Data import wizard

Guidelines on data import format

Applicable for: Data import wizard (Pro) and CLI (Community and Pro)

Overview

The Data Import Wizard and the CLI both support batch creation and updates of fields. They provide the same capabilities; the only difference lies in how the import is initiated:

• through the user interface for the Data Import Wizard

• through the command line for the CLI

When an object already exists during an import, one of the following conflict-resolution strategies can be applied:

• Stop the import (default): the import is aborted as soon as a conflict is detected

• Skip the row: the existing field is left unchanged and the import continues

• Update the row: the existing field is updated with the imported data

The Update strategy enables batch updates of existing fields and is particularly useful for changes that could technically be performed through the graphical interface, but become tedious or error-prone when repeated across many objects. In such cases, downloading the existing objects, applying the required transformations in an Excel file, and re-importing the updated data can be significantly faster and more reliable than performing the same actions manually in the UI. This approach reduces repetitive interactions, minimizes the risk of manual mistakes, and provides a clear, auditable workflow for large-scale updates.

In this workflow, it is strongly recommended to retain the field IDs (UUIDs) in the import schema. Doing so ensures reliable object matching during re-import, even if other attributes (such as names or labels) have changed, making the update process fail-safe.

If the imported object supports the domain attribute, the wizard will attempt to assign it to the specified domain, provided you have the required permissions. If no domain is specified, the wizard will automatically fall back to the default domain configured in the wizard form.

Fields with (*) are mandatory and don't have any supported fallback.

Unless marked as mandatory, ref_id fields can be left blank but the column must still exist.

📦 Assets

Template

9KB

sample001.xlsx

Open

Supported fields

• ref_id

• name*

• description

• domain

• type

  • PR : primary

  • SP : supporting

Special considerations

• type will default to supporting if the column does not exist

⚙️ Applied controls

Template

9KB

sample002.xlsx

Open

Supported fields

• ref_id

• name*

• description

• domain

• status

  • to_do

  • in_progress

  • on_hold

  • active

  • deprecated

• category

  • policy

  • process

  • technical

  • physical

  • procedure

• priority

  • integer from 1 to 4

• csf_function

  • govern

  • identify

  • protect

  • detect

  • respond

  • recover

Special considerations

• status will default to to_do

• csf_function will default to govern

📦 Perimeters

Template

9KB

sample003.xlsx

Open

Supported fields

• ref_id

• name*

• description

• domain

• status

  • undefined

  • in_design

  • in_dev

  • in_prod

  • eol

  • dropped

📃 Audits

Template

To avoid any mixup on the expected fields and the requirements reference, you can get a template for the expected framework by going into Catalog/Frameworks

The framework needs to be loaded and when clicking on it, you'll see a button to get the excel file.

Supported fields

• urn*

• assessable

• ref_id*

• name

• description

• compliance_result

  • not_assessed

  • partially_compliant

  • non_compliant

  • compliant

  • not_applicable

• requirement_progress

  • to_do

  • in_progress

  • in_review

  • done

• score

  • integer from 0 to 100

• observations

Special considerations

• The wizard will attempt to match based on the ref_id and fallback to the urn otherwise. If none could be used, the row will be skipped.

• name and description columns are not used but serve as an anchor point for reference.

• Assessable will fallback to false

• Unassessable rows are skipped.

🐞 Findings followup (eg. pentest)

Template

9KB

sample004.xlsx

Open

Supported fields

• ref_id

• name*

• description

• severity

  • low

  • medium

  • high

  • critical

• status*

  • identified

  • confirmed

  • dismissed

  • assigned

  • in_progress

  • mitigated

  • resolved

  • deprecated

• filtering_labels you can add multiple labels for one finding separating them with | ( e.g. internal|pentest|...)

👥 Users

Template

9KB

sample005.xlsx

Open

Supported fields

• email*

• first_name

• last_name

☣️ Risk assessment

The risk assessment is an advanced object that needs special considerations. Make sure to pick the matrix that will be used to map your labels to the values on CISO Assistant. If you have a specific matrix, you should start by including it as a custom library.

inherent_level, current_level and residual_level are kept on the excel sample just for visual aid. The application computes them based on impact and probability to ensure consistency with the matrix definition.

Controls are created on picked based on the perimeter's domain. Line breaks are used as seperator.

