Generic Upload Guide

How to upload generic scan files into RiskSense.

Generic Upload Overview – CSV

The RiskSense platform’s Generic Upload functionality allows users to upload assets and findings information from any CSV-format source they have into the platform using the Generic Upload Mapping tool. This utility provides the flexibility to bring in data from an unsupported scanner, a homegrown CMDB for assets, or even penetration test data from a red team or third-party penetration test on your assets.

Generic Upload Process: Network

Once you have exported the chosen source’s CSV data, log in to your RiskSense platform. Navigate to the Settings (Settings Menu - Gear - Small) > Uploads page by clicking the gear in the top-right corner of the screen.

Uploads Menu Location-1

In the Upload Wizard, enter the Upload Name and click Next.

Generic Upload - Upload Name Field

Select an assessment to associate with this scan. You can either select an available assessment or create a new one. To create a new assessment, click the Create Assessment button. Fill out the fields in the Add a New Assessment window and click Submit. You can now select your new assessment from the list.

Select an assessment from the list to associate with this scan (you can use the search field to find an assessment) and click Next.

Generic Upload - Create or Select Assessment

Select a network for this scan. You can either select an available network or create a new one. To create a new network, click the Create Network button. Fill out the fields in the Add a New Network window and click Submit. You can now select your new network from the list.

Select a network from the list (you can use the search field to find a network) and click Next.

Generic Upload - Create or Select Network

On the Upload Files page, there are two ways to add scan files. You can either drag and drop the file in the gray Drag files here or click the Select Files button and search for the scan file on your computer. Once the file has been added, click Upload.

Generic Upload - Upload Scan Files

Once the upload finishes, you must map the CSV file to the minimum required fields in RiskSense. This status is indicated in the State column as Requires Manual Mapping, as shown here.

Generic Upload - Requires Manual Mapping State

To start the mapping process, click Requires Manual Mapping.

Generic Upload - Requires Manual Mapping Location

Field Mapping

Accessing the Generic Upload Wizard for the first time presents the user with a brief tutorial on its features. The first step is to define the scanner type needed for the Scanner card. Depending on the data type, you can select either Host or Application. To create the scanner for the data set, click the Plus (+) button on the card.

A scanner is a data source used to attribute assets and findings within the platform. For example, you may have a scanner for your homegrown configuration management database (CMDB) for hosts, one for the homegrown CMDB for applications, one for a red team penetration test for your hosts, and one for a scanner that is not currently supported. All these are identified by their scanner and their plugin, which we will cover later.

Generic Upload - Scanner Plus Button Location

Clicking the Plus (+) button opens the Create Scanner window. Enter the scanner name, select the scanner type (host or application), add the scanner’s version, and enter a description. Note that each scanner has a different set of required fields that are defined later in this document.

Generic Upload - Create Scanner Window

After completing the required fields, click Submit. In the Scanner – Version box, the new scanner details appear. In the Mapping - Version card, the user can find any previously created mappings and check the Top row of the CSV contains headers box, if needed.  If the ingested data set contains a header, ensure that this box is checked. Additionally, the interface provides the user with breadcrumbs for the remaining required fields.

The required fields are important here; as mentioned earlier, the plugin is the unique identifier within your scanner that identifies a particular finding. With this, you can upload future data, and the platform with intuitively know whether things are closed by their presence in the newer file.

Generic Upload - Missing Required Fields

Each required field is removed from the breadcrumb list as it is assigned.

Generic Upload - Mapping Fields

Once you have mapped all the required fields successfully, click the Save Mapping button to save this mapping.

Generic Upload - Save Mapping Button Location

In the Create a Mapping window, fill out the name, version, and description fields. Once complete, click Submit.

Generic Upload - Create a Mapping Window

After saving the mapping, the platform must validate the data set. During the validation process, the system looks at the file’s first 5,000 lines. Click the Validate Mapping button to proceed.

Generic Upload - Validate Mapping Button Location

You will see the following screen during the validation process.

Generic Upload - Validation Processing

Once validation is complete, the platform provides the validation results. Depending on the system’s ability to validate data, the platform presents varying percentages on the amount of data that can be validated. In this example, all the fields are 100% valid. The user can also force the system to revalidate the complete file by clicking the Force Full Scan button.

Generic Upload - Force Full Scan Button Location

Once validation is complete, click the Finalize Import button. The Save Mapping to File dialog box appears.

Generic Upload - Save Mapping to File Dialog Box

Clicking Yes returns the user to the Upload Wizard. In the Upload Wizard, we can confirm the mapping was saved, the scanner was created, and the file is ready to process. To process the scan file, click the Start button.

Generic Upload - Start Button Location

When uploading the next set of data to the platform, it will automatically fingerprint to the scanner created earlier.

Appendix A: CSV Data Structure

Below is a sample of accepted field headers for both network and application CSV ingestion. In the Detailed View section, the required fields are noted as a baseline for the data to be ingested into the platform.  When generating the CSV file, it does not need to be in this exact format nor does it need to have the same headers.  When mapping the file, it is necessary to map the data to the fields. Detailed mapping is provided below.

Network

host_name,ip,fqdn,os,plugin_id,title,service_name,service_port,severity,description,cves,tags,reference_name,reference_url,date_found,finding_tags,Soln

Detailed Field View

Assets (Host)
 CPEs
 Certainty
 Criticality
 DNS
 Device Class
 Discovered On (yyyy-MM-dd)
 FQDN
 Hostname (required)
 IP Address (required)
 Last Found On (yyyy-MM-dd)
 NetBIOS
 Operating System
 Owner
 Tags

Findings (Host)
 CVEs
 Description (required)
 Discovered On (yyyy-MM-dd)
 Last Found On (yyyy-MM-dd)
 Plugin ID (required)
 Reference Names/IDs
 Reference Types
 Reference URLs
 Scanner Output
 Service Name
 Service Port
 Severity (required)
 Solution (required)
 Tags
 Title (required)

Application

Base URL,name1,Application URL,Description,Plugin ID,Severity,Solution,Title,Discovered On,Last Found On,Hostname,IP Address,Criticality,Owner,Tags,Title__findings,Discovered On_find,Last Found On_find,Plugin ID_find,Output,Full Request,Request Parameter,Request Method,Request URL,Full Response,Payload,CWE,Tags_finds,Reference Types,Reference URLs,Reference Names/IDs

Detailed Field View

Assets (Application)
 Base URL (required)
 Criticality
 Discovered On (yyyy-MM-dd)
 Hostname
 IP Address
 Last Found On (yyyy-MM-dd)
 Name (required)
 Owner
 Tags

Findings (Application)
 Application URL (required)
 CWE
 Description (required)
 Discovered On (yyyy-MM-dd)
 Full Request (Base64 Encoded)
 Full Response (Base64 Encoded)
 Last Found On (yyyy-MM-dd)
 Output
 Payload
 Plugin ID (required)
 Reference Names/IDs
 Reference Types
 Reference URLs
 Request Method
 Request Parameter
 Request URL
 Severity (required)
 Solution (required)
 Tags
 Title (required)