Report Finding Template
used in
Findings/Reports
accepted file types
CSV
PlexTrac understands the importance of simplifying the process of importing findings and other data into the platform, whether for a specific report or multiple reports and assets. To facilitate this, PlexTrac offers CSV templates and scripts that help streamline the import process and make it more efficient.
CSV templates serve as pre-defined structures that align with the required format for importing data. These templates specify the fields and corresponding data types expected when importing findings or other information. Users can leverage these templates to ensure that their data is correctly mapped and formatted for import, minimizing errors and ensuring consistency.
Two CSV options are available to import findings into a report. Consult the table below to determine the most suitable solution for your needs.
Imports to a single report
Imports to multiple reports
Request is processed on the backend in less than five minutes
Each finding is processed individually and can take up to several hours*
Must order CSV columns to match template schema exactly
CSV columns are mapped to findings on a finding and sequence is not relevant
Imports to select finding fields only
Imports to all finding and asset fields
Does not import client and report information
Imports client and report information
*The script can create parsed findings in PlexTrac by sending API calls to create each finding individually (which results in an extended script runtime) or by generating a PTRAC file. Manually importing the generated PTRAC file takes the same time as the PlexTrac Report Finding CSV Template.
The generated PTRAC only contains the report and finding information. Asset information will not be added.
Please click on the box below to access instructions and a downloadable CSV file that can serve as a template for uploading findings into a report. The CSV file contains fields pre-filled with sample values.
Click on the box below to learn about importing data through the PlexTrac API using a script. The script requires two CSV files: one for importing data and another for field mappings.
This script is designed to help users import data into multiple clients and reports. It works by parsing a CSV file and creating client, report, finding, and asset objects. Once the objects are generated, the script uses the PlexTrac API to import and create them in the user's tenant.
PlexTrac provides a downloadable CSV file that can be used as a template for uploading findings offline and importing them into PlexTrac later using the Add Findings button within the Findings tab of a report.
To download the template, click the file below:
The file has the required fields prepopulated in the CSV file, along with sample values.
Save the file in CSV UTF-8 format to prevent including non-UTF characters that may break the importer.
Step 1: Download the CSV file above.
Step 2: Remove the sample values and populate the fields with desired values. A list of the fields with definitions and instructions on importing custom fields is below.
Step 3: Import the file into PlexTrac.
When importing the file via the Add Findings button in the Findings tab of a report, select the value "CSV" from the pulldown menu.
Step 4: Select the CSV file to upload and click Continue.
Step 5: Add any optional tags or leave them blank. Click Upload.
A message will appear, validating that the file is uploading.
Step 6: Validate that the information was added to the report. When the data has been imported successfully, the screen will display the information without refreshing the page.
The time required to load depends on the amount of data in the CSV file.
The source of the finding will list "CSV" as the value. Below is how the data is displayed in the Finding Detail window using the sample values in the CSV template.
All fields below must appear as column headers when importing the CSV file. All field values must follow the rules defined in the table, or the file may be rejected when imported or require further manual editing within PlexTrac.
Title, description, and severity are required.
title
title
This is a required field.
severity
severity
This is a required field. The severity value must be one of the following (not case-sensitive): Informational, Low, Medium, High, Critical If no value is provided in CSV, a value of "Informational" will be assigned.
status
status
Value must be one of the following: Open, Closed, In Process
description
description
This is a required field.
recommendations
recommendations
This is the findings recommendations.
references
references
This field accepts multiple values delimited with a comma.
For example: "Item 1, Item 2, Item 3" NOTE: Do not use commas if providing complete sentences, as any comma will result in a para break. Periods do not trigger a para break.
assets
affected_assets
This field accepts multiple values delimited with a comma.
For example: "Item 1, Item 2, Item 3"
tags
tags
This field accepts multiple values delimited with a comma.
For example: "Item 1, Item 2, Item 3"
riskScore
cvss_temporal
This is the CVSS 3.0 score. Example value: "5.5"
common identifiers
cwe
This field requires a format of CWE prefix + a two-to-four digit number. Example value: "CWE-772"
common identifiers
cve
This field requires a format of CVE prefix + Year + arbitrary digits. Example value: "CVE-2018-54321"
field: category
This column must exist in the CSV and is imported as a custom field.
label
category
The column header must be "category".
value
category value
This is the value entered for the category.
The CSV import will accept custom fields, which must be added at the spreadsheet's end after the template's columns.
Row A of the CSV template will be the custom field title, and subsequent row(s) will be the custom field value(s), as entered in the spreadsheet. Add multiple columns and values as needed.
When imported, the custom fields will appear on the Finding Detail page.
The custom fields can be edited or deleted after import via the Custom Fields tab of the finding.
