Release Notes

This page provides information about the changes, updates, enhancements, fixes, and new features introduced when a new deployment is released.

Release 2.6.0

deploy to cloud-hosted instances the week of 6-17-24

Improved

  • OWASP parser improvements with a new file mappings page

  • Added notifications for the Schedule module

  • Known Hostname and Detailed Results fields added to asset evidence in Nexpose integration (mappings page updated)

  • New metrics tab added for the Priorities module

  • Added auto-format functionality within rich-text fields

  • Enabled the Code Samples tab for findings to be a rich-text field (ZD 6883)

Fixed

  • Fixed the issue of execution steps within an engagement not printing from a report (ZD 6425)

  • Fixed issue with the finding severity order being displayed incorrectly (ZD 5704, 6254)

  • Fixed issue with the window size increasing after pasting a large code block into the rich-text field of a finding narrative (ZD 6038)

  • Fixed the issue of image IDs breaking when exporting to XML (ZD 3773, 5100)

Release 2.5.0

deploy to cloud-hosted instances on 5-21-24

Improved

  • New Schedule module that allows users to create and manage engagements

  • Implementation of AI that can generate findings descriptions and remediation steps

  • CVSS 4 field added to Writeups CSV import file

  • Improvements to the Tenable scan date selector

  • Updated the Tenable Vulnerability Management integration to improve sorting data by tag

  • Runbooks now support OWASP test plans

Fixed

  • Fixed the 400 error message that occurred when a user added a narrative section from a report to NarrativesDB (ZD ID6753, 6839, 7001, 7260, 7266)

  • Fixed a border issue occurring when exporting to a Word template (ZD ID6652)

  • Fixed header issue on the “edit priority page” where the client name was not being displayed properly

  • Fixed issue that occurred after copying a finding to WriteupsDB with a CVSS v3.1 vector containing lower-case letters

  • Updated Pentera file import integration to support accurate port data

  • Updated OpenVas file import integration to support accurate port data.

Release 2.4.0

deploy to cloud-hosted instances on 4-23-24

Improved

  • Updated functionality for editing and tracking changes in rich-text fields

  • Introduced licensed users and permissions, which impacts user management and RBAC

  • Added support within the application to configure CVSS 4.0 (integration support with third-party tools coming later)

  • Created field mappings page for importing assets into the Clients module via Nmap

  • Updated APIs to support side-drawer component

  • Updated contextual scoring permissions for the Priorities module to enable wider access to other users with relevant permissions

  • Ability to see a priority linked to an asset and edit within asset details

  • Ability to link a priority while creating/editing a finding

  • Ability to have real-time collaboration in rich-text fields that have auto-save enabled (this will be released in phases, with cloud-hosted customers gaining access by May 1 and on-prem customers gaining access beginning May 2)

Fixed

  • Fixed issue with audit log not searching by user name

  • Fixed issue with the Target Remediate Date field not appearing in a custom column in the Priorities module (ZD ID6426)

  • Updated notification emails with the correct Priorities documentation link

  • Fixed issue of an analyst being unable to update the status of a published finding until the report is published (ZD ID6100)

  • Fixed issue in which custom RBAC roles with the ability to edit assets could not update the status without additional unnecessary permissions (ZD ID5490, 5528, 5791, 6247)

Release 2.3.0

deploy to cloud-hosted instances on 3-25-24

Improved

  • Enhanced Tenable TVM and SC integration options and documentation for field mappings (PlexTrac is now an approved Tenable Technology Partner)

  • Updated Mitre methodology in the default repository and Runbook test plan to include the techniques and tactics of MITRE v14.1 accompanied by procedure updates to Atomic Red Team atomics

  • Ability for administrators to view tenant activity via the new audit log button in the Admin Dashboard

  • Ability to view a finding’s details more easily via a side drawer for the Clients and Reports module (a side drawer also exists for the attack path tab and associated findings on assets)

  • Analyst users are now redirected back to the assessment view after an assessment is submitted

  • Nessus parser performance improvements that enable support for ingesting larger files

Fixed

  • Fixed issue with the report readout card default sort order (critical now on top)

  • Fixed issue with date filters when formats other than MM/DD/YYYY are used (ZD ID6534)

  • Fixed issue of a tenant logo resizing incorrectly on some pages

  • Fixed issue of the client logo not displaying on the client profile page

  • Fixed issue with adding multiple entries of the same affected port for different services (ZD ID5135)

  • Fixed issue of a report not being created when an analyst user submitted an assessment (ZD ID6218)

Release 2.2.0

deploy to cloud-hosted instances on 3-6-24

Improved

  • New and improved Nexpose integration, including CVSS scores, new custom fields, added port data, and updated documentation of field mappings

  • API updates to support new Priorities module

  • Changes to the finding substatus field will initiate autosave

  • When parser actions are bypassed, the prompt in the file upload modal dynamically updates

Fixed

  • Fixed issue of repositories built via API or CSV not displaying the number of writeups

  • Fixed issue of linebreaks for some text fields not being honored when exporting a CSV file (ZD ID5566)

  • Fixed issue of a custom RBAC role with the ability to edit assets is unable to update the asset status without additional unnecessary permissions (ZD ID5490,5528,5791,6247)

  • Fixed issue of ports not being saved as distinct items when adding multiple entries of the same affected port for different services (ZD ID5135)

  • Fixed issue that a disabled parser action did not remove the parser actions prompt from the file upload modal

Release 2.1.0

deploy to cloud-hosted instances on 1-30-24

Improved

  • New Priorities module with custom equations launched

  • Support for JIRA Data Center (in place of JIRA server) beginning on February 15th

  • Added a table column in the parser actions page of the Admin Dashboard to display “Original Severity”

  • Added ability for the user to bypass parser actions when importing a file into a report

  • Report narrative sections no longer automatically expand when the user creates a new section or starts typing in an existing section

Fixed

  • Fixed issue of tenant logo resizing inconsistently

  • Fixed data discrepancy issue on the "Asset findings overview" table in the Analytics module

  • Fixed filtering issues occurring on the Asset tab of the Analytics module

  • Fixed sorting of columns issues occurring on the Asset tab of the Analytics module

  • Fixed filtering issues occurring on the Findings tab of the Analytics module

  • Fixed the issue of an empty “Findings by clients” box in the Findings tab of the Analytics module

  • Fixed the issue of an empty "Most critical findings" box in the Findings tab of the Analytics module

  • Fixed issue in “Breakdown by client” graph of Findings tab in Analytics module displaying Client ID instead of name when filtering by tags

  • Fixed issue of the client logo not displaying

  • Fixed issue of default fields being removed from tables

  • Fixed issue in which the user is unable to delete some comments in RTF fields

  • Fixed issue in which a custom RBAC role with the ability to edit assets cannot update the status without having to edit the report’s findings permission

  • Fixed issue with malformed tables upon report export to Word

  • Fixed issue of soft returns (shift+enter) not working on lists within a report export template

  • Fixed the issue of white labeling not working in some scenarios

Release 2.0.0

GA on 1-2-24

Improved

  • Added affected asset port data to the CSV findings export

  • Added ability for user to opt out of warning modal when a findings layout is applied to a report

  • Findings will autosave after all required fields have been set

  • Added capability to customize the table columns for SLAs in the Admin Dashboard

