Release Notes

This page provides information about the changes, updates, enhancements, fixes, and new features introduced when a new deployment is released.

This page provides information about the changes, updates, enhancements, fixes, and new features introduced when a new deployment is released. The date provided is when the deployment started worldwide in Region 1.

Release 2.11

11-5-24

Improved

Added ability to create contextual equations to rank findings based on risk
Introduced webhooks to receive real-time, event-driven communication for specific events (cloud only)
Added a comment archive feature allowing users to view a historical list of accepted or rejected comments and associated metadata
Added import support for Veracode’s DAST and SCA files
Real-Time Collaboration enabled for findings, narratives, writeups, and the content library
New process for customizing the login page logo (now uses the same process as in-app logo and icon management in the Admin Dashboard)

Updated

PlexTrac is updating its Jira integration to support multiple client-based integrations. This update has implications for those using the API in an unsupported workflow to add Jira ticket links to PlexTrac findings. Click here to learn more.

Release 2.10

10-8-24

Improved

Calendar invites from approved engagements are included as attachments in emails to the report operator
Admins can configure Plex AI access by user and client
Admins can configure report export options for users
Improved the autosave messaging across the application
Added the client name and a link to the report in the report status email template
Findings from Nessus file imports now include an exploit field

Release 2.9.0

9-10-24

Improved

New dashboard experience (available for on-prem instances in 2.10.0)
Improvements in performance and notifications when importing findings (Burp, Nessus, Veracode)
Support for Google OAuth email configuration (available for on-prem instances in 2.10.0)
New admin experience for managing users
AI responses now stream as generated

Fixed

Resolved a vulnerability that allowed unauthorized users to view client asset details in API responses when accessing findings
Fixed responsiveness issues with the export report button (ZD 7972)
Fixed 404 errors on the email templates manager page

Release 2.8.0

8-13-24

Improved

UTF-8 support for the writeups CSV template (special characters are no longer stripped)
Support for drop-down custom fields in Jira integrations
Enhancements to Nessus parser import (support for larger files, new fields progress bar)
Bulk action options for severity updates added to findings tables
Auto-save functionality added to the report details page

Fixed

Fixed issue of the CVE/CWE ID filter not working in the client findings tab
Fixed RBAC permission issue in which the Schedule module was appearing incorrectly after being disabled (ZD 7771)
Fixed alignment issues that existed between calendar and availability tabs for the Schedule module (ZD 7729, 7806)
Fixed issue with operators pulldown not containing values when creating a report within the client module (ZD 7657, 7769, 7780, 7803, 7908, 8136)
Fixed the issue of the start date value for a report disappearing as data was entered into the end date field
Fixed numbering format issue in report narratives shown on the report readout tab (ZD 6995)
Fixed issue in which users in the report reviewer pulldown menu did not appear if pages were refreshed (ZD 6492)
Fixed issue in which client description information was not appearing upon export (ZD 6501, 7650)
Fixed inconsistencies related to case sensitivity in the search functionality (ZD 6749, 6868, 7191, 7674, 8006)

Release 2.7.0

7-16-24

Improved

New table experience for managing users in the Admin Dashboard, along with a side drawer for additional options without leaving the page
New experience for admins when adding users that provides more configuration and options on one page
Finding custom fields now available for use as a variable in an equation for contextual scoring in the Priorities module
Likelihood x Impact is now a scoring option on findings via a sliding scale
Enhancements to Burp parser imports
Provide the ability to direct users to a unique landing URL after SSO for SAML
Writeups CSV import allows duplicate writeup titles to be created upon import

Fixed

Fixed issue that may occur during a Nessus file import (ZD 7613)
After an engagement is canceled in the Schedule module, associated reports are deleted (ZD 7491, 7718)
Fixed issue with Cobalt imports with the ‘declined’ field not being mapped to a severity value of ‘Informational’ (ZD 7270)
Fixed error message that occurred when exporting a report containing a procedure (ZD 7014)
Fixed an issue that occurred when exporting a report to CVS that contained multiple custom fields and CVSS scores (ZD 5568, 7646)
Fixed the issue with changing the sequence of writeups in the WriteupsDB module when editing (ZD 5590,6285,7318)
Fixed issue with code markup in rich-text fields not exporting correctly (ZD 6601,7576,7830)
Sorting of report templates within report details is now in alphabetical order to match the report creation modal
Fixed an issue in which a file imported a second time to the same report was not retaining history and comments from the first upload (ZD 7359)

Release 2.6.0

6-17-24

Improved

OWASP parser improvements with a new file mappings page
Added notifications for the Schedule module
Known Hostname and Detailed Results fields added to asset evidence in Nexpose integration (mappings page updated)
New metrics tab added for the Priorities module
Added auto-format functionality within rich-text fields
Enabled the Code Samples tab for findings to be a rich-text field (ZD 6883)

Fixed

Fixed the issue of execution steps within an engagement not printing from a report (ZD 6425)
Fixed issue with the finding severity order being displayed incorrectly (ZD 5704, 6254)
Fixed issue with the window size increasing after pasting a large code block into the rich-text field of a finding narrative (ZD 6038)
Fixed the issue of image IDs breaking when exporting to XML (ZD 3773, 5100)

Release 2.5.0

5-21-24

Improved

New Schedule module that allows users to create and manage engagements
Implementation of AI that can generate findings descriptions and remediation steps
CVSS 4 field added to Writeups CSV import file
Improvements to the Tenable scan date selector
Updated the Tenable Vulnerability Management integration to improve sorting data by tag
Runbooks now support OWASP test plans

Fixed

Fixed the 400 error message that occurred when a user added a narrative section from a report to NarrativesDB (ZD ID6753, 6839, 7001, 7260, 7266)
Fixed a border issue occurring when exporting to a Word template (ZD ID6652)
Fixed header issue on the “edit priority page” where the client name was not being displayed properly
Fixed issue that occurred after copying a finding to WriteupsDB with a CVSS v3.1 vector containing lower-case letters
Updated Pentera file import integration to support accurate port data
Updated OpenVas file import integration to support accurate port data.

Release 2.4.0

4-23-24

Improved

Updated functionality for editing and tracking changes in rich-text fields
Introduced licensed users and permissions, which impacts user management and RBAC
Added support within the application to configure CVSS 4.0 (integration support with third-party tools coming later)
Updated field mappings for Nessus
Updated field mappings for Acunetix
Updated field mappings for Veracode
Created field mappings page for importing assets into the Clients module via Nmap
Updated APIs to support side-drawer component
Updated contextual scoring permissions for the Priorities module to enable wider access to other users with relevant permissions
Ability to see a priority linked to an asset and edit within asset details
Ability to link a priority while creating/editing a finding
Ability to have real-time collaboration in rich-text fields that have auto-save enabled (this will be released in phases, with cloud-hosted customers gaining access by May 1 and on-prem customers gaining access beginning May 2)

Fixed

Fixed issue with audit log not searching by user name
Fixed issue with the Target Remediate Date field not appearing in a custom column in the Priorities module (ZD ID6426)
Updated notification emails with the correct Priorities documentation link
Fixed issue of an analyst being unable to update the status of a published finding until the report is published (ZD ID6100)
Fixed issue in which custom RBAC roles with the ability to edit assets could not update the status without additional unnecessary permissions (ZD ID5490, 5528, 5791, 6247)

