Cyver Core supports direct imports from ScoutSuite via JSON. Here, you can import individual findings and vulnerabilities, your entire vulnerability library, or scans as they happen. ScoutSuite's open-source security auditing tool, including the cloud monitoring platform NCC Scout, exports vulnerabilities related to configuration, security settings, and more. You can upload these as vulnerabilities or observations.
Findings Field Mapping
| Field | Values | Example |
| Code | default: auto-generated |
|
| Title | { "cloudformation-stack-with-role": { "description": "Role Passed to Stack" } } |
|
| Type | Vulnerability Observation |
|
| Assets | { "cloudformation-stack-with-role": { "service": "CloudFormation" } } |
|
| Description | { "cloudformation-stack-with-role": { "description": "Role Passed to Stack" } } |
|
| Occurrence | ||
| Labels | ||
| Severity | Info Low Medium High Critical default: Info |
{ "cloudformation-stack-with-role": { "level": "danger" } } |
| CVSS20Score | ||
| CVSS20Vector | ||
| CVSS30Score | ||
| CVSS30Vector | ||
| CVSS31Score | ||
| CVSS31Vector | ||
| CVSS40Score | ||
| CVSS40Vector | ||
| Impact | 0 1 2 3 4 5 default: 0 |
|
| ImpactDescription | ||
| Likelihood | 0 1 2 3 4 5 default: 0 |
|
| LikelihoodDescription | ||
| VulnerabilityTypes | DoS CodeExecution Overflow MemoryCorruption SqlInjection XSS DirectoryTraversal HttpResponseSplitting BypassSomething GainInformation GainPrivileges CSRF FileInclusion |
|
| CWEList | for example: CWE-1; CWE-721 |
|
| CVEList | for example: CVE-1; CVE-721 |
|
| MITRE ATT&CK Techniques | ||
| MITRE ATT&CK Mitigations | ||
| MITRE ATT&CK Tactics | ||
| Controls | ||
| Compliance Status | ||
| Compliance Comment | ||
| BackgroundInformation | { "cloudformation-stack-with-role": { "rationale": "Having unnecessary roles attached to stacks increases attack surface." } } |
|
| Recommendation | { "cloudformation-stack-with-role": { "remediation": "Remove unused roles from CloudFormation stacks." } } |
|
| External References | { "cloudformation-stack-with-role": { "references": [ "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-role.html" ] } } |
|
| Status | Draft PendingFix Fixed ReadyRetest Accepted ToReview Reviewed default: Draft |
|
| Evidence Title | ||
| Evidence Location | { "cloudformation-stack-with-role": { "path": "cloudformation-stack-with-role/path/sample" } } |
|
| Evidence Version | ||
| Evidence Reproduction | ||
| Evidence Results | ||
| Evidence Issue Details |
Important Notes & Limitations
- The maximum number of findings that can be imported in a single upload is 5,000 findings.
- If your file exceeds this limit, the import may fail depending on the selected import options (e.g., aggregation settings or filtering by severity).