Using Report Findings CSV Template
PlexTrac provides a downloadable CSV file that can be used as a template for uploading findings offline and importing them into PlexTrac later using the Add Findings button within the Findings tab of a report.
To download the template, click the file below:
The file has the required fields prepopulated in the CSV file, along with sample values.
Save the file in CSV UTF-8 format to prevent including non-UTF characters that may break the importer.
Importing the CSV File
Step 1: Download the CSV file above.
Step 2: Remove the sample values and populate the fields with desired values. A list of the fields with definitions and instructions on importing custom fields is below.
Step 3: Import the file into PlexTrac.
When importing the file via the Add Findings button in the Findings tab of a report, select the value "CSV" from the pulldown menu.
Step 4: Select the CSV file to upload and click Continue.
Step 5: Add any optional tags or leave them blank. Click Upload.
A message will appear, validating that the file is uploading.
Step 6: Validate that the information was added to the report. When the data has been imported successfully, the screen will display the information without refreshing the page.
The time required to load depends on the amount of data in the CSV file.
The source of the finding will list "CSV" as the value. Below is how the data is displayed in the Finding Detail window using the sample values in the CSV template.
CSV Finding Field Mappings
All fields below must appear as column headers when importing the CSV file. All field values must follow the rules defined in the table, or the file may be rejected when imported or require further manual editing within PlexTrac.
Title, description, and severity are required.
| PlexTrac Field | CSV Header Label | Notes |
|---|---|---|
title | title | This is a required field. |
severity | severity | This is a required field. The severity value must be one of the following (not case-sensitive): Informational, Low, Medium, High, Critical If no value is provided in CSV, a value of "Informational" will be assigned. |
status | status | Value must be one of the following: Open, Closed, In Process |
description | description | This is a required field. |
recommendations | recommendations | This is the findings recommendations. |
references | references | This field accepts multiple values delimited with a comma. For example: "Item 1, Item 2, Item 3" NOTE: Do not use commas if providing complete sentences, as any comma will result in a para break. Periods do not trigger a para break. |
assets | affected_assets | This field accepts multiple values delimited with a comma. For example: "Item 1, Item 2, Item 3" |
tags | tags | This field accepts multiple values delimited with a comma. For example: "Item 1, Item 2, Item 3" |
riskScore | cvss_temporal | This is the CVSS 3.0 score. Example value: "5.5" |
common identifiers | cwe | This field requires a format of CWE prefix + a two-to-four digit number. Example value: "CWE-772" |
common identifiers | cve | This field requires a format of CVE prefix + Year + arbitrary digits. Example value: "CVE-2018-54321" |
field: category | This column must exist in the CSV and is imported as a custom field. | |
label | category | The column header must be "category". |
value | category value | This is the value entered for the category. |
Custom Fields
The CSV import will accept custom fields, which must be added at the spreadsheet's end after the template's columns.
Row A of the CSV template will be the custom field title, and subsequent row(s) will be the custom field value(s), as entered in the spreadsheet. Add multiple columns and values as needed.
When imported, the custom fields will appear on the Finding Detail page.
The custom fields can be edited or deleted after import via the Custom Fields tab of the finding.
Last updated
