regscale-cli 6.16.2.0__py3-none-any.whl → 6.16.4.0__py3-none-any.whl

regscale/integrations/public/fedramp/ssp_logger.py

@@ -1,11 +1,7 @@
-from regscale.integrations.public.fedramp.reporting import (
-    write_events,
-    log_error,
-    log_event,
-)
-
 import logging
+
 from regscale.core.app.logz import create_logger
+from regscale.integrations.public.fedramp.reporting import log_error, log_event, write_events
 
 
 class CaptureEventsHandler(logging.Handler):
@@ -39,7 +35,6 @@ class SSPLogger:
         return self.logger
 
     def info(self, event_msg: str, record_type: str = "", model_layer: str = ""):
-        self.logger.info(event_msg)
         info = {
             "event_msg": event_msg,
             "record_type": record_type,
@@ -57,7 +52,6 @@ class SSPLogger:
         model_layer: str = "",
         missing_element: str = "",
     ):
-        self.logger.error(event_msg)
         error = {
             "event_msg": event_msg,
             "missing_element": missing_element,
@@ -67,7 +61,6 @@ class SSPLogger:
         self.errors.append(log_error(**error, level="Error"))
 
     def warning(self, event_msg: str, record_type: str = "", model_layer: str = ""):
-        self.logger.warning(event_msg)
         warning = {
             "event_msg": event_msg,
             "record_type": record_type,

regscale/integrations/scanner_integration.py

@@ -269,6 +269,10 @@ class IntegrationAsset:
     other_cloud_identifier: Optional[str] = None
     patch_level: Optional[str] = None
     cpe: Optional[str] = None
+    is_latest_scan: Optional[bool] = None
+    is_authenticated_scan: Optional[bool] = None
+    system_administrator_id: Optional[str] = None
+    scanning_tool: Optional[str] = None
 
     source_data: Optional[Dict[str, Any]] = None
     url: Optional[str] = None
@@ -373,6 +377,7 @@ class IntegrationFinding:
     cvss_v2_score: Optional[float] = None
     ip_address: Optional[str] = None
     plugin_id: Optional[str] = None
+    plugin_text: Optional[str] = None
     dns: Optional[str] = None
     severity_int: int = 0
     security_check: Optional[str] = None
@@ -410,6 +415,7 @@ class IntegrationFinding:
     risk_adjustment: str = "No"
     operational_requirements: Optional[str] = None
     deviation_rationale: Optional[str] = None
+    is_cwe: bool = False
 
     poam_comments: Optional[str] = None
     vulnerability_id: Optional[int] = None
@@ -1067,6 +1073,10 @@ class ScannerIntegration(ABC):
             softwareVersion=asset.software_version,
             softwareName=asset.software_name,
             softwareVendor=asset.software_vendor,
+            bLatestScan=asset.is_latest_scan,
+            bAuthenticatedScan=asset.is_authenticated_scan,
+            systemAdministratorId=asset.system_administrator_id,
+            scanningTool=asset.scanning_tool,
         )
         if self.asset_identifier_field:
             setattr(new_asset, self.asset_identifier_field, asset.identifier)
@@ -1587,15 +1597,34 @@ class ScannerIntegration(ABC):
                 bulk_update=True, defaults={"otherIdentifier": self._get_other_identifier(finding, is_poam)}
             )
 
+        self._handle_property_creation_for_issue(issue, finding)
+        return issue
+
+    def _handle_property_creation_for_issue(self, issue: regscale_models.Issue, finding: IntegrationFinding) -> None:
+        """
+        Handles property creation for an issue based on the finding data
+
+        :param regscale_models.Issue issue: The issue to handle properties for
+        :param IntegrationFinding finding: The finding data
+        :rtype: None
+        """
         if poc := finding.point_of_contact:
-            _ = regscale_models.Property(
+            regscale_models.Property(
                 key="POC",
                 value=poc,
                 parentId=issue.id,
                 parentModule="issues",
-            ).create_or_update(bulk_create=True, bulk_update=True)
+            ).create_or_update()
+            logger.debug("Added POC property %s to issue %s", poc, issue.id)
 
-        return issue
+        if finding.is_cwe:
+            regscale_models.Property(
+                key="CWE",
+                value=finding.plugin_id,
+                parentId=issue.id,
+                parentModule="issues",
+            ).create_or_update()
+            logger.debug("Added CWE property %s to issue %s", finding.plugin_id, issue.id)
 
