File Fields & Structure
The FlexConnect Framework consists of three types of data:
File Metadata
A collection of fields that describe information about the file, including the version of the schema to use, source tool name, and the type of asset that is being uploaded. These are included once in JSON and XML files, and are repeated in each row in the CSV file.Asset Data
A collection of fields that describe the assets included in the file, such as the asset type and associated properties. Each asset is included once in JSON and XML files, and can be repeated across multiple rows in the CSV file.Finding Data (Optional)
A collection of fields that describe findings (vulnerability and/or compliance) found on assets included in the file. Findings can be repeated multiple times within JSON, XML and CSV files, depending on whether or not they are found one or more assets.
Required & Optional Fields
The FlexConnect Framework has been designed to support a variety of different situations and data sources, and as such many fields may not be relevant to the circumstances with which you are using the file.
If a field is marked as Required, then that field must be included when constructing the scan file regardless of the circumstances.
If a field is marked as Optional, then the field can be safely omitted from the file. When a field is omitted, the Nucleus Scan Ingestion Engine will silently set no value, or apply a default value (if applicable).
If a field is marked as Special, then the field may be required depending on the situation.
File Metadata
The following fields describe information about the file that Nucleus uses when ingesting:
Name | Description | Accepted Values or Format |
|---|---|---|
nucleus_import_version | Required. The version of this file. There is only one version at this time. | 1 |
scan_tool | Required. The source of this data. | Asset File Uploads: Asset |
scan_type | Required. The type of asset included in this file. | Application, Container Image and Host |
scan_date | Optional. If this file contains findings, then the date that the scan was conducted. If no date is set it defaults to the time of scan ingest. | Date in the format "Y-m-d H:i:s P" where P (timezone offset) is optional. |
decode_base64 | Optional. If this file contains findings, indicates that some or all of the following fields are encoded using base 64 and should be decoded on ingestion:
Set to false by default. If set to true, Nucleus will try to decode each of the above fields. If the field is not encoded in base 64, the plaintext value will be used instead. Note: This field is only supported in JSON files. | Boolean. true or false |
File Metadata Examples
Example JSON
{
"nucleus_import_version": "1",
"scan_tool": "MYSCANTOOL",
"scan_type": "Host",
"scan_date": "2018-10-10 11:12:13"
}Example XML
<nucleusCustomScan>
<nucleus_import_version>1</nucleus_import_version>
<scan_tool>MYSCANTOOL</scan_tool>
<scan_type>Host</scan_type>
<scan_date>2018-10-10 11:12:13</scan_date>
</nucleusCustomScan>Example CSV
nucleus_import_version,scan_tool,scan_type,scan_date
1,MYSCANTOOL,Host,2018-10-10 11:12:13Asset Data
Review the Assets Overview schema to get started adding assets to your FlexConnects
Findings Data
The FlexConnect Framework optionally supports findings data. When findings are added to a file, the Nucleus Scan Ingestion Engine automatically interprets the file as a point in time vulnerability scan like it would any other scan file. For
Nucleus supports two types of findings: vulnerabilities and compliance findings. This linked schemas detail all of the finding fields for both findings types and explains how to structure them in the respective JSON, XML and CSV formats.
If you have any questions, please contact us through the support center.