Release 2.3.0

3-25-24

Improved

Enhanced Tenable TVM and SC integration options and documentation for field mappings (PlexTrac is now an approved Tenable Technology Partner)
Updated Mitre methodology in the default repository and Runbook test plan to include the techniques and tactics of MITRE v14.1 accompanied by procedure updates to Atomic Red Team atomics
Ability for administrators to view tenant activity via the new audit log button in the Admin Dashboard
Ability to view a finding’s details more easily via a side drawer for the Clients and Reports module (a side drawer also exists for the attack path tab and associated findings on assets)
Analyst users are now redirected back to the assessment view after an assessment is submitted
Nessus parser performance improvements that enable support for ingesting larger files

Fixed

Fixed issue with the report readout card default sort order (critical now on top)
Fixed issue with date filters when formats other than MM/DD/YYYY are used (ZD ID6534)
Fixed issue of a tenant logo resizing incorrectly on some pages
Fixed issue of the client logo not displaying on the client profile page
Fixed issue with adding multiple entries of the same affected port for different services (ZD ID5135)
Fixed issue of a report not being created when an analyst user submitted an assessment (ZD ID6218)

Release 2.2.0

3-6-24

Improved

New and improved Nexpose integration, including CVSS scores, new custom fields, added port data, and updated documentation of field mappings
API updates to support new Priorities module
Changes to the finding substatus field will initiate autosave
When parser actions are bypassed, the prompt in the file upload modal dynamically updates

Fixed

Fixed issue of repositories built via API or CSV not displaying the number of writeups
Fixed issue of linebreaks for some text fields not being honored when exporting a CSV file (ZD ID5566)
Fixed issue of a custom RBAC role with the ability to edit assets is unable to update the asset status without additional unnecessary permissions (ZD ID5490,5528,5791,6247)
Fixed issue of ports not being saved as distinct items when adding multiple entries of the same affected port for different services (ZD ID5135)
Fixed issue that a disabled parser action did not remove the parser actions prompt from the file upload modal

Release 2.1.0

1-30-24

Improved

New Priorities module with custom equations launched
Support for JIRA Data Center (in place of JIRA server) beginning on February 15th
Updated CKEditor to version 37.0.1
Added a table column in the parser actions page of the Admin Dashboard to display “Original Severity”
Added ability for the user to bypass parser actions when importing a file into a report
Report narrative sections no longer automatically expand when the user creates a new section or starts typing in an existing section

Fixed

Fixed issue of tenant logo resizing inconsistently
Fixed data discrepancy issue on the "Asset findings overview" table in the Analytics module
Fixed filtering issues occurring on the Asset tab of the Analytics module
Fixed sorting of columns issues occurring on the Asset tab of the Analytics module
Fixed filtering issues occurring on the Findings tab of the Analytics module
Fixed the issue of an empty “Findings by clients” box in the Findings tab of the Analytics module
Fixed the issue of an empty "Most critical findings" box in the Findings tab of the Analytics module
Fixed issue in “Breakdown by client” graph of Findings tab in Analytics module displaying Client ID instead of name when filtering by tags
Fixed issue of the client logo not displaying
Fixed issue of default fields being removed from tables
Fixed issue in which the user is unable to delete some comments in RTF fields
Fixed issue in which a custom RBAC role with the ability to edit assets cannot update the status without having to edit the report’s findings permission
Fixed issue with malformed tables upon report export to Word
Fixed issue of soft returns (shift+enter) not working on lists within a report export template
Fixed the issue of white labeling not working in some scenarios

Release 2.0.0

1-2-24

Improved

Added affected asset port data to the CSV findings export
Added ability for user to opt out of warning modal when a findings layout is applied to a report
Findings will autosave after all required fields have been set
Added capability to customize the table columns for SLAs in the Admin Dashboard
Added field in Admin Dashboard for Cobalt URL when configuring the integration
Improvements to the Snyk integration
Improvements to how runbook procedures are ordered upon edit and creation
General platform performance improvements

Fixed

Fixed issue with exported Word reports being impacted by styles even though no style guide was associated
Fixed issue of analytics not displaying filter data in the Analytics module
Fixed issue in which some users cannot copy/move writeups from their default repository to another repository
Fixed issue in which the user was unable to scroll through all findings for a report in the right column of the report Readout tab
Fixed issue in which published findings may not be visible to approved users if the report is not published
Fixed issue with the “Trend of findings opened vs. closed by month” table displayed on the Details tab for a client in the Clients module
Fixed issue with sorting of columns not working for the table on the Assets tab of the Analytics module
Fixed issue of assets not showing for selected reports in the Assets tab of the Analytics module
Fixed issue where clicking on the parent asset link in the Assets detail modal of a finding on the Findings tab of the Analytics module resulted in an error message
Fixed issue in which sort behavior changed the user navigated between pages on the Findings tab of a report when more than ten findings exist
Fixed issue with one-column tables not formatting correctly when exported

Release 1.61.1

11-8-23

Improved

Added a new tab and messaging on the Dashboard for when a user has no assignments
Better handling of scoring when using the Acunetix parser
Added support of rich-text formatting to an assessment's description field
Added the ability to add captions to code blocks within a rich-text field
Improved experience when creating an asset and adding a new operating system or IP address
Improvements to Jira Server/Data Center integration
Added ability to customize the table columns on the Sections tab of NarrativesDB
Added ability to customize the table columns inside a repository of NarrativesDB
Added ability to customize the table columns on the Repositories tab of WriteupsDB
Added ability to customize the table columns on the Reports module home page
Added the ability to customize the table columns on the Assets tab of the Clients module
Made the description field of a question a rich-text field in the Assessments module
Added ability for admins to enable email notifications for finding substatus changes and when a report reviewer has been added
Deprecated endpoint Import Client Assets v1

Fixed

Fixed issue of evidence sometimes not appearing for an affected asset on its details modal
Fixed issue where bulk delete of affected assets was not working
Fixed issue where bulk select of assets for a report was not matching bulk select behavior in other areas of the platform
Fixed issue where findings layout reverted to default layout instead of the custom one assigned
Fixed issue in which not all findings were displayed in the Findings overview box on the Readout tab in reports with more than 50 findings
Fixed export to Word error after importing a finding and adding an affected asset to it
Fixed format issue upon export to Word with Runbooks procedure logs

Release 1.60.0

deploy to cloud-hosted instances on 10-10-23

Improved

Added the ability for admins to configure and customize the experience of creating a finding via configurable layouts (Admin Dashboard>Layouts)
Streamlined the process of creating a finding by putting custom fields on the Finding Details tab (Custom Field tab going away)
Improved the experience of creating a writeup to match that with the process of creating findings
Added Proof of Concept field in Cobalt integration
Added a link within the platform to download the writeups CSV template (available by clicking the Import Writeups button)
Added ability to customize the table columns on the Affected Assets tab of a finding
Added ability to customize the table columns on the Assets tab of a report
Added messaging to alert when exporting a report if a layout template is associated so users are aware that required fields exist
Added error notification when a user attempts to update the published status of a finding that doesn't have all required fields

Fixed

Fixed issue when larger images in reports with a style guide associated with them were not exporting as expected
Fixed issue with line breaks when pasting into CKEditor fields
Fixed issue with CKEditor window increasing in size when a large image is inserted and resized
Fixed issue of a blank screen after loading a finding from Acunetix and attempting to edit

