docs/ref/modules/vulnerability-scanner/flatbuffers.md
The Vulnerability Detector makes use of the FlatBuffers tool. FlatBuffers is a library that enables high-performance data serialization and deserialization without the need of unpacking or parsing, providing direct access to the required information.
Although the synchronization events received by Remoted are in JSON format, the event data needs to be augmented with additional agent context within this module. As a result, deserializing and re-serializing the data becomes unavoidable.
Another key use of FlatBuffers in the Vulnerability Detector module is for vulnerability feeds processing, specifically those following the CVE5 schema. In this case, FlatBuffers are used to avoid the deserialization overhead during scanning.
Due to the nature of FlatBuffers, the deserialization cost is significantly lower compared to JSON, regardless of the JSON library used. This makes FlatBuffers particularly well-suited for scanning operations, where deserialization performance is a critical factor.
| Table | Field | Type | Description |
|---|---|---|---|
| AgentInfo | agent_id | string | Unique identifier of the agent, e.g., "001". |
| agent_ip | string | IP address of the agent. | |
| agent_name | string | Name assigned to the agent. | |
| agent_version | string | Version of the agent software, e.g., "v4.10.2". |
| Table | Field | Type | Description |
|---|---|---|---|
| Delta | agent_info | AgentInfo | Information about the agent. |
| data | Provider | Data changes in the agent. | |
| operation | string | Type of operation performed (e.g., INSERTED, MODIFIED, DELETED). |
| Table | Type | Description |
|---|---|---|
| Provider (Union) | dbsync_osinfo | Host operating system. |
| dbsync_packages | Installed packages. | |
| dbsync_hotfixes | Installed hotfixes. |
| Table | Field | Type | Description |
|---|---|---|---|
| dbsync_hotfixes | hotfix | string | Name or identifier of the applied hotfix. |
| dbsync_osinfo | hostname | string | System hostname. |
| architecture | string | CPU architecture (e.g., x86_64, ARM). | |
| os_name | string | Operating system name. | |
| os_version | string | Full OS version. | |
| os_codename | string | OS codename (if applicable). | |
| os_major | string | Major version number. | |
| os_minor | string | Minor version number. | |
| os_patch | string | Patch level of the OS. | |
| os_build | string | Build number of the OS. | |
| os_platform | string | Platform name (e.g., Debian, RedHat). | |
| sysname | string | System kernel name. | |
| release | string | Kernel release version. | |
| version | string | Kernel version. | |
| os_release | string | Distribution-specific release information. | |
| os_display_version | string | Human-readable OS version. | |
| dbsync_packages | name | string | Package name. |
| version | string | Package version. | |
| vendor | string | Vendor or maintainer of the package. | |
| install_time | string | Installation timestamp. | |
| location | string | Path where the package is installed. | |
| architecture | string | Package architecture. | |
| groups | string | Package category or group. | |
| description | string | Description of the package. | |
| size | long | Size of the package in bytes. | |
| priority | string | Priority of the package. | |
| multiarch | string | Multiarchitecture support. | |
| source | string | Source of the package. | |
| format | string | Format of the package. | |
| item_id | string | Unique identifier for the package entry. |
| Table | Field | Type | Description |
|---|---|---|---|
| SyncMsg | agent_info | AgentInfo | Event type description. |
| data | DataUnion | Data changes in the agent. |
| Table | Type | Description |
|---|---|---|
| DataUnion (Union) | state | Network interfaces description. |
| integrity_clear | Hardware information. |
| Table | Field | Type | Description |
|---|---|---|---|
| state | attributes | AttributesUnion | Aggregated attributes of the entity. |
| index | string | Index of the entity. | |
| path | string | Absolute path of the file or registry entry. | |
| value_name | string | Name of the registry value. | |
| arch | string | System architecture (x86, x64). |
| Table | Type | Description |
|---|---|---|
| AttributesUnion | syscollector_hotfixes | Equivalent to dbsync_programs. |
| syscollector_osinfo | Equivalent to dbsync_osinfo . | |
| syscollector_packages | Equivalent to dbsync_packages . |
| Table | Field | Type | Description |
|---|---|---|---|
| integrity_clear | attributes_type | string | Removes information for specific provider |