JSON Name	Description	Field Type	Example Value
schemaVersion	Schema version	String	1.0
vendor	Vendor name	String	Jamf
product	Product name	String	Vulnerability Data Stream
externalId	Optional field or fields containing identifying information from an external system, such as a UEM or MDM solution.	String (usually UUID)	Jamf Pro device ID
customerId	Customer account ID	String	6716c5c7-ed1d-43e8-884d-e0fe278599e8
userName	Name of the user	String	Tomas
userEmail	Email address of the user	String	tomas@jamf.com
deviceId	Jamf's unique identifier for the device	String (usually UUID)	JSC Device ID
deviceName	Name of the device	String	mymac
osType	Device's operating system	String (possible values: MAC_OS, IOS, IPAD_OS)	MAC_OS
osVersion	Version of the device's operating system	String	15.1.0
osPatchVersion	Rapid Security Response (RSR) version of the device's operating system	String	(a)
eventType	Type of event, indicating whether it is a new vulnerability, an updated one, remains the same, or has been remediated	String (possible values: NEW, UPDATED, SAME, REMEDIATED)	NEW
eventTimeUtcMs	Unix timestamp of the event in milliseconds	Integer (64b)	1733011200000
id	CVE: Common Vulnerabilities and Exposures ID	String	CVE-2024-xxxx
description	Description of the CVE	String	xxxx
baseScore	Score of the CVE	String	5.5
severity	Severity level of the CVE	String (possible values: NONE, LOW, MEDIUM, HIGH, CRITICAL)	MEDIUM
exploitAvailable	Indicates whether a known exploit exists for a specific CVE, signifying if the device is vulnerable to that exploit.	Boolean	true
cveDetailUrl	Link to CVE detail at nvd.nist.gov	String	https://nvd.nist.gov/vuln/detail/CVE-2024-1234
attribution	Source of vulnerability data	String (possible values: NIST_NVD, JAMF)	NIST_NVD
softwareId	ID of affected software	String	com.apple.Safari
softwareName	Name of affected software	String	Safari
softwareVersion	Version of affected software	String	16.1
timestamp	Time the event took place	String	2024-12-01T00:00:00Z