     @staticmethod
     def get_consolidated_asset_identifier(
@@ -1719,15 +1748,16 @@ class ScannerIntegration(ABC):
         :param IntegrationFinding finding: The finding data that has failed
         :rtype: None
         """
-        logger.debug("Creating issue for failing finding %s", finding.external_id)
-        found_issue = self.create_or_update_issue_from_finding(
-            title=issue_title,
-            finding=finding,
-        )
-        # Update the control implementation status to NOT_IMPLEMENTED since we have a failing finding
-        if found_issue.controlImplementationIds:
-            for control_id in found_issue.controlImplementationIds:
-                self.update_control_implementation_status_after_close(control_id)
+        if ScannerVariables.vulnerabilityCreation.lower() != "noissue":
+            logger.debug("Creating issue for failing finding %s", finding.external_id)
+            found_issue = self.create_or_update_issue_from_finding(
+                title=issue_title,
+                finding=finding,
+            )
+            # Update the control implementation status to NOT_IMPLEMENTED since we have a failing finding
+            if found_issue.controlImplementationIds:
+                for control_id in found_issue.controlImplementationIds:
+                    self.update_control_implementation_status_after_close(control_id)
 
     def handle_failing_checklist(
         self,
@@ -2013,6 +2043,7 @@ class ScannerIntegration(ABC):
         self._results["scan_history"] = scan_history.save()
         self.update_result_counts("issues", regscale_models.Issue.bulk_save(progress_context=self.finding_progress))
         self.close_outdated_issues(current_vulnerabilities)
+        self._perform_batch_operations(self.finding_progress)
 
         return processed_findings_count
 
@@ -2074,7 +2105,7 @@ class ScannerIntegration(ABC):
             parentId=self.plan_id,
             parentModule=regscale_models.SecurityPlan.get_module_string(),
             scanningTool=self.title,
-            scanDate=get_current_datetime(),
+            scanDate=self.scan_date if self.scan_date else get_current_datetime(),
             createdById=self.assessor_id,
             tenantsId=self.tenant_id,
             vLow=0,
@@ -2159,16 +2190,12 @@ class ScannerIntegration(ABC):
             if asset := self.get_asset_by_identifier(finding.asset_identifier):
                 if vulnerability_id := self.handle_vulnerability(finding, asset, scan_history):
                     current_vulnerabilities[asset.id].add(vulnerability_id)
-
-        # Handle failing finding (creates/updates issues) for both checklist and vulnerability cases
-        if finding.status != regscale_models.IssueStatus.Closed:
             self.handle_failing_finding(
                 issue_title=finding.issue_title or finding.title,
                 finding=finding,
             )
-
-        # Update scan history severity counts
-        self.set_severity_count_for_scan(finding.severity, scan_history)
+            # Update scan history severity counts
+            self.set_severity_count_for_scan(finding.severity, scan_history)
 
     def create_vulnerability_from_finding(
         self, finding: IntegrationFinding, asset: regscale_models.Asset, scan_history: regscale_models.ScanHistory
@@ -2206,7 +2233,8 @@ class ScannerIntegration(ABC):
             plugInName=finding.cve or finding.plugin_name,  # Use CVE if available, otherwise use plugin name
             plugInId=finding.plugin_id,
             exploitAvailable=None,  # Set this if you have information about exploit availability
-            plugInText=finding.observations,  # or finding.evidence, whichever is more appropriate
+            plugInText=finding.plugin_text
+            or finding.observations,  # or finding.evidence, whichever is more appropriate
             port=finding.port if hasattr(finding, "port") else None,
             protocol=finding.protocol if hasattr(finding, "protocol") else None,
             operatingSystem=asset.operating_system if hasattr(asset, "operating_system") else None,
@@ -2262,11 +2290,12 @@ class ScannerIntegration(ABC):
         vulnerability = self.create_vulnerability_from_finding(finding, asset, scan_history)
         finding.vulnerability_id = vulnerability.id
 