  • Added field in Admin Dashboard for Cobalt URL when configuring the integration

  • Improvements to the Snyk integration

  • Improvements to how runbook procedures are ordered upon edit and creation

  • General platform performance improvements

Fixed

  • Fixed issue with exported Word reports being impacted by styles even though no style guide was associated

  • Fixed issue of analytics not displaying filter data in the Analytics module

  • Fixed issue in which some users cannot copy/move writeups from their default repository to another repository

  • Fixed issue in which the user was unable to scroll through all findings for a report in the right column of the report Readout tab

  • Fixed issue in which published findings may not be visible to approved users if the report is not published

  • Fixed issue with the “Trend of findings opened vs. closed by month” table displayed on the Details tab for a client in the Clients module

  • Fixed issue with sorting of columns not working for the table on the Assets tab of the Analytics module

  • Fixed issue of assets not showing for selected reports in the Assets tab of the Analytics module

  • Fixed issue where clicking on the parent asset link in the Assets detail modal of a finding on the Findings tab of the Analytics module resulted in an error message

  • Fixed issue in which sort behavior changed the user navigated between pages on the Findings tab of a report when more than ten findings exist

  • Fixed issue with one-column tables not formatting correctly when exported

Release 1.61.1

deploy to cloud-hosted instances on 11-8-23

Improved

  • Added a new tab and messaging on the Dashboard for when a user has no assignments

  • Better handling of scoring when using the Acunetix parser

  • Added support of rich-text formatting to an assessment's description field

  • Added the ability to add captions to code blocks within a rich-text field

  • Improved experience when creating an asset and adding a new operating system or IP address

  • Improvements to Jira Server/Data Center integration

  • Added ability to customize the table columns on the Sections tab of NarrativesDB

  • Added ability to customize the table columns inside a repository of NarrativesDB

  • Added ability to customize the table columns on the Repositories tab of WriteupsDB

  • Added ability to customize the table columns on the Reports module home page

  • Added the ability to customize the table columns on the Assets tab of the Clients module

  • Made the description field of a question a rich-text field in the Assessments module

  • Added ability for admins to enable email notifications for finding substatus changes and when a report reviewer has been added

  • Deprecated endpoint Import Client Assets v1

Fixed

  • Fixed issue of evidence sometimes not appearing for an affected asset on its details modal

  • Fixed issue where bulk delete of affected assets was not working

  • Fixed issue where bulk select of assets for a report was not matching bulk select behavior in other areas of the platform

  • Fixed issue where findings layout reverted to default layout instead of the custom one assigned

  • Fixed issue in which not all findings were displayed in the Findings overview box on the Readout tab in reports with more than 50 findings

  • Fixed export to Word error after importing a finding and adding an affected asset to it

  • Fixed format issue upon export to Word with Runbooks procedure logs

Release 1.60.0

deploy to cloud-hosted instances on 10-10-23

Improved

  • Added the ability for admins to configure and customize the experience of creating a finding via configurable layouts (Admin Dashboard>Layouts)

  • Streamlined the process of creating a finding by putting custom fields on the Finding Details tab (Custom Field tab going away)

  • Improved the experience of creating a writeup to match that with the process of creating findings

  • Added Proof of Concept field in Cobalt integration

  • Added a link within the platform to download the writeups CSV template (available by clicking the Import Writeups button)

  • Added ability to customize the table columns on the Affected Assets tab of a finding

  • Added ability to customize the table columns on the Assets tab of a report

  • Added messaging to alert when exporting a report if a layout template is associated so users are aware that required fields exist

  • Added error notification when a user attempts to update the published status of a finding that doesn't have all required fields

Fixed

  • Fixed issue when larger images in reports with a style guide associated with them were not exporting as expected

  • Fixed issue with line breaks when pasting into CKEditor fields

  • Fixed issue with CKEditor window increasing in size when a large image is inserted and resized

  • Fixed issue of a blank screen after loading a finding from Acunetix and attempting to edit

Release 1.59.0

deploy to cloud-hosted instances on 9-13-23

Improved

  • Added ability to create and customize style guides for exported reports to Word (.doc) using a Jinja template

  • Improved report experience when selecting sections from NarrativesDB or writeups from WriteupsDB by truncating long sections of text, tables, code blocks, and hiding images

  • Improved Writeups CSV import to support soft returns within the file

  • Added additional fields Clients module home page table (Client POC Email and Description)

  • Added ability to configure and customize the table column experience for associated findings of an asset within the Clients module

  • Improved modal experience when importing a finding (no longer defaults to Nessus in the pulldown menu)

  • Improved usability on the Readout tab of a report by highlighting the box of the finding being viewed on the Report readout column

  • Users with write access to reports can delete comments created by other users

  • Updated BURP parser field mapping documentation

  • Uploaded a new version of the WriteupsDB CSV import template in the documentation

Fixed

  • Fixed the issue of a CVSSv3.1 risk score not showing on the findings detail page

  • Fixed the issue that occurred when creating a custom role in the Admin Dashboard and disabling the “Ability to View the Administration Panel”

Release 1.58.0

deploy to cloud-hosted instances on 8-21-23

Improved

  • Ability to bulk associate findings to ServiceNow (if integration is configured)

  • Ability to unlink a finding from ServiceNow (new option under "Actions" column (if integration is configured)

  • Updated references of “Tenable.io” to “Tenable Vulnerability Management”

  • For BURP HTML file imports, enhanced the usability of finding and viewing data by moving the HTTP request and response fields out of the findings details page (continues to be listed as evidence in the affected asset)

  • Better error messages to users and handling of data when importing large BURP files; now a notification is sent about the finding that did not get imported, and all other findings are loaded without impacting the entire file and instance stability

  • For users importing files with evidence-heavy data, significantly decreased loading time, an increase in the number of findings and assets that can be imported before performance is impacted, and improvements in any error messaging to provide helpful details to resolve any issues

  • Added count totals of rows in the table headers for Assessments and Runbooks modules

  • Added a red asterisk to the Client Name field to denote it is required

  • Arranged theme color options in Admin Dashboard>Theme so they are now displayed by severity impact instead of alphabetically

  • Added bulk actions button and options in the Assets tab for a report

  • Updated legacy color palette values in tooltips, icons, etc., throughout the platform for consistent user experience

  • Breaking change implemented for APIs using roleID variable in endpoints; legacy support will continue through 1.59

Fixed

  • Fixed issue with erratic scrolling of page for comments left when tracking changes

  • Fixed issue with ServiceNow integration: now work notes, comments, and status

  • Fixed issue with CSV exporter that occurred in MS Word reports containing imported findings from API integrations

  • Added error handling to resolve asset names with over 10k characters that would previously cause a system error; names are now truncated to ensure the files load properly

  • Fixed the issue of the default parser action not filtering correctly

  • Fixed the issue of table sort order not being preserved when a questionnaire is deleted in the Assessments module

  • Fixed issue in parser actions in which placeholder field titles were in pulldown menus

  • Fixed issue in which the deduplication process for asset names was overwriting child asset names; child assets can now have the same name for different parents

  • Fixed issue with Help Center link in the profile pulldown menu being a different color than other items in the list; also added an icon next to the link informing users that clicking Help Center will open a new tab/window and take the user outside of the platform