Template:

10KB

risk_assessment_template.xlsx

Open

Supported fields:

• ref_id : String

• name* : String

• description : String

• inherent_impact : String¹

• inherent_proba : String¹

• existing_controls : String

• current_impact : String¹

• current_proba : String¹

• additional_controls : String

• residual_impact : String¹

• residual_proba : String¹

• treatment : String

  • open

  • mitigate

  • accept

  • avoid

  • transfer

(1): the string of characters must represent a value present in the chosen risk matrix

⚙️ Elementary actions

Elementary actions are useful to model a killchain during the 4th workshop of an EBIOS RM study.

Supported fields:

• ref_id

• name*

• description

• attack_stage*

  • (in English)

    • know

    • enter

    • discover

    • exploit

  • (in French)

    • connaitre

    • entrer

    • trouver

    • exploiter

• icon

  • server

  • computer

  • cloud

  • file

  • diamond

  • phone

  • cube

  • blocks

  • shapes

  • network

  • database

  • key

  • search

  • carrot

  • money

  • skull

  • globe

  • usb

• domain

9KB

sample007.xlsx

Open

Reference controls

Reference controls are templates of the controls to apply.

Supported fields:

• ref_id

• name

• description

• category

• function

• domain

6KB

sample_reference_controls.xlsx

Open

Reference controls can be bundled also as a library.

Threats

• ref_id

• name

• description

• domain

5KB

sample_threats.xlsx

Open

Third parties ecosystems

Adding entities, solutions and contracts go through the same file to be able to keep consistent relationships. Each concept needs to be on a separate tab of the excel sheet.

11KB

third_parties_ecosystem_template.xlsx

Open

The file has to be divided into 3 sheets namely "Entities", "Solutions" and "Contracts"

Supported fields

*: Required fields

Entities

• ref_id

• name *

• description

• mission

• country (Country code https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2)

• currency (ISO 4217 format https://en.wikipedia.org/wiki/ISO_4217)

• parent_entity_id

• dependency(Integer in [0,4])

• penetration (Integer in [0,4])

• maturity (Integer in [1,4])

• trust (Interger in [1,4])

• domain *

Solutions

• ref_id

• name *

• description

• provider_entity_ref_id *

• criticality (Integer in [1,4])

Contracts

• ref_id

• name *

• description

• provider_entity_ref_id

• solution_ref_id

• status can be draft , active,expired or terminated

• start_date (YYY-MM-DD format https://en.wikipedia.org/wiki/ISO_8601)

• end_date (YYY-MM-DD format https://en.wikipedia.org/wiki/ISO_8601)

• annual_expense

• currency (ISO 4217 format https://en.wikipedia.org/wiki/ISO_4217)

• domain

• lei

• euid

• vat

• duns

Processings

Template

6KB

sample-processings.xlsx

Open

Supported fields

• internal_id

• ref_id

• name*

• description

• status

  • Approved

  • Draft

  • In review

  • Deprecated

• processing_nature

• domain

• assigned_to

• labels

• dpia_required

  • FALSE

  • TRUE

• dpia_reference

Policies

9KB

policies_template.xlsx

Open

Supported fields

• ref_id

• name

• description

• domain

• status

• link

Exceptions

9KB

exceptions_template.xlsx

Open

Supported fields

• ref_id

• name

• description

• domain

• status

  • draft, in_review, approved, resolved, expired, deprecated

• severity

  • undefined, info, low, medium, high, critical

• expiration_date

  • YYYY-MM-DD

• observation

Incidents

9KB

incidents_template.xlsx

Open

Supported fields

• ref_id

• name

• description

• domain

• status

  • new, ongoing, resolved, closed, dismissed

• severity

  • critical/sev1(1), major/sev2(2), moderate/sev3(3), minor/sev4(4), low/sev5(5), unknown(6)

• detection

  • internal/internally_detected, external/externally_detected

• reported_at

  • DateTime

Vulnerability

6KB

template_vulnerabilities.xlsx

Open

Supported fields

• ref_id

• name*

• description

• status

  • Potential

  • Exploitable

  • Mitigated

  • Not exploitable

  • Fixed

  • Unaffected

• severity

  • Information

  • Low

  • Medium

  • High

  • Critical

• assets (newline-separated list of the name of the assets)

• applied_controls (newline-separated of the names)

• security_exceptions (newline-separated of the names)