-        # Handle associated issue
-        self.create_or_update_issue_from_finding(
-            title=finding.title,
-            finding=finding,
-        )
+        if ScannerVariables.vulnerabilityCreation.lower() != "noissue":
+            # Handle associated issue
+            self.create_or_update_issue_from_finding(
+                title=finding.title,
+                finding=finding,
+            )
 
         return vulnerability.id
 
@@ -2548,7 +2577,7 @@ class ScannerIntegration(ABC):
         :rtype: int
         """
         logger.info("Syncing %s findings...", kwargs.get("title", cls.title))
-        instance = cls(plan_id=plan_id)
+        instance = cls(plan_id=plan_id, **kwargs)
         instance.set_keys(**kwargs)
         # If a progress object was passed, use it instead of creating a new one
         instance.finding_progress = kwargs.pop("progress") if "progress" in kwargs else create_progress_object()
@@ -2572,9 +2601,17 @@ class ScannerIntegration(ABC):
             logger.info("All findings have been processed successfully.")
 
         if scan_history := instance._results.get("scan_history"):
+            open_count = scan_history.vCritical + scan_history.vHigh + scan_history.vMedium + scan_history.vLow
+            closed_count = findings_processed - open_count
             logger.info(
-                "Processed %d findings: %d Critical(s), %d High(s), %d Moderate(s), %d Low(s).",
+                "Processed %d total findings. Open vulnerabilities: %d & Closed vulnerabilities: %d",
                 findings_processed,
+                open_count,
+                closed_count,
+            )
+            logger.info(
+                "%d Open vulnerabilities: Critical(s): %d, High(s): %d, Medium(s): %d, Low(s): %d",
+                open_count,
                 scan_history.vCritical,
                 scan_history.vHigh,
                 scan_history.vMedium,
@@ -2623,6 +2660,8 @@ class ScannerIntegration(ABC):
         created_count = instance._results.get("assets", {}).get("created_count", 0)
         updated_count = instance._results.get("assets", {}).get("updated_count", 0)
         dedupe_count = assets_processed - (created_count + updated_count)
+        # Ensure dedupe_count is always a positive value
+        dedupe_count = dedupe_count if dedupe_count >= 0 else dedupe_count * -1
         logger.info(
             "%d assets processed and %d asset(s) deduped. %d asset(s) created & %d asset(s) updated in RegScale.",
             assets_processed,
@@ -2770,6 +2809,7 @@ class ScannerIntegration(ABC):
         :return: None
         :rtype: None
         """
+        logger.info(f"Updating scan history with scan_date {self.scan_date}")
         scan_history.scanDate = datetime_str(self.scan_date)
         scan_history.save()
 

