En

Generic Findings Import

Import Generic findings in CSV or JSON format.

Attributes supported for CSV:

  • Date: Date of the finding in mm/dd/yyyy format.
  • Title: Title of the finding
  • CweId: Cwe identifier, must be an integer value.
  • Url: Url associated with the finding.
  • Severity: Severity of the finding. Must be one of Info, Low, Medium, High, or Critical.
  • Description: Description of the finding. Can be multiple lines if enclosed in double quotes.
  • Mitigation: Possible Mitigations for the finding. Can be multiple lines if enclosed in double quotes.
  • Impact: Detailed impact of the finding. Can be multiple lines if enclosed in double quotes.
  • References: References associated with the finding. Can be multiple lines if enclosed in double quotes.
  • Active: Indicator if the finding is active. Must be empty, TRUE or FALSE
  • Verified: Indicator if the finding has been verified. Must be empty, TRUE, or FALSE
  • FalsePositive: Indicator if the finding is a false positive. Must be TRUE, or FALSE.
  • Duplicate:Indicator if the finding is a duplicate. Must be TRUE, or FALSE
  • IsMitigated: Indicator if the finding is mitigated. Must be TRUE, or FALSE
  • MitigatedDate: Date the finding was mitigated in mm/dd/yyyy format or ISO format

The CSV expects a header row with the names of the attributes.

Date fields are parsed using dateutil.parse supporting a variety of formats such a YYYY-MM-DD or ISO-8601.

Example of JSON format:

{
    "findings": [
        {
            "title": "test title with endpoints as dict",
            "description": "Some very long description with\n\n some UTF-8 chars Γ  qu'il est beau",
            "severity": "Medium",
            "mitigation": "Some mitigation",
            "date": "2021-01-06",
            "cve": "CVE-2020-36234",
            "cwe": 261,
            "cvssv3": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
            "file_path": "src/first.cpp",
            "line": 13,
            "endpoints": [
                {
                    "host": "exemple.com"
                }
            ]
        },
        {
            "title": "test title with endpoints as strings",
            "description": "Some very long description with\n\n some UTF-8 chars Γ  qu'il est beau2",
            "severity": "Critical",
            "mitigation": "Some mitigation",
            "date": "2021-01-06",
            "cve": "CVE-2020-36235",
            "cwe": 287,
            "cvssv3": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
            "file_path": "src/two.cpp",
            "line": 135,
            "endpoints": [
                "http://urlfiltering.paloaltonetworks.com/test-command-and-control",
                "https://urlfiltering.paloaltonetworks.com:2345/test-pest"
            ]
        },
        {
            "title": "test title",
            "description": "Some very long description with\n\n some UTF-8 chars Γ  qu'il est beau2",
            "severity": "Critical",
            "mitigation": "Some mitigation",
            "date": "2021-01-06",
            "cve": "CVE-2020-36236",
            "cwe": 287,
            "cvssv3": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
            "file_path": "src/threeeeeeeeee.cpp",
            "line": 1353
        },
        {
            "title": "test title mitigated",
            "description": "Some very long description with\n\n some UTF-8 chars Γ  qu'il est beau2",
            "severity": "Critical",
            "mitigation": "Some mitigation",
            "date": "2021-01-06",
            "cve": "CVE-2020-36236",
            "cwe": 287,
            "cvssv3": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
            "file_path": "src/threeeeeeeeee.cpp",
            "line": 1353,
            "is_mitigated": true,
            "mitigated": "2021-01-16"
        },
        {
            "title": "test title mitigated ISO",
            "description": "Some very long description with\n\n some UTF-8 chars Γ  qu'il est beau2",
            "severity": "Critical",
            "mitigation": "Some mitigation",
            "date": "2024-01-04T11:02:11Z",
            "cve": "CVE-2020-36236",
            "cwe": 287,
            "cvssv3": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
            "file_path": "src/threeeeeeeeee.cpp",
            "line": 1353,
            "is_mitigated": true,
            "mitigated": "2024-01-24T11:02:11Z"
        }
    ]
}

This parser supports an attributes that accept files as Base64 strings. These files are attached to the respective findings.

Example:

{
    "name": "My wonderful report",
    "findings": [
        {
            "title": "Vuln with image",
            "description": "Some very long description",
            "severity": "Medium",
            "files": [
                {
                    "title": "Screenshot from 2017-04-10 16-54-19.png",
                    "data": "iVBORw0KGgoAAAANSUhEUgAABWgAAAK0CAIAAAARSkPJAAAAA3N<...>TkSuQmCC"
                }
            ]
        }
    ]
}

This parser supports an attribute name and type to be able to define TestType. Based on this, you can define custom HASHCODE_FIELDS or DEDUPLICATION_ALGORITHM in the settings.

Example:

{
    "name": "My wonderful report",
    "type": "My custom Test type",
    "findings": [
    ]
}

Sample Scan Data

Sample Generic Findings Import scans can be found here.

Default Deduplication Hashcode Fields

By default, DefectDojo identifies duplicate Findings using these hashcode fields:

  • title
  • cwe
  • line
  • file path
  • description
Prev
Fortify
Next
Ggshield