Release 1.59.0

deploy to cloud-hosted instances on 9-13-23

Improved

Added ability to create and customize style guides for exported reports to Word (.doc) using a Jinja template
Improved report experience when selecting sections from NarrativesDB or writeups from WriteupsDB by truncating long sections of text, tables, code blocks, and hiding images
Improved Writeups CSV import to support soft returns within the file
Added additional fields Clients module home page table (Client POC Email and Description)
Added ability to configure and customize the table column experience for associated findings of an asset within the Clients module
Improved modal experience when importing a finding (no longer defaults to Nessus in the pulldown menu)
Improved usability on the Readout tab of a report by highlighting the box of the finding being viewed on the Report readout column
Users with write access to reports can delete comments created by other users
Updated BURP parser field mapping documentation
Uploaded a new version of the WriteupsDB CSV import template in the documentation

Fixed

Fixed the issue of a CVSSv3.1 risk score not showing on the findings detail page
Fixed the issue that occurred when creating a custom role in the Admin Dashboard and disabling the “Ability to View the Administration Panel”

Release 1.58.0

deploy to cloud-hosted instances on 8-21-23

Improved

Ability to bulk associate findings to ServiceNow (if integration is configured)
Ability to unlink a finding from ServiceNow (new option under "Actions" column (if integration is configured)
Updated references of “Tenable.io” to “Tenable Vulnerability Management”
For BURP HTML file imports, enhanced the usability of finding and viewing data by moving the HTTP request and response fields out of the findings details page (continues to be listed as evidence in the affected asset)
Better error messages to users and handling of data when importing large BURP files; now a notification is sent about the finding that did not get imported, and all other findings are loaded without impacting the entire file and instance stability
For users importing files with evidence-heavy data, significantly decreased loading time, an increase in the number of findings and assets that can be imported before performance is impacted, and improvements in any error messaging to provide helpful details to resolve any issues
Added count totals of rows in the table headers for Assessments and Runbooks modules
Added a red asterisk to the Client Name field to denote it is required
Arranged theme color options in Admin Dashboard>Theme so they are now displayed by severity impact instead of alphabetically
Added bulk actions button and options in the Assets tab for a report
Updated legacy color palette values in tooltips, icons, etc., throughout the platform for consistent user experience
Breaking change implemented for APIs using roleID variable in endpoints; legacy support will continue through 1.59

Fixed

Fixed issue with erratic scrolling of page for comments left when tracking changes
Fixed issue with ServiceNow integration: now work notes, comments, and status
Fixed issue with CSV exporter that occurred in MS Word reports containing imported findings from API integrations
Added error handling to resolve asset names with over 10k characters that would previously cause a system error; names are now truncated to ensure the files load properly
Fixed the issue of the default parser action not filtering correctly
Fixed the issue of table sort order not being preserved when a questionnaire is deleted in the Assessments module
Fixed issue in parser actions in which placeholder field titles were in pulldown menus
Fixed issue in which the deduplication process for asset names was overwriting child asset names; child assets can now have the same name for different parents
Fixed issue with Help Center link in the profile pulldown menu being a different color than other items in the list; also added an icon next to the link informing users that clicking Help Center will open a new tab/window and take the user outside of the platform
Fixed the issue of a blank page appearing when clicking the Edit/Comment button on the Readout tab of a report if no narrative has been added; now, no button appears on that tab until the content has been created
Fixed issue with bulk selecting all assets in the Clients module in which some manually deselected assets were still being deleted

Release 1.57.0

deploy to cloud-hosted instances on 7-18-23

New Capability

Ability to manage and track changes within rich-text fields at the report level
Performance enhancements when importing findings from an integration for import into a report
Changed the term “scan output” to “evidence” throughout the platform for consistency
Improved experience when creating a writeup to better align with the process of creating a new finding
Better messaging to admins when deleting users to provide more detail, so if the action failed, admin can take action to remedy (i.e., the user is assigned a task)
Performance improvements when importing large amounts of affected assets with a finding via an integration
Improved messaging within the modal that appears when adding a writeup to a report with a findings layout assigned
Added count totals of rows in the table header for the Assessments module tab
Added count totals of rows in the table header for Admin Dashboard>Security>Authorization page

Bug Fixes

Fixed issue with Jira server (not cloud) integration not working as expected
Fixed issue with exporter failing for Parser and API integrations
Fixed issue in Edgescan integration that occurred when closed vulnerabilities for the past three years was selected in the pulldown menu during setup (the configuration would reset to default state)

Release 1.56.0

deploy to cloud-hosted instances on 6-21-23

New Capability

New design improving usability for admins when adding authorized users to a client
Added a total count of clients, reports, findings, and assets in the Clients module that is displayed as each tab is clicked
Overhaul of CSV export for reports that fixed known limitations and issues that occurred when exporting large data sets into cells

Bug Fixes

Fixed an issue in which a finding severity was not being adjusted from manual changes in the CVSSv3.1 calculator
Fixed an issue in which a writeup form would occasionally disappear after loading when trying to edit
Fixed an issue in which an analyst user was incorrectly able to add or remove reviewers from an assessment

Release 1.55.0

deploy to cloud-hosted instances on 6-7-23

New Capability

Enhanced Snyk integration with a new product (Snyk Code) plus documented field mappings and deduplication logic for all Snyk products
Changed bulk actions menu so actions are only visible to users with the correct permissions
Added better messaging and UX experience when integration synchronizations are taking longer than expected
Optimized affect asset retrieval for findings that had hundreds of affected assets

Bug Fixes

Fixed an issue in which available repositories were not appearing after typing into the box within WriteupsDB when trying to move or copy writeups
Fixed an issue in which assets imported from a Nmap.xml file were displaying a random “last seen” date in the Notes/Description tab for the affected asset

Release 1.54.0

deploy to cloud-hosted instances on 5-30-23

New Capability

Improved user experience and transparency with behavior regarding parser actions seen in Admin Dashboard>Parser Actions
Adding messaging to inform the user when an import takes longer than 100 seconds, explaining operation is taking longer than expected and to try importing later
Changed label of “Runbooks V2” to “Runbooks” (Runbooks V2 replaced legacy Runbooks module in 1.53)
Added messaging to inform users that a finding or assessment has been deleted if accessing from a notification link
New graph in the Analytics module in the Trends & SLAs tab to display the percentage of findings exceeding SLA
Sunsetted multiple API endpoints

Bug Fixes

Fixed issue with saving when creating a new writeup and user not being directed to WriteupsDB homepage when finished
Fixed an issue in which tags for a previously created SLA were auto-populating on new SLAs

Release 1.53.7

Fixed issue in which users not assigned to any clients were able to view reports

Release 1.53.3

Removed the 2000 character limit for the rich-text field in the Custom Fields tab of a finding

Release 1.53.2

Fixed an issue with the Tenable integration

Release 1.53.0

deployed to cloud-hosted instances on 5-8-23

New Capability

Sunsetted an API endpoint
Added a documentation link to First CVSS at the bottom of CVSS calculator when creating a finding
Enhanced the user experience within the graph for the Trends & SLAs tab in the Analytics module
Added better visibility that an asset name is required through improved error messages and asterisk to denote it is a required field
Changes made to a finding status within the most critical findings box inside the Findings tab of the Analytics module are reflected immediately
Ability to view child assets (when applicable) from the parent affected asset
Added visible error messaging when editing the Evidence tab of an affected asset that changes were not saved when attempting to exit
The parent asset value within the table of the Assets tab of a report now links to the parent asset details page
Removed legacy Runbooks module from main menu

Bug Fixes

Fixed issue in which validation for duplicate assets was not catching an asset just created
Fixed issue during creation of a new asset that occurred with a field screen not disappearing after selecting a provided value
Fixed bug in which the number of findings listed in the Readout tab of a report was not accurately reflecting the number of findings in the report
Fixed issue of importing findings from an integration that findings created on the end date chosen in the filter was not appearing
Added logic so that after using filters in reports, leaving page, and then returning, the filter select boxes would contain previously selected values rather than be blank
Fixed issue in which findings with closed status were triggering SLA emails

