Imports
The Importer section, accessible via Toolbox –> Importer, allows users to import various types of data into the system through guided import procedures.
Upon navigating to the Importer, users are presented with a set of buttons—each representing a distinct type of importable entity. Clicking a button will initiate a dedicated import workflow, typically involving steps such as uploading a file, mapping fields, validating content, and confirming the import.
Available Import Options
The following entities can be imported via the Toolbox:
Objects Allows the import of Objects such as servers, applications, or other infrastructure elements into the CMDB
Types Enables import of custom Types, including their attributes and structural definitions
Threats Used to bulk import Threats into the ISMS module. This is useful for initializing the Threats catalog based on external standards or regulations
Vulnerabilities Allows the import of Vulnerabilities into the ISMS module which can be linked to Threats and used in risk analysis
Controls Supports importing Controls into the ISMS module such as security requirements or compliance rules (e.g., ISO 27001, NIST)
Importing Objects
To import Objects, navigate to Toolbox -> Importer and click on the Import Objects button. This will open the object import workflow, where you can upload your data and configure the import process.
Currently we support the import ofthe following file formats:
CSV
JSON
Import Steps
The object import is performed in 5 structured steps:
File Format and Upload Choose the file format (CSV or JSON) and upload the file to be imported.
File Configuration Depending on the selected format, various configuration options are available with default values
Type Mapping - Select the Type into which the data will be imported. - If importing from CSV, use the drag-and-drop assistant to map file columns to object fields. - Foreign keys (references to other objects) can also be configured here.
Import Configuration Specify how to handle existing Objects: - If an Object with the same public_id already exists, choose whether it - should be updated or created - It is possible to limit the amount of imported Objects
Review and Import A final overview displays the number of Objects ready for import. After confirming everything is correct, click Start Import to complete the process.
Importing Types
Types can also be imported using a JSON file. To do this, navigate to Toolbox -> Importer and select the Import Types option. Upload a JSON file containing one or more Type definitions. During the import process, the system will display all available Types within the file, and you can choose which specific Types you want to import. This allows for selective importing and easy reuse of exported Type configurations.
Importing Threats
To import Threats, go to Toolbox -> Importer and select the Import Threats option. You can upload a CSV file to import multiple Threats in a single operation. Please follow the structure and rules below to ensure a successful import.
CSV File Format
Supported delimiters: , (comma) or ; (semicolon)
The first row must contain the column headers
Required and Optional Headers
The CSV file should include the following headers:
Header |
Required |
Description |
|---|---|---|
|
Yes (*) |
The name of the Threat. |
|
No |
The source of the Threat. If the specified source does not exist, it will be created automatically. |
|
No |
An optional identifier for the Threat. |
|
No |
A detailed description of the Threat. |
Source Mapping
The value provided in the source field is matched against existing Threat Sources by name.
This comparison is case-sensitive. For example, SourceA and sourcea are treated as different sources.
If no match is found, a new Source will be created automatically.
Duplicate Handling
Before creating a new Threat, the system performs a case-sensitive comparison across all fields. A Threat will only be created if no identical entry already exists in the database. This ensures that importing the same CSV file multiple times will not result in duplicate entries.
Example CSV Content
name;source;identifier;description
Threat1;Source1;Identifier1;Description1
Threat2;Source2;Identifier2;Description2
Importing Vulnerabilities
To import Vulnerabilities, go to Toolbox -> Importer and select the Import Vulnerabilities option. You can upload a CSV file to import multiple Vulnerabilities at once. Follow the guidelines below to ensure a successful import process.
CSV File Format
Supported delimiters: , (comma) or ; (semicolon)
The first row must contain the column headers.
Required and Optional Headers
Your CSV file should contain the following headers:
Header |
Required |
Description |
|---|---|---|
|
Yes (*) |
The name of the Vulnerability. |
|
No |
The source of the Vulnerability. If the specified source does not exist, it will be created automatically. |
|
No |
An optional identifier for the Vulnerability. |
|
No |
A detailed description of the Vulnerability. |
Source Mapping
The value in the source field is matched against existing Vulnerability Sources by name. This match
is case-sensitive. For instance, VulnDB and vulndb are treated as different values. If no matching
source exists, one will be created during import.
