# Templates

## Overview

The purpose of templates is to parse incoming reports to extract findings, remove duplicates and merge findings which have something in common. That means that the way you create a template will define how you will operate with the findings of a particular tool.

## Requirements

You need to upload a report to Purify. See how to do it [here](https://faloker.gitbook.io/purify/getting-started/upload-report).&#x20;

{% hint style="info" %}
If you do not have any reports at hand, you can use reports from [here](https://faloker.gitbook.io/purify/report-samples).
{% endhint %}

## Action

In this section we will go through all steps of template creation.

Go to the reports page for which unit you uploaded a report:

![](https://88240658-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-M3I4ZhftILe_kBZUamw%2F-MKVSk5JdKlBSwSKeJuR%2F-MKVTorpzva0tcbnm5rQ%2FScreenshot%202020-10-25%20at%2017.57.41.png?alt=media\&token=d3527c14-c692-415b-b50d-928b0e5144fb)

Click on the **Create Template** button and you will see the **Template Configurator**:

![](https://88240658-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-M3I4ZhftILe_kBZUamw%2F-MKVSk5JdKlBSwSKeJuR%2F-MKVUExMlTCHqrQuWMfc%2FScreenshot%202020-10-25%20at%2017.59.58.png?alt=media\&token=9b969bac-55ed-4d15-9fa8-f1de0274dd0c)

### Step 1

You will need to select an array with issues. **Why?**

Sometimes security tools reports may contain some additional debug or configuration information that is completely pointless to you. Purify will extract all arrays from the document and show you an example of their elements, you will need to **select an array containing the scan results**.<br>

![Gitleaks has only one array inside, so it's pretty obvious](https://88240658-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-M3I4ZhftILe_kBZUamw%2F-MKVSk5JdKlBSwSKeJuR%2F-MKVUhgzLLSz2lN8Zdgm%2FScreenshot%202020-10-25%20at%2018.02.05.png?alt=media\&token=bd822ccc-ad11-42d4-9e78-445abcb56ae2)

### **Step 2**

Choose the fields that will be treated as the title and subtitle, just decide which combination of fields will be more suitable for you.

{% hint style="info" %}
You can select as many fields as you want, without restrictions.
{% endhint %}

![offender and rule looks good for us](https://88240658-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-M3I4ZhftILe_kBZUamw%2F-M40xHWHsU-VSAKHjGKn%2F-M43RKVBilkQcsEngwBn%2FScreenshot%202020-04-04%20at%2012.06.43.png?alt=media\&token=b108bf9c-b09d-4cc4-a643-5043f4e42e9d)

### Step 3

Sometimes findings delivered with severity field, you can select this field on the third step:

![Gitleaks do not provide severity field, so Purify will set it to Medium by default](https://88240658-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-M3I4ZhftILe_kBZUamw%2F-MKVSk5JdKlBSwSKeJuR%2F-MKVUz9SX1TjFGZRNo1R%2FScreenshot%202020-10-25%20at%2018.03.15.png?alt=media\&token=3c3c0110-18d8-4b5c-a838-08ba361e633d)

### Step 4

Based on the fields you choose previously you need to create patterns to display them. You can use any combination of characters or stay simple:

![](https://88240658-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-M3I4ZhftILe_kBZUamw%2F-MKVVVj3scl1D50sCumP%2F-MKVVkbrQZS14xcX_kLw%2FScreenshot%202020-10-25%20at%2018.06.39.png?alt=media\&token=da35ec3c-cb4c-4803-b85b-b989c0e97486)

### Step 5

Now we need to decide what fields will represent issue body:

![](https://88240658-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-M3I4ZhftILe_kBZUamw%2F-MKVVVj3scl1D50sCumP%2F-MKVVs2Dc5axjXiWW266%2FScreenshot%202020-10-25%20at%2018.07.09.png?alt=media\&token=d59ce02e-a7ba-4db2-b358-49bd5ddb1d94)

