Dashboard Schema

ReportingConfig

Dashboard

type

object

properties

  • rows

rows

The rows of the dashboard.

type

array

examples

 
rows:
  - name: "CVEs by severity"
    panels:
      - cypher: cves-by-severity
        details_cypher: cves-by-severity-details
        type: count
        params:
          base_severity: CRITICAL
        caption: Critical CVEs
        size: 2

items

type

object

Row

additionalProperties

False

Row

type

object

properties

  • name

name

The name of the row; shown as title above the row.

type

string

examples

CVEs

  • panels

panels

The panels to show in the row.

type

array

examples

 
panels:
  - cypher: cves-by-severity
    details_cypher: cves-by-severity-details
    type: count
    params:
      base_severity: CRITICAL
    caption: Critical CVEs
    size: 2

items

type

object

Panel

additionalProperties

False

Panel

type

object

properties

  • type

_type

The type of panel to use.

type

string

enum

table, vertical-table, count, bar, pie, progress, oncall-table, markdown

examples

table

  • bar_settings

Settings specific to bar panels.

type

object

examples

 
bar_settings:
  legend: column

default

legend

null

BarPanelSettings

  • caption

caption

The caption to use for the panel.

type

string / null

examples

Critical CVEs

default

null

  • cypher

cypher

A reference to a cypher from the cypher section of the configuration.

type

string / null

examples

cves

default

null

  • details_cypher

details_cypher

A reference to a cypher from the cypher section of the configuration. Must return details. Used in the details section of the panel, as a table.

type

string / null

examples

cves-details

default

null

  • markdown

markdown

The markdown to use for the panel. Only used for type markdown.

type

string / null

examples

 
## Affects

Versions x.x.x - x.x.x

## Recommended action

Upgrade to the latest version of the software.

default

null

  • markdown_settings

Settings specific to markdown panels.

type

object

examples

 
markdown_settings:
  variables:
    - name: cves
      cypher: cves-total

default

variables

MarkdownPanelSettings

  • metric

metric

The statsd metric to send from the panel data. Only used for count and progress panels.

type

string / null

examples

cves.severity

default

null

  • params

params

A list of parameters to send into the query. The parameters can directly have values, or can be a reference to an input.

type

array

examples

 
params:
  - name: severity
    input_id: cve_base_severity
  - name: integrityImpact
    value: HIGH

items

type

object

PanelParam

  • pie_settings

Settings specific to pie panels.

type

object

examples

 
pie_settings:
  legend: column

default

legend

null

PiePanelSettings

  • size

size

The size of the panel.

type

number / null

examples

2.0

default

2.0

format

float

  • table_id

table_id

The cypher attribute to use for the table’s unique ID, if using a type of table or vertical-table. If not set, a random ID will be generated. A table_id should be set for vertical-table, or the panel will have a random ID used as the caption.

type

string / null

examples

cve_id

default

null

  • threshold

threshold

The size of the panel.

type

number / null

examples

70

default

null

format

float

additionalProperties

False

BarPanelSettings

type

object

properties

  • legend

legend

The type of legend to use; row or column. If unset, then no legend will be used.

type

string / null

default

null

additionalProperties

False

MarkdownPanelSettings

type

object

properties

  • variables

variables

Variables to inject into markdoc, for use within the markdown.

type

array

items

type

object

MarkdownPanelSettingsVariables

additionalProperties

False

MarkdownPanelSettingsVariables

type

object

properties

  • cypher

cypher

A reference to a cypher from the cypher section of the configuration.

type

string

examples

cves

  • name

name

The variable name to be used within the markdown.

type

string

  • params

params

A list of parameters to send into the query. The parameters can directly have values. Currently does not support inputs.

type

array

examples

 
params:
  - name: integrityImpact
    value: HIGH

items

type

object

PanelParam

additionalProperties

False

PanelParam

type

object

properties

  • input_id

input_id

Reference to the query in the inputs section.

type

string / null

examples

cve_base_severity

default

null

  • name

name

The parameter name to use when passing this input into the query.

type

string

examples

severity

  • value

The parameter value to pass into the query.

