Sorry to ask such a fundamental question, but I’m not getting it.
I’ve read - Understanding the reporting data model: Overview and query design | InsightVM Documentation
Example query I want to run
Assets found in <15 days with critical
Do I use the Fact tables or the dim tables?
The fact tables are usually aggregated and only list out IDs to map to the dimension tables.
So an example fact table would show what vuln ids are on what asset id.
If you wanted more info on the asset like it’s IP or Host name then that info would come from the dimension table dim_asset. If you wanted the name of the vulnerability that was found on that asset it would also come from a dimension table dim_vulnerability.
So for your example, if you just wanted a count of how many critical vulns were found in the last 15 days you could solely reference the fact table. However if you wanted to list out the asset that it was found on and the name of the critical vuln then you would need to JOIN those dimension tables to the fact table when running your query.
great explanation!!! makes much more sense to me know! Have a great weekend