SaltMiner uses indices which are denormalized, especially when considering the issues indices; however, data is kept for things other than simply issues. The Schema documentation describes each of these indices, their purpose and their structure. The diagram below shows a high level of their logical arrangement.
In the SaltMiner structure each index is maintained to keep its relevant information, for example the issues indicex stores issue specific details, the scans* indices store information about the scans that have been run and so on. In addition some information flows up and down the data structure. For example, inventory_assets stores attributes about the “system” the child assessments, scans and issue “belong” to. If the system is an online web application it might have business level attributes like the business unit, technical owner, risk classification, etc. that applies to the entire web application system. The system information is stored in the inventory_assets indices and is linked to scans from various sources, penetration tests and the issues related to the various assessment types.
- inventory_asset is where application inventory level information is combined from any inventories that may be in use and these attributes are propagated down to any child indices based on mapping a key field from the inventory_asset document to the child documents using enrichment.
- engagements is where information is stored about a manual assessment such as a PenTest Engagement. It contains information which is based on the matching inventory_asset.
- snapshots_<type_<source> indices contain historical data about scans from different sources