Parser Actions
PlexTrac will learn about scanner findings as files are imported, and this learning can be done either proactively by an admin through parser actions or during the process of a user importing a scanner result file when adding findings to a report.
The findings are matched to the parser action by plugin ID and can be linked to a writeup and/or have the severity valued changed, depending on the configuration. At this time, no other metadata of the finding, such as tags, can be mapped or manipulated by parser actions.
Step 1: Click Parser Actions in the "Tools & Integrations" section of the Admin Dashboard.
Step 2: Check the Enable Parser Plugin Actions box.
Once parser import rules are set, do not check the "Enable Parser Plugin Actions" box if you want to import scan results and have the data come in natively instead of having existing rules applied.
Step 3: Click Import.
Step 4: Select the source of the file to import from the "Select Import Source" pulldown menu, then drag the file into the drop area on the modal or click Browse to navigate to the file on the computer.
Supported files for the tool selected in the pulldown menu as the import source will be displayed in the box, along with maximum file size.
Step 5: Click Upload.
Upload progress is displayed tracked in the the modal.
A notification will confirm a successful import.
Step 6: The imported plugins are now available for configuration. Search or select the desired plug-in and configure as desired by using the pulldown menu to choose the desired course of action.
Parser plug-in actions include three options:
- 1.Default: This will pass a scanner result through as a finding into a report and use the parser action severity value instead of the scan result.
- 2.Link: This will replace a scanner result finding with a custom writeup from WriteupsDB when imported.
- 3.Ignore: This will ignore a scanner result when parsed by PlexTrac.
Parser actions can be used to take findings ingested from an external tool and map them to a custom finding in WriteupsDB. This action will override the description, title, references and recommendations when the finding is imported. Multiple plugins with the same writeup will be mapped to a single finding with merged affected assets.
Step 1: Click Parser Actions in the "Tools & Integrations" section of the Admin Dashboard.
Step 2: Check the Enable Parser Plugin Actions box.
Step 3: Select the parser to work with from the "Filter Plugins" pulldown menu.
Step 4: Select the findings to configure by clicking the checkbox of the finding row or selecting the box in the header column next to "Plugin Id".
At this point, the severities of the findings can be modified or the findings action changed to "DEFAULT" (allows for severity changes) or "IGNORE" (finding will not be imported).
Step 5: Select the writeup to link the findings to by selecting the value from the "Link Writeup" pulldown menu.
The linked writeup is now displayed for each finding under the "Write Up" column.
If a new report is created, and the same parser file is imported, this time only one finding will be imported into the report instead of three.
Parser actions can be created and leveraged.
Once a parser action is created, it cannot be deleted.
It the user does not want an existing parser action to function, the action should be set to “DEFAULT”.
Step 1: Click Parser Actions in the "Tools & Integrations" section of the Admin Dashboard.
Step 2: Check the Enable Parser Plugin Actions box.
Step 3: Select the parser to work with from the "Filter Plugins" pulldown menu.
Step 4: Click Add Parser Action.
Step 5: Enter a value for Plugin ID, Plugin Title, and Plugin Description.
All three fields must have a value entered in order to create a new parser action.
Step 6: Configure the plugin action or severity by selecting the desired values provided in the pulldown menu.
Step 7: Click Create.
A message confirming creation will appear and the new parser action is displayed in the list below.
Last modified 3mo ago