Getting to know the Perygee data structure

Perygee is built on a graph-based data model, which provides greater flexibility compared to a relational data model that is commonly used in other security products.

To help you get the most out of the Perygee platform, it’s important to understand the data structure, how the data is related, and how it can be used throughout the platform to provide rich insights about your IoT/OT environment. In this article, we define the different objects and how they are related.


Image

Defining objects within the Perygee data structure

  • Items: digital nouns that represent a standalone entity such as an asset, building, or event.
  • Attributes: adjectives that describe properties of an item. Attributes are defined with a name (e.g. Model) and a data type (e.g. Text).
  • Links: relationships between items such as “connected to” or “contained within.”
  • Item types: class or nature of an item. Item types include a name and attributes that may be relevant to a particular item. In the image above, the item type “Asset” specifies that items of that type can be identified by five attributes: IP Address, Priority, Name, Next Maintenance Date, and MAC Address.

Items
Items can be created in Perygee in three ways:

  1. Imported from a CSV file or through an integration with a third party service.
  2. Systematically through a Perygee automation.
  3. Manually by adding a new item to a table on the home page.

Items types
Item types can be created or edited by going to the admin console and then to Data Modeling > Item Types. When you’re creating or editing an item type, you can define the attributes by choosing from an existing list or by creating new attributes. Perygee doesn’t govern the item types you create or the attributes you associate with them because every organization is different so we give you complete control to customize as you see fit.

Note that you don’t have to start from scratch or do everything on your own. Perygee has created a standard list of item types and their associated attributes that are available out of the box for all customers. These item types can be edited or archived based on your data needs. The starter list of item types includes:

  • Asset
  • Asset type
  • Asset class
  • Building
  • CWE Categories
  • CVE
  • Patch type
  • Patch instance
  • Person
  • Product
  • Recall
  • Room
  • Site
  • Vendor
  • Zone

Attributes
Attributes can be created or edited by going to the admin console and then to Data Modeling > Attributes. You can also create a new attribute while you’re in the process of creating or editing an item type. As noted above, attributes have a specific data type, which is defined during creation by selecting from the following list:

  • Boolean
  • Coordinate
  • CPE definition
  • Date
  • Image URL
  • Inet array
  • IP address
  • MAC address
  • Number
  • Percent
  • Text
  • Time of day
  • Timestamp
  • User

Links
Link types can be created and managed by going to the admin console and then to Data Modeling > Links. A link type can be “Directed” or “Undirected” and it has a name that describes the relationship between two item types. In the image above, the link type is “is located in” and it’s Directed from the asset to building – asset is located in building. Other examples of link types may include:

  • Asset is instance of Product
  • Product is manufactured by Vendor
  • Asset is owned by Person