regscale/models/integration_models/cisa_kev_data.json

@@ -1,9 +1,83 @@
 {
     "title": "CISA Catalog of Known Exploited Vulnerabilities",
-    "catalogVersion": "2025.03.24",
-    "dateReleased": "2025-03-24T18:01:34.066Z",
-    "count": 1308,
+    "catalogVersion": "2025.04.03",
+    "dateReleased": "2025-04-03T12:34:57.2906Z",
+    "count": 1313,
     "vulnerabilities": [
+        {
+            "cveID": "CVE-2025-24813",
+            "vendorProject": "Apache",
+            "product": "Tomcat",
+            "vulnerabilityName": "Apache Tomcat Path Equivalence Vulnerability",
+            "dateAdded": "2025-04-01",
+            "shortDescription": "Apache Tomcat contains a path equivalence vulnerability that allows a remote attacker to execute code, disclose information, or inject malicious content via a partial PUT request.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-04-22",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/lists.apache.org\/thread\/j5fkjv2k477os90nczf2v9l61fb0kkgq ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-24813",
+            "cwes": [
+                "CWE-44",
+                "CWE-502"
+            ]
+        },
+        {
+            "cveID": "CVE-2024-20439",
+            "vendorProject": "Cisco",
+            "product": "Smart Licensing Utility",
+            "vulnerabilityName": "Cisco Smart Licensing Utility Static Credential Vulnerability",
+            "dateAdded": "2025-03-31",
+            "shortDescription": "Cisco Smart Licensing Utility contains a static credential vulnerability that allows an unauthenticated, remote attacker to log in to an affected system and gain administrative credentials.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-04-21",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/sec.cloudapps.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-cslu-7gHMzWmw ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-20439",
+            "cwes": [
+                "CWE-912"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-2783",
+            "vendorProject": "Google",
+            "product": "Chromium Mojo",
+            "vulnerabilityName": "Google Chromium Mojo Sandbox Escape Vulnerability",
+            "dateAdded": "2025-03-27",
+            "shortDescription": "Google Chromium Mojo on Windows contains a sandbox escape vulnerability caused by a logic error, which results from an incorrect handle being provided in unspecified circumstances. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-04-17",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/chromereleases.googleblog.com\/2025\/03\/stable-channel-update-for-desktop_25.html ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-2783",
+            "cwes": []
+        },
+        {
+            "cveID": "CVE-2019-9875",
+            "vendorProject": "Sitecore",
+            "product": "CMS and Experience Platform (XP)",
+            "vulnerabilityName": "Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability",
+            "dateAdded": "2025-03-26",
+            "shortDescription": "Sitecore CMS and Experience Platform (XP) contain a deserialization vulnerability in the Sitecore.Security.AntiCSRF module that allows an authenticated attacker to execute arbitrary code by sending a serialized .NET object in the HTTP POST parameter __CSRFTOKEN.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-04-16",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/support.sitecore.com\/kb?id=kb_article_view&sysparm_article=KB0038556 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2019-9875",
+            "cwes": [
+                "CWE-502"
+            ]
+        },
+        {
+            "cveID": "CVE-2019-9874",
+            "vendorProject": "Sitecore",
+            "product": "CMS and Experience Platform (XP)",
+            "vulnerabilityName": "Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability",
+            "dateAdded": "2025-03-26",
+            "shortDescription": "Sitecore CMS and Experience Platform (XP) contain a deserialization vulnerability in the Sitecore.Security.AntiCSRF module that allows an unauthenticated attacker to execute arbitrary code by sending a serialized .NET object in the HTTP POST parameter __CSRFTOKEN.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-04-16",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/support.sitecore.com\/kb?id=kb_article_view&sysparm_article=KB0334035 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2019-9874",
+            "cwes": [
+                "CWE-502"
+            ]
+        },
         {
             "cveID": "CVE-2025-30154",
             "vendorProject": "reviewdog",
@@ -11,10 +85,10 @@
             "vulnerabilityName": "reviewdog\/action-setup GitHub Action Embedded Malicious Code Vulnerability",
             "dateAdded": "2025-03-24",
             "shortDescription": "reviewdog action-setup GitHub Action contains an embedded malicious code vulnerability that dumps exposed secrets to Github Actions Workflow Logs.",
-            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "requiredAction": "Apply mitigations as set forth in the CISA instructions linked below. Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
             "dueDate": "2025-04-14",
             "knownRansomwareCampaignUse": "Unknown",
-            "notes": "This vulnerability affects a common open-source project, third-party library, or a protocol used by different products. For more information, please see: https:\/\/github.com\/reviewdog\/reviewdog\/security\/advisories\/GHSA-qmg3-hpqr-gqvc ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-30154",