examples

 
params:
  - name: integrityImpact
    value: HIGH

additionalProperties

False

PiePanelSettings

type

object

properties

  • legend

legend

The type of legend to use; row or column. If unset, then no legend will be used, and arc labels will be used instead.

type

string / null

default

null

additionalProperties

False

Report

type

object

properties

  • inputs

inputs

The inputs to use for the report.

type

array

examples

 
inputs:
  - input_id: cve_base_severity
    cypher: |-
      MATCH (c:CVE)
      RETURN c.base_severity AS base_severity
    default:
      label: (all)
      value: .*
    label: Base Severity
    type: autocomplete
    size: 2

items

type

object

Input

  • name

name

The name of the report.

type

string

examples

CVEs

  • rows

rows

The rows of the report.

type

array

examples

 
rows:
  - name: "CVEs"
    panels:
      - cypher: cves
        type: table
        params:
          - name: severity
            input_id: cve_base_severity
        size: 12

items

type

object

Row

additionalProperties

False

Input

type

object

properties

  • type

_type

The type of input to use.

type

string

enum

autocomplete, text

examples

autocomplete

  • cypher

cypher

The Cypher query to execute. Must return value.

type

string / null

examples

 
MATCH (c:CVE)
RETURN DISTINCT c.base_severity AS value

default

null

  • default

The default value to set if no value is selected.

type

object

examples

 
label: (all)
value: .*

default

InputDefault

  • input_id

input_id

Reference to the query in the inputs section.

type

string

examples

cve_base_severity

  • label

label

The label to use for the select element.

type

string

examples

CVE base severity

  • size

size

The size of the input element.

type

number / null

examples

2.0

default

2.0

format

float

additionalProperties

False

InputDefault

type

object

properties

  • label

label

The label for the default.

type

string

  • value

value

The value for the default.

type

string

additionalProperties

False

ScheduledQuery

type

object

properties

  • actions

actions

The actions to perform when the scheduled query is triggered.

type

array

examples

 
actions:
  - action_type: slack
    title: Recently published HIGH/CRITICAL CVEs
    initial_comment: |
      The following HIGH/CRITICAL CVEs have been published in the last 24 hours.
    channels:
      - C0000000000

items

type

object

ScheduledQueryAction

  • cypher

cypher

The cypher to use for the scheduled query.

type

string

examples

recent-cves

  • enabled

enabled

Whether the scheduled query should be enabled. If not set, the scheduled query will be enabled.

type

boolean / null

examples

true

default

True

  • frequency

frequency

The frequency of the scheduled query in minutes. Mutually exclusive with watch_scans.

type

integer / null

examples

1440

default

null

  • name

name

The name of the scheduled query.

type

string

examples

Recently published HIGH/CRITICAL CVEs

  • params

params

A dictionary of parameters to pass to the cypher query. The keys are the variable names, and the values are the values to pass.

type

array

examples

 
params:
  - name: syncedtype
    value:
      - recent
  - name: base_severity
    value:
      - HIGH
      - CRITICAL

items

type

object

ScheduledQueryParam

  • watch_scans

watch_scans

The scans to watch for the scheduled query. Based on SyncMetadata. Query will triger if any of the watched scans listed are updated. Mutually exclusive with frequency.

type

array

examples

 
watch_scans:
  - grouptype: CVE
    syncedtype: recent
  - grouptype: CVE
    syncedtype: modified

items

type

object

ScheduledQueryWatchScan

additionalProperties

False

ScheduledQueryAction

type

object

properties

  • action_config

The configuration for the action. See the documentation for the relevant scheduled query module for information about the configuration needed for each action type.

examples

 
action_config:
  webhook_url: https://hooks.slack.com/services/T00000000/B00000000/XXXXXXXXXXXXXXXXXXXXXXXX
  channel: #cve
  username: CVE
  icon_emoji: :cve:

additionalProperties

action_config

  • action_type

action_type

The type of action to perform.

type

string

examples

slack

sqs

additionalProperties

False

ScheduledQueryParam

type

object

properties

  • name

name

The parameter name to use when passing this input into the query.

