Semantic Layer
The Semantic Layer translates raw detection data into business-friendly concepts. It provides a single source of truth for metric definitions, ensuring everyone from security engineers to compliance officers sees the same numbers.
What Is a Semantic Layer?
Raw Finding Data→Glossary Filter→Metric Engine→Business Value
Business Glossary
Each glossary term maps a business concept to a set of technical filters. When a user queries “Security Threats,” the system translates that into detector types like SECRETS, YARA, and PROMPT_INJECTION.
Findings from detectors that identify security vulnerabilities such as exposed secrets, malicious patterns, and prompt injection attempts.
Personally identifiable information detected across data sources, including SSNs, email addresses, phone numbers, and government IDs.
Findings that indicate regulatory non-compliance including GDPR data handling issues and HIPAA protected health information exposure.
Content flagged for toxicity, bias, NSFW material, or other safety concerns that could pose reputational or legal risk.
All findings classified as critical severity, regardless of detector type. These require immediate attention and remediation.
All open findings that have not yet been resolved, marked as false positive, or acknowledged by a team member.
Governed Metrics
Every metric has a single, versioned definition with governance metadata: who owns it, whether it’s certified, and which dimensions it supports.
Total count of all findings detected across all sources and detector types.
3,847
findings
Count of findings currently in OPEN status requiring review or remediation.
1,621
findings
Percentage of findings that were marked as false positives out of all reviewed findings. Lower is better.
8.2%
%
Percentage of findings that have been resolved. Measures team effectiveness at addressing detected issues.
57.8%
%
Ratio of assets with at least one finding to total assets. Indicates how thoroughly assets are being scanned.
73.4%
%
Mean confidence score across all findings. Higher values indicate more reliable detections.
0.87
score
Week-over-week change in total findings. Positive values indicate an increase in detections.
12.0%
change
Metric Types
Single aggregation over an entity. Supports COUNT, COUNT_DISTINCT, SUM, AVG, MIN, MAX.
{
"aggregation": "COUNT",
"entity": "finding",
"filters": { "statuses": ["OPEN"] }
}Divides a numerator by a denominator. Each side can be an inline definition or reference another metric.
{
"numerator": {
"aggregation": "COUNT",
"filters": { "statuses": ["FALSE_POSITIVE"] }
},
"denominator": {
"aggregation": "COUNT",
"entity": "finding"
}
}Arithmetic formula combining other metric values. Input metrics are evaluated first, then the formula is computed.
{
"formula": "open_findings * 100 / total_findings",
"inputs": ["open-findings", "total-findings"]
}Compares a base metric across two time windows to calculate period-over-period change.
{
"baseMetricSlug": "total-findings",
"compareWindow": "7d",
"currentWindow": "7d"
}Live Metric Values
Governed metrics are evaluated in real-time against the database. The cards below show sample output from the metric engine.
3,847
findings
1,621
findings
8.2%
%
57.8%
%
73.4%
%
0.87
score
Dimension Breakdowns
Metrics can be sliced by allowed dimensions. The metric engine returns both the scalar value and an optional breakdown array.
Getting Started
/semantic/glossary/new in the web app. Map a business concept to detector types, severities, or statuses. Preview how many findings match before saving./semantic/metrics/new. Choose a type (SIMPLE, RATIO, DERIVED, TREND), configure the definition, and select which dimensions can slice it./semantic/explore to interactively query metrics with glossary term scoping and dimension breakdowns.API Reference
The semantic layer exposes REST endpoints under /semantic/. See the sub-pages for detailed endpoint documentation.
| Method | Endpoint | Description |
|---|---|---|
| GET | /semantic/glossary | List all glossary terms |
| POST | /semantic/glossary | Create a glossary term |
| GET | /semantic/metrics | List all metric definitions |
| POST | /semantic/metrics | Create a metric definition |
| POST | /semantic/metrics/:slug/certify | Certify a metric (DRAFT → ACTIVE) |
| POST | /semantic/query | Evaluate a metric with filters |
| POST | /semantic/query/timeseries | Evaluate metric as time series |
| POST | /semantic/query/dashboard | Batch-evaluate dashboard metrics |