--- title: "Hosts and Vulnerability Findings Upload" slug: "hosts-and-vulnerability-findings-upload" updated: 2026-05-07T15:35:41Z published: 2026-05-07T15:35:41Z canonical: "help.nucleussec.com/hosts-and-vulnerability-findings-upload" --- > ## Documentation Index > Fetch the complete documentation index at: https://help.nucleussec.com/llms.txt > Use this file to discover all available pages before exploring further. # Hosts and Vulnerability Findings Upload ## Overview FlexConnect allows Nucleus users to import host assets and their associated vulnerability findings using a structured JSON format. This approach is particularly useful for integrating external scan sources such as custom vulnerability scanners, internal security tools, or proprietary assessment pipelines directly into Nucleus. Each asset and finding entry must follow Nucleus' schema to ensure successful ingestion, deduplication, and enrichment. This document provides an overview of the expected JSON structure and a working example featuring multiple host assets with vulnerability and compliance findings. This example can serve as a template for developing your own integrations or troubleshooting custom uploads. For full schema, please refer to the [FlexConnect Data Schema](https://help.nucleussec.com/docs/flexconnect) help article. --- ### Asset Types Supported Please note that if you are uploading a Cloud Resource, Code Repository, Container Image, or Web Application URL, use the relevant asset schema. This model is meant for traditional host-based assets such as servers, workstations, network devices, and virtual machines. ## Full Example ```plaintext {    "nucleus_import_version": "1",    "scan_date": "2026-05-06 09:15:00",    "scan_type": "Host",    "scan_tool": "AcmeSecurityScanner",    "assets": [        {            "host_name": "web-server-prod-01.acmecorp.internal",            "ip_address": "10.42.18.101",            "asset_groups": [                "Production",                "Web Tier",                "PCI Scope"            ],            "asset_info": {                "aws.ec2.instance-id": "i-0a7b9c2d3e4f56789",                "aws.ec2.region": "us-east-1",                "environment": "production",                "owner": "platform-team@acmecorp.com",                "os.name": "Ubuntu 22.04.3 LTS"            },            "findings": [                {                    "finding_number": "CVE-2024-38473",                    "finding_name": "Apache HTTP Server mod_proxy Request Smuggling",                    "finding_severity": "High",                    "finding_type": "Vuln",                    "finding_cve": "CVE-2024-38473",                    "finding_description": "A flaw in Apache HTTP Server allows attackers to send malformed requests that bypass security controls due to incorrect URL encoding in mod_proxy.",                    "finding_output": "Detected Apache/2.4.52 on port 443 with mod_proxy enabled. Module is vulnerable to request smuggling.",                    "finding_recommendation": "Upgrade Apache HTTP Server to version 2.4.60 or later.",                    "finding_exploitable": "1",                    "finding_port": "443",                    "finding_service": "https",                    "finding_references": {                        "nvd_link": "https://nvd.nist.gov/vuln/detail/CVE-2024-38473",                        "cvss_score": "7.5"                    }                },                {                    "finding_number": "SSL-WEAK-CIPHER-001",                    "finding_name": "Weak SSL/TLS Cipher Suites Enabled",                    "finding_severity": "Low",                    "finding_type": "Vuln",                    "finding_description": "The server supports weak cipher suites including TLS_RSA_WITH_3DES_EDE_CBC_SHA.",                    "finding_output": "Port 443 accepts weak ciphers:\n- TLS_RSA_WITH_3DES_EDE_CBC_SHA\n- TLS_RSA_WITH_AES_128_CBC_SHA",                    "finding_recommendation": "Disable weak cipher suites. Use only TLS 1.2+ with AEAD ciphers.",                    "finding_port": "443",                    "finding_service": "https"                }            ]        },        {            "host_name": "db-server-prod-02.acmecorp.internal",            "ip_address": "10.42.19.55",            "asset_groups": [                "Production",                "Database Tier"            ],            "asset_info": {                "aws.rds.instance-id": "acme-prod-postgres-01",                "environment": "production",                "data-classification": "confidential",                "os.name": "Red Hat Enterprise Linux 8.9"            },            "findings": [                {                    "finding_number": "CVE-2024-45492",                    "finding_name": "PostgreSQL Integer Overflow in Array Functions",                    "finding_severity": "Critical",                    "finding_type": "Vuln",                    "finding_cve": "CVE-2024-45492",                    "finding_description": "An integer overflow vulnerability in PostgreSQL array functions allows authenticated attackers to execute arbitrary code with database superuser privileges.",                    "finding_output": "PostgreSQL version 14.8 detected. Affected by CVE-2024-45492.",                    "finding_recommendation": "Upgrade PostgreSQL to version 14.13, 15.8, or 16.4.",                    "finding_exploitable": "1",                    "finding_port": "5432",                    "finding_service": "postgresql",                    "finding_references": {                        "nvd_link": "https://nvd.nist.gov/vuln/detail/CVE-2024-45492",                        "cvss_score": "9.8"                    }                },                {                    "finding_number": "CONF-SSH-ROOT-001",                    "finding_name": "SSH Root Login Permitted",                    "finding_severity": "Medium",                    "finding_type": "Compliance",                    "finding_description": "SSH server allows direct root login, increasing attack surface.",                    "finding_output": "/etc/ssh/sshd_config contains: PermitRootLogin yes",                    "finding_recommendation": "Set 'PermitRootLogin no' in /etc/ssh/sshd_config and restart SSH.",                    "finding_port": "22",                    "finding_service": "ssh"                }            ]        },        {            "host_name": "jsmith-laptop.corp.acmecorp.internal",            "ip_address": "172.20.5.147",            "asset_groups": [                "Workstations",                "Engineering"            ],            "asset_info": {                "department": "Engineering",                "assigned-user": "jsmith",                "os.name": "Windows 11 Pro 23H2"            },            "findings": [                {                    "finding_number": "CVE-2024-21351",                    "finding_name": "Windows SmartScreen Security Feature Bypass",                    "finding_severity": "Medium",                    "finding_type": "Vuln",                    "finding_cve": "CVE-2024-21351",                    "finding_description": "Security feature bypass in Windows SmartScreen allows bypassing Mark of the Web protections.",                    "finding_output": "Windows 11 Pro 23H2 Build 22631.3155 detected. Missing KB5034848.",                    "finding_recommendation": "Install the latest Windows security updates.",                    "finding_references": {                        "microsoft_advisory": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21351",                        "cvss_score": "5.4"                    }                }            ]        }    ] } ``` --- ## Key Concepts ### Finding Type Values ⚠️ **Important**: `finding_type` only accepts two values: | Value | Use For | | --- | --- | | `Vuln` | Vulnerabilities (CVEs, security flaws, misconfigurations) | | `Compliance` | Compliance findings (policy violations, configuration standards) | --- ## Related Documentation - [FlexConnect Framework Overview](https://help.nucleussec.com/docs/flexconnect) - [Hosts Overview](https://help.nucleussec.com/docs/assets-2) - [Vulnerability Findings](https://help.nucleussec.com/docs/findings-1)