type

string

examples

severity

  • value

The parameter value to pass into the query.

examples

 
params:
  - name: integrityImpact
    value: HIGH

additionalProperties

False

ScheduledQueryWatchScan

type

object

properties

  • groupid

groupid

Match against the groupid attribute of the SyncMetadata node, as a regex. If not set, the query will match against .*.

type

string / null

examples

2019

default

.*

  • grouptype

grouptype

Match against the grouptype attribute of the SyncMetadata node, as a regex. If not set, the query will match against .*.

type

string / null

examples

CVE

default

.*

  • syncedtype

syncedtype

Match against the syncedtype attribute of the SyncMetadata node, as a regex. If not set, the query will match against .*.

type

string / null

examples

year

default

.*

additionalProperties

False

ReportingConfig

type

object

properties

  • version

version

The configuration file format version.

type

integer / null

default

1

  • queries

queries

The queries to use for the report.

type

object

examples

 
queries:
  cves-severity-of-total: |-
    MATCH (c:CVE)
    WITH COUNT(DISTINCT c.id) AS denominator
    MATCH (c:CVE)
    WHERE c.base_severity = "CRITICAL"
    RETURN count(DISTINCT c.id) AS numerator, denominator
  cves-by-severity: |-
    MATCH (c:CVE)
    WHERE c.base_severity = $base_severity
    RETURN count(c.id) AS count
  cves: |-
    MATCH (c:CVE)
    WHERE c.base_severity =~ ($base_severity)
    RETURN {
      cve_id: c.id,
      base_severity: c.base_severity,
      severity: c.severity,
      description: c.description
    } AS details
    ORDER BY details.severity DESC
  recent-cves: |-
    MATCH (s:SyncMetadata)
    WHERE s.grouptype = "CVE" AND s.syncedtype IN $syncedtype
    WITH datetime({epochSeconds: s.lastupdated}) - duration({hours: 24}) AS feedupdatetime
    MATCH (c:CVE)
    WHERE (datetime(c.published_date) > feedupdatetime AND c.base_severity IN $base_severity
    RETURN {
      id: c.id,
      base_severity: c.base_severity,
      base_score: c.base_score,
      description: c.description_en
    } AS details

additionalProperties

queries

type

string

  • dashboard

The dashboard to use for the report.

type

object

examples

 
dashboard:
  rows:
    - name: CVEs by severity as percentage of total
      panels:
        - cypher: cves-severity-of-total
          type: progress
          params:
            - name: base_severity
              value: CRITICAL
          caption: Critical CVEs
          size: 2
    - name: CVEs by severity
      panels:
        - cypher: cves-by-severity
          type: count
          params:
            - name: base_severity
              value: CRITICAL
            caption: Critical CVEs
          size: 2
        - cypher: cves-by-severity
          type: count
          params:
            - name: base_severity
              value: HIGH
          caption: High CVEs
          size: 2

Dashboard

  • reports

reports

The reports to use for the report.

type

object

examples

 
reports:
  cves:
    name: CVEs
    inputs:
      - input_id: cve_base_severity
        cypher: |-
          MATCH (c:CVE)
          RETURN c.base_severity AS base_severity
        default:
          label: (all)
          value: .*
        label: Base Severity
        type: autocomplete
        size: 2
    rows:
      - name: CVEs
        panels:
          - cypher: cves
            type: table
            params:
              - name: severity
                input_id: cve_base_severity
            size: 12

additionalProperties

type

object

Report

  • scheduled_queries

scheduled_queries

The scheduled queries to use for the report.

type

object

examples

 
scheduled_queries:
  cves-by-severity:
    name: CVEs by severity
    frequency: 1440
    watch_scans:
      - grouptype: CVE
        syncedtype: recent
    actions:
      - action_type: slack
        title: Recently published HIGH/CRITICAL CVEs
        initial_comment: |
          The following HIGH/CRITICAL CVEs have been published in the last 24 hours.
        channels:
          - C0000000000

additionalProperties

type

object

ScheduledQuery

additionalProperties

False