The Mappings Manager can work with the output of many different tools/plugins but not all of them are supported in the same way. Check the list below to see what tools are included in the Mappings Manager as well as a list of all available templates and fields.
The Mappings Manager can customize multiple templates for each Tool (e.g. one template for the Issues, another for the Evidence, etc.) You can pick the template to use from the dropdown.
Customize each template separately to get the exact output that you need for your report template. You can also check the fields you have configured against each of your templates' report template properties by selecting which template to validate against, as seen on the right. More on the specifics of integrating with your report template later.
On upload, Dradis uses the plugin_id
field (an automatically created field containing the unique ID from each plugin) to create new Issues. If one Issue appears more than once in a file, 1 Issue will be created with more than 1 instance of Evidence. If you upload more than one file from the same tool, with the same Issue present in multiple files, the first tool upload will define the severity of an Issue.
Each supported plugin has a list of fields that you can automatically import into your plugin template. Click on Available fields to view a popup of all the fields that the plugin supports.
The combination of plugin templates and plugin fields take in your uploaded tool output and create a new Note
, Issue
, or Evidence
in Dradis, customized exactly how you need it to be.
You'll notice that each of the Supported Tools has a different naming convention for the different templates. These names match up with the field names within the different tool outputs. For example, the Nessus Report Item template corresponds to the data available in the ReportItem
tags in the .nessus
file.
The Issue template defines Issue fields
The following fields are available:
report_item.name
report_item.module_name
report_item.severity
report_item.type
report_item.impact
report_item.description
report_item.detailed_information
report_item.recommendation
report_item.request
report_item.response
report_item.cvss_descriptor
report_item.cvss_score
report_item.cvss3_descriptor
report_item.cvss3_score
report_item.cvss3_tempscore
report_item.cvss3_envscore
report_item.cve_list
report_item.references
The Evidence template defines Evidence fields
The following fields are available:
evidence.details
evidence.affects
evidence.parameter
evidence.aop_source_file
evidence.aop_source_line
evidence.aop_additional
evidence.is_false_positive
evidence.request
evidence.response
The Evidence 360 template defines Evidence fields for Acunetix 360 scans
The following fields are available:
evidence_360.http_request
evidence_360.http_request_method
evidence_360.http_response
evidence_360.http_response_status_code
evidence_360.http_response_duration
The Issue 360 template defines Issue fields for Acunetix 360 scans
The following fields are available:
vulnerability_360.name
vulnerability_360.type
vulnerability_360.url
vulnerability_360.description
vulnerability_360.impact
vulnerability_360.remedial_actions
vulnerability_360.exploitation_skills
vulnerability_360.remedial_procedure
vulnerability_360.remedy_references
vulnerability_360.external_references
vulnerability_360.severity
vulnerability_360.certainty
vulnerability_360.confirmed
vulnerability_360.state
vulnerability_360.owasp
vulnerability_360.wasc
vulnerability_360.cwe
vulnerability_360.capec
vulnerability_360.pci32
vulnerability_360.hipaa
vulnerability_360.owasppc
vulnerability_360.iso27001
vulnerability_360.cvss_vector
vulnerability_360.cvss_base
vulnerability_360.cvss_temporal
vulnerability_360.cvss_environmental
vulnerability_360.cvss31_vector
vulnerability_360.cvss31_base
vulnerability_360.cvss31_temporal
vulnerability_360.cvss31_environmental
The Evidence template defines Evidence fields
The following fields are available:
evidence.attack_config_description
evidence.attack_description
evidence.attack_id
evidence.attack_matched_string
evidence.attack_post_params
evidence.attack_request
evidence.attack_response
evidence.attack_user_notes
evidence.attack_value
evidence.attack_vuln_url
evidence.benign
evidence.original_value
evidence.original_response_code
The Issue template defines Issue fields
The following fields are available:
vuln.attack_class
vuln.attack_score
vuln.attack_type
vuln.attack_value
vuln.capec
vuln.confidence
vuln.cwe_id
vuln.description
vuln.dissa_asc
vuln.html_entity_attacked
vuln.imperva_bl
vuln.imperva_wl
vuln.mod_security_bl
vuln.mod_security_wl