  • Fixed the issue of a blank page appearing when clicking the Edit/Comment button on the Readout tab of a report if no narrative has been added; now, no button appears on that tab until the content has been created

  • Fixed issue with bulk selecting all assets in the Clients module in which some manually deselected assets were still being deleted

Release 1.57.0

deploy to cloud-hosted instances on 7-18-23

New Capability

  • Ability to manage and track changes within rich-text fields at the report level

  • Performance enhancements when importing findings from an integration for import into a report

  • Changed the term “scan output” to “evidence” throughout the platform for consistency

  • Improved experience when creating a writeup to better align with the process of creating a new finding

  • Better messaging to admins when deleting users to provide more detail, so if the action failed, admin can take action to remedy (i.e., the user is assigned a task)

  • Performance improvements when importing large amounts of affected assets with a finding via an integration

  • Improved messaging within the modal that appears when adding a writeup to a report with a findings layout assigned

  • Added count totals of rows in the table header for the Assessments module tab

  • Added count totals of rows in the table header for Admin Dashboard>Security>Authorization page

Bug Fixes

  • Fixed issue with Jira server (not cloud) integration not working as expected

  • Fixed issue with exporter failing for Parser and API integrations

  • Fixed issue in Edgescan integration that occurred when closed vulnerabilities for the past three years was selected in the pulldown menu during setup (the configuration would reset to default state)

Release 1.56.0

deploy to cloud-hosted instances on 6-21-23

New Capability

  • New design improving usability for admins when adding authorized users to a client

  • Added a total count of clients, reports, findings, and assets in the Clients module that is displayed as each tab is clicked

  • Overhaul of CSV export for reports that fixed known limitations and issues that occurred when exporting large data sets into cells

Bug Fixes

  • Fixed an issue in which a finding severity was not being adjusted from manual changes in the CVSSv3.1 calculator

  • Fixed an issue in which a writeup form would occasionally disappear after loading when trying to edit

  • Fixed an issue in which an analyst user was incorrectly able to add or remove reviewers from an assessment

Release 1.55.0

deploy to cloud-hosted instances on 6-7-23

New Capability

  • Enhanced Snyk integration with a new product (Snyk Code) plus documented field mappings and deduplication logic for all Snyk products

  • Changed bulk actions menu so actions are only visible to users with the correct permissions

  • Added better messaging and UX experience when integration synchronizations are taking longer than expected

  • Optimized affect asset retrieval for findings that had hundreds of affected assets

Bug Fixes

  • Fixed an issue in which available repositories were not appearing after typing into the box within WriteupsDB when trying to move or copy writeups

  • Fixed an issue in which assets imported from a Nmap.xml file were displaying a random “last seen” date in the Notes/Description tab for the affected asset

Release 1.54.0

deploy to cloud-hosted instances on 5-30-23

New Capability

  • Improved user experience and transparency with behavior regarding parser actions seen in Admin Dashboard>Parser Actions

  • Adding messaging to inform the user when an import takes longer than 100 seconds, explaining operation is taking longer than expected and to try importing later

  • Changed label of “Runbooks V2” to “Runbooks” (Runbooks V2 replaced legacy Runbooks module in 1.53)

  • Added messaging to inform users that a finding or assessment has been deleted if accessing from a notification link

  • New graph in the Analytics module in the Trends & SLAs tab to display the percentage of findings exceeding SLA

Bug Fixes

  • Fixed issue with saving when creating a new writeup and user not being directed to WriteupsDB homepage when finished

  • Fixed an issue in which tags for a previously created SLA were auto-populating on new SLAs

Release 1.53.7

  • Fixed issue in which users not assigned to any clients were able to view reports

Release 1.53.3

  • Removed the 2000 character limit for the rich-text field in the Custom Fields tab of a finding

Release 1.53.2

  • Fixed an issue with the Tenable integration

Release 1.53.0

deployed to cloud-hosted instances on 5-8-23

New Capability

  • Added a documentation link to First CVSS at the bottom of CVSS calculator when creating a finding

  • Enhanced the user experience within the graph for the Trends & SLAs tab in the Analytics module

  • Added better visibility that an asset name is required through improved error messages and asterisk to denote it is a required field

  • Changes made to a finding status within the most critical findings box inside the Findings tab of the Analytics module are reflected immediately

  • Ability to view child assets (when applicable) from the parent affected asset

  • Added visible error messaging when editing the Evidence tab of an affected asset that changes were not saved when attempting to exit

  • The parent asset value within the table of the Assets tab of a report now links to the parent asset details page

  • Removed legacy Runbooks module from main menu

Bug Fixes

  • Fixed issue in which validation for duplicate assets was not catching an asset just created

  • Fixed issue during creation of a new asset that occurred with a field screen not disappearing after selecting a provided value

  • Fixed bug in which the number of findings listed in the Readout tab of a report was not accurately reflecting the number of findings in the report

  • Fixed issue of importing findings from an integration that findings created on the end date chosen in the filter was not appearing

  • Added logic so that after using filters in reports, leaving page, and then returning, the filter select boxes would contain previously selected values rather than be blank

  • Fixed issue in which findings with closed status were triggering SLA emails

Release 1.52.0

deployed to cloud-hosted instances on 4-21-23

New Capability

  • Added a field for URL available when setting up or editing an Edgescan integration

  • Improved refresh of data used to build graphs when loading Analytics module pages

Bug Fixes

  • Fixed issue with Edgescan findings import in which only one filter could be used

  • Fixing a bug that allowed duplicate asset names for a client

  • Moved tooltip about findings and assets on Dashboard module to the Finding metrics tab

  • Fixed issue that a report was displaying the default template instead of the properly assigned template

  • Fixed issue of empty asset when importing same assets to different reports within a client

  • Fixed issue of finding updates email notifications not sent correctly when using the status tracker/bulk update modal

Release 1.51.0

deployed to cloud-hosted instances on 4-6-23

New Capability

  • Enhanced user experience when adding findings from an integration to a report

  • Added ability to retain customized columns (where applicable)

  • Added refresh of page after using ‘search and replace’ functionality in reports to better indicate changes were implemented

  • Added ability to bulk paste email addresses when adding assets to a client

  • Improved platform performance when creating clients

Bug Fixes

  • Fixed data refresh issue that occurred after a bulk delete in WriteupsDB

  • Fixed issue in which the short codes section of Admin Dashboard was not appearing for some non-admin roles after given access via Administration Permissions in RBAC

  • Fixed error message that resulted after adding evidence for an affected asset and then deleting evidence before saving

  • Fixed bug that occurred with risk score when exporting to CVS and some finding fields were null

  • Fixed an issue in which the date to and date values from search filter were not filtering correctly for the Most Critical Findings box across all tenant clients

Release 1.50.0

deployed to cloud-hosted instances on 3-27-23

Bug Fixes

  • Fixed issue that occurs when an authorized analyst attempts to update the status of the finding in a published report and receives an unauthorized error message

  • Icon changed in the Parent Asset box of the Create Affected Asset modal to accurately reflect that this field is a search box and not a pre-populated pulldown menu

  • Fixed issue of the modal not disappearing when clicking the ellipses of an asset under the “Action” column of the Assets tab in the Clients module