Release 1.52.0

deployed to cloud-hosted instances on 4-21-23

New Capability

Added a field for URL available when setting up or editing an Edgescan integration
Improved refresh of data used to build graphs when loading Analytics module pages

Bug Fixes

Fixed issue with Edgescan findings import in which only one filter could be used
Fixing a bug that allowed duplicate asset names for a client
Moved tooltip about findings and assets on Dashboard module to the Finding metrics tab
Fixed issue that a report was displaying the default template instead of the properly assigned template
Fixed issue of empty asset when importing same assets to different reports within a client
Fixed issue of finding updates email notifications not sent correctly when using the status tracker/bulk update modal

Release 1.51.0

deployed to cloud-hosted instances on 4-6-23

New Capability

Sunsetted four API endpoints
Enhanced user experience when adding findings from an integration to a report
Added ability to retain customized columns (where applicable)
Added refresh of page after using ‘search and replace’ functionality in reports to better indicate changes were implemented
Added ability to bulk paste email addresses when adding assets to a client
Improved platform performance when creating clients

Bug Fixes

Fixed data refresh issue that occurred after a bulk delete in WriteupsDB
Fixed issue in which the short codes section of Admin Dashboard was not appearing for some non-admin roles after given access via Administration Permissions in RBAC
Fixed error message that resulted after adding evidence for an affected asset and then deleting evidence before saving
Fixed bug that occurred with risk score when exporting to CVS and some finding fields were null
Fixed an issue in which the date to and date values from search filter were not filtering correctly for the Most Critical Findings box across all tenant clients

Release 1.50.0

deployed to cloud-hosted instances on 3-27-23

Bug Fixes

Fixed issue that occurs when an authorized analyst attempts to update the status of the finding in a published report and receives an unauthorized error message
Icon changed in the Parent Asset box of the Create Affected Asset modal to accurately reflect that this field is a search box and not a pre-populated pulldown menu
Fixed issue of the modal not disappearing when clicking the ellipses of an asset under the “Action” column of the Assets tab in the Clients module
Fixed issue of a blank page appearing when an admin attempts to edit a template (Account Admin>Templates) of the Admin Dashboard
Fixed issue of a linked template not being used when exporting a report as assigned by admin in the Export templates tab (Account Admin>Templates) of the Admin Dashboard
Fixed issue with CSV Asset Upload template in which some fields were not importing
Fixed issue with Tenable integration that could cause integration to fail
Fixed issue in which a parent asset was not successfully removed when deleted as parent from the child asset on the Edit Asset page

Release 1.49.0

deployed to cloud-hosted instances on 3-8-23

New Capability

Usability enhancements in Admin Dashboard>Templates with the addition of tool tips, easier to read tables, and updated modal designs
Platform-wide enhancements to messaging in modals for better consistency and experience

Bug Fixes

Fixed issue in which Analytics pages might crash when refreshing the page or redirecting after logging out
Fixed issue that occurs if import source is changed in the middle of the process of adding a finding via an integration
Fixed issue of an existing asset’s ports, services, and protocols being added by default when the asset is added as an affected asset to a new finding

Release 1.48.0

deployed to cloud-hosted instances on 2-24-23

New Capability

Ability to sort (via table column), filter, and search by a parent asset in the Affected Assets tab of a finding
Ability to view and navigate to the parent asset from the asset detail modal of an affected asset, and from the findings detail modal under Affected Assets
New button and user options for adding a new asset to a client (now have option for a bulk paste)
Added a notification banner for admins and users belonging to the default group if an error occurs that prevents a page from being saved (a link to PlexTrac support is provided in the banner)
Platform-wide updates to presentation of messages and button labels for improved consistency and usability
Enhanced authoring and viewing of narrative content sections by continuously displaying editor toolbar (previously toolbar would disappear if additional required scrolling down)
Enhanced integration experience when importing from Findings tab

Bug Fixes

Fixed issue when deleting a repository in WriteupsDB in which user had to click the same button twice to complete task
Fixed bug of asset description not being saved on creation
Fixed 400 error that occurred when adding a note to a child asset
Fixed issue in which some users were experiencing issues with logo updates
Fixed spelling errors on Edgescan field mappings page
Fixed bug in which an analyst could see draft findings on a report's Assets tab

Release 1.47.0

deployed to cloud-hosted instances on 2-10-23

New Capability

Enhanced modal usability for WriteupsDB
Unified the asset import experience within Affected Assets and Client Assets, including file type verification, better styling, and improved notifications
Added a “Parent Asset” column to the report asset list table
Bulk paste for affected assets now dynamically parses out asset name, parent asset name, and port to its relative columns in the table (before all information would be retained in asset name)
Added a “View” link in the Affected Assets list of the Finding Detail modal to allow users quick access to the details of an asset without having to redirect to the client asset page
Updated daily Jira synchronization (if a Jira integration is set by admin to update daily) to 4:45 UTC (9:45 PM Mountain Time)

Bug Fixes

Removed “PlexTrac” as a file type to import for admins in pulldown menu when setting up parser actions to avoid confusion, as a .ptrac file is not tied to imported actions (still supported elsewhere in platform)
Fixed bug that could cause the overall CVSS score to not reflect what was calculated using First CVSS calculator

Release 1.46.0

deployed to cloud-hosted instances on 1-26-23

Bug Fixes

Fixed issue of assets in a report not loading correctly on the Assets tab
Usability improvements with labeling in Dashboard
Autosave performance improvements in NarrativesDB module
Fixed issue in which a new assessment might not display a 0% completion value as was incorrectly reflecting a previously edited assessment completion percentage
Fixed issue in which large Nessus files were not loading
Fixed issue in which CVE values were not loading correctly in some imports

Release 1.45.0

deployed to cloud-hosted instances on 1-17-23

New Capability

Ability to bulk update affected asset ports, services, protocols, versions and URLs for a finding
Added version and fix version fields for Jira integration mapping
Ability to filter by report name when adding findings from Cobalt
Jira synchronization optimizations
Added a check to see if an asset already exists within a client, and if so, use that asset ID to reduce duplication
Created new endpoint to get findings older than 30 days that are not closed and in a published report
Added filter ability to filter by tags during import of Edgescan findings
Help Center link updated to direct users to new Zendesk solution

Bug Fixes

Fixed Jira syncing issue in which the created date from Jira was displaying incorrectly on the findings table
Fixed issues with Edgescan integration field mappings
Fixed issue when new users to tenants in which MFA is required and enabled were not required to set up MFA until second login
Fixed issue that was preventing admin user from changing password from profile screen (existing instances not affected)
Fixed issue in which instance could crash when importing a scan file and parser actions are disabled
Fixed issue in which Jira status change for a finding linked to a Jira ticket was not reflected in displayed status of finding table

Release 1.43.0

deployed to cloud-hosted instances on 12-17-22

New Capability

Additional Jira integration field (data type) added for mapping options
Enhanced Jira integration error messaging

