Overview
This article explains how to fill out the fields in Hyver’s CSV import template when manually uploading findings.
Some fields are required, others are optional — but each plays a role in ensuring imported findings are correctly categorized and actionable within Hyver.
Details
Field Name | Options / Format | Mandatory | Notes |
Finding Name | Text | Yes | Provide a clear, descriptive title. Example: Weak password used in ABC environment. |
Severity | Critical, High, Medium, Low, Informative | Yes | Choose one of the listed options. This influences prioritization and risk scoring. |
Summary | Text | Yes | Short explanation of the issue. Keep it concise and meaningful. |
NIST v1.1 ID | Subcategory IDs (e.g., PR.DS-3; PR.IP-1) | Yes* | You only need to enter either v1.1 or v2.0. Hyver will auto-fill the other version. Separate multiple subcategories with semicolons (;). |
NIST v2.0 ID | Subcategory IDs (e.g., GV.OC-04; GV.RM-01) | Yes* | Same as above. Required only if v1.1 is not provided. |
Security Domain | Short label (e.g., identity, network, application) | Yes | Use the short form — Hyver will map it to the full name. Examples: |
Status | Open, To do, In progress, On hold, Fixed, Acceptable risk, Reopen, Not relevant, Draft, Approved, Not approved, Awaiting approval | No | Defaults to Open. Findings are shared with “Anyone with permission” by default. |
Probability | Numeric (1–100) | No | Required only if you want the finding to appear in the Mitigation Graph. |
Description | Text | No | Provide a detailed description of the finding. |
Business Impact | Text | No | Describe how exploitation of this finding could affect your organization. |
Mitigation Recommendations | Text (separate multiple actions with | No | Example: |
MITRE ATT&CK | Tactic_Technique format (e.g., Execution_PowerShell) | No | Combine tactic and technique in one field. Separate multiple entries with semicolons. Refer to MITRE documentation for valid values. |
Remediation Effort (Estimated) | Neglected, Low, Medium, High, Very High, Unknown | No | Indicates estimated effort to remediate, based on internal experience or external data. |
Remediation Cost (Estimated) | Very High, High, Medium, Low, Neglected, Unknown | No | Cost indicators reflect financial investment needed to remediate. |
Engagement | Text | No | Defaults to: Company Name – Imported Data. You can also specify a different active engagement. Must be activated before import. |
Type | Vulnerability, Potential | No | Defaults to Vulnerability. Use Potential for unverified findings. |
CVSS Vector | Text | No | Optional CVSS classification string. |
Kill Chain | Reconnaissance, Weaponization, Delivery, Installation, Command & Control, Actions on Objectives | No | Indicates the stage of the Cyber Kill Chain where this finding applies. |
Verification Complexity | Complex, Simple | No | Use Complex for fixes that require multiple steps or assessments. |
Tags | Text; separated by | No | Add custom tags for sorting and filtering. Example: |
Wrap-up / Next Steps
Use this table as a reference when filling out the import CSV. The more complete and accurate your entries are, the easier it is to manage findings inside Hyver post-import.