  • Fixed issue of a blank page appearing when an admin attempts to edit a template (Account Admin>Templates) of the Admin Dashboard

  • Fixed issue of a linked template not being used when exporting a report as assigned by admin in the Export templates tab (Account Admin>Templates) of the Admin Dashboard

  • Fixed issue with CSV Asset Upload template in which some fields were not importing

  • Fixed issue with Tenable integration that could cause integration to fail

  • Fixed issue in which a parent asset was not successfully removed when deleted as parent from the child asset on the Edit Asset page

Release 1.49.0

deployed to cloud-hosted instances on 3-8-23

New Capability

  • Usability enhancements in Admin Dashboard>Templates with the addition of tool tips, easier to read tables, and updated modal designs

  • Platform-wide enhancements to messaging in modals for better consistency and experience

Bug Fixes

  • Fixed issue in which Analytics pages might crash when refreshing the page or redirecting after logging out

  • Fixed issue that occurs if import source is changed in the middle of the process of adding a finding via an integration

  • Fixed issue of an existing asset’s ports, services, and protocols being added by default when the asset is added as an affected asset to a new finding

Release 1.48.0

deployed to cloud-hosted instances on 2-24-23

New Capability

  • Ability to sort (via table column), filter, and search by a parent asset in the Affected Assets tab of a finding

  • Ability to view and navigate to the parent asset from the asset detail modal of an affected asset, and from the findings detail modal under Affected Assets

  • New button and user options for adding a new asset to a client (now have option for a bulk paste)

  • Added a notification banner for admins and users belonging to the default group if an error occurs that prevents a page from being saved (a link to PlexTrac support is provided in the banner)

  • Platform-wide updates to presentation of messages and button labels for improved consistency and usability

  • Enhanced authoring and viewing of narrative content sections by continuously displaying editor toolbar (previously toolbar would disappear if additional required scrolling down)

  • Enhanced integration experience when importing from Findings tab

Bug Fixes

  • Fixed issue when deleting a repository in WriteupsDB in which user had to click the same button twice to complete task

  • Fixed bug of asset description not being saved on creation

  • Fixed 400 error that occurred when adding a note to a child asset

  • Fixed issue in which some users were experiencing issues with logo updates

  • Fixed spelling errors on Edgescan field mappings page

  • Fixed bug in which an analyst could see draft findings on a report's Assets tab

Release 1.47.0

deployed to cloud-hosted instances on 2-10-23

New Capability

  • Enhanced modal usability for WriteupsDB

  • Unified the asset import experience within Affected Assets and Client Assets, including file type verification, better styling, and improved notifications

  • Added a “Parent Asset” column to the report asset list table

  • Bulk paste for affected assets now dynamically parses out asset name, parent asset name, and port to its relative columns in the table (before all information would be retained in asset name)

  • Added a “View” link in the Affected Assets list of the Finding Detail modal to allow users quick access to the details of an asset without having to redirect to the client asset page

  • Updated daily Jira synchronization (if a Jira integration is set by admin to update daily) to 4:45 UTC (9:45 PM Mountain Time)

Bug Fixes

  • Removed “PlexTrac” as a file type to import for admins in pulldown menu when setting up parser actions to avoid confusion, as a .ptrac file is not tied to imported actions (still supported elsewhere in platform)

  • Fixed bug that could cause the overall CVSS score to not reflect what was calculated using First CVSS calculator

Release 1.46.0

deployed to cloud-hosted instances on 1-26-23

Bug Fixes

  • Fixed issue of assets in a report not loading correctly on the Assets tab

  • Usability improvements with labeling in Dashboard

  • Autosave performance improvements in NarrativesDB module

  • Fixed issue in which a new assessment might not display a 0% completion value as was incorrectly reflecting a previously edited assessment completion percentage

  • Fixed issue in which large Nessus files were not loading

  • Fixed issue in which CVE values were not loading correctly in some imports

Release 1.45.0

deployed to cloud-hosted instances on 1-17-23

New Capability

  • Added version and fix version fields for Jira integration mapping

  • Ability to filter by report name when adding findings from Cobalt

  • Jira synchronization optimizations

  • Added a check to see if an asset already exists within a client, and if so, use that asset ID to reduce duplication

  • Created new endpoint to get findings older than 30 days that are not closed and in a published report

  • Added filter ability to filter by tags during import of Edgescan findings

  • Help Center link updated to direct users to new Zendesk solution

Bug Fixes

  • Fixed Jira syncing issue in which the created date from Jira was displaying incorrectly on the findings table

  • Fixed issues with Edgescan integration field mappings

  • Fixed issue when new users to tenants in which MFA is required and enabled were not required to set up MFA until second login

  • Fixed issue that was preventing admin user from changing password from profile screen (existing instances not affected)

  • Fixed issue in which instance could crash when importing a scan file and parser actions are disabled

  • Fixed issue in which Jira status change for a finding linked to a Jira ticket was not reflected in displayed status of finding table

Release 1.43.0

deployed to cloud-hosted instances on 12-17-22

New Capability

  • Additional Jira integration field (data type) added for mapping options

  • Enhanced Jira integration error messaging

Bug Fixes

  • Fixed issue in which all CKEditor sections on a page were being saved at same time instead of just the section being edited

  • Fixed issue preventing custom field on findings from being updated

  • Fixed issue when editing a writeup that caused a 404 error and prevented writeup from being updated

  • Fixed issue in which whitespace affected the parsing of parent/child assets when using bulk paste functionality to add affected assets to a finding

  • Fixed issue in which a page could crash in some scenarios after clicking the finding status button on the Findings tab of a report and then clicking “Add Update”

  • Fixed intermittent issue of image disappearing once loaded within a CKEditor field

  • Fixed latency when page is loading findings for a report

  • Fixed issue of finding titles not updating when edited on Findings tab of a report

  • Fixed issue for tenants that had Classification Tiers enabled; users with appropriate permissions could not modify the classification after report was created

  • Fixed multiple mapping issues with Edgescan integration (specifically description, recommendation, and severity mappings)

  • Fixed issue of title search not working for findings in Client module

  • Fixed issue in which a .ptrac import fails because an asset has a reference to a parent asset ID not in PlexTrac

Release 1.42.0

deployed to cloud-hosted instances on 11-30-22

New Capability

Bug Fixes

  • Fixed issue of tags being created after a search query

  • Fixed issue in which an edited finding title may continue to display in browser cache

  • Fixed issue with parent asset value not displaying in “Parent Asset” field when editing the child affected asset

  • Fixed issue in which the “Change End Date” button was appearing when finding status was open or in progress instead of only appearing when status is closed

Release 1.41.0

deployed to cloud-hosted instances on 11-17-22

New Capability

  • Ability to bulk paste assets associated with a finding

  • Enhanced collaborative editing capabilities

  • New Assigned To column displayed on the Asset Findings table for report assets

  • New modal and ability to select templates when creating a new findings layout in Admin Dashboard

  • Ability to add and sort by finding sub status on the Findings tab for a report

  • Added messaging to confirm successful deletion of an engagement and test plan

  • Updated Cobalt integration description messaging

  • Added validation and error message when importing findings to ensure selected file type and source match if either is changed by user

