Follow

NormShield Vulnerability Report Format

A new vulnerability report format has been implemented for any bulk insertion of custom vulnerabilities. Here are the details;

A CSV report import with the following headers.

Asset,VulnerabilityTitle,VulnerabilityDetail,Port,Protocol,CVSSBaseScore,Date,Status,Mitigation,References,Type

Explanations in the same order;

  • (Must) => Single asset http://example.org,10.0.1.20 (No default, skip this vulnerability record)
  • (Must) => Free form text (Default: "Vulnerability #X")
  • (Must) => Free form text (Default: "No vulnerability detail is given.")
  • (Must) => Free form text (Default: "No vulnerability description is given.")
  • (Optional) => 0-65535
  • (Must) => Urgent, Critical, High, Medium, Low, Info (Default: "Medium")
  • (Optional) => tcp, udp, http, smtp, httpget, httppost ... (Default: "")
  • (Must) => 0 to 10 (Default: 5)
  • (Must) => YYYY-MM-DD (Default: "now")
  • (Must) => Open, Closed (Default: "Open")
  • (Optional) => Free form text probably multiline
  • (Optional) => Free form text probably multiline
  • (Optional) => WebApp, OS, DB, NetSec, Design, AppServer (Default: deducted from the "detail" if it exists, otherwise OS)



Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.
Powered by Zendesk