PlexTrac provides a downloadable CSV file that can be used as a template for uploading findings offline and importing them into PlexTrac later using the Add Findings button within the Findings tab of a report.
To download the template, click the file below:
The file has the required fields prepopulated in the CSV file, along with sample values.
Save the file in CSV UTF-8 format to prevent including non-UTF characters that may break the importer.
Step 1: Download the CSV file above.
Step 2: Remove the sample values and populate the fields with desired values. A list of the fields with definitions and instructions on importing custom fields is below.
Step 3: Import the file into PlexTrac.
When importing the file via the Add Findings button in the Findings tab of a report, select the value "CSV" from the pulldown menu.
Step 4: Select the CSV file to upload and click Continue.
Step 5: Add any optional tags or leave them blank. Click Upload.
A message will appear, validating that the file is uploading.
Step 6: Validate that the information was added to the report. When the data has been imported successfully, the screen will display the information without refreshing the page.
The time required to load depends on the amount of data in the CSV file.
The source of the finding will list "CSV" as the value. Below is how the data is displayed in the Finding Detail window using the sample values in the CSV template.
All fields below must appear as column headers when importing the CSV file. All field values must follow the rules defined in the table, or the file may be rejected when imported or require further manual editing within PlexTrac.
Title, description, and severity are required.
title
title
This is a required field.
severity
severity
This is a required field. The severity value must be one of the following (not case-sensitive): Informational, Low, Medium, High, Critical If no value is provided in CSV, a value of "Informational" will be assigned.
status
status
Value must be one of the following: Open, Closed, In Process
description
description
This is a required field.
recommendations
recommendations
This is the findings recommendations.
references
references
This field accepts multiple values delimited with a comma.
For example: "Item 1, Item 2, Item 3" NOTE: Do not use commas if providing complete sentences, as any comma will result in a para break. Periods do not trigger a para break.
assets
affected_assets
This field accepts multiple values delimited with a comma.
For example: "Item 1, Item 2, Item 3"
tags
tags
This field accepts multiple values delimited with a comma.
For example: "Item 1, Item 2, Item 3"
riskScore
cvss_temporal
This is the CVSS 3.0 score. Example value: "5.5"
common identifiers
cwe
This field requires a format of CWE prefix + a two-to-four digit number. Example value: "CWE-772"
common identifiers
cve
This field requires a format of CVE prefix + Year + arbitrary digits. Example value: "CVE-2018-54321"
field: category
This column must exist in the CSV and is imported as a custom field.
label
category
The column header must be "category".
value
category value
This is the value entered for the category.
The CSV import will accept custom fields, which must be added at the spreadsheet's end after the template's columns.
Row A of the CSV template will be the custom field title, and subsequent row(s) will be the custom field value(s), as entered in the spreadsheet. Add multiple columns and values as needed.
When imported, the custom fields will appear on the Finding Detail page.
The custom fields can be edited or deleted after import via the Custom Fields tab of the finding.
