Data import wizard
Guidelines on data import format
Applicable for: Data import wizard UI (Pro) and CLI (Community or Pro) Importing existing data from excel sheets is supported on the Pro plan through the UI and CLI, and on Community edition through the dedicated CLI, not a django command. The cli is available on the cli folder with the associated instructions. Keep in mind that the CLI needs to reach the API as it wraps its actions around it. The mention to the API is regarding the fact that users on both plans can still interact with the API directly in case they have some data prep phase on their end for batch import or equivalent.
Overview
The Data Import Wizard and the CLI both support batch creation and updates of fields. They provide the same capabilities; the only difference lies in how the import is initiated:
through the user interface for the Data Import Wizard
through the command line for the CLI
When an object already exists during an import, one of the following conflict-resolution strategies can be applied:
Stop the import (default): the import is aborted as soon as a conflict is detected
Skip the row: the existing field is left unchanged and the import continues
Update the row: the existing field is updated with the imported data
The Update strategy enables batch updates of existing fields and is particularly useful for changes that could technically be performed through the graphical interface, but become tedious or error-prone when repeated across many objects. In such cases, downloading the existing objects, applying the required transformations in an Excel file, and re-importing the updated data can be significantly faster and more reliable than performing the same actions manually in the UI. This approach reduces repetitive interactions, minimizes the risk of manual mistakes, and provides a clear, auditable workflow for large-scale updates.
In this workflow, it is strongly recommended to retain the field IDs (UUIDs) in the import schema. Doing so ensures reliable object matching during re-import, even if other attributes (such as names or labels) have changed, making the update process fail-safe.
If the imported object supports the domain attribute, the wizard will attempt to assign it to the specified domain, provided you have the required permissions. If no domain is specified, the wizard will automatically fall back to the default domain configured in the wizard form.
Fields with (*) are mandatory and don't have any supported fallback.
Unless marked as mandatory, ref_id fields can be left blank but the column must still exist.
π¦ Assets
Template
Supported fields
ref_id
name*
description
domain
type
PR: primarySP: supporting
reference_link (or link)
security_objectives
confidentiality: 3,integrity: 2,availability: 1,...
disaster_recovery_objectives
rto: 1h01m01s,rpo: 2h01m01s,mtd: 3h
labels
Special considerations
type will default to
supportingif the column does not exist
βοΈ Applied controls
Template
Supported fields
ref_id
name*
description
domain
status
to_doin_progresson_holdactivedeprecated
category
policyprocesstechnicalphysicalprocedure
priority
integer from
1 to 4
csf_function
governidentifyprotectdetectrespondrecover
Special considerations
status will default to
to_docsf_function will default to
govern
π¦ Perimeters
Template
Supported fields
ref_id
name*
description
domain
status
undefinedin_designin_devin_prodeoldropped
π Audits
Template
To avoid any mixup on the expected fields and the requirements reference, you can get a template for the expected framework by going into Catalog/Frameworks
The framework needs to be loaded and when clicking on it, you'll see a button to get the excel file.
Supported fields
urn*
assessable
ref_id*
name
description
compliance_result
not_assessedpartially_compliantnon_compliantcompliantnot_applicable
requirement_progress
to_doin_progressin_reviewdone
score
integer from
0 to 100
observations
Special considerations
The wizard will attempt to match based on the ref_id and fallback to the urn otherwise. If none could be used, the row will be skipped.
name and description columns are not used but serve as an anchor point for reference.
Assessable will fallback to false
Unassessable rows are skipped.
π Findings followup (eg. pentest)
Template
Supported fields
ref_id
name*
description
severity
lowmediumhighcritical
status*
identifiedconfirmeddismissedassignedin_progressmitigatedresolveddeprecated
filtering_labels you can add multiple labels for one finding separating them with
|( e.g. internal|pentest|...)
π₯ Users
Template
Supported fields
email*
first_name
last_name
β£οΈ Risk assessment
The risk assessment is an advanced object that needs special considerations. Make sure to pick the matrix that will be used to map your labels to the values on CISO Assistant. If you have a specific matrix, you should start by including it as a custom library.
inherent_level, current_level and residual_level are kept on the excel sample just for visual aid. The application computes them based on impact and probability to ensure consistency with the matrix definition.
Controls are created on picked based on the perimeter's domain. Line breaks are used as seperator.
Template:
Supported fields:
ref_id : String
name* : String
description : String
inherent_impact : String1
inherent_proba : String1
existing_controls : String
current_impact : String1
current_proba : String1
additional_controls : String
residual_impact : String1
residual_proba : String1
treatment : String
open
mitigate
accept
avoid
transfer
(1): the string of characters must represent a value present in the chosen risk matrix
π’ Business Impact Analysis
The BIA export/import uses a multi-sheet Excel file:
Summary sheet - one row per BIA
<BIA name> sheet - one row per asset assessment for that BIA
<BIA name> - thresholds sheet - one row per escalation threshold for that BIA
Template
Summary sheet
Supported fields
name*descriptionperimeter- name of the perimeterperimeter_ref_id- ref_id of the perimeterrisk_matrix- name of the risk matrixrisk_matrix_ref_id- ref_id of the risk matrixfolder- domain/folder nameversionstatusplannedin_progressin_reviewdonedeprecated
eta- estimated completion datedue_dateobservationauthors- comma-separated list of user emailsreviewers- comma-separated list of user emails
Special considerations
statusdefaults toplannedif not providedperimeterandrisk_matrixare resolved by UUID, ref_id, or name (in that order)authorsandreviewersare matched by email address
Asset assessment sheets (<BIA name>)
One sheet per BIA, named after the BIA. Each row is an asset assessment.