Bug Fixes

Fixed issue in which all CKEditor sections on a page were being saved at same time instead of just the section being edited
Fixed issue preventing custom field on findings from being updated
Fixed issue when editing a writeup that caused a 404 error and prevented writeup from being updated
Fixed issue in which whitespace affected the parsing of parent/child assets when using bulk paste functionality to add affected assets to a finding
Fixed issue in which a page could crash in some scenarios after clicking the finding status button on the Findings tab of a report and then clicking “Add Update”
Fixed intermittent issue of image disappearing once loaded within a CKEditor field
Fixed latency when page is loading findings for a report
Fixed issue of finding titles not updating when edited on Findings tab of a report
Fixed issue for tenants that had Classification Tiers enabled; users with appropriate permissions could not modify the classification after report was created
Fixed multiple mapping issues with Edgescan integration (specifically description, recommendation, and severity mappings)
Fixed issue of title search not working for findings in Client module
Fixed issue in which a .ptrac import fails because an asset has a reference to a parent asset ID not in PlexTrac

Release 1.42.0

deployed to cloud-hosted instances on 11-30-22

New Capability

Enhanced Jira integration features and functionality
Ability to search and filter findings by tag(s)
Ability to search and filter findings that do not have an assigned tag
Added a loading indicator to provide status for users using standard (non-MFA) login
Added a tally of report findings to the header of the table on the Findings tab of a report
Ability to sort users by the last time log in occurred in the Admin Dashboard via “Last Login” column
Added a modal to provide users more useful and relevant messaging when an export fails

Bug Fixes

Fixed issue of tags being created after a search query
Fixed issue in which an edited finding title may continue to display in browser cache
Fixed issue with parent asset value not displaying in “Parent Asset” field when editing the child affected asset
Fixed issue in which the “Change End Date” button was appearing when finding status was open or in progress instead of only appearing when status is closed

Release 1.41.0

deployed to cloud-hosted instances on 11-17-22

New Capability

Ability to bulk paste assets associated with a finding
Enhanced collaborative editing capabilities
New Assigned To column displayed on the Asset Findings table for report assets
New modal and ability to select templates when creating a new findings layout in Admin Dashboard
Ability to add and sort by finding sub status on the Findings tab for a report
Added messaging to confirm successful deletion of an engagement and test plan
Updated Cobalt integration description messaging
Added validation and error message when importing findings to ensure selected file type and source match if either is changed by user
Improved browser caching to reduce data transfer for viewing assets

Bug Fixes

Fixed API issue with frontend acceptance of new password with MFA enabled
Improved handling of Boolean fields
Fixed an issue when exporting a report in Word (.docx)

Release 1.40.0

deployed to cloud-hosted instances on 11-4-22

New Capability

Ability to add custom fields to CSV import template
Runbooks V2 and RunbooksDB available to those currently licensed for Runbooks and cloud-hosted
New API endpoint for retrieving all assets on a tenant (api/v2/tenant/assets)
Ability to move multiple sections from one NarrativesDB repository to another in a single action
Ability to filter reports by status on Reports module home page
Ability to do bulk edits to associated findings under an asset
Caching improvements after finding, report and client deletions
Completed assessments and closed findings removed from items count on Dashboard module
Ability to filter for findings that have no tags within the existing “Select Findings Tags” filter box that appears on the Findings tab of a report
Loading improvements for the Dashboard module
CSS improvements for text alignment on long custom answers and questions for assessments

Bug Fixes

Fixed issue with status field when importing a Nessus file
Fixed issue with ServiceNow OAuth credentials not being passed correctly when checking connection status during admin setup
Fixed issue in which SLAs enabled in Admin Dashboard were missing from the findings when a questionnaire was submitted from the Assessments module and a reported created
Fixed issue of notifications sometimes not behaving as expected in UI (bell should stay red until notification is marked as read)
Fixed issue of artifacts sometimes not uploading to answers when starting an assessment

Release 1.39.0

New Capability

Ability to download a CSV template, enter finding information offline, and import into PlexTrac
New “Layouts” button in Admin Dashboard under “Customizations” for managing findings templates
Dynamic sizing/horizontal scrolling for recently viewed report cards on the dashboard page
Ability to select all available sections via a checkbox at top of page when adding narratives to a report
Ability to select all available findings writeups via a checkbox at top of page when adding writeups from WriteupsDB to a report
Increased field validation for illegal characters entered in CVE ID field for a finding
Added OAUTH configuration options for ServiceNow integration
Default short codes now listed in the Admin Dashboard under “Tenant Settings/Short Codes” for visibility with a link to the online product documentation
Added loading spinners to signify page is loading on dashboard to give users notice

Bug Fixes

Fixed bug in which multiple comments/changes in the same location could not be selected or viewed

Release 1.38.0

New Capability

Actionable dashboard that lists all user assignments and recently viewed reports in additional to findings data and information
Added confirmation modals and additional information for admins when managing users and enabling/disabling default group in the Admin Dashboard
Improved the usability of dialog box and added search capabilities when importing a PlexTrac Report (.ptrac)
Tooltip added to the tags inside repository cards for RunbooksDB module

Bug Fixes

Fixed incompatibility issues with dark mode theme on pages
Fixed issue that caused all table rows to load when clicking sync button for an integration
Improved method that CWE IDs display for values parsed from Invicti/Nodeware

Release 1.37.0

New Capability

Integration with Cobalt platform
Added notes to the asset GET method
Additional confirmation modals added to notify user of potential data loss when editing/updating content
Updated default theme colors
Updated logic for sorting of engagements within the Runbooks module
Ability to add tags via bulk actions for sections in NarrativesDB module
Ability to bulk delete sections within NarrativesDB module
Ability to bulk delete affected assets for a finding in a report

Bug Fixes

Fixed formatting table issues and image support in exports to Word
Fixed error that may occur when copying a finding from a scan to WriteupsDB
WriteupsDB autosave bug fixes
Fixed finding sort issues that occurred when specific optional fields were selected
Changed default background color for dark mode from white to black/gray
Fixed issue with “Sync Now” button not showing for Tenable integration in Admin Dashboard

Release 1.36.0

New Capability

New Assessments module workflow and design
New CVSS v3.1 calculator for use when creating and editing findings
Added auto-save capabilities when creating and updating in WriteupsDB module
Added ability to see the allowed file types when uploading parser files
Ability to copy Content Library repositories from the card for both NarrativesDB and WriteupsDB modules
Updated Veracode export to use the new risk_score and common_identifer fields
Implement In Progress status for engagements
Caching improvements in Analytics module

Bug Fixes

Fixed issue of some selected filters not being deleted for findings in Analytics module
Fixed issue of some users with proper permissions unable to view Customizations section of Admin Dashboard
Fixed error that may occur when trying to update a new writeup immediately after creation
Fixed issue with Nessus scans with empty CVSS scores failing to import
Fixed issue with related findings not showing when importing findings into a report from a Nessus file
Misc. dark mode fixes

Release 1.35.0

New Capability

New integrated experience for admins to manage third-party integrations; all integrations with PlexTrac are now managed under the “Integrations” button in Admin Dashboard under "Tools & Integrations"
CKEditor update providing new functionality throughout the platform when entering content, such as indentation of lists, modification of color within code blocks, background text color options, etc.
When creating a new report, dropdown menu values are alphabetical and dynamically filtered by value typed in box by user
Added front-end validation to CVSS scoring to ensure user cannot submit a score that will fail backend validation
Added ability to add a Success Criteria step under “Execution Steps” when editing a procedure in the Runbooks module
Added CVE/CWE ID Relational Filtering to Finding and Trends/SLAs analytics pages
Ability to search the file type when importing a report
Added CVSS 3.1 to the Report Findings and Client Findings table
Narrative sections now reflect changes made from short code search/replace tasks
Removed tenant point of contact and address fields (populated from another source)
Misc. UX improvements in modals and dropdown menus

Bug Fixes

Dark Mode display enhancements
Fixed issue of CVE and CWE IDs not displaying in correct format in client findings list
General CSS enhancements to modals

