Cyver Core imports OnDefend BlindSPOT files via JSON, allowing you to manually or automatically import findings, evidence, attack paths, compliance data, and more. Whether you're using BlindSPOT for scanning, breach and attack simulation, or threat attack and response validation, you can import those files to Cyver Core.
Cyver Core also supports observations and reoccurrences to better track changes to controls. In addition, you can automatically map MITRE ATT&CK Framework details into Cyver Core.
You can automatically import BlindSPOT scan results via API or use the importer to manually add findings.
Findings Field Mapping
| Field | Values | Example |
| Code | default: auto-generated | |
| Title | { "name": "Enable Active Protections In Elastic Security (Endgame)" } | |
| Type | Vulnerability Observation | |
| Assets | "affected_hosts": [ "BLINDSPOT-VM-01" ] | |
| Description | { "description": "The Elastic Security Agent (Endgame) (ESA) has the ability to proactively protect against threats. Many of the activities that were missed were due to an improperly implemented policy." } | |
| Occurrence | ||
| Labels | ||
| Severity | Info Low Medium High Critical default: Info | { "score": "High" } |
| CVSS20Score | ||
| CVSS20Vector | ||
| CVSS30Score | ||
| CVSS30Vector | ||
| CVSS31Score | ||
| CVSS31Vector | ||
| CVSS40Score | ||
| CVSS40Vector | ||
| Impact | 0 1 2 3 4 5 default: 0 | |
| ImpactDescription | ||
| Likelihood | 0 1 2 3 4 5 default: 0 | |
| LikelihoodDescription | ||
| VulnerabilityTypes | DoS CodeExecution Overflow MemoryCorruption SqlInjection XSS DirectoryTraversal HttpResponseSplitting BypassSomething GainInformation GainPrivileges CSRF FileInclusion | |
| CWEList | for example: CWE-1; CWE-721 | |
| CVEList | for example: CVE-1; CVE-721 | |
| MITRE ATT&CK Techniques | ||
| MITRE ATT&CK Mitigations | ||
| MITRE ATT&CK Tactics | ||
| Controls | ||
| Compliance Status | ||
| Compliance Comment | ||
| BackgroundInformation | ||
| Recommendation | { "remediation": "In the Elastic console, enable the following options: - Malware Protections - Memory Threat Protections - Malicious Behavior Protection Each should be put into 'Protect' mode..." } | |
| External References | ||
| Status | Draft PendingFix Fixed ReadyRetest Accepted ToReview Reviewed default: Draft | |
| Evidence Title | "findings": [ { "name": "Ryuk - Initial Run" } ] | |
| Evidence Location | ||
| Evidence Version | ||
| Evidence Reproduction | ||
| Evidence Results | "findings": [ { "campaign": "run cmd /c tasklist" } ] | |
| Evidence Issue Details |
Important Notes & Limitations
- The maximum number of findings that can be imported in a single upload is 5,000 findings.
- If your file exceeds this limit, the import may fail depending on the selected import options (e.g., aggregation settings or filtering by severity).