Preparing a CSV file for import

CSV files of issues must be configured properly to ensure that the issues are successfully imported.

Procedure

In your third-party scanner, scan your environment for vulnerabilities and export a comma-separated value (CSV) file of the issues.
Tip:
  • Make sure that the CSV uses UTF-8 encoding.
  • If the field or cell contains a comma, the field or cell must be enclosed by double quotation marks (").
  1. Examine the CSV file to determine what issue attributes make the issue unique. It's important that you really know your data, and what makes each row in the file unique.
    For example, in this CSV file, the port and the name combination make the issue unique.Image of csv file with highlighted text
  2. Make sure that the CSV file has a column attribute that maps to the Issue Type attribute in AppScan Enterprise.
    This accomplishes two things:
    • The severity level of the issue type is used; otherwise, the issue imports with an 'information' severity level.
    • It helps to ensure that the advisories and fix recommendations for the issue type are included in the About this Issue dialog.
    AppScan Enterprise includes 2 predefined scanner profiles that import CSV files. Here's how they map to the issue type attribute:
    Scanner Profile Issue Attribute Name mapping
    Generic Issue Type
    Whitehat Sentinel Class
  3. To get the exact name of the issue type, you can go to the Administration > Issue Types page and copy the exact issue type name into the CSV file. For example, an “IBM Lotus Domino Cross-Site Scripting? issue type is different from an ‘IBM Metrica Cross-Site Scripting? issue, and the advisories and fix recommendations might be different for each type.