Release 1.34.0

New Capability

Improvements with the storage of values when dynamic scoring for findings (CVSS, CVSS2, etc.) is used
UX improvements when editing email templates in Admin Dashboard
Platform-wide consistency on autosave functionality for performance and usability
Platform-wide consistency on labels and text for usability
Improved caching and performance

Bug Fixes

Fixed issue of scores for some findings being out of sync when imported
Fixed issue of CVSS score not appearing when editing a finding imported from WriteupsDB
Fixed issue of some associated assets not showing in the Analytics module Assets tab graphic and table

Release 1.33.0

New Capability

New user experience for setting up and configuring two-factor authentication (Profile/Personal Settings)
New sortable/configurable columns in the client module
Updated all modals to confirm before closing work that any discard of changes by user is intentional
Ability to select all findings for mass edit and import during an integration upload
Ability to customize table columns and order on Findings tab in Reports module
Ability to customize table columns and order on Writeups tab in WriteupsDB module
Added CVE and CWE IDs to findings detail; tool will check to see if ID is valid based on CVE standards and link to documentation if valid
Added a CVSS 3.1 calculator to allow users to obtain scores within PlexTrac
Ability to select all findings for mass edit in the Report module
Added user notifications for tasks related to changing a score or using new calculator
Ability to view a finding score in the findings detail modal (between the description and recommendation)
General usability and design improvements

Bug Fixes

Fixed issue of not being able to add IPv6 address when creating a new asset
Fixed bugs when importing a file from Tenable
Improved response time when adding large amount of writeups to WriteupsDB module
Fixed issue of some filters not populating values for asset analytics
Fixed a bug where client ids were showing instead of names for preset filters

Release 1.32.0

New Capability

OAuth general-purpose authentication provider option added for admins (OpenID Connect)
Added ability to filter by assignee on the Findings tab in the Analytics module
Updated user experience for importing and configuring parser actions with new descriptions, progress status, and links to documentation
Added column in Writeups tab of WriteupsDB module to track item’s parent repository
Ability to copy a writeup from one repository to another (click “Copy to” under Actions column of the writeup in WriteupsDB)

Bug Fixes

Fixed issue of HTML syntax appearing in exported reports with a finding or narrative
Fixed formatting issue of bullet lists in RTF table cell
Fixed error message that appeared when uploading a Jinja template file to create an export template
Resolved issue when importing a Nessus file

Release 1.31.0

New Capability

Integration support for Pentera
New modal design for importing parser files that includes a progression bar

Bug Fixes

Fixed issue of a .csv asset not populating fields properly when being imported
Fixed issue of default WriteupsDB Default Repository not populating correctly with new installation
Fixed “Client Users Error” 400 incorrectly appearing in some instances when navigating to Client module
Fixed bug in the applications image upload functionality that prevented users from uploading images within the runbooks edit procedure workflow
Fixed mapping issues when importing Veracode xml files
Fixed report logs error when importing a findings file
Fixed issue with save not working and incorrect permissions generated after creating a new custom role based on the Analyst role template
Fixed issue with a blank screen on Narratives tab after creating a new report using a report template that had a narratives section
Fixed issue of search not working in the “Link Writeup” pulldown menu in Admin Dashboard>Tools & Integrations>Parser Actions

Release 1.30.0

New Capability

Analytics module pages more printer-friendly
Performance improvements on Dashboard page load
Ability to search and filter a list of sections by tags on the Sections tab within NarrativesDB
Table presentation and caching improvements in Analytics>Trends & SLAs
SLA information presented on the finding table and finding detail sidebar
Updates to Inviciti parser integration mappings and support
Latency improvements when entering data in reports
Ability to configure date format in Personal Settings to one of the following options: YYYY-MM-DD, DD-MM-YYYY, or MM-DD-YYYY
Customizable columns for the client findings page

Bug Fixes

Improvements for admins to change settings for existing repositories within NarrativesDB and be seen immediately by users with access
Unicode copy/paste support for umlauts
Fixed 400 error when adding findings to WriteupsDB via csv upload or from a report
Fixed Date format of Start Time for Runbook Engagements
Fixed user access issue in WriteupsDB repository
Fixed issue of Assessment module not appearing in menu for some customers
Improved copy/paste formatting from external source to a report

Release 1.28.0

New Capability

New Content Library container in main menu
- Contains existing WriteupsDB and new NarrativesDB features
New Narratives Database (DB) feature
- NarrativesDB allows for the organization, categorization, and management of content to be shared by multiple users and groups for producing reports
Search enhancements in Content Library
- Search results for repositories and writeups refined based on text entered in search box
Capability to sort by title field in Content Library repositories
User management updates across Content Library and Runbooks
- Access to content repositories is governed globally for each repository type by RBAC
- The ACCESS permission enables users to see and use content within content repositories
- The MANAGE permission enables users to manage settings and users of content repositories (who is allowed to view/edit a repo)
- Ability for users with proper RBAC permissions to delete repositories
Ability to identify the source of a Finding via the Finding Detail modal view (includes manual imports and data from integrations)
Support of audit tracking when users are added/removed from PlexTrac

Bug Fixes

Fixed issue in which some Unicode values were not appearing correctly from source when copy/paste was used

Release 1.20.0

New Capability

Communicating age of data within analytics
Added manual refresh of data for analytics page
Added ability to create reviewers by state on reports
Added functionality to sort filters alphabetically
Changed account lockout behavior to be default, vs opt-in

Bug Fixes

Various fixes for log syntax

Release 1.19.0

New Capability

Enable account lockouts
Allow setting createdAt during finding creation
As a report creator, I can set a report state & assign reviewers
Writeups Do Not Require a Recommendation
Reorganized Admin Panel
Added CKEditor field to findings field template

Bug Fixes

Ampersands in Report Custom Fields missing in Word export
Fixed OWASP Zap Parser Descriptions and Recommendations Fields
Fixed Jinja Export Error missing type_of_piece
Fixed import Nipper XML
Fixed Hyperlink CKEditor formatting export error
Fixed front end user issue where the user appeared to be part of the default group, but was not. This disallowed ability to give authorize user for client access
Fixed intermittent Tenant Integration licensing error toast
CKEditor Code blocks - new lines are now getting created in Word export
SNOW - resolved issue with hardcoded URL suffix

Release 1.17.3

New Capability

Ability to add ports and services to affected assets
Added notes section to affected assets
Added evidence section to affected assets
URL/URI parsing for affected assets Update default table styling for exported Word documents
Allow use of field templates when creating Writeups in WriteupsDB
Option to auto-save work when editing narratives
Ability to set a report state and assign reviewers in report details
RBAC - separated out commenting and status changes permissions
Added ability to custom sort findings

Bug Fixes

Fixed ability to create Writeup from scratch
Fixed issue where some SNOW suffix URL’s could not be specified
Fixed caching issues when editing questionnaires

Version Digests

plextrac/plextracnginx:1.17.3 DIGEST: plextrac/plextracnginx@sha256:49bcd0e6d2793fa4aa06051f91c2cfaac2e60bb288e0213f1ab3c42b54ad8c62

plextrac/plextracapi:1.17.2 DIGEST: plextrac/plextracapi@sha256:00f147ca7b015497da6d78fc90ead9e0f39f4dcc290f6b02e1787e8b59fe97b3

Release 1.16.0

New Capability

Released tenable.io, tenable.sc integration
Enhancements to Affected Assets
Added ability to edit Affected Assets
Implemented new design for adding an Affected Asset
New evidence section URL/URI parsing Notes section
Added new RBAC permission splitting out comment vs status change in findings
Added auto-save custom fields, exhibits, code samples when editing a finding
Added ability to custom sort findings

