KB Vulnerability Templates¶
Find yourself writing the same descriptions over and over again? Tired of typos coming up in your reports? Faraday provides a simple solution: unify criteria for naming vulnerabilities and save time and effort to yourself and your team.
Write vulns once and use them forever!
Faraday Server allows you to import your own CWE Vulnerabilities DB for you to use as templates. Is a simple CSV made using Open Source projects based in the CWE standard and allows you to create vulnerabilities without worrying about finding references, description, etc.
Populate your KB¶
Import csv file¶
Download our CWE example:
Navigate into Operations > KB tab in your Faraday Instance Web UI and click on the import icon:
A modal dialog will pop up asking you to choose a CSV file to upload, select it, click ok and you're done!
Adding a Template from Vuln¶
You can also create templates manually from a vuln. In the Web UI, select a vuln and select Create template from the dropdown menu.
You will get a list of the existing templates in your installation
Adding a Template manually¶
Navigate into Operations > KB tab in your Faraday Instance Web UI and click on the New button:
You will get a form to generate the template.
Creating Vuln from Template¶
Login to your Faraday Web UI and create or edit a vulnerability. A search field will allow you to find your templates, as shown in the picture below.
You can also duplicate vulnerabilities easily by saving them as a template and later on importing the template.
Name, Description and Resolution fields are replaced with the information stored in the templates database.