  • Improved browser caching to reduce data transfer for viewing assets

Bug Fixes

  • Fixed API issue with frontend acceptance of new password with MFA enabled

  • Improved handling of Boolean fields

  • Fixed an issue when exporting a report in Word (.docx)

Release 1.40.0

deployed to cloud-hosted instances on 11-4-22

New Capability

  • Runbooks V2 and RunbooksDB available to those currently licensed for Runbooks and cloud-hosted

  • New API endpoint for retrieving all assets on a tenant (api/v2/tenant/assets)

  • Ability to move multiple sections from one NarrativesDB repository to another in a single action

  • Ability to filter reports by status on Reports module home page

  • Ability to do bulk edits to associated findings under an asset

  • Caching improvements after finding, report and client deletions

  • Completed assessments and closed findings removed from items count on Dashboard module

  • Ability to filter for findings that have no tags within the existing “Select Findings Tags” filter box that appears on the Findings tab of a report

  • Loading improvements for the Dashboard module

  • CSS improvements for text alignment on long custom answers and questions for assessments

Bug Fixes

  • Fixed issue with status field when importing a Nessus file

  • Fixed issue with ServiceNow OAuth credentials not being passed correctly when checking connection status during admin setup

  • Fixed issue in which SLAs enabled in Admin Dashboard were missing from the findings when a questionnaire was submitted from the Assessments module and a reported created

  • Fixed issue of notifications sometimes not behaving as expected in UI (bell should stay red until notification is marked as read)

  • Fixed issue of artifacts sometimes not uploading to answers when starting an assessment

Release 1.39.0

New Capability

  • Ability to download a CSV template, enter finding information offline, and import into PlexTrac

  • New “Layouts” button in Admin Dashboard under “Customizations” for managing findings templates

  • Dynamic sizing/horizontal scrolling for recently viewed report cards on the dashboard page

  • Ability to select all available sections via a checkbox at top of page when adding narratives to a report

  • Ability to select all available findings writeups via a checkbox at top of page when adding writeups from WriteupsDB to a report

  • Increased field validation for illegal characters entered in CVE ID field for a finding

  • Default short codes now listed in the Admin Dashboard under “Tenant Settings/Short Codes” for visibility with a link to the online product documentation

  • Added loading spinners to signify page is loading on dashboard to give users notice

Bug Fixes

  • Fixed bug in which multiple comments/changes in the same location could not be selected or viewed

Release 1.38.0

New Capability

  • Actionable dashboard that lists all user assignments and recently viewed reports in additional to findings data and information

  • Added confirmation modals and additional information for admins when managing users and enabling/disabling default group in the Admin Dashboard

  • Improved the usability of dialog box and added search capabilities when importing a PlexTrac Report (.ptrac)

  • Tooltip added to the tags inside repository cards for RunbooksDB module

Bug Fixes

  • Fixed incompatibility issues with dark mode theme on pages

  • Fixed issue that caused all table rows to load when clicking sync button for an integration

  • Improved method that CWE IDs display for values parsed from Invicti/Nodeware

Release 1.37.0

New Capability

Bug Fixes

  • Fixed formatting table issues and image support in exports to Word

  • Fixed error that may occur when copying a finding from a scan to WriteupsDB

  • WriteupsDB autosave bug fixes

  • Fixed finding sort issues that occurred when specific optional fields were selected

  • Changed default background color for dark mode from white to black/gray

  • Fixed issue with “Sync Now” button not showing for Tenable integration in Admin Dashboard

Release 1.36.0

New Capability

Bug Fixes

  • Fixed issue of some selected filters not being deleted for findings in Analytics module

  • Fixed issue of some users with proper permissions unable to view Customizations section of Admin Dashboard

  • Fixed error that may occur when trying to update a new writeup immediately after creation

  • Fixed issue with Nessus scans with empty CVSS scores failing to import

  • Fixed issue with related findings not showing when importing findings into a report from a Nessus file

  • Misc. dark mode fixes

Release 1.35.0

New Capability

  • New integrated experience for admins to manage third-party integrations; all integrations with PlexTrac are now managed under the “Integrations” button in Admin Dashboard under "Tools & Integrations"

  • CKEditor update providing new functionality throughout the platform when entering content, such as indentation of lists, modification of color within code blocks, background text color options, etc.

  • When creating a new report, dropdown menu values are alphabetical and dynamically filtered by value typed in box by user

  • Added front-end validation to CVSS scoring to ensure user cannot submit a score that will fail backend validation

  • Added ability to add a Success Criteria step under “Execution Steps” when editing a procedure in the Runbooks module

  • Added CVE/CWE ID Relational Filtering to Finding and Trends/SLAs analytics pages

  • Ability to search the file type when importing a report

  • Added CVSS 3.1 to the Report Findings and Client Findings table

  • Narrative sections now reflect changes made from short code search/replace tasks

  • Removed tenant point of contact and address fields (populated from another source)

  • Misc. UX improvements in modals and dropdown menus

Bug Fixes

  • Dark Mode display enhancements

  • Fixed issue of CVE and CWE IDs not displaying in correct format in client findings list

  • General CSS enhancements to modals

Release 1.34.0

New Capability

  • Improvements with the storage of values when dynamic scoring for findings (CVSS, CVSS2, etc.) is used

  • UX improvements when editing email templates in Admin Dashboard

  • Platform-wide consistency on autosave functionality for performance and usability

  • Platform-wide consistency on labels and text for usability

  • Improved caching and performance

Bug Fixes

  • Fixed issue of scores for some findings being out of sync when imported

  • Fixed issue of CVSS score not appearing when editing a finding imported from WriteupsDB

  • Fixed issue of some associated assets not showing in the Analytics module Assets tab graphic and table

Release 1.33.0

New Capability

  • New user experience for setting up and configuring two-factor authentication (Profile/Personal Settings)

  • Updated all modals to confirm before closing work that any discard of changes by user is intentional

  • Ability to select all findings for mass edit and import during an integration upload

  • Ability to customize table columns and order on Findings tab in Reports module

  • Ability to customize table columns and order on Writeups tab in WriteupsDB module

  • Added CVE and CWE IDs to findings detail; tool will check to see if ID is valid based on CVE standards and link to documentation if valid

  • Added a CVSS 3.1 calculator to allow users to obtain scores within PlexTrac

  • Ability to select all findings for mass edit in the Report module

  • Added user notifications for tasks related to changing a score or using new calculator

  • Ability to view a finding score in the findings detail modal (between the description and recommendation)

  • General usability and design improvements

Bug Fixes

  • Fixed issue of not being able to add IPv6 address when creating a new asset

  • Fixed bugs when importing a file from Tenable

  • Improved response time when adding large amount of writeups to WriteupsDB module

  • Fixed issue of some filters not populating values for asset analytics

  • Fixed a bug where client ids were showing instead of names for preset filters

Release 1.32.0

New Capability

  • Added ability to filter by assignee on the Findings tab in the Analytics module

  • Updated user experience for importing and configuring parser actions with new descriptions, progress status, and links to documentation

  • Added column in Writeups tab of WriteupsDB module to track item’s parent repository

  • Ability to copy a writeup from one repository to another (click “Copy to” under Actions column of the writeup in WriteupsDB)