Supported fields
bia_name* - name of the parent BIA (injected automatically on re-import)asset* - name of the assetasset_ref_id- ref_id of the asset (alternative lookup)recovery_documented-true/falserecovery_tested-true/falserecovery_targets_met-true/falsedependencies- comma-separated list of asset names or ref_idsassociated_controls- comma-separated list of applied control names or ref_idsevidences- comma-separated list of evidence namesobservation
Special considerations
assetis resolved by UUID, ref_id, or name (in that order)Boolean fields accept
true/false,yes/no,1/0Multiple values (dependencies, controls, evidences) use comma separation
Threshold sheets (<BIA name> - thresholds)
One sheet per BIA, named <BIA name> - thresholds. Each row is an escalation threshold.
Supported fields
bia_name* - name of the parent BIAasset* - name of the asset (used to resolve the asset assessment)asset_ref_id- ref_id of the asset (alternative lookup)point_in_time* - integer (time horizon in hours/days depending on your matrix)quali_impact- integer qualitative impact level (-1 = not set)quanti_impact- decimal quantitative impact valuequanti_impact_unit- unit for quantitative impact (e.g.currency)qualifications- comma-separated list of qualification namesjustification
Special considerations
The asset assessment is resolved by matching
(bia_name, asset)β both must already exist before thresholds are importedpoint_in_timecombined with the asset assessment forms the unique key for update/deduplicationquali_impactdefaults to-1(not set) if blankquanti_impactdefaults to0if blank
βοΈ Elementary actions
Elementary actions are useful to model a killchain during the 4th workshop of an EBIOS RM study.
Supported fields:
ref_id
name*
description
attack_stage*
(in English)
know
enter
discover
exploit
(in French)
connaitre
entrer
trouver
exploiter
icon
server
computer
cloud
file
diamond
phone
cube
blocks
shapes
network
database
key
search
carrot
money
skull
globe
usb
domain
Reference controls
Reference controls are templates of the controls to apply.
Supported fields:
ref_id
name
description
category
function
domain
Reference controls can be bundled also as a library.
Threats
ref_id
name
description
domain
Third parties ecosystems
Adding entities, solutions and contracts go through the same file to be able to keep consistent relationships. Each concept needs to be on a separate tab of the excel sheet.
The file has to be divided into 3 sheets namely "Entities", "Solutions" and "Contracts"
Supported fields
*: Required fields
Entities
ref_idname*descriptionmissioncountry(Country code https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2)currency(ISO 4217 format https://en.wikipedia.org/wiki/ISO_4217)parent_entity_iddependency(Integer in [0,4])penetration(Integer in [0,4])maturity(Integer in [1,4])trust(Interger in [1,4])domain*
Solutions
ref_idname*descriptionprovider_entity_ref_id*criticality(Integer in [1,4])
Contracts
ref_idname*descriptionprovider_entity_ref_idsolution_ref_idstatuscan bedraft,active,expiredorterminatedstart_date(YYY-MM-DD format https://en.wikipedia.org/wiki/ISO_8601)end_date(YYY-MM-DD format https://en.wikipedia.org/wiki/ISO_8601)annual_expensecurrency(ISO 4217 format https://en.wikipedia.org/wiki/ISO_4217)domainleieuidvatduns
Processings
Template
Supported fields
ref_id
name*
description
status
Approved
Draft
In review
Deprecated
processing_nature
domain
assigned_to
labels
dpia_required
FALSE
TRUE
dpia_reference
Policies
Supported fields
ref_id
name
description
domain
status
link
Exceptions
Supported fields
ref_id
name
description
domain
status
draft, in_review, approved, resolved, expired, deprecated
severity
undefined, info, low, medium, high, critical
expiration_date
YYYY-MM-DD
observation
Incidents
Supported fields
ref_id
name
description
domain
status
new, ongoing, resolved, closed, dismissed
severity
critical/sev1(1), major/sev2(2), moderate/sev3(3), minor/sev4(4), low/sev5(5), unknown(6)
detection
internal/internally_detected, external/externally_detected
reported_at
DateTime
Vulnerability
Supported fields
ref_id
name*
description
status
Potential
Exploitable
Mitigated
Not exploitable
Fixed
Unaffected
severity
Information
Low
Medium
High
Critical
assets (newline-separated list of the name of the assets)
applied_controls (newline-separated of the names)
security_exceptions (newline-separated of the names)
Last updated
Was this helpful?