vuln.normalized_url
vuln.oval
vuln.owasp2007
vuln.owasp2010
vuln.owasp2013
vuln.owasp2017
vuln.pcre_regex_bl
vuln.pcre_regex_wl
vuln.recommendation
vuln.scan_date
vuln.snort_bl
vuln.snort_wl
vuln.statistically_prevalent_original_response_code
vuln.vuln_method
vuln.vuln_param
vuln.vuln_type
vuln.wasc
vuln.vuln_url
The Issue template defines Issue fields
The following fields are available:
warning.warning_type
warning.warning_code
warning.fingerprint
warning.message
warning.file
warning.line
warning.link
warning.code
warning.render_path
warning.location_type
warning.location_class
warning.location_method
warning.user_input
warning.confidence
The Scan info template defines the fields for a Note set to the Default category
The following fields are available:
scan_info.app_path
scan_info.rails_version
scan_info.security_warnings
scan_info.start_time
scan_info.end_time
scan_info.duration
scan_info.number_of_controllers
scan_info.number_of_models
scan_info.number_of_templates
scan_info.ruby_version
scan_info.brakeman_version
The XML Evidence template defines Evidence fields
The following fields are available:
issue.host
issue.path
issue.location
issue.severity
issue.confidence
issue.request
issue.response
issue.detail
The XML or HTML Issue template defines Issue fields
The following fields are available:
issue.name
issue.severity
issue.background
issue.remediation_background
issue.detail
issue.remediation_detail
issue.references
issue.vulnerability_classifications
The HTML Evidence template defines fields for the instances of Evidence that are created when you upload a Burp HTML report. If you're uploading a Burp XML file, configure the Evidence template instead.
The following fields are available:
issue.host
issue.path
issue.location
issue.severity
issue.confidence
issue.request
issue.request_1
issue.request_2
issue.request_3
issue.response
issue.response_1
issue.response_2
issue.response_3
The Evidence template defines Evidence fields
The following fields are available:
evidence.agent_deployed
evidence.description
evidence.tried_to_install_agent
evidence.port
The Issue template defines Issue fields
The following fields are available:
issue.title
issue.agent_deployed
issue.cve
issue.description
issue.port
issue.tried_to_install_agent
The Evidence template defines Evidence fields
compliance.cm_actual_value
compliance.cm_audit_file
compliance.cm_check_id
compliance.cm_check_name
compliance.cm_info
compliance.cm_output
compliance.cm_policy_value
compliance.cm_reference
compliance.cm_result
compliance.cm_see_also
compliance.cm_solution
evidence.plugin_output
evidence.port
evidence.protocol
evidence.svc_name
evidence.severity
report_item.plugin_name
The Issue template defines Issue fields
The following fields are available:
report_item.age_of_vuln
report_item.bid_entries
report_item.cve_entries
report_item.cvss3_base_score
report_item.cvss3_temporal_score
report_item.cvss3_temporal_vector
report_item.cvss3_vector
report_item.cvss_base_score
report_item.cvss_temporal_score
report_item.cvss_temporal_vector
report_item.cvss_vector
report_item.description
report_item.exploitability_ease
report_item.exploit_available
report_item.exploit_code_maturity
report_item.exploit_framework_canvas
report_item.exploit_framework_core
report_item.exploit_framework_metasploit
report_item.metasploit_name
report_item.patch_publication_date
report_item.plugin_family
report_item.plugin_id
report_item.plugin_modification_date
report_item.plugin_name
report_item.plugin_output
report_item.plugin_publication_date
report_item.plugin_type
report_item.plugin_version
report_item.port
report_item.protocol
report_item.risk_factor
report_item.see_also_entries
report_item.severity
report_item.solution
report_item.svc_name
report_item.synopsis
report_item.threat_intensity_last_28
report_item.threat_recency
report_item.threat_sources_last_28
report_item.vpr_score
report_item.vuln_publication_date
report_item.xref_entries
The Note: Report host template defines the fields for a Note set to the Default category on each Node
The following fields are available:
report_host.name
report_host.ip
report_host.fqdn
report_host.operating_system
report_host.mac_address
report_host.netbios_name
report_host.scan_start_time
report_host.scan_stop_time
The Evidence template defines Evidence fields
The following fields are available:
evidence.rawrequest
evidence.rawresponse
evidence.url
evidence.vulnerableparameter
evidence.vulnerableparametertype
evidence.vulnerableparametervalue
The Issue template defines Issue fields
The following fields are available:
issue.actions_to_take
issue.certainty
issue.classification_asvs40
