Insight AppSec Vulnerabilities Reports in CSV Format

Hi Community Team ,
Would it be possible to create a CSV Report from Appsec to include the following :
App
URL
Attack Type
Module Type
Vulnerability Information
Description
References
Recommendation
CVSS Score
Severity
Status
Original Value
Attack Value
Proof
Proof Description
First Detect
Last Detect

I don’t see the options to either add these as column in within the csv export that is currently available within the Appsec console , I was wondering , if in future there would an option to create CSV report with mentioned fields , similar report like what available within the console as HTML or PDF .

Thank you,
Manny

@tyler_schmidtke @holly_wilsey @zyoutz

Wanted to tag you to see if you have any ideas ?

Manny

One option for generating a report with most of those fields is if you go to All Vulnerabilities, sort + select the ones you want to include, then click Export to CSV. That report will include a lot of info about the app, the vulns, their status, etc. I don’t believe it includes the proof, though I’m not aware of a way to include that in this specific report right now.

There’s also the option of generating a report based on a specific scan when you navigate to a scan, do Generate Report, Vulnerability Report, and then choose one of those two options. The Vulnerabilities with Remediation report will give a ton of info on attack details and recommendations for remediation. The proof and its description are included in this report, and it’s available in PDF + HTML form.

Hi @holly_wilsey ,

The CSV report does not include a lot of these field such as Description, References, Recommendation, Proof, Proof Description,Original Value, Attack Value, Vulnerability Information. I wanted to atleast get Description, References, Recommendation, Proof, Proof Description in CSV format along with what is currently supported in CSV export , it is for collaboration and documentation purpose and to share with Audit teams.

The CSV report only include the below feilds currently :
URL,Parameter,Module Type, Attack Type, CVSS, Severity,First Discovered, Last Discovered, App, Status. The HTML report is Nice however editing the HTML report is difficult and the only option is to print or share the links , we set timelines with our audit teams and dev team to remediate these vulnerabilities and sharing using CSV and having all this information in one CSV file greatly helps. I am already aware of the HTML and PDF report you indicated , I wish there was a option for CSV Export Just like the HMTL or PDF Option in the below screenshot ( image

Hi @manny_singh thanks for raising this, just to confirm are you looking to do a CSV export for the vulnerabilities associated with a specific scan? Also what actions are you looking to take after exporting these results to CSV e.g are you importing into another tool?

. I wanted to atleast get Description, References, Recommendation, Proof, Proof Description in CSV format along with what is currently supported in CSV export , it is for collaboration and documentation purpose and to share with Audit teams.

Yes, Specific Appscan