You can import findings from XML to the Cyver Core portal. To ensure your import is successful, use the following formatting on your file:
You can also download a sample XML template from the Cyver Core portal when you go to import findings.
| Field | Values | Example |
| Code | default: auto-generated | <Code>F-2023-3840</Code> |
| Title (Required field) | <Title>.NET Deserialization Remote Code Execution</Title> | |
| Type | Vulnerability Observation | <Type>Vulnerability</Type> |
| Assets | <Assets> <Asset> <Domain/> <Title>10.211.55.3</Title> <Ip>10.211.55.3</Ip> <Type>Other</Type> </Asset> </Assets> | |
| Description | <Description>Description Text String</Description> | |
| Occurrence | <Occurrence>New</Occurrence> <Occurrence>Reoccurrence</Occurrence> | |
| Labels | <Labels> <Label> <Guid>eeea2c11-01d7-48c0-b559-2b56b9f2aea7</Guid> <Text>label_name</Text> <Type>Finding</Type> </Label> </Labels> | |
| Severity | Info Low Medium High Critical default: Info | <Severity>Low</Severity> |
| CVSS20Score | <CVSS20Score xmlns:p3="http://www.w3.org/2001/XMLSchema-instance" p3:nil="true"/> | |
| CVSS20Vector | <CVSS20Vector>CVSS:2.0/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L</CVSS20Vector> | |
| CVSS30Score | <CVSS30Score xmlns:p3="http://www.w3.org/2001/XMLSchema-instance" p3:nil="true"/> | |
| CVSS30Vector | <CVSS30Vector>CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L</CVSS30Vector> | |
| CVSS31Score | <CVSS31Score>2.7</CVSS31Score> | |
| CVSS31Vector | <CVSS31Vector>CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L</CVSS31Vector> | |
| CVSS40Score | <CVSS40Score xmlns:p3="http://www.w3.org/2001/XMLSchema-instance" p3:nil="true"/> | |
| CVSS40Vector | <CVSS40Vector>CVSS:4.0/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L</CVSS40Vector> | |
| Impact | 0 1 2 3 4 5 default: 0 | <Impact>1</Impact> |
| ImpactDescription | <ImpactDescription>Impact Description Text String</ImpactDescription> | |
| Likelihood | 0 1 2 3 4 5 default: 0 | <Likelihood>1</Likelihood> |
| LikelihoodDescription | <LikelihoodDescription>Likelihood Description Text String</LikelihoodDescription> | |
| VulnerabilityTypes | DoS CodeExecution Overflow MemoryCorruption SqlInjection XSS DirectoryTraversal HttpResponseSplitting BypassSomething GainInformation GainPrivileges CSRF FileInclusion | < VulnerabilityTypes > <Code>CodeExecution</Code> </VulnerabilityTypes> |
| CWEList | for example: CWE-1; CWE-721 | <CWEList> <Code>CWE-2</Code> </CWEList> |
| CVEList | for example: CVE-1; CVE-721 | <CVEList> <Code>CVE-2023 0005</Code> </CVEList> |
| MITRE ATT&CK Techniques | <MITREATT&CKTechniques><Code> TA1014</Code> </MITREATT&CKTechniques> | |
| MITRE ATT&CK Mitigations | <MITREATT&CKMitigations><Code> M1015</Code> </MITREATT&CKMitigations> | |
| MITRE ATT&CK Tactics | <MITREATT&CKTactics><Code> TA0005</Code> </MITREATT&CKTactics> | |
| Controls | <Controls> <Control> <Code>A01:2017</Code> <ControlGroup> <Code>A01:2017</Code> <ComplianceNorm> <Code/> </ComplianceNorm> </ControlGroup> </Control> </Controls> | |
| Compliance Status | ||
| Compliance Comment | ||
| BackgroundInformation | <BackgroundInformation>Background Information Text String</BackgroundInformation> | |
| Recommendation | <Recommendation>Recommendation Text String</Recommendation> | |
| External References | <ExternalReferences> <ExternalUrl> </ExternalReferences> | |
| Status | Draft PendingFix Fixed ReadyRetest Accepted ToReview Reviewed default: Draft | <Status>PendingFix</Status> |
| Evidence Title | <Evidences> <Evidence> <Title>Evidence Title</Title> </Evidence> </Evidences> | |
| Evidence Location | <Evidences> <Evidence> <Title>Evidence Location</Title> </Evidence> </Evidences> | |
| Evidence Version | <Evidences> <Evidence> <Title>Evidence Version</Title> </Evidence> </Evidences> | |
| Evidence Reproduction | <Evidences> <Evidence> <Title>Evidence Reproduce</Title> </Evidence> </Evidences> | |
| Evidence Results | <Evidences> <Evidence> <Title>Evidence Results</Title> </Evidence> </Evidences> | |
| Evidence Issue Details | <Evidences> <Evidence> <Title>Evidence Issue Details</Title> </Evidence> </Evidences> |
Fields like Days Open, Assignee, Closed on, Review on, Published on, Visible to client display only when exporting Findings.
Important Notes & Limitations
- The maximum number of findings that can be imported in a single upload is 5,000 findings.
- If your file exceeds this limit, the import may fail depending on the selected import options (e.g., aggregation settings or filtering by severity).