Duplicate Handling
Before creating a new Vulnerability, the system performs a case-sensitive comparison of all fields. A Vulnerability is only created if no exact match exists in the database. This means re-importing the same CSV file will not result in duplicate entries.
Example CSV Content
name;source;identifier;description
Vulnerability1;Source1;Identifier1;Description1
Vulnerability2;Source2;Identifier2;Description2
Importing Controls
To import Controls, navigate to Toolbox -> Importer and select the Import Controls import option. You can upload a CSV file to import multiple Controls at once. Follow the format and requirements outlined below for a successful import.
CSV File Format
Supported delimiters: , (comma) or ; (semicolon)
The first row must contain the column headers.
Required and Optional Headers
The CSV file should contain the following headers:
Header |
Required |
Description |
|---|---|---|
|
Yes (*) |
The title or name of the Control. |
|
Yes (*) |
The type of the Control. Allowed values: |
|
No |
The source of the Control. Matched case-sensitively by name. |
|
No |
The implementation status (e.g., |
|
No |
An optional identifier for the Control. |
|
No |
A logical grouping or chapter reference, if applicable. |
|
No |
A detailed explanation of the Control. |
|
No |
Indicates if the Control is applicable.
Accepted truthy values: |
|
No |
Justification if the Control is marked as not applicable. |
Source and Status Mapping
Values in the source and implementation_state fields are matched against existing entries by name.
Matching is case-sensitive, so for example Source is not equal to source.
If no match is found, the value will be automatically created.
Duplicate Handling
To avoid duplicates, the system performs a case-sensitive comparison across all fields. A new Control is created only if there is no exact match already present. Re-importing the same CSV will not create duplicates.
Example CSV Content
title,control_measure_type,source,implementation_state,identifier,chapter,description,is_applicable,reason
MC1,CONTROL,MC_SOURCE,In Progress,Identifier1,Chapter1Text,Description1,true,Reason1Text
MC2,REQUIREMENT,MC_SOURCE2,In Progress,Identifier2,Chapter2Text,Description2,no,Reason2Text
Importing Risks
To import Risks, navigate to Toolbox -> Importer and select the Import Risks option. A CSV file can be uploaded to import multiple Risks at once. Follow the specifications below to ensure successful processing.
CSV File Format
Supported delimiters: , (comma) or ; (semicolon)
The first row must contain the column headers.
Required and Optional Headers
Header |
Required |
Description |
|---|---|---|
|
Yes (*) |
The name or title of the Risk. |
|
No (*) |
The type of the Risk. Allowed values: |
|
No |
Related protection goals (e.g., |
|
No |
Associated Threats by name. Use comma-separated values. |
|
No |
Linked Vulnerabilities by name. Use comma-separated values. |
|
No |
An identifier for the Risk. |
|
No |
Potential consequences if the Risk materializes. |
|
No |
A detailed explanation or context of the Risk. |
Source Mapping
Values in the protection_goals, threats, and vulnerabilities fields are matched against
existing entries by name. Matching is case-sensitive (e.g., Source ≠ source).
If no match is found, the missing entries will be automatically created.
Duplicate Handling
The system performs a case-sensitive comparison across all fields to detect duplicates. A Risk is created only if an exact match does not already exist. Re-importing the same CSV will not result in duplicate entries.
Special Notes Based on risk_type
Some fields are conditionally required based on the value of the risk_type:
THREAT_X_VULNERABILITY: -threatsis required -vulnerabilitiesis required -consequencesmust be emptyTHREAT: -threatsis required -vulnerabilitiesmust be empty -consequencesmust be emptyEVENT: -threatsmust be empty -vulnerabilitiesmust be empty -consequencesis required -descriptionis required
Example CSV Content
name;risk_type;protection_goals;threats;vulnerabilities;identifier;consequences;description
Risk1;THREAT;Confidentiality,Integrity;Fire,Water;;Identifier1;;
Risk2;EVENT;Integrity;;;Identifier2;Consequences2;Description2