Skip to main content

Import findings into Hyver from external sources

Import findings from other systems into Hyver by uploading your own data or using the optional import template.

Updated over 3 months ago

Overview

This article walks you through the full process of importing findings (vulnerabilities) into Hyver from external systems that aren’t integrated directly. You’ll learn how to download and fill in the import template, map your data to Hyver’s structure, handle errors and duplicates, and reuse column mapping templates to save time in the future.

You’ll also get guidance on how the platform handles common edge cases — like overwriting existing findings, validation issues, and restricted data — so nothing catches you off guard.

To complete this process, you’ll need access to Hyver, the correct user permissions, and at least basic familiarity with the NIST Cybersecurity Framework.

Prerequisites

Before you start, make sure the following is in place:

  • User access to Hyver

  • Admin permissions in Hyver (at either the platform or engagement level)

Note: Findings must always be imported into a specific engagement. You won’t be able to complete the import unless you have the right access at that level.

  • One or more findings to import from another system

  • A basic understanding of NIST maturity framework terms (for filling in the NIST-related template fields)

Step-by-step: How to import findings

1. Navigate to the import findings tool

  1. Go to the Findings page in Hyver.

  2. Click Import findings to open the import interface:

Then:

(Optional) Click Download template to use Hyver’s spreadsheet format for entering your findings:

Tip: Row 2 in the template provides field-completion guidance. You can leave it in the file or delete it — it won't affect the import. If left in, it will appear as a failed import row, but this won't block anything:

2. Prepare your data

You can either fill in the optional Hyver template, or use your own spreadsheet — just make sure your data matches Hyver’s required structure and permitted values.

Here’s what you need to know:

  • Mandatory fields must be included and completed.

  • For fields that allow multiple values (like NIST CSF), separate entries with a semicolon ; with no space between values.

  • The Probability field is optional, but required if you want the finding to appear in the mitigation graph. Use a value between 1–100.

  • For NIST fields: entering values in either v1.1 or v2.0 is sufficient — Hyver will autofill the other version.

  • The Security Domain field is autofilled based on the NIST input.

  • Whether you use the template or not, your values must follow Hyver’s permitted formats and standards.

See: [Import Template Fields Reference] for a full list of accepted values.

Step-by-step: Import and map your data

3. Upload your file

After completing your template, return to the Findings page, click Import findings, and upload your file:

Hyver will confirm the file is readable and valid before moving you to the next step:

4. Map your columns to Hyver fields

When you upload the file, Hyver shows a column mapping screen to align your data with its internal system.

Here’s what you’ll see:

  • On the left side, your original column names from the uploaded file

  • On the right side, a dropdown list of Hyver fields

Your job: tell Hyver which of your columns maps to which internal field.

Helpful hints while mapping:

  • Mandatory fields are marked with a red asterisk in the dropdown. You must map these before continuing:

  • You’ll also see a red message below the table reminding you if any required fields are still unmapped:

  • Hyver previews data samples to help you make decisions:

  • Example values show expected formats (e.g., for severity: “Low” instead of “82”):

Tip: Hyver automatically maps columns when their names match exactly (e.g., "Status" to "Status"). This auto-mapping is case-insensitive but doesn’t handle typos or synonyms (e.g., "Likelihood" won’t match "Probability").

Using the Hyver template can make this process easier, since it already includes the exact field names Hyver expects.

5. Save your column mapping (optional but recommended)

If you’ve spent time mapping 10, 15, or more fields, you probably don’t want to do that every time.

Here’s how to save a reusable template:

  • Check the box labeled Save Column Mapping in the bottom-left corner of the screen (footer):

  • Enter a name for your template:

  • Click Save Column Mapping:

Error scenarios you might see:

  • Server error: You’ll get a message asking you to try again.

  • Duplicate name: You’ll be prompted to pick a different name (Hyver won’t overwrite existing ones).

Reusing saved templates

6. Load a previously saved mapping

When you upload a new file, you can reuse a column mapping template you saved earlier:

  • Click the small arrow in the Select template dropdown at the top right.

  • Choose the template you want to apply from the list.

This automatically fills in the column mappings based on what you previously configured.

  • Hyver will try to match the column names from your current file with what you saved, And you will see the following confirmation message:

If some matches are missing (e.g., a new column or one with a different name), Hyver will show only what it recognizes. Partial matches are okay — you can map the rest manually.

7. Manage your saved templates

From the Manage Template menu, you can:

  • Rename a template

  • Delete a template

Important: Changes here apply to everyone in your company using Hyver. If someone deletes or renames a template, it disappears for all users.