Bug Fixes

  • Fixed issue of HTML syntax appearing in exported reports with a finding or narrative

  • Fixed formatting issue of bullet lists in RTF table cell

  • Fixed error message that appeared when uploading a Jinja template file to create an export template

  • Resolved issue when importing a Nessus file

Release 1.31.0

New Capability

Bug Fixes

  • Fixed issue of a .csv asset not populating fields properly when being imported

  • Fixed issue of default WriteupsDB Default Repository not populating correctly with new installation

  • Fixed “Client Users Error” 400 incorrectly appearing in some instances when navigating to Client module

  • Fixed bug in the applications image upload functionality that prevented users from uploading images within the runbooks edit procedure workflow

  • Fixed mapping issues when importing Veracode xml files

  • Fixed report logs error when importing a findings file

  • Fixed issue with save not working and incorrect permissions generated after creating a new custom role based on the Analyst role template

  • Fixed issue with a blank screen on Narratives tab after creating a new report using a report template that had a narratives section

  • Fixed issue of search not working in the “Link Writeup” pulldown menu in Admin Dashboard>Tools & Integrations>Parser Actions

Release 1.30.0

New Capability

  • Analytics module pages more printer-friendly

  • Performance improvements on Dashboard page load

  • Ability to search and filter a list of sections by tags on the Sections tab within NarrativesDB

  • Table presentation and caching improvements in Analytics>Trends & SLAs

  • SLA information presented on the finding table and finding detail sidebar

  • Updates to Inviciti parser integration mappings and support

  • Latency improvements when entering data in reports

  • Ability to configure date format in Personal Settings to one of the following options: YYYY-MM-DD, DD-MM-YYYY, or MM-DD-YYYY

  • Customizable columns for the client findings page

Bug Fixes

  • Improvements for admins to change settings for existing repositories within NarrativesDB and be seen immediately by users with access

  • Unicode copy/paste support for umlauts

  • Fixed 400 error when adding findings to WriteupsDB via csv upload or from a report

  • Fixed Date format of Start Time for Runbook Engagements

  • Fixed user access issue in WriteupsDB repository

  • Fixed issue of Assessment module not appearing in menu for some customers

  • Improved copy/paste formatting from external source to a report

Release 1.28.0

New Capability

  • New Content Library container in main menu

    • Contains existing WriteupsDB and new NarrativesDB features

  • New Narratives Database (DB) feature

    • NarrativesDB allows for the organization, categorization, and management of content to be shared by multiple users and groups for producing reports

  • Search enhancements in Content Library

    • Search results for repositories and writeups refined based on text entered in search box

  • Capability to sort by title field in Content Library repositories

  • User management updates across Content Library and Runbooks

    • Access to content repositories is governed globally for each repository type by RBAC

    • The ACCESS permission enables users to see and use content within content repositories

    • The MANAGE permission enables users to manage settings and users of content repositories (who is allowed to view/edit a repo)

    • Ability for users with proper RBAC permissions to delete repositories

  • Ability to identify the source of a Finding via the Finding Detail modal view (includes manual imports and data from integrations)

  • Support of audit tracking when users are added/removed from PlexTrac

Bug Fixes

  • Fixed issue in which some Unicode values were not appearing correctly from source when copy/paste was used

Release 1.20.0

New Capability

  • Communicating age of data within analytics

  • Added manual refresh of data for analytics page

  • Added ability to create reviewers by state on reports

  • Added functionality to sort filters alphabetically

  • Changed account lockout behavior to be default, vs opt-in

Bug Fixes

  • Various fixes for log syntax

Release 1.19.0

New Capability

  • Enable account lockouts

  • Allow setting createdAt during finding creation

  • As a report creator, I can set a report state & assign reviewers

  • Writeups Do Not Require a Recommendation

  • Reorganized Admin Panel

  • Added CKEditor field to findings field template

Bug Fixes

  • Ampersands in Report Custom Fields missing in Word export

  • Fixed OWASP Zap Parser Descriptions and Recommendations Fields

  • Fixed Jinja Export Error missing type_of_piece

  • Fixed import Nipper XML

  • Fixed Hyperlink CKEditor formatting export error

  • Fixed front end user issue where the user appeared to be part of the default group, but was not. This disallowed ability to give authorize user for client access

  • Fixed intermittent Tenant Integration licensing error toast

  • CKEditor Code blocks - new lines are now getting created in Word export

  • SNOW - resolved issue with hardcoded URL suffix

Release 1.17.3

New Capability

  • Ability to add ports and services to affected assets

  • Added notes section to affected assets

  • Added evidence section to affected assets

  • URL/URI parsing for affected assets Update default table styling for exported Word documents

  • Allow use of field templates when creating Writeups in WriteupsDB

  • Option to auto-save work when editing narratives

  • Ability to set a report state and assign reviewers in report details

  • RBAC - separated out commenting and status changes permissions

  • Added ability to custom sort findings

Bug Fixes

  • Fixed ability to create Writeup from scratch

  • Fixed issue where some SNOW suffix URL’s could not be specified

  • Fixed caching issues when editing questionnaires

Version Digests

plextrac/plextracnginx:1.17.3 DIGEST: plextrac/plextracnginx@sha256:49bcd0e6d2793fa4aa06051f91c2cfaac2e60bb288e0213f1ab3c42b54ad8c62

plextrac/plextracapi:1.17.2 DIGEST: plextrac/plextracapi@sha256:00f147ca7b015497da6d78fc90ead9e0f39f4dcc290f6b02e1787e8b59fe97b3

Release 1.16.0

New Capability

  • Released tenable.io, tenable.sc integration

  • Enhancements to Affected Assets

  • Added ability to edit Affected Assets

  • Implemented new design for adding an Affected Asset

  • New evidence section URL/URI parsing Notes section

  • Added new RBAC permission splitting out comment vs status change in findings

  • Added auto-save custom fields, exhibits, code samples when editing a finding

  • Added ability to custom sort findings

Bug Fixes

  • Fixed styled text & nested HTML in image captions

  • Fixed Auto Numbered captions in CKEditor

  • Fixed scenario where missing data in a finding would result in a SDK error

  • Fixed MITRE and SCYTHE name consistency in Runbooks

  • Fixed contrast for code block text in Dark Mode

  • Fixed informational finding parsing in Checkmarx parser

  • Fixed issue where custom field search would fail on periods

Version Digests

plextrac/plextracnginx:1.16.10 DIGEST:sha256:c308d650fdd6ff7e7cec566b722fd19ca292ac7807ca4c8d8a42aed05c176156

plextrac/plextracapi:1.16.11 DIGEST:sha256:06eb3b62c075b2f875a05b15ba20ca978245f948182b45f3791118a20bfddfa2

Release 1.14.0

New Capability

  • Added hover to display dashboard trendline on Dashboard

  • Several design updates and fixes in analytics pages

  • New designs for edit finding page, edit narratives page

  • Preset Filters for analytics SAML IDP

  • User Provisioning

  • WriteupsDB Bulk Actions (Delete and TAGS)

Bug Fixes

  • Fixed error message when uploading license key

  • Affected asset scan data can now discretely reference scan evidence by affected asset

