the Vulnerability ID.
`weighted_score`	bigint, null	Value calculated based on cvss_base*applicable_computers as 'weighted score'.
`sequence`	timestamp, not null	Internal field. Database-generated row identifier. Changes to the row results in change to this value.

Table 5. IVR.metricsThe `IVR.metrics` table is used for logging the dataflow execution stats and maintain history of the executions. The table provides detailed description of the columns in the table.
Name	Type	Description
`start_time`	datetime2(0), not null	Start time of the dataflow execution
`end_time`	datetime2(0), not null	End time of the dataflow execution
`duration_min`	decimal(6,2), not null	Total duration of the dataflow execution in minutes
`status`	tinyint, not null	Status of the dataflow execution, 1 - Successful , 0 - Unsuccessful
`source_adapter_type`	int, not null	For Qualys the value is 1 , for Tenable IO the value is 2, for Tenable SC the value is 3 and for Insights the value is 4.
`source_adapter_id`	varchar(50), not null	Hashvalue of the data source in the dataflow execution

Table 6. Vulnerability_nexus_deletionThe Vulnerability_nexus_deletion table stores the data of vulnerability which got deleted or reactivated from vulnerability_fixlet_nexus table.
Name	Type	Description
`vulnerability_id`	nvarchar(50), not null	ID of the vulnerability as assigned by UVM (This will be defined as: QID, Plugin_Id or CVE). In the case of a CVE being used as a Vulnerability_ID, the ParentID should be a QID or PluginId.
`global_fixlet_id`	bigint, not null	The fixlet id coorelates to the insights datasource fixlet id. References: dbo.datasource_fixlets, dbo.fixlet_dimensions
`source_hash`	nvarchar(8), not null	This is the sourcehash of the adapter to confirm ingestion parameters.
`parent_id`	nvarchar(50), null	Parent_ID facilitates the hierarchy between QID/PluginID and CVEs. It will be a QID or PluginID, when a CVE is represented by the Vulnerability ID.
`deleted`	bit DEFAULT 1	If deleted flag is set to 1, it represent vulnerability as deleted. If flag set to 0, which means vulnerability got activated.
`date_published`	datetime2(0)	The date when the vulnerability entry is published in the vulnerability nexus deletion table.
`last_updated`	datetime2(0)	The date when vulnerability entry got update in the vulnerability nexus deletion table
`sequence`	timestamp, not null	Internal field. Database-generated row identifier. Changes to the row results in change to this value.

Figure 1. Vulnerability Remediation Schema