issue.classification_capec
issue.classification_cvss_vector
issue.classification_cvss_base_value
issue.classification_cvss_base_severity
issue.classification_cvss_environmental_value
issue.classification_cvss_environmental_severity
issue.classification_cvss_temporal_value
issue.classification_cvss_temporal_severity
issue.classification_cwe
issue.classification_disastig
issue.classification_hipaa
issue.classification_iso27001
issue.classification_nistsp80053
issue.classification_owasp2013
issue.classification_owasp2017
issue.classification_owasp2021
issue.classification_owasppc
issue.classification_pci31
issue.classification_pci32
issue.classification_wasc
issue.description
issue.external_references
issue.extrainformation
issue.impact
issue.knownvulnerabilities
issue.remedy
issue.remedy_references
issue.required_skills_for_exploitation
issue.severity
issue.title
issue.type
The Evidence template defines Evidence fields
The following fields are available:
evidence.content
evidence.id
evidence.port
evidence.protocol
evidence.status
The Issue template defines Issue fields
The following fields are available:
vulnerability.added
vulnerability.cvss_score
vulnerability.cvss_vector
vulnerability.description
vulnerability.modified
vulnerability.nexpose_id
vulnerability.pci_severity
vulnerability.published
vulnerability.risk_score
vulnerability.references
vulnerability.severity
vulnerability.solution
vulnerability.tags
vulnerability.title
The Note: Full Scan template defines the fields for a Note set to the Default category on the Nexpose Scan Summary Node
The following fields are available:
scan.end_time
scan.name
scan.scan_id
scan.start_time
scan.status
For a simple scan format, the Note: Simple port template defines the fields for a Note set to the Default category for each Port associated with a specific Host (e.g. Node)
The following fields are available:
port.finding
port.id
The Evidence template defines Evidence fields
The following fields are available:
item.request_method
item.uri
item.namelink
item.iplink
The Issue template defines Issue fields
The following fields are available:
item.id
item.request_method
item.osvdbid
item.osvdblink
item.references
item.description
item.uri
item.namelink
item.iplink
The Evidence template defines Evidence fields
The following fields are available:
evidence.device_name
evidence.device_type
evidence.device_osversion
The Issue template defines Issue fields
The following fields are available:
issue.title
issue.cvss_base
issue.cvss_base_vector
issue.cvss_temporal
issue.cvss_temporal_vector
issue.cvss_environmental
issue.cvss_environmental_vector
issue.finding
issue.impact
issue.ease
issue.recommendation
The Note: Host template defines the fields for a Note set to the Default category on each Node
The following fields are available:
host.hostnames
host.ip
host.service_table
host.os
The Note: Port template defines the fields for a Note set to the Default category for each Port associated with a specific Host (e.g. Node)
The following fields are available:
port.number
port.protocol
port.state
port.reason
port.service.name
port.service.product
port.service.tunnel
port.service.version
port.host
The Evidence template defines Evidence fields
The following fields are available:
evidence.port
evidence.description
The Issue template defines Issue fields
The following fields are available:
result.threat
result.description
result.original_threat
result.notes
result.overrides
result.name
result.cvss_base
result.cvss_base_vector
result.risk_factor
result.cve
result.bid
result.xref
result.summary
result.insight
result.info_gathered
result.impact
result.impact_level
result.vuldetect
result.affected_software
result.solution
result.solution_type
The Vuln Evidence template defines Evidence fields that are created when you upload a Qualys Vulnerability Management report
The following fields are available:
evidence.cat_fqdn
evidence.cat_misc
evidence.cat_port
evidence.cat_protocol
evidence.cat_value
evidence.result
The Vuln Issue template defines Issue fields fields that are created when you upload a Qualys Vulnerability Management report
The following fields are available:
element.number
element.severity
element.cveid
element.title
element.last_update
element.cvss_base
element.cvss_temporal
element.pci_flag
element.vendor_reference_list
element.cve_id_list
element.bugtraq_id_list
element.diagnosis
element.consequence
element.solution
element.compliance
element.result
element.qualys_collection
The WAS Evidence template defines fields for the instances of Evidence that are created when you upload a Qualys Web Application Scan report.