  • Export crashes with symbols in affected asset title

Release 1.13.1

New Capability

  • CKEditor Field Template

  • New Report navigation

  • Report Details Tab added to report navigation

  • CSV writeup importer updates

  • Filter analytics by assets

  • User Management Wizard for seeing what roles a user has for which clients

Bug Fixes

  • Role is now removed when done through User Permissions Wizard Qualys imports

  • Able to change affected assets status

  • Text Style in Tables Exports Correctly

  • Jira sync process now assigns valid statuses

  • Images can now be captions using CKEditor

  • OWASP ZAP Parser now parsing IP addresses to known_ips field for affected assets

  • Newlines are no longer removed from scanner output during export

  • Writeups created in WriteupsDB no longer requires references to save Report

  • Fixed Raw Evidence toggle switch

Release 1.12.0

New Capability

  • Ability to reference raw scan evidence as a callable field via Jinja Add hover display to dashboard trendline on security debt dashboard

  • Design updates for Runbooks analytics page

  • Use improved helping type for Asset Analytics Choose "Unspecified" option in the filter dropdown for Asset Types

  • Filter Open/Closed Issues on Date Range Improvements in Trend Analytics Parse port data from ZAP

Bug Fixes

  • Fixed OOM issue that caused API Crashes on Nessus Import with large number of scanner documents

  • Resolved bug where unable to change user auth after enabling two-factor authentication

  • Fixed problem where some users were unable to export report due to Non-Ascii characters in report

  • Resolved issue where adding assets with ports to a Finding crashes API

  • Resolved a UI bug where the details tab shows buttons in wrong places

August 31, 2021

New Capability

  • The new Asset Analytics functionality provides you with an at-a-glance overview of every asset in your (or your clients’) company, by level of criticality, to help you better understand where you’re most vulnerable

  • With PlexTrac’s new integration with Tenable, you can import findings and assets tied to a Tenable tag directly into the Purple Teaming Platform

  • PlexTrac is also happy to announce the addition of security scanner tool parsers and imports for Horizon3 NodeZero, OWASP Zap, HCL AppScan, and Checkmarx

  • PlexTrac now supports IDP (Identity Provider) initiated SAML SSO

  • PlexTrac’s new Attack Path Visualization feature makes it as easy as drag-and-drop to create a visual representation of the tactics, techniques, and procedures (TTPs) used in a simulated attack.

  • Short codes are a powerful new time-saver in PlexTrac that provides a simpler way for users to search and replace text at the report or client level

  • Some assets are more important than others — and with our new Report Assets view, PlexTrac allows you to instantly see all the findings associated with those assets most important to you.

  • Additional bug fixes

June 28, 2021

New Capability

  • Ability to collapse the left-hand panel, change the Logo, background text, and text highlight colors of the left panel. The update also includes the much-demanded Dark Mode!

  • When viewing Affected Assets under the preview modal, you can now Bulk Update the Status of Assets!

  • The Analytics module has been updated in many ways, including a new Findings by Client section, Preset Filters, and an all-new Runbooks Analytics Module which includes a MITRE type heatmap

  • You can now import SCYTHE Campaigns and MITRE Threat Emulations Plans as a Runbooks into PlexTrac

  • We have added the ability to assign procedures with a severity level while still working the Engagement

  • You can now copy a completed engagement and include all data. This feature can be used to pick up an accidentally closed Engagement or to add new information

  • You can now also view the Finding ID in the Preview modal.

  • Additional bug fixes

June 11, 2021

New Capability

  • Comments: Added the ability to add comments to an ckeditor instance, beginning with report narratives.

  • Mitre ATT&CK v9.0 methodology added to runbooks

  • Backend scaffolding for audit logging (login, failed login, two-factor enable/disable, password reset/change)

  • Runbooks engagement procedures can now be assigned a severity level that will be used when creating a report finding

  • Runbook analytics can be filtered by engagement tags

  • Engagements which are imported and do not inherit tactics from the parent runbook can still be associated with tactics, if they are tagged

  • Runbook Analytics and Preset Filters are now available in production.

Bug Fixes

  • PTrac import bug was fixed

  • Newly uploaded artifacts now show a Creation Date

  • Date Reported on the Report Overview screen now shows in a proper format

  • Introduction, Methodology, and Summary Report Narratives now can be moved, deleted, and overwritten

  • Replaced placeholder text on the Service Now Integration screen

  • Removed HTML tags in .csv exports

  • Fixed casing for the WriteupsDB sidebar navigation

April 9, 2021

New Capability

  • We have now added Custom Fields for both Client and Report Details! This can be incredibly useful in expanding the current functionality of Jinja Templates and reducing polish time after export.

  • Assessments — added a feature to require completion of specific steps in a questionnaire before submitting. This takes the form of check boxes beside the Overall Questionnaire (requiring ALL questions to be marked ‘completed’ before being able to be submitted), For Individual Questions, and for Individual answer type

Bug Fixes

  • Addressed issue with pasting tables into PlexTrac

  • FIxed Search bar for Runbooks Procedure Tags

February 11, 2021

New Capability

  • PlexTrac has moved to a Continuous Integration/Continuous Deployment (CI/CD) development model.

  • You can now define tables in the Rich Text Boxes inside PlexTrac and export them to your report.

  • You can now add Custom Narratives from as many Report Template sources as desired.

  • We've added the Custom Answer Sets in the Assessments module, allowing you to define a set of custom answers into your question, instead of picking from the predefined Answer Sets

  • You can now copy a well-built question and duplicate it into another question in the Assessments Module.

  • Our Integration with Jira now supports generation of child tickets for assets.

  • We have added a Rich Text editor to the fields in the WriteupsDB

October 1, 2020

New Capability

  • The addition of custom "Finding Sub-Statuses." Before this release it was possible to label findings as Open, In Progress, or Closed. Now you can define your own custom sub-statuses on the platform.

  • Enhancements to the Assessment module editing workflow. We've made many additions to the Assessments module recently, and now we've improved the editing process with two new features.

    • Sticky save bar, so the save button is always within view

    • Unsaved work notifications, so you know if your updated work has not been saved

  • The addition of preview for Tactics, Techniques, and Procedures in the Runbooks module. Now you can expand these out and view their description.

  • The ability to mark a run as "Completed" in Runbooks. Sometimes the Blue Team is able to thwart an attack straight away, not allowing you to complete your execution steps. Now you may mark these as completed.

Bug Fixes

  • Addressing an issue where the "Description" field contents were truncated when submitting an assessment

  • Fixed the inability to remove parent/child relationship from an asset

September 2, 2020

Bug Fixes

  • Fixed issue where notes entered into one question in an assessment would populate into other questions

  • Fixed issue where files attached to one question in an assessment would populate into other questions.

  • Fixed issue with certain special characters resulting in an extraneous escape character when exporting Nessus scan results

August 19, 2020

New Capability

  • Addition of the much-requested ability to attach evidence to a question. When performing assessments there is often the need to attach supporting evidence to a specific question, and now you can do that in PlexTrac.

  • The ability to add custom input field in the assessments module. When administering an assessment there is often the need to include discrete information you wish to segregate from the generic.

  • The addition of static custom fields in the assessments module. The true value of assessments lies in the ability to pre-populate field that are "hidden" during the administration of the assessment, but pass through to findings afterwards. You may now create custom fields when entering a question natively instead of through the WriteupsDB.

