CSV files of issues must be configured properly to ensure that the issues are
successfully imported.
Procedure
In your third-party scanner, scan your environment for vulnerabilities and export a
comma-separated value (CSV) file of the issues.
Tip:
- Make sure that the CSV uses UTF-8 encoding.
- If the field or cell contains a comma, the field or cell must be enclosed by double quotation
marks (").
-
Examine the CSV file to determine what issue attributes make the issue unique. It's important
that you really know your data, and what makes each row in the file unique.
For example, in this CSV file, the port and the name combination make the issue
unique.
-
Make sure that the CSV file has a column attribute that maps to the Issue
Type attribute in AppScan Enterprise.
This accomplishes two things:
- The severity level of the issue type is used; otherwise, the issue imports with an 'information'
severity level.
- It helps to ensure that the advisories and fix recommendations for the issue type are included
in the About this Issue dialog.
AppScan Enterprise includes 2 predefined scanner profiles that import CSV files. Here's how
they map to the issue type attribute:
Scanner Profile |
Issue Attribute Name mapping |
Generic |
Issue Type |
Whitehat Sentinel |
Class |
-
To get the exact name of the issue type, you can go to the page and copy the exact issue type name into the CSV file. For example, an “IBM Lotus
Domino Cross-Site Scripting? issue type is different from an ‘IBM Metrica Cross-Site Scripting?
issue, and the advisories and fix recommendations might be different for each type.