Pentera
PlexTrac supports importing JSON files from Pentera, but only JSON files exported specifically for PlexTrac will be accepted. Pentera is an automated security validation platform designed to identify and remediate security vulnerabilities continuously.
Exporting Pentera Findings
Findings of any Pentera task can be exported to a JSON-compatible format to be imported into PlexTrac.
Step 1: Click Testing History from the left menu.
Step 2: Select a test from the list to open.
Choose a test that has finished and is no longer in progress.
Step 3: Click the Export icon.
Step 4: From the modal under "Export to other tools," click PlexTrac.
The test findings are downloaded in a JSON format compatible with PlexTrac.
Each export file from Pentera contains the following:
The list of assets tested by Pentera within the scope of the particular test.
The list of vulnerabilities discovered during the test and the assets affected by each vulnerability. Discovery time is included in the dataset.
The list of Pentera achievements during the test and the assets affected by each achievement. Discovery time is included in the dataset. In Pentera, an achievement is Pentera’s ethical exploitation of a vulnerability or exposure intended to demonstrate its exploitability.
Mappings
Pentera identifies two main types of findings:
Achievement: In the context of Pentera, a positive outcome that demonstrates ethical exploitation of a vulnerability or exposure. This means that Pentera has successfully taken advantage of vulnerability or security exposure in a controlled and ethical manner. The purpose of achieving such exploits is to showcase the exploitability of a security issue without causing harm or damage to the system. Achievements illustrate the potential impact of a vulnerability when exploited by malicious actors.
Vulnerability: In the context of Pentera, a vulnerability finding represents a specific security issue or weakness that has been identified during the testing or scanning process. These findings are typically undesirable because they indicate a potential risk to the system's security.
Only JSON files exported from Pentera specifically for PlexTrac are accepted.
Mappings to Pentera Achievements
| PlexTrac record | PlexTrac field | Pentera file | Pentera field | Comments |
|---|---|---|---|---|
Finding | ID | Achievements | ID | |
Finding | Title | Achievements | Name | |
Finding | Severity | Achievements | Severity | |
Finding | Status | Default Value | Default Value | set to value 'Open', so customer can manage in PlexTrac |
Finding | Description | Achievements | Insight | |
Finding | Start Date | Achievements | Creation Time | set when achievement is created |
Finding | Custom Fields (Severity Score) | Achievements | Severity | captures original Pentera score |
Affected Assets | Name | Achievements | target: target ID | |
Affected Assets | Ports | Achievements | results: Port | |
Affected Assets | Protocol | Achievements | results: Protocol | |
Affected Assets | Scan Evidence - Title | set to value 'Results' | ||
Affected Assets | Scan Evidence - Description | Achievements | results - all data | |
Affected Assets | Scan Evidence - Title | set to value 'Parameters' | ||
Affected Assets | Scan Evidence - Description | Achievements | parameters - all data | captures data in parameters as a section piece of scanner evidence PlexTrac auto-populates based on affected asset data |
Asset | Ports | Calculated Value | Calculated Value | PlexTrac auto-populates based on affected asset data |
Asset | Service | Calculated Value | Calculated Value | PlexTrac auto-populates based on affected asset data |
Asset | Protocol | Calculated Value | Calculated Value | PlexTrac auto-populates based on affected asset data |
Asset | Parent Asset | n/a | n/a | |
Asset | Known IPs | Achievements | results:"Hosts" | |
Asset | Evidence | Calculated Value | Calculated Value | PlexTrac auto-populates based on affected asset data |
Asset | First Found | Achievements | n/a |
Mappings to Pentera Vulnerabilities
| PlexTrac record | PlexTrac field | Pentera file | Pentera field | Comments |
|---|---|---|---|---|
Finding | ID | Vulnerabilities | ID | |
Finding | Title | Vulnerabilities | Name | |
Finding | Severity | Vulnerabilities | Severity | |
Finding | Status | Default Value | Default Value | Set status to 'Open' |
Finding | Description | Vulnerabilities | Insight | |
Finding | Start Date | Vulnerabilities | Creation Time | |
Finding | Recommendation | Vulnerabilities | Remediation | |
Finding | Custom Fields (Severity Score) | Vulnerabilities | Severity | |
Finding | Custom Fields (Priority) | Vulnerabilities | Priority | |
Affected Asset | Name | Vulnerabilities | target: target_id | |
Affected Asset | Ports | Vulnerabilities | port | |
Affected Asset | Protocol | Vulnerabilities | protocol | |
Asset | Name | Vulnerabilities | target: target_id | |
Asset | Ports | Calculated Value | Calculated Value | PlexTrac auto-populates based on affected asset data |
Asset | Protocol | Calculated Value | Calculated Value | PlexTrac auto-populates based on affected asset data |
Asset | Known IPs | Calculated Value | Calculated Value | PlexTrac auto-populates based on affected asset data |
Asset | Evidence | Calculated Value | Calculated Value | PlexTrac auto-populates based on affected asset data |
Finding Severity Mappings
Pentera uses a numerical range of 1 to 10 to capture a finding severity, while PlexTrac uses five qualitative values: Informational, Low, Medium, High, and Critical.
| PlexTrac | Pentera |
|---|---|
Informational | 0 |
Low | 0.01 to 2.49 |
Medium | 2.5 to 4.99 |
High | 5 to 7.49 |
Critical | 7.5 to 10 |
Last updated
