Most pentesters use a vulnerability library to save time when building a report. Here, you normally maintain a collection of descriptions for vulnerabilities you’ve written in the past. Then, when you have a similar vulnerability, you copy-paste that description and update it based on the current instance.
Cyver Core’s Vulnerability Library function does exactly that. When you save a master template to the library, it saves all of the data including description, CVSS, etc. In addition, with the option to create and maintain multiple libraries, you can do so per client or per compliance norm, meaning you don’t have to rewrite descriptions each time you change client.
Now, with our Auto-Merge functionality, you can skip the step of copying and pasting descriptions. Instead, Cyver Core will automatically import your Vulnerability Library data with your imports, so you can immediately get to work updating and customizing those descriptions to the current instance.
How Does It Work:
- During Finding import, select your file and click “Next” to go to the “options” screen
- Turn on the “Auto-merge” toggle
- Select the vulnerability library you’d like to auto-merge
- Select what you’d like to merge. Cyver Core allows you to automatically import Title, type, description, classification data (severity, CVSS), notes like recommendations and background information, and compliance checklist data. You can replace existing data, append existing data, or skip for 14 data points.
- Select findings you’d like to merge from the import. These are mapped to vulnerability library items based on title.
- Confirm and wait for the import
- Then, review the imports and, if happy, click confirm
The findings will be uploaded to the pentest you selected. From there, you can go through and tweak data, add any customizations to the description, etc.
In addition, you can import this data on a Finding-by-Finding basis after importing your batch file. Here, you can edit the finding from the Pentest and import vulnerability library items based on title. Cyver Core recommends that you make sure naming conventions are the same across tools and in your vulnerability library before using this feature.
If you’d like to know more about how auto-merge works or if you’d like to see it in action, contact us for a free demo.