Templates cannot be edited directly. If you want to update the mappings, load the template, adjust the fields, and then save it again under a new name.

Step-by-step: Validate and resolve issues

Once your data is mapped, Hyver runs a validation check. This is where it separates clean rows from problematic ones:

8. Understand validation outcomes

For each row in your file, Hyver checks whether the finding already exists under the same engagement. Based on this check, each row will be assigned one of the following four statuses:

  • Duplicate: The finding already exists in Hyver with identical values. It will not be imported.

  • Overwrite: The finding exists but with differences. Hyver flags it so you can review which fields will be updated if you proceed with the import.

  • Error: The row contains invalid or incomplete data (for example, a value doesn’t meet format requirements) and cannot be imported.

  • New: The finding doesn’t match any existing record and is valid for import. You’ll see no status icon for these rows — this simply means the row has no logical errors, is not a duplicate, and doesn’t trigger an overwrite.

For example, in the image, you can see how different rows on the validation page display different status icons:

  • A red X indicates a logical error in the row — the finding contains invalid data and cannot be imported.

  • A yellow exclamation mark signals that an overwrite is about to occur — the finding exists but includes changes. If you choose to import it, those fields will be updated.

  • A blue check icon shows a duplicate — this finding is identical to one already in the database and will not be imported:

For convenience, you can hover over any row with a warning icon — whether it’s an error, overwrite, or duplicate — to see a tooltip explaining exactly why the row was flagged:

Also note that duplicates and errors are never imported. Overwrites and new findings are clearly marked, so you always know what’s about to change.

This information is also summarized for you in the Import Summary — a message displayed just below the table. In the example shown (different from the previous image), the summary line gives you a clear breakdown: how many findings are new and valid for import, how many are overwrites, and how many were identified as duplicates or errors:

Special edge case: restricted findings

If a finding exists in the system but is in Restricted Share Mode and you don’t have access to it, Hyver treats the row as an error and does not import it.

Suggested solution:

  • Contact the person who owns the finding

  • Or rename your finding to make it unique

9. Clean up your data — the table is fully editable

On the validation page, the table is fully editable — giving you full control to make last-minute changes before import. You can correct errors, update values, or remove rows directly from this screen. This flexibility helps streamline your workflow and saves you from having to re-upload the file.

How to edit rows

You can edit any cell in the table by double-clicking the content you want to change. The field will become editable right in place — no need to open a separate editor:


For example, if a finding’s severity is incorrect, just double-click the cell, update the value, and you're done.

How to delete rows

To remove rows you don’t want to import:

  1. Select the checkboxes next to the rows

  2. Click the Delete button (this only appears once at least one row is selected):

Cleanup tips and quick reminders

  • You can edit content inline and delete rows as needed.

  • Color-coded icons indicate status:

    • Red = Error

    • Yellow = Overwrite

    • Blue = Duplicate

  • Hover over an icon to see a tooltip explaining the issue — e.g., “original value: Medium,” now changed to “Low.”

  • The Next button always imports valid findings, regardless of selected checkboxes.

  • The Delete button only appears when at least one checkbox is selected.

Summary and retry flow

After you complete the validation and move forward, Hyver displays a summary screen that shows:

  • How many findings were successfully imported

  • How many were newly added

  • How many failed to import

If any findings didn’t make it in, click View Failed Findings. This will take you back to the validation page, now filtered to show only the rows that failed.

From there, you can decide how to proceed — fix the issues and retry, or skip them for now.

Even rare server-side glitches will be reflected here, making it easy to retry without starting over.

Why findings might fail

Failed rows may appear for two main reasons:

  • They contain a logical error (hover over the red ❌ icon to see the explanation), or

  • A server error occurred during the import process (uncommon, but possible)

In either case, you can edit or retry these rows directly on the validation screen — no need to re-upload the original file:

Wrap-up / Next Steps

Importing findings into Hyver is flexible and forgiving — especially when you're working with large datasets. You can reuse mappings, get real-time feedback, and stay fully in control of what gets added, what gets updated, and what needs attention.

When you're done, your new findings will appear on the Findings page — ready for review, prioritization, or adding to the mitigation graph.

Whenever you're ready, you can import again.

Related articles
See also: [A Better Way to Import: Understanding the Validation Step]
See also: [Import Template Fields Reference]
See also: [Working with Findings in Hyver]

Related Articles
Import Assets (CSV)
Importing Findings FAQ
Importing Remediation Assets (CSV)
A Better Way to Import: Understanding the Validation Step
Import Findings with CYE AI
Did this answer your question?