Pentera
Last updated
Was this helpful?
Last updated
Was this helpful?
PlexTrac supports importing JSON files from Pentera, but only JSON files exported specifically for PlexTrac will be accepted. Pentera is an automated security validation platform designed to identify and remediate security vulnerabilities continuously.
Findings of any Pentera task can be exported to a JSON-compatible format to be imported into PlexTrac.
Step 1: Click Testing History from the left menu.
Step 2: Select a test from the list to open.
Choose a test that has finished and is no longer in progress.
Step 3: Click the Export icon.
Step 4: From the modal under "Export to other tools," click PlexTrac.
The test findings are downloaded in a JSON format compatible with PlexTrac.
Each export file from Pentera contains the following:
The list of assets tested by Pentera within the scope of the particular test.
The list of vulnerabilities discovered during the test and the assets affected by each vulnerability. Discovery time is included in the dataset.
The list of Pentera achievements during the test and the assets affected by each achievement. Discovery time is included in the dataset. In Pentera, an achievement is Pentera’s ethical exploitation of a vulnerability or exposure intended to demonstrate its exploitability.
Pentera identifies two main types of findings:
Achievement: In the context of Pentera, a positive outcome that demonstrates ethical exploitation of a vulnerability or exposure. This means that Pentera has successfully taken advantage of vulnerability or security exposure in a controlled and ethical manner. The purpose of achieving such exploits is to showcase the exploitability of a security issue without causing harm or damage to the system. Achievements illustrate the potential impact of a vulnerability when exploited by malicious actors.
Vulnerability: In the context of Pentera, a vulnerability finding represents a specific security issue or weakness that has been identified during the testing or scanning process. These findings are typically undesirable because they indicate a potential risk to the system's security.
Only JSON files exported from Pentera specifically for PlexTrac are accepted.
Finding
ID
Achievements
ID
Finding
Title
Achievements
Name
Finding
Severity
Achievements
Severity
Finding
Status
Default Value
Default Value
set to value 'Open', so customer can manage in PlexTrac
Finding
Description
Achievements
Insight
Finding
Start Date
Achievements
Creation Time
set when achievement is created
Finding
Custom Fields (Severity Score)
Achievements
Severity
captures original Pentera score
Affected Assets
Name
Achievements
target: target ID
Affected Assets
Ports
Achievements
results: Port
Affected Assets
Protocol
Achievements
results: Protocol
Affected Assets
Scan Evidence - Title
set to value 'Results'
Affected Assets
Scan Evidence - Description
Achievements
results - all data
Affected Assets
Scan Evidence - Title
set to value 'Parameters'
Affected Assets
Scan Evidence - Description
Achievements
parameters - all data
captures data in parameters as a section piece of scanner evidence PlexTrac auto-populates based on affected asset data
Asset
Ports
Calculated Value
Calculated Value
PlexTrac auto-populates based on affected asset data
Asset
Service
Calculated Value
Calculated Value
PlexTrac auto-populates based on affected asset data
Asset
Protocol
Calculated Value
Calculated Value
PlexTrac auto-populates based on affected asset data
Asset
Parent Asset
n/a
n/a
Asset
Known IPs
Achievements
results:"Hosts"
Asset
Evidence
Calculated Value
Calculated Value
PlexTrac auto-populates based on affected asset data
Asset
First Found
Achievements
n/a
Finding
ID
Vulnerabilities
ID
Finding
Title
Vulnerabilities
Name
Finding
Severity
Vulnerabilities
Severity
Finding
Status
Default Value
Default Value
Set status to 'Open'
Finding
Description
Vulnerabilities
Insight
Finding
Start Date
Vulnerabilities
Creation Time
Finding
Recommendation
Vulnerabilities
Remediation
Finding
Custom Fields (Severity Score)
Vulnerabilities
Severity
Finding
Custom Fields (Priority)
Vulnerabilities
Priority
Affected Asset
Name
Vulnerabilities
target: target_id
Affected Asset
Ports
Vulnerabilities
port
Affected Asset
Protocol
Vulnerabilities
protocol
Asset
Name
Vulnerabilities
target: target_id
Asset
Ports
Calculated Value
Calculated Value
PlexTrac auto-populates based on affected asset data
Asset
Protocol
Calculated Value
Calculated Value
PlexTrac auto-populates based on affected asset data
Asset
Known IPs
Calculated Value
Calculated Value
PlexTrac auto-populates based on affected asset data
Asset
Evidence
Calculated Value
Calculated Value
PlexTrac auto-populates based on affected asset data
Pentera uses a numerical range of 1 to 10 to capture a finding severity, while PlexTrac uses five qualitative values: Informational, Low, Medium, High, and Critical.
Informational
0
Low
0.01 to 2.49
Medium
2.5 to 4.99
High
5 to 7.49
Critical
7.5 to 10