Bug Fixes

Fixed styled text & nested HTML in image captions
Fixed Auto Numbered captions in CKEditor
Fixed scenario where missing data in a finding would result in a SDK error
Fixed MITRE and SCYTHE name consistency in Runbooks
Fixed contrast for code block text in Dark Mode
Fixed informational finding parsing in Checkmarx parser
Fixed issue where custom field search would fail on periods

Version Digests

plextrac/plextracnginx:1.16.10 DIGEST:sha256:c308d650fdd6ff7e7cec566b722fd19ca292ac7807ca4c8d8a42aed05c176156

plextrac/plextracapi:1.16.11 DIGEST:sha256:06eb3b62c075b2f875a05b15ba20ca978245f948182b45f3791118a20bfddfa2

Release 1.14.0

New Capability

Added hover to display dashboard trendline on Dashboard
Several design updates and fixes in analytics pages
New designs for edit finding page, edit narratives page
Preset Filters for analytics SAML IDP
User Provisioning
WriteupsDB Bulk Actions (Delete and TAGS)

Bug Fixes

Fixed error message when uploading license key
Affected asset scan data can now discretely reference scan evidence by affected asset
Export crashes with symbols in affected asset title

Release 1.13.1

New Capability

CKEditor Field Template
New Report navigation
Report Details Tab added to report navigation
CSV writeup importer updates
Filter analytics by assets
User Management Wizard for seeing what roles a user has for which clients

Bug Fixes

Role is now removed when done through User Permissions Wizard Qualys imports
Able to change affected assets status
Text Style in Tables Exports Correctly
Jira sync process now assigns valid statuses
Images can now be captions using CKEditor
OWASP ZAP Parser now parsing IP addresses to known_ips field for affected assets
Newlines are no longer removed from scanner output during export
Writeups created in WriteupsDB no longer requires references to save Report
Fixed Raw Evidence toggle switch

Release 1.12.0

New Capability

Ability to reference raw scan evidence as a callable field via Jinja Add hover display to dashboard trendline on security debt dashboard
Design updates for Runbooks analytics page
Use improved helping type for Asset Analytics Choose "Unspecified" option in the filter dropdown for Asset Types
Filter Open/Closed Issues on Date Range Improvements in Trend Analytics Parse port data from ZAP

Bug Fixes

Fixed OOM issue that caused API Crashes on Nessus Import with large number of scanner documents
Resolved bug where unable to change user auth after enabling two-factor authentication
Fixed problem where some users were unable to export report due to Non-Ascii characters in report
Resolved issue where adding assets with ports to a Finding crashes API
Resolved a UI bug where the details tab shows buttons in wrong places

August 31, 2021

New Capability

The new Asset Analytics functionality provides you with an at-a-glance overview of every asset in your (or your clients’) company, by level of criticality, to help you better understand where you’re most vulnerable
With PlexTrac’s new integration with Tenable, you can import findings and assets tied to a Tenable tag directly into the Purple Teaming Platform
PlexTrac is also happy to announce the addition of security scanner tool parsers and imports for Horizon3 NodeZero, OWASP Zap, HCL AppScan, and Checkmarx
PlexTrac now supports IDP (Identity Provider) initiated SAML SSO
PlexTrac’s new Attack Path Visualization feature makes it as easy as drag-and-drop to create a visual representation of the tactics, techniques, and procedures (TTPs) used in a simulated attack.
Short codes are a powerful new time-saver in PlexTrac that provides a simpler way for users to search and replace text at the report or client level
Some assets are more important than others — and with our new Report Assets view, PlexTrac allows you to instantly see all the findings associated with those assets most important to you.
Additional bug fixes

June 28, 2021

New Capability

Ability to collapse the left-hand panel, change the Logo, background text, and text highlight colors of the left panel. The update also includes the much-demanded Dark Mode!
When viewing Affected Assets under the preview modal, you can now Bulk Update the Status of Assets!
The Analytics module has been updated in many ways, including a new Findings by Client section, Preset Filters, and an all-new Runbooks Analytics Module which includes a MITRE type heatmap
You can now import SCYTHE Campaigns and MITRE Threat Emulations Plans as a Runbooks into PlexTrac
We have added the ability to assign procedures with a severity level while still working the Engagement
You can now copy a completed engagement and include all data. This feature can be used to pick up an accidentally closed Engagement or to add new information
You can now also view the Finding ID in the Preview modal.
Additional bug fixes

June 11, 2021

New Capability

Comments: Added the ability to add comments to an ckeditor instance, beginning with report narratives.
Mitre ATT&CK v9.0 methodology added to runbooks
Backend scaffolding for audit logging (login, failed login, two-factor enable/disable, password reset/change)
Runbooks engagement procedures can now be assigned a severity level that will be used when creating a report finding
Runbook analytics can be filtered by engagement tags
Engagements which are imported and do not inherit tactics from the parent runbook can still be associated with tactics, if they are tagged
Runbook Analytics and Preset Filters are now available in production.

Bug Fixes

PTrac import bug was fixed
Newly uploaded artifacts now show a Creation Date
Date Reported on the Report Overview screen now shows in a proper format
Introduction, Methodology, and Summary Report Narratives now can be moved, deleted, and overwritten
Replaced placeholder text on the Service Now Integration screen
Removed HTML tags in .csv exports
Fixed casing for the WriteupsDB sidebar navigation

April 9, 2021

New Capability

We have now added Custom Fields for both Client and Report Details! This can be incredibly useful in expanding the current functionality of Jinja Templates and reducing polish time after export.
Assessments — added a feature to require completion of specific steps in a questionnaire before submitting. This takes the form of check boxes beside the Overall Questionnaire (requiring ALL questions to be marked ‘completed’ before being able to be submitted), For Individual Questions, and for Individual answer type

Bug Fixes

Addressed issue with pasting tables into PlexTrac
FIxed Search bar for Runbooks Procedure Tags

February 11, 2021

New Capability

PlexTrac has moved to a Continuous Integration/Continuous Deployment (CI/CD) development model.
You can now define tables in the Rich Text Boxes inside PlexTrac and export them to your report.
You can now add Custom Narratives from as many Report Template sources as desired.
We've added the Custom Answer Sets in the Assessments module, allowing you to define a set of custom answers into your question, instead of picking from the predefined Answer Sets
You can now copy a well-built question and duplicate it into another question in the Assessments Module.
Our Integration with Jira now supports generation of child tickets for assets.
We have added a Rich Text editor to the fields in the WriteupsDB

October 1, 2020

New Capability

The addition of custom "Finding Sub-Statuses." Before this release it was possible to label findings as Open, In Progress, or Closed. Now you can define your own custom sub-statuses on the platform.
Enhancements to the Assessment module editing workflow. We've made many additions to the Assessments module recently, and now we've improved the editing process with two new features.
- Sticky save bar, so the save button is always within view
- Unsaved work notifications, so you know if your updated work has not been saved
The addition of preview for Tactics, Techniques, and Procedures in the Runbooks module. Now you can expand these out and view their description.
The ability to mark a run as "Completed" in Runbooks. Sometimes the Blue Team is able to thwart an attack straight away, not allowing you to complete your execution steps. Now you may mark these as completed.

