Using Report Findings CSV Template
PlexTrac provides a downloadable CSV file that can be used as a template for uploading findings offline and importing into PlexTrac later using the Add Findings button within the Findings tab of a report.
To download the template, click the file here:
PlexTrac Finding CSV Template v3.2.csv
489B
Text
This file is for PlexTrac version 1.40 or later and will not work on earlier versions.
Save the file in CSV UTF-8 format to prevent the inclusion of non-UTF characters that may break the importer.
The file has the required fields prepopulated in the CSV file, along with sample values.
Step 1: Download the CSV file above.
Step 2: Remove the sample values and populate the fields with desired values. A list of the fields with definitions and instructions on importing custom fields is below.
When importing the file via the Add Findings button in the Findings tab of a report, select the value "CSV" from the pulldown menu.
Step 4: Select the CSV file to upload and click Continue.
Step 5: Add any optional tags or leave blank. Click Upload.
A message will appear validating that the file is uploading.
Step 6: Validate that the information was added to the report. When the information has been imported successfully, the screen will display the information without needing to refresh the page.
The time required to load depends on the amount of data in the CSV file.
The source of the finding will list "CSV" as the value. Below is how the data is displayed in the Finding Detail window using the sample values in the CSV template.
All fields below must appear as column headers when importing the CSV file. All field values must follow the rules defined in the table or the file may be rejected when imported or require further manual editing within PlexTrac.
Title, description, and severity are required.
PlexTrac Field | CSV Header Label | Notes |
|---|---|---|
title | title | This is a required field. |
severity | severity | This is a required field.
The severity value must be one of the following (not case-sensitive):
Informational, Low, Medium, High, Critical
If no value is provided in CSV, a value of "Informational" will be assigned. |
status | status | Value must be one of the following: Open, Closed, In Process |
description | description | This is a required field. |
recommendations | recommendations | This is the findings recommendations. |
references | references | This field accepts multiple values delimited with a comma.
For example: "Item 1, Item 2, Item 3"
NOTE: Do not use commas if providing complete sentences, as any comma will result in a para break. Periods do not trigger a para break. |
assets | affected_assets | This field accepts multiple values delimited with a comma.
For example: "Item 1, Item 2, Item 3" |
tags | tags | This field accepts multiple values delimited with a comma.
For example: "Item 1, Item 2, Item 3" |
riskScore | cvss_temporal | Example value: "5.5" |
common identifiers | cwe | This field requires a format of CWE prefix + a two-to-four digit number.
Example value: "CWE-772" |
common identifiers | cve | This field requires a format of CVE prefix + Year + arbitrary digits.
Example value: "CVE-2018-54321" |
field: category | | This column must exist in the CSV and is imported as a custom field. |
label | category | The column header must be "category". |
value | category value | This is the value entered for the category. |
The CSV import will accept custom fields, which must be added at the end of the spreadsheet, after the columns in the template.
Row A of the CSV template will be the custom field title, and subsequent row(s) will be the custom field value(s), as entered in the spreadsheet. Add multiple columns and values as needed.
When imported, the custom fields will appear on the Finding Detail page.
The custom fields can be edited or deleted after import via the Custom Fields tab of the finding.
Last modified 3mo ago