  • We have also included the addition of a scroll feature on the questions list when editing a questionnaire. You may now keep the editing field in your field of view when sifting through the question list.

Bug Fixes

  • Fixing issue where some users experienced significant lag when typing in a search field.

  • Fixing issue where in-line images in Custom Narratives would drop from the editor field after saving and/or not be included in the exported report.

  • Fixing issue where capitalized characters in an image file extension would result in corruption of the finding.

  • Fixed several bugs relating to sorting of findings within a report.

August 6, 2020

New Capability

  • The ability to import and export Assessments as ISON files. This has many use cases, including the sharing of standardized question sets for both popular and highly specific assessment frameworks.

  • Additionally, the feature enables users to have File-based archiving of important Assessments to ensure rapid restoration in the event of Interruption and availability.

  • Lastly, this feature helps with versioning / tailoring of question sets.

  • This update brings a re-design of the UI in the Edit Finding page that is easier on the eyes.

Bug Fixes

  • Fixed issue where sort-by-severity was not working when viewing findings in a report

  • Fixed issue where inclusion of capital characters in an image extension prevented the upload of images to the Findings Screenshots section

  • Fixed issue where some users experienced significant lag when entering characters when performing a search bar search

  • Fixed issue preventing the importation of assets from an Nmap XML discovery scan into Client Assets

July 15th, 2020

New Capability

  • The addition of Filters in Client Assets. We are pleased to announce this much-asked-for addition to the Client Assets page. Simply begin typing a portion of the asset you are looking for, and the list is narrowed to those assets which include your search string.

  • The addition of the ability to filter by tags in Reports. Tags are an amazing way of organizing and sorting your data in Analytics and in your document exports. We are pleased to now provide the ability to sort on your findings by tags.

Bug Fixes

  • Fixed an issue where in certain cases, creation of a parent/child relationship between assets could result in corruption of the asset data structure.

  • Fixed several issues related to the use of the mailer module with email servers that only support SSL or which do not allow credentialed authentication.

  • Fixed issue preventing non-global administrators from disabling users

  • Fixed issue preventing exporting of scan data from Burp and Accunetix for those clients who have enabled scan data export in their config.txt file.

  • Fixed UI issue where the last tags added when using bulk actions were retained in the UI for subsequent actions.

June 15th, 2020

New Capability

  • The addition of "Trend Analytics" One of the most powerful new graphics is also one of the simplest – “Trend of Issues Opened vs Closed”. By simply looking at the relative position of the two lines, you can determine whether you are adding or removing security debt.

  • We are also excited to introduce an entirely new graphic – “Average Time from Creation to Closed.” This chart shows both the total historical and monthly trends for the amount of time taken to remediate findings based on severity.

  • A redesigned of the "Administration Panel". Over the last year we have added a lot of new features for tenancy administration, and the vertical listing of these had grown quite lengthy. Features are now logically grouped, and once selected the dashboard is minimized to provide maximum workspace.

  • The “Users” administration panel has received a facelift, providing much larger and easy-to-read displays of user settings.

Bug Fixes

  • Issue that prevented some users from creating Jira tickets resolved.

  • Tags that are included for findings are now retained when those findings are exported and re-imported from a .ptrac file.

  • Users who navigate to a link to a specific page in PlexTrac are now directed to that page immediately after login.

May 15, 2020

New Capability

  • An analytics revamp! In our first iteration of the Analytics revamp we have focused on providing enhanced flexibility for filtering along with better graphics to help your team track an analyze your engagements. These include both enhanced filtering and updating graphics, with many more features coming in the near future!

  • The addition of the ability to apply bulk tagging for findings in a report. Our last update included the ability to apply bulk tags at the time of import, and this update now allows bulk tagging for the findings already in the report.

  • You now have the ability to completely customize the email notifications within PlexTrac to match your branding. You may now customize the "From name", "From address", "Email subject", and "Email body".

  • We have built out the CMMC function and it is now available in the platform for every customer. This addition also includes the references and authoritative guidance from appendix B of the CMMC, giving you all the information at your fingertips.

  • We have leveraged our tags around CMMC to make analyzing the results very easy right out of the box.

April 24, 2020

New Capability

  • The introduction of the "Draft/Published" flag, which provides you the ability to control which findings are reports are visible to users assigned the Analyst role. This feature is optional. Unless you enable this feature, Analysts will continue to have access to all findings in all reports for any clients they have been authorized to view.

  • The ability to change the date reported on findings. This ensures accurate tracking and analytics on historical data brought into PlexTrac. To update the created date on a finding, navigate to a report and use the bulk selection tools to “Change Reported Date”

  • PlexTrac now allows the use of any SAML Identity Provider to log into the application. Multiple providers can be configured for each tenant and are managed on a per user basis.

  • Enhanced user experience when enabling or resetting the multi-factor authentication token. This new functionality prevents a user from locking themselves out without capturing the QR code.

April 3, 2020

New Capability

  • Added support for Okta, Google, and Azure AD Authentication - support for all the leading single-sign on methods.

  • The ability to apply tags in bulk to both findings and associated assets when importing scanner results into your PlexTrac reports.

  • An overall revamp of the analyst experience. Those assigned with the analyst role have a simplified interface that eliminates UI hooks.

  • The addition of Jinja2 hook for expanded asset data. PlexTrac's asset section provides users with a consolidated view of all vulnerabilities from all reports for any given asset. But we're also a powerful asset management tool, providing a way to organize important metadata such as asset criticality, owner, data owner, and physical location. All of this information can now be referenced in your custom templates.

  • A brand new user interface for building assessments. This interface includes pagination and a widget to allow rapid navigation through long questionnaires. And of course, it's styled with purple throughout!

  • Administrators now have the ability to permanently delete users from their tenancy.

  • The multi-factor authentication feature now has an autofocus to ease entry of the 6-digit code.

  • Tags can now be added when building questions for an Assessment, which will pass through to the associated findings after submission.

March 10, 2020

New Capability

  • Our latest release begins the rollout of our new skin, incorporating modern UI design and demonstrating our love for all things purple!

  • The UI when taking an assessment has been streamlined, incorporating both pagination and collapsible questions

  • Ability to view (and even resubmit) previously submitted questionnaires

  • We have now added the ability to parse Core Impact exports! With their recent acquisition of Cobalt Strike, Core Security continues to advance their capabilities and we are excited to offer this new integration

  • Nmap is the standard for a lightweight discovery tool, and PlexTrac now supports import of and display of open ports and services. Because Nmap doesn’t produce true findings, we took a different approach than with our other parsers. In the Assets view for a Client, there is a new “Import Assets” button. Using this enables you to import your .nmap file. All assets present in the file are added to the Client’s asset list. Open one of these assets, and navigate to the Notes/Description tab to view the data

  • Dramatic performance improvements when performing bulk deletion of findings, when deleting a report and when deleting a client

  • Additional supported file types in the Artifacts file manager

  • Modification of the CMMC framework in the Assessments Module to reflect the addition of Maturity Level

  • Prevention of overwriting the initial Date Reported when importing subsequent scan data that has identical findings.

Last updated

© 2024 PlexTrac, Inc. All rights reserved.