Comment on page

HCL AppScan

PlexTrac supports importing XML files from HCL AppScan. HCL AppScan is a web application security testing tool used to identify and address security vulnerabilities in web applications before they are deployed using a combination of dynamic application security testing (DAST) and static application security testing (SAST) techniques to identify vulnerabilities.
PlexTrac does not support the export format for older versions of HCL AppScan (export version <2.5).
Finding Field Mappings
Below are the mappings of fields and any reference notes to provide context. If a field is not listed, then PlexTrac does not currently import. 
Plextrac Field
HCL Path 
title
1.Get the issue types: 
issue-group/item/advisory/ref
2.Get the data being imported: 
advisory-group/item/advisory/name
severity
issue-group/item/severity
references
1.Get the issue types:
issue-group/item/advisory/ref
2.Get the data being imported:
advisory-group/item/advisory/references
recommendations
1.Get the issue types:
issue-group/item/remediation/ref
2.Get the data being imported: remediation-group/item/name
description
1.Get the issue types: 
issue-group/item/advisory/ref
2.Get the actual data being imported. All items are a concatenation of mulitple fields: 
advisory-group/item/advisory/testDescription 

plus 

advisory-group/item/advisory/testTechnicalDescription/text
evidence
issue-group/item/variant-group/item/issue-information/testReportChunk
field: <cwe>
​
label: cwe
​
value
issue-group/item/cwe
scores: <cvss>
​
label: cvss
​
value
issue-group/item/cvss-score
calculation
issue-group/item/cvss-vector/base-vector
Asset Field Mappings
PlexTrac Field
HCL Path
asset
1.Get the entity id:
issue-group/item/entity/ref
2.Get the data being imported: 
entity-group/item id=(match from above)/name
​

Plextrac Field	HCL Path
title	1. Get the issue types: issue-group/item/advisory/ref 2. Get the data being imported: advisory-group/item/advisory/name
severity	issue-group/item/severity
references	1. Get the issue types: issue-group/item/advisory/ref 2. Get the data being imported: advisory-group/item/advisory/references
recommendations	1. Get the issue types: issue-group/item/remediation/ref 2. Get the data being imported: remediation-group/item/name
description	1. Get the issue types: issue-group/item/advisory/ref 2. Get the actual data being imported. All items are a concatenation of mulitple fields: advisory-group/item/advisory/testDescription plus advisory-group/item/advisory/testTechnicalDescription/text
evidence	issue-group/item/variant-group/item/issue-information/testReportChunk
field: <cwe>
label: cwe
value	issue-group/item/cwe
scores: <cvss>
label: cvss
value	issue-group/item/cvss-score
calculation	issue-group/item/cvss-vector/base-vector

PlexTrac Field	HCL Path
asset	1. Get the entity id: issue-group/item/entity/ref 2. Get the data being imported: entity-group/item id=(match from above)/name

Core Impact

Invicti

Last modified 28d ago