Intro

Vulcan Report Connector enables users to upload CSV results from DAST tools not yet supported through Vulcan Connectors. More information about the Vulcan report can be found under Vulcan Report user guide.

Vulcan Fields

The following fields are used for mapping each header of the CSV file into Vulcan fields.

  1. Assets - Name (Mandatory field) - Primary name of the web application.

  2. Asset - Last Scan - Last time the asset was scanned.

  3. Asset - Tags (Highly recommended) - Provide the ability to ingest existing tags in order to map those tags into Business Groups. You can map as many CSV headers to this field as you want. Each tag requires its own independent column, and each column can be mapped to tags as well as other categories.

  4. Assets - Details - All relevant data you want to view in the asset itself. You can map many as CSV headers to this field as you want.

  5. Assets - URL - Parent URL of the application.

  6. Pages - URL - The specific URL location of the vulnerability within the application. This is an important field for DAST results.

  7. Vulnerabilities - Name (Mandatory field) - Name of the vulnerability as reported from the CSV.

  8. Vulnerabilities - Technical severity (Highly recommended) - Numeric risk score as given from the CSV. This is most typically the CVSS v3, but other severity fields can be mapped here instead in place of CVSSS v3. Using this value, Vulcan will provide the risk calculation basis for the Vulcan risk score. Note that values must be in the format of 0 to 10. (No binary score, no 0-100 score).

  9. Vulnerabilities - CVE - If CVE is available, it provides the Vulcan system the ability to map to solutions and threat intelligence.

  10. Vulnerabilities - CWE - If CWE is available, it provides the Vulcan system the ability to map to OWASP Top 10 categories for prioritization. This is an important field for DAST results.

  11. Vulnerabilities - Description - The description of the vulnerability as given from in CSV.

  12. Vulnerabilities - Discovery Time (Highly recommended) - Date which the vulnerability was first found. If this value is not mapped, then default value will be set to the time Vulcan first saw the vulnerability.

  13. Vulnerabilities - Details - Any vulnerability details that do not fit into the above categories should be mapped here. You can map many CSV headers to this field as you want.

  14. Vulnerabilities - ID - Unique Vulnerability identifier

  15. Vulnerabilities - Unique instance ID - Vulnerability identifier for an asset-vulnerability connection.

    **Important Note**- Highly Recommended- map the Recommended Solution provided by the tool/vendor to the Vulnerabilities - Details field. Without a CVE, there will be no correlation to Vulcan Remediation Library, so it is critical to map the tool's recommended solution in the event of no CVE.

Did this answer your question?