The following fields are available:
was-evidence.access_paths
was-evidence.ajax
was-evidence.authentication
was-evidence.ignored
was-evidence.potential
was-evidence.request_headers
was-evidence.request_method
was-evidence.request_url
was-evidence.response_evidence
was-evidence.response_contents
was-evidence.url
The WAS Issue template defines fields for the Issues that are created when you upload a Qualys Web Application Scan report.
The following fields are available:
was-issue.category
was-issue.cvss_base
was-issue.cvss_temporal
was-issue.cvss3_base
was-issue.cvss3_temporal
was-issue.cvss3_vector
was-issue.cwe
was-issue.description
was-issue.group
was-issue.impact
was-issue.owasp
was-issue.qid
was-issue.severity
was-issue.solution
was-issue.title
was-issue.wasc
The Asset Evidence template defines fields for the instances of Evidence that are created when you upload a Qualys Asset Scan report.
The following fields are available:
was-evidence.access_paths
was-evidence.ajax
was-evidence.authentication
was-evidence.ignored
was-evidence.potential
was-evidence.url
The Asset Issue template defines fields for the Issues that are created when you upload a Qualys Asset Scan report.
The following fields are available:
was-issue.category
was-issue.cvss_base
was-issue.cvss_temporal
was-issue.cvss3_base
was-issue.cvss3_temporal
was-issue.cvss3_vector
was-issue.cwe
was-issue.description
was-issue.group
was-issue.impact
was-issue.owasp
was-issue.qid
was-issue.severity
was-issue.solution
was-issue.title
was-issue.wasc
The Evidence template defines Evidence fields
The following fields are available:
evidence.port
evidence.severity
evidence.class
evidence.cve
evidence.cvss_base_score
The Issue template defines Issue fields
The following fields are available:
vulnerability.description
vulnerability.hostname
vulnerability.ipaddr
vulnerability.hosttype
vulnerability.scan_time
vulnerability.status
vulnerability.severity
vulnerability.cve
vulnerability.cvss_base_score
vulnerability.impact
vulnerability.background
vulnerability.problem
vulnerability.resolution
vulnerability.reference
The Issue template defines Issue fields
The following fields are available:
issue.categoryid
issue.categoryname
issue.cweid
issue.cwename
issue.description
issue.exploitlevel
issue.issueid
issue.line
issue.mitigation_status
issue.mitigation_status_desc
issue.module
issue.note
issue.remediation_status
issue.remediationeffort
issue.severity
issue.sourcefile
issue.sourcefilepath
The Issue template defines Issue fields
The following fields are available:
vulnerability.title
vulnerability.fixed_in
vulnerability.cve
vulnerability.url
vulnerability.wpvulndb_url
The Note: Scan template defines Note fields
The following fields are available:
scan_info.target_url
scan_info.wordpress_version
scan_info.plugins_string
scan_info.themes_string
scan_info.users
scan_info.wpscan_version
scan_info.start_time
scan_info.elapsed
The Evidence template defines Evidence fields
The following fields are available:
evidence.uri
evidence.param
evidence.attack
The Issue template defines Issue fields
The following fields are available:
issue.pluginid
issue.alert
issue.riskcode
issue.confidence
issue.riskdesc
issue.desc
issue.count
issue.solution
issue.otherinfo
issue.reference
issue.cweid
issue.wascid
Now that you understand how the Mappings Manager uses Tools, Templates, and Fields together to customize your findings, let's move on and integrate the Mappings Manager with YOUR report template.
Next help article: Integrating with your report template →
Your email is kept private. We don't do the spam thing.