Guides
/
Provider Translations
/
Vulnerabilities Nucleus Translations

Nucleus & OCSF Mappings

This document provides a detailed mapping of fields between Nucleus data and the OCSF schema. It includes mappings for both assets and findings, with sections for searching (Nucleus to OCSF) and creating/updating (OCSF to Nucleus).

1. Assets

1.1 Search Assets

  • Example JSON Path: services/engine/service/providers/nucleus/sampleEvents/assets/asset.json
  • Purpose: Maps asset-related data from Nucleus to OCSF for asset discovery and inventory.
NucleusOCSF
asset_iddevice.instance_uid
asset_namedevice.hostname
ip_addressdevice.ip
mac_addressdevice.mac
operating_system_namedevice.os.name
operating_system_versiondevice.os.version
scan_datedevice.last_seen_time

1.2 Create Asset

  • Example JSON Path: services/engine/service/providers/nucleus/sampleEvents/assets/asset_create.json
  • Purpose: Maps asset data from OCSF to Nucleus for creating new asset records.
OCSFNucleus
device.hostnameasset_name
device.ipip_address
device.macmac_address
device.os.nameoperating_system_name
device.os.versionoperating_system_version
device.network_interfaces.hostnameasset_name_secondary
device.network_interfaces.ipip_address_secondary

1.3 Update Asset

  • Example JSON Path: services/engine/service/providers/nucleus/sampleEvents/assets/asset_update.json
  • Purpose: Maps updated asset data from OCSF to Nucleus for updating existing asset records.
OCSFNucleus
device.network_interfaces.hostnameasset_name_secondary
device.network_interfaces.ipip_address_secondary
device.macmac_address
device.os.nameoperating_system_name
device.os.versionoperating_system_version

2. Findings

2.1 Search Findings

  • Example JSON Path: services/engine/service/providers/nucleus/sampleEvents/findings/finding.json
  • Purpose: Maps finding-related data from Nucleus to OCSF for security analysis.
NucleusOCSF
finding_numberfinding.uid
finding_namefinding.title
finding_descriptionfinding.desc
scan_datetime
scan_datefinding.scan_date
finding_discoveredfinding.first_seen_time
scan_datefinding.last_seen_time
finding_recommendationfinding.remediation.desc
finding_severityseverity
finding_severityseverity_id
finding_statestate
finding_statestate_id
finding_statusactivity_id
finding_statusactivity_name
finding_statustype_uid
finding_statustype_name
finding_cvevulnerabilities[].cve.uid
finding_referencesvulnerabilities[].references
asset_idresources[].uid
asset_nameresources[].name
ip_addressresources[].data.ip
finding_portresources[].data.port
finding_pathresources[].data.path

2.2 Create Finding

  • Example JSON Path: services/engine/service/providers/nucleus/sampleEvents/findings/finding_create.json
  • Purpose: Maps finding data from OCSF to Nucleus for creating new finding records.
OCSFNucleus
resources.index(0).uidhost_id
finding.titlecustom_finding_name
finding.desccustom_finding_description
finding.remediation.desccustom_finding_recommendation
finding.first_seen_timefinding_discovered

2.3 Update Finding

  • Example JSON Path: services/engine/service/providers/nucleus/sampleEvents/findings/finding_update.json
  • Purpose: Maps updated finding data from OCSF to Nucleus for updating existing finding records.
OCSFNucleus
finding.severityfinding_severity
finding.statefinding_status
unmapped.due_datedue_date
unmapped.commentcomment
Previous page