Importing Third Party Results (Issues)

Owned by Jonathan Bellard
Last updated: Apr 22, 2024 by Chris Shallcross
2 min read

Streamlining Third-Party Result Integration in the Platform

The Platform facilitates the importation of results from external vendors, allowing for centralized management and analysis. This article details the process for importing Issues. To import asset information (Hosts), please refer to the relevant section.

Using the Data Import Wizard

  1. Start the Import:

    • Access the Data Import Wizard in the bottom left sidebar.

    • Select a Project or Phase, or create a new one using the provided options.

  2. Upload File:

    • Choose your file type and upload the file or select an external scanner setup.

    • After uploading, select the issues to include and set the date when each issue was found.

  3. Complete the Import:

    • Finalize by clicking ‘Complete Import’. The Platform will process the data and redirect you to the Phase screen.

Manual Import of Issues

The Platform supports various formats including see for more details https://rootshellsecurity.atlassian.net/wiki/spaces/PK/pages/1304330281

Steps for Manual Import:

  1. Create a Project:

    • Go to ‘Projects’ and click ‘+ New project’.

    • Enter the details, focusing on Penetration Testing and Managed Vulnerability Scanning services.

  2. Add Phases to the Project:

    • Click ‘Add phase’ and enter the details for each phase.

  3. Import the Results:

    • Select the created Phase.

    • Use the ‘Actions’ dropdown to choose ‘Import Issues’.

    • Select the file type and then import the issues.

  4. Review and Publish:

    • Preview and select the issues to import.

    • Change the status of imported issues to ‘Published’ for Platform recognition.

    • Update the Phase Status to ‘Delivered’ in the Project view.

 

Additional Import Options

When using either method to import, once your file has been parsed you have additional options to affect the behaviour of the import process:

  • Include Port Table

This option will include the port table information from the results.

  • Dont import tech details

This option will omit the technical details of the results.

  • Only delete Imported Issues

When you upload a file, it is parsed, and the results are displayed in a review list for your examination before importing. Once the import process begins, the review list will be cleared with all issues deleted from it.

Should you want to import multiple subsets of issues, you can select this option to choose a subset of issues, import them, and then remove them from the review list, leaving the rest available for further search and filtering.

For example, you have a results set containing Apache, php, mysql and SSL vulnerabilities. If you only wish to import php and SSL vulnerabilities you should filter on “php”, ensure this option is selected, and perform the import. The review list will now only contain Apache, mysql and SSL vulnerabilities. This process can be repeated as many times as required.

 

Preparing Your Spreadsheet for Import

Accepted Column Headings:

  • Required: Name, Risk Rating, Affected hosts

  • Optional: Finding, Summary, Technical details, Recommendation, OWASP ID, CVE, CVSS Vector, References, Status, Confirmed_At (Sets the date when the issue was found), Remediated_At (Sets the date when an issue was fixed (if it has one))

  • Status Ratings: Draft, Open, Remediated, False Positive, Accept Risk, Suppressed

  • Risk Ratings: Info, Low, Medium, High, Critical

Note: Capitalization and underscores are flexible (e.g., ‘risk_rating’ or ‘risk rating’), and the order of headings is not critical. Additional headings are ignored.