### Step 6

Here you need to select the field types so that everything is displayed correctly. Optionally, you can change the display names for the fields if the default is not meaningful enough:

![](https://88240658-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-M3I4ZhftILe_kBZUamw%2F-MKVVVj3scl1D50sCumP%2F-MKVW10guxjeO-gGm5te%2FScreenshot%202020-10-25%20at%2018.07.49.png?alt=media\&token=b55ee09c-bc84-4f04-9d35-6dc5cd83d114)

### Step 7

Now we come to a serious matter. You need to select the fields that will be used to find the same findings at the template&#x20;

![We want to track only unique offenders](https://88240658-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-M3I4ZhftILe_kBZUamw%2F-MKVWMq8E_k7c2bmK6Wx%2F-MKVWRawEmAIBtPV8s_Z%2FScreenshot%202020-10-25%20at%2018.09.39.png?alt=media\&token=dab22b33-e128-4a9e-a69f-3546119ed51a)

### Step 8

The last important step is to select fields that will be merged if the issues look the same (**Step 7**). Merging occurs only for issues within the same template.

{% hint style="info" %}
This step is **optional** because sometimes tools generate only unique findings and there is no need in merging
{% endhint %}

![It makes sense to merge file and commit fields if the offenders are the same](https://88240658-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-M3I4ZhftILe_kBZUamw%2F-MKVWMq8E_k7c2bmK6Wx%2F-MKVWZ_aLhsqOOL2iqST%2FScreenshot%202020-10-25%20at%2018.10.12.png?alt=media\&token=380521e9-973b-4f3f-aa33-843dbc8d16bd)

### Step 9

Let's say you decided to give a try [gitleaks](https://github.com/zricethezav/gitleaks), after using [truffleHog](https://github.com/dxa4481/truffleHog) (yet another tool for finding secrets). Obviously, you want to see only what's new gitleaks can find.&#x20;

That's why you need to select fields for which values Purify will perform a lookup **on all issues inside the unit**. If all these fields exist in any issue, Purify will treat the new issue as duplicate and will not process it.

![If the issue is about the same secret in some file, we will ignore it](https://88240658-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-M3I4ZhftILe_kBZUamw%2F-MKVWMq8E_k7c2bmK6Wx%2F-MKVWqgZFiN6G7SGidev%2FScreenshot%202020-10-25%20at%2018.11.24.png?alt=media\&token=7e71f012-4391-4584-b00a-d40766d522b1)

### **Step 10**

![Give a name and add some tags](https://88240658-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-M3I4ZhftILe_kBZUamw%2F-MKVWMq8E_k7c2bmK6Wx%2F-MKVX2pl2VHoyZCHUvoT%2FScreenshot%202020-10-25%20at%2018.12.19.png?alt=media\&token=6d2ff90e-eccd-49a1-876c-364e695b3e5b)

### Final

As result of these actions we have 16 new issues

![We have 17 new findings and 11 were merged or previously seen in this unit](https://88240658-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-M3I4ZhftILe_kBZUamw%2F-MKVWMq8E_k7c2bmK6Wx%2F-MKVXHkGiHsirNaWxnNB%2FScreenshot%202020-10-25%20at%2018.13.20.png?alt=media\&token=2ae88d0e-e2b1-4d20-b249-1853fb3051ef)

Now go to the **Issues** tab and explore them all:

![](https://88240658-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-M3I4ZhftILe_kBZUamw%2F-MKVWMq8E_k7c2bmK6Wx%2F-MKVX_-NU2yiRemguYbk%2FScreenshot%202020-10-25%20at%2018.14.34.png?alt=media\&token=3456f563-3b13-47d8-b576-b0325f53626a)

![](https://88240658-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-M3I4ZhftILe_kBZUamw%2F-MKVWMq8E_k7c2bmK6Wx%2F-MKVXqiO6k5j50hDvoRo%2FScreenshot%202020-10-25%20at%2018.15.48.png?alt=media\&token=7ecdf9e9-6bce-4047-966a-cbb4e2dfd69d)