Findings may be manually uploaded or imported from tooling such as Burp or Nessus. Make sure that you’ve exported findings from your tooling into CSV, Excel, or XML format before beginning your import.
1. Go to Pentests in the left-hand menu
2. Click on the relevant Pentest
3. Move to the Findings Menu in the Pentest Dashboard
4. Click the “Import/Export” button on the file. Click here to see an example file.
5. Choose the file from the hard drive or drag and drop it to the Dashboard
6. Wait for the File to Upload
7. Update settings
- Asset Matching – Automatically link imported findings to an asset
- Instances – Aggregate findings found across multiple assets/IPs
- Auto-Fill – Use Cyver Core databases to auto-fill CWE, CVSS, and other data
8. Select specific Findings to edit or upload
9. Confirm import. This may take a few minutes
10. Click “Go to Findings” to see data.
11. You may edit findings manually to check description, upload evidence files, etc.
12. The Client will not see Findings until you publish them as “Pending Fix”. Once published, the Client can see the name of the Finding, which type of Finding it is, what it is linked to, and all communication from the Pentester. The Client will also see the Pentester who published the finding.
Findings will populate in the dashboard.
You may manually click on and edit each finding to add more information. Finding descriptions support Markdown
Import Options
Asset Matching
- Take all Findings, create new Assets and match findings with existing client Assets
- Only take Findings that match with existing client Assets
- Take all Findings and link to an existing Asset
Evidences
Aggregate findings with evidences across multiple assets, based on Title, Severity
- Aggregate to create findings with multiple evidences - This creates 1 finding with several Assets and Evidences
- Don’t aggregate, so all findings have a single evidence - This creates several findings with 1 Asset and 1 Evidence
Reoccurrences
Compares imported findings with findings from previous tests for the same client. Match based on Title, Severity and Assets
Auto-fill Information
Auto-fill database information, even when the fields are not present in the import file.
- CWE - Auto-fill CWE(s) based on CVE(s)
- CVSS - Auto-fill CVSS score based on CVE(s)
- Compliance Norm controls - Auto-fill compliance norm controls based on CWE(s)
- Vulnerability Type(s) - Auto-fill Vulnerability Type(s) based on CVE(s) and Finding title/description
- Exploits - Auto-fill Exploits based on CVE(s)
Auto-merge findings with Library
Merge the imported files with findings from a library. The match will be made by the title against the matching title of the Finding Template.
Auto-merge findings with Library Templates