Bug Fixes

Addressing an issue where the "Description" field contents were truncated when submitting an assessment
Fixed the inability to remove parent/child relationship from an asset

September 2, 2020

Bug Fixes

Fixed issue where notes entered into one question in an assessment would populate into other questions
Fixed issue where files attached to one question in an assessment would populate into other questions.
Fixed issue with certain special characters resulting in an extraneous escape character when exporting Nessus scan results

August 19, 2020

New Capability

Addition of the much-requested ability to attach evidence to a question. When performing assessments there is often the need to attach supporting evidence to a specific question, and now you can do that in PlexTrac.
The ability to add custom input field in the assessments module. When administering an assessment there is often the need to include discrete information you wish to segregate from the generic.
The addition of static custom fields in the assessments module. The true value of assessments lies in the ability to pre-populate field that are "hidden" during the administration of the assessment, but pass through to findings afterwards. You may now create custom fields when entering a question natively instead of through the WriteupsDB.
We have also included the addition of a scroll feature on the questions list when editing a questionnaire. You may now keep the editing field in your field of view when sifting through the question list.

Bug Fixes

Fixing issue where some users experienced significant lag when typing in a search field.
Fixing issue where in-line images in Custom Narratives would drop from the editor field after saving and/or not be included in the exported report.
Fixing issue where capitalized characters in an image file extension would result in corruption of the finding.
Fixed several bugs relating to sorting of findings within a report.

August 6, 2020

New Capability

The ability to import and export Assessments as ISON files. This has many use cases, including the sharing of standardized question sets for both popular and highly specific assessment frameworks.
Additionally, the feature enables users to have File-based archiving of important Assessments to ensure rapid restoration in the event of Interruption and availability.
Lastly, this feature helps with versioning / tailoring of question sets.
This update brings a re-design of the UI in the Edit Finding page that is easier on the eyes.

Bug Fixes

Fixed issue where sort-by-severity was not working when viewing findings in a report
Fixed issue where inclusion of capital characters in an image extension prevented the upload of images to the Findings Screenshots section
Fixed issue where some users experienced significant lag when entering characters when performing a search bar search
Fixed issue preventing the importation of assets from an Nmap XML discovery scan into Client Assets

July 15th, 2020

New Capability

The addition of Filters in Client Assets. We are pleased to announce this much-asked-for addition to the Client Assets page. Simply begin typing a portion of the asset you are looking for, and the list is narrowed to those assets which include your search string.
The addition of the ability to filter by tags in Reports. Tags are an amazing way of organizing and sorting your data in Analytics and in your document exports. We are pleased to now provide the ability to sort on your findings by tags.

Bug Fixes

Fixed an issue where in certain cases, creation of a parent/child relationship between assets could result in corruption of the asset data structure.
Fixed several issues related to the use of the mailer module with email servers that only support SSL or which do not allow credentialed authentication.
Fixed issue preventing non-global administrators from disabling users
Fixed issue preventing exporting of scan data from Burp and Accunetix for those clients who have enabled scan data export in their config.txt file.
Fixed UI issue where the last tags added when using bulk actions were retained in the UI for subsequent actions.

June 15th, 2020

New Capability

The addition of "Trend Analytics" One of the most powerful new graphics is also one of the simplest – “Trend of Issues Opened vs Closed”. By simply looking at the relative position of the two lines, you can determine whether you are adding or removing security debt.
We are also excited to introduce an entirely new graphic – “Average Time from Creation to Closed.” This chart shows both the total historical and monthly trends for the amount of time taken to remediate findings based on severity.
A redesigned of the "Administration Panel". Over the last year we have added a lot of new features for tenancy administration, and the vertical listing of these had grown quite lengthy. Features are now logically grouped, and once selected the dashboard is minimized to provide maximum workspace.
The “Users” administration panel has received a facelift, providing much larger and easy-to-read displays of user settings.

Bug Fixes

Issue that prevented some users from creating Jira tickets resolved.
Tags that are included for findings are now retained when those findings are exported and re-imported from a .ptrac file.
Users who navigate to a link to a specific page in PlexTrac are now directed to that page immediately after login.

May 15, 2020

New Capability

An analytics revamp! In our first iteration of the Analytics revamp we have focused on providing enhanced flexibility for filtering along with better graphics to help your team track an analyze your engagements. These include both enhanced filtering and updating graphics, with many more features coming in the near future!
The addition of the ability to apply bulk tagging for findings in a report. Our last update included the ability to apply bulk tags at the time of import, and this update now allows bulk tagging for the findings already in the report.
You now have the ability to completely customize the email notifications within PlexTrac to match your branding. You may now customize the "From name", "From address", "Email subject", and "Email body".
We have built out the CMMC function and it is now available in the platform for every customer. This addition also includes the references and authoritative guidance from appendix B of the CMMC, giving you all the information at your fingertips.
We have leveraged our tags around CMMC to make analyzing the results very easy right out of the box.

April 24, 2020

New Capability

The introduction of the "Draft/Published" flag, which provides you the ability to control which findings are reports are visible to users assigned the Analyst role. This feature is optional. Unless you enable this feature, Analysts will continue to have access to all findings in all reports for any clients they have been authorized to view.
The ability to change the date reported on findings. This ensures accurate tracking and analytics on historical data brought into PlexTrac. To update the created date on a finding, navigate to a report and use the bulk selection tools to “Change Reported Date”
PlexTrac now allows the use of any SAML Identity Provider to log into the application. Multiple providers can be configured for each tenant and are managed on a per user basis.
Enhanced user experience when enabling or resetting the multi-factor authentication token. This new functionality prevents a user from locking themselves out without capturing the QR code.

April 3, 2020

New Capability

Added support for Okta, Google, and Azure AD Authentication - support for all the leading single-sign on methods.
The ability to apply tags in bulk to both findings and associated assets when importing scanner results into your PlexTrac reports.
An overall revamp of the analyst experience. Those assigned with the analyst role have a simplified interface that eliminates UI hooks.
The addition of Jinja2 hook for expanded asset data. PlexTrac's asset section provides users with a consolidated view of all vulnerabilities from all reports for any given asset. But we're also a powerful asset management tool, providing a way to organize important metadata such as asset criticality, owner, data owner, and physical location. All of this information can now be referenced in your custom templates.
A brand new user interface for building assessments. This interface includes pagination and a widget to allow rapid navigation through long questionnaires. And of course, it's styled with purple throughout!
Administrators now have the ability to permanently delete users from their tenancy.
The multi-factor authentication feature now has an autofocus to ease entry of the 6-digit code.
Tags can now be added when building questions for an Assessment, which will pass through to the associated findings after submission.

March 10, 2020

New Capability

Our latest release begins the rollout of our new skin, incorporating modern UI design and demonstrating our love for all things purple!
The UI when taking an assessment has been streamlined, incorporating both pagination and collapsible questions
Ability to view (and even resubmit) previously submitted questionnaires
We have now added the ability to parse Core Impact exports! With their recent acquisition of Cobalt Strike, Core Security continues to advance their capabilities and we are excited to offer this new integration
Nmap is the standard for a lightweight discovery tool, and PlexTrac now supports import of and display of open ports and services. Because Nmap doesn’t produce true findings, we took a different approach than with our other parsers. In the Assets view for a Client, there is a new “Import Assets” button. Using this enables you to import your .nmap file. All assets present in the file are added to the Client’s asset list. Open one of these assets, and navigate to the Notes/Description tab to view the data
Dramatic performance improvements when performing bulk deletion of findings, when deleting a report and when deleting a client
Additional supported file types in the Artifacts file manager
Modification of the CMMC framework in the Assessments Module to reflect the addition of Maturity Level
Prevention of overwriting the initial Date Reported when importing subsequent scan data that has identical findings.

Last updated 1 month ago