The following table lists the fields applicable only for Generic CSV:
| Field Name | Mandatory or Optional | Description | String length (maximum) / Valid input values | Type |
|
Host ID |
Optional |
A universally unique identifier (UUID) or Host ID. It can be the value generated by a scanner. |
255 |
Number |
|
MAC Address |
Optional |
Host/ Asset information. The combination of all values provided should be unique for an asset. |
24 |
String |
|
FQDN |
Optional |
Host/Asset information. The combination of all values provided should be unique for an asset. |
255 |
String |
|
NETBIOS |
Optional |
Host/Asset information. The combination of all values provided should be unique for an asset. |
255 |
String |
|
IP Address |
Mandatory |
Host/Asset information. The combination of all values provided should be unique for an asset. |
255 |
String |
|
Hostname |
Optional |
Host/Asset information. The combination of all values provided should be unique for an asset. |
255 |
String |
|
Operating System |
Optional |
Host/Asset information. The combination of all values provided should be unique for an asset. |
255 |
String |
|
Source |
Mandatory |
The data is from Vulnerability Scanning Tool |
255 |
String |
|
Vulnerability External ID |
Mandatory |
The ID represents a vulnerability in the National Vulnerability Database (NVD) or the ID provided by the Vulnerability Tool |
255 |
String |
|
Vulnerability Title/Name |
Mandatory |
Title/Name of the vulnerability |
255 |
String |
|
Vulnerability Description |
Optional |
Description of the vulnerability. It is added to the database only when the Vulnerability ID is unavailable. |
512 |
String |
|
Severity |
Mandatory |
It describes the severity of the vulnerability. It is added to the database only when the Vulnerability ID is unavailable. You can enter only the valid input values. If the record is empty, then by default it is considered as critical. If there is a typo, the record is skipped. |
5 - Critical 4 - High 3 - Medium 2 - Low 1 - Info |
Number |
|
CVE(s) |
Optional |
CVE ID for Vulnerability (For example, CVE-2020-1026) |
- |
String |
|
Vulnerability Score |
Optional |
If CVE ID is not present then this is mandatory |
- |
Number |
|
CVSSv2 Base Score, CVSSv2 Temporal Score, CVSSv3.1 Base Score, CVSSv3.1 Temporal Score |
Optional |
- |
- |
Number |
|
CVSS Access Vector |
Optional |
- |
- |
String |
|
Port |
Optional |
The port from where the vulnerability is detected. The value should be a valid integer. The record is skipped incase of an invalid input. |
- |
Number |
|
Protocol |
Optional |
Type of network protocol used. |
40 |
String |
|
Vulnerability Finding |
Optional |
Represents the location/system path of the vulnerability. Vulnerability result |
4000 |
String |
|
State |
Mandatory |
The status of the detection whether open or fixed. If the record is empty, then by default it is considered open. If there is a typo, the record is skipped. |
New Active Fixed Reopen |
String |
|
Detection Method |
Optional |
Type of deteciton method used for the vulnerability detection |
Authenticated Scan Unauthenticated Scan |
String |