+            "notes": "This vulnerability affects a common open-source project, third-party library, or a protocol used by different products. For more information, please see: CISA Mitigation Instructions: https:\/\/www.cisa.gov\/news-events\/alerts\/2025\/03\/18\/supply-chain-compromise-third-party-tj-actionschanged-files-cve-2025-30066-and-reviewdogaction ; Additional References: https:\/\/github.com\/reviewdog\/reviewdog\/security\/advisories\/GHSA-qmg3-hpqr-gqvc ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-30154",
             "cwes": [
                 "CWE-506"
             ]
@@ -71,10 +145,10 @@
             "vulnerabilityName": "tj-actions\/changed-files GitHub Action Embedded Malicious Code Vulnerability",
             "dateAdded": "2025-03-18",
             "shortDescription": "tj-actions\/changed-files GitHub Action contains an embedded malicious code vulnerability that allows a remote attacker to discover secrets by reading Github Actions Workflow Logs. These secrets may include, but are not limited to, valid AWS access keys, GitHub personal access tokens (PATs), npm tokens, and private RSA keys.",
-            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "requiredAction": "Apply mitigations as set forth in the CISA instructions linked below. Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
             "dueDate": "2025-04-08",
             "knownRansomwareCampaignUse": "Unknown",
-            "notes": "This vulnerability affects a common open-source project, third-party library, or a protocol used by different products. For more information, please see: https:\/\/github.com\/tj-actions\/changed-files\/blob\/45fb12d7a8bedb4da42342e52fe054c6c2c3fd73\/README.md?plain=1#L20-L28 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-30066",
+            "notes": "This vulnerability affects a common open-source project, third-party library, or a protocol used by different products. For more information, please see: CISA Mitigation Instructions: https:\/\/www.cisa.gov\/news-events\/alerts\/2025\/03\/18\/supply-chain-compromise-third-party-tj-actionschanged-files-cve-2025-30066-and-reviewdogaction ; Additional References: https:\/\/github.com\/tj-actions\/changed-files\/blob\/45fb12d7a8bedb4da42342e52fe054c6c2c3fd73\/README.md?plain=1#L20-L28 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-30066",
             "cwes": [
                 "CWE-506"
             ]
@@ -209,7 +283,7 @@
             "shortDescription": "Microsoft Windows Management Console (MMC) contains an improper neutralization vulnerability that allows an unauthorized attacker to bypass a security feature locally.",
             "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
             "dueDate": "2025-04-01",
-            "knownRansomwareCampaignUse": "Unknown",
+            "knownRansomwareCampaignUse": "Known",
             "notes": "https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2025-26633 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-26633",
             "cwes": [
                 "CWE-707"
@@ -2964,7 +3038,7 @@
         {
             "cveID": "CVE-2024-4761",
             "vendorProject": "Google",
-            "product": "Chromium Visuals",
+            "product": "Chromium V8",
             "vulnerabilityName": "Google Chromium V8 Out-of-Bounds Memory Write Vulnerability",
             "dateAdded": "2024-05-16",
             "shortDescription": "Google Chromium V8 Engine contains an unspecified out-of-bounds memory write vulnerability via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. ",
@@ -7689,7 +7763,7 @@
             "shortDescription": "Synacor Zimbra Collaboration Suite (ZCS) contains flaw in the mboximport functionality, allowing an authenticated attacker to upload arbitrary files to perform remote code execution. This vulnerability was chained with CVE-2022-37042 which allows for unauthenticated remote code execution.",
             "requiredAction": "Apply updates per vendor instructions.",
             "dueDate": "2022-09-01",
-            "knownRansomwareCampaignUse": "Unknown",
+            "knownRansomwareCampaignUse": "Known",
             "notes": "https:\/\/blog.zimbra.com\/2022\/08\/authentication-bypass-in-mailboximportservlet-vulnerability\/;  https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-27925",
             "cwes": [
                 "CWE-22"
@@ -7704,7 +7778,7 @@
             "shortDescription": "Synacor Zimbra Collaboration Suite (ZCS) contains an authentication bypass vulnerability in MailboxImportServlet. This vulnerability was chained with CVE-2022-27925 which allows for unauthenticated remote code execution.",
             "requiredAction": "Apply updates per vendor instructions.",
             "dueDate": "2022-09-01",
-            "knownRansomwareCampaignUse": "Unknown",
+            "knownRansomwareCampaignUse": "Known",
             "notes": "https:\/\/blog.zimbra.com\/2022\/08\/authentication-bypass-in-mailboximportservlet-vulnerability\/;  https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-37042",
             "cwes": [
                 "CWE-23"
@@ -14619,7 +14693,7 @@
             "cveID": "CVE-2020-6572",
             "vendorProject": "Google",
             "product": "Chrome Media",
-            "vulnerabilityName": "Google Chrome Media Prior to 81.0.4044.92 Use-After-Free Vulnerability",
+            "vulnerabilityName": "Google Chrome Media Use-After-Free Vulnerability",
             "dateAdded": "2022-01-10",
             "shortDescription": "Google Chrome Media contains a use-after-free vulnerability that allows a remote attacker to execute code via a crafted HTML page.",
             "requiredAction": "Apply updates per vendor instructions.",

regscale/models/integration_models/flat_file_importer/__init__.py

@@ -82,7 +82,7 @@ class FlatFileIntegration(ScannerIntegration):
         """
         self.asset_identifier_field = asset_identifier_field
 
-    def fetch_assets(self, *args: Any, **kwargs: Any) -> Iterator["IntegrationAsset"]:
+    def fetch_assets(self, *args: Tuple, **kwargs: dict) -> Iterator["IntegrationAsset"]:
         """
         Fetches assets from FlatFileImporter
 
@@ -220,16 +220,19 @@ class FlatFileImporter(ABC):
         )
         self.clean_up()
 
-    def parse_finding(self, vuln: Vulnerability) -> Optional["IntegrationFinding"]:
+    def parse_finding(self, vuln: Union[Vulnerability, "IntegrationFinding"]) -> Optional["IntegrationFinding"]:
         """
         Parses a vulnerability object into an IntegrationFinding object
 
-        :param Vulnerability vuln: A vulnerability object
+        :param Union[Vulnerability, IntegrationFinding] vuln: A vulnerability object
         :return: The parsed IntegrationFinding or None if parsing fails
         :rtype: Optional[IntegrationFinding]
         """
         from regscale.integrations.scanner_integration import IntegrationFinding
 
+        if isinstance(vuln, IntegrationFinding):
+            return vuln
+
         try:
             asset_id = vuln.dns or vuln.ipAddress
             if not asset_id:
@@ -237,9 +240,9 @@ class FlatFileImporter(ABC):
 
             severity = self.finding_severity_map.get(vuln.severity.capitalize(), regscale_models.IssueSeverity.Low)
             status = self.map_status_to_issue_status(vuln.status)
-            cve: Optional[str] = vuln.cve if vuln.cve else ""
-            extract_vuln: Any = self.extract_ghsa_strings(vuln.plugInName or "")
-            plugin_name = vuln.plugInName if vuln.plugInName else vuln.title
+            cve: Optional[str] = getattr(vuln, "cve", "")
+            extract_vuln: Any = self.extract_ghsa_strings(getattr(vuln, "plugInName", ""))
+            plugin_name = getattr(vuln, "plugInName", getattr(vuln, "title", ""))
             if not self.assert_valid_cve(cve):
                 if isinstance(extract_vuln, list):
                     cve = ", ".join(extract_vuln)
@@ -286,16 +289,19 @@ class FlatFileImporter(ABC):
             self.attributes.logger.error("Error parsing Wiz finding: %s", str(e), exc_info=True)
             return None
 
-    def parse_asset(self, asset: Asset) -> "IntegrationAsset":
+    def parse_asset(self, asset: Union[Asset, "IntegrationAsset"]) -> "IntegrationAsset":
         """
         Converts Asset -> IntegrationAsset
 
-        :param Asset asset: The asset to parse
+        :param Union[Asset, IntegrationAsset] asset: The asset to parse
         :return: The parsed IntegrationAsset
         :rtype: IntegrationAsset
         """
         from regscale.integrations.scanner_integration import IntegrationAsset
 
+        if isinstance(asset, IntegrationAsset):
+            return asset
+
         return IntegrationAsset(
             name=asset.name,
             external_id=asset.otherTrackingNumber,
@@ -514,6 +520,8 @@ class FlatFileImporter(ABC):
         """
         Process the assets in the data
         """
+        from regscale.integrations.scanner_integration import IntegrationAsset
+
         # The passed function creates asset objects. Convert to IntegrationAsset here
         if isinstance(self.file_data, list):
             for dat in self.file_data:
@@ -523,6 +531,8 @@ class FlatFileImporter(ABC):
         if isinstance(self.data["assets"], Iterator):
             self.integration_assets = self.data["assets"]
             return None
+        elif isinstance(self.data["assets"], IntegrationAsset):
+            self.data["assets"] = [self.data["assets"]]
         self.integration_assets = (self.parse_asset(asset) for asset in self.data["assets"])
 
     def process_asset_data(self, dat: Any, func: Callable) -> None:
@@ -712,6 +722,17 @@ class FlatFileImporter(ABC):
 
         with create_progress_object() as vuln_progress:
             vuln_task = vuln_progress.add_task("Processing vulnerabilities...", total=len(self.file_data))
+            try:
+                res = func(self.file_data)
+                if isinstance(res, list):
+                    self.integration_findings = res
+                    self.data["vulns"] = res
+                    vuln_progress.update(vuln_task, completed=len(self.file_data))
+                    return
+            except Exception as e:
+                self.attributes.logger.debug(
+                    "Cannot process vulns as a whole, now iterating all data to parse vulns: %s", str(e)
+                )
             for ix, dat in enumerate(self.file_data):
                 vuln = func(dat, index=ix)
                 if not vuln: