📄
Release Notes
- Improved user experience and transparency with behavior regarding parser actions seen in Admin Dashboard>Parser Actions
- Adding messaging to inform user when an import takes longer than 100 seconds explaining operation is taking longer than expected and to try importing later
- Changed label of “Runbooks V2” to “Runbooks” (Runbooks V2 replaced legacy Runbooks module in 1.53)
- Added messaging to inform user if a finding or assessment has been deleted and is not found
- New graph in Analytics module in the Trends & SLAs tab to display the percentage of findings exceeding SLA
Bug Fixes
- Fixed issue with saving when creating a new writeup and user not being directed to WriteupsDB homepage when finished
- Fixed issue in which tags for a previously-created SLA were auto-populating on new SLAs
- Fixed issue in which users not assigned to any clients were able to view reports
- Removed the 2000 character limit for the rich-text field in the Custom Fields tab of a finding
- Fixed an issue with Tenable integration
deployed to cloud-hosted instances on 5-8-23
- Added a documentation link to First CVSS at the bottom of CVSS calculator when creating a finding
- Enhanced the user experience within the graph for the Trends & SLAs tab in the Analytics module
- Added better visibility that an asset name is required through improved error messages and asterisk to denote it is a required field
- Changes made to a finding status within the most critical findings box inside the Findings tab of the Analytics module are reflected immediately
- Ability to view child assets (when applicable) from the parent affected asset
- Added visible error messaging when editing the Evidence tab of an affected asset that changes were not saved when attempting to exit
- The parent asset value within the table of the Assets tab of a report now links to the parent asset details page
- Removed legacy Runbooks module from main menu
- Fixed issue in which validation for duplicate assets was not catching an asset just created
- Fixed issue during creation of a new asset that occurred with a field screen not disappearing after selecting a provided value
- Fixed bug in which the number of findings listed in the Readout tab of a report was not accurately reflecting the number of findings in the report
- Fixed issue of importing findings from an integration that findings created on the end date chosen in the filter were not appearing
- Added logic so that after using filters in reports, leaving page, and then returning, the filter select boxes would contain previously selected values rather than be blank
- Fixed issue in which findings with closed status were triggering SLA emails
deployed to cloud-hosted instances on 4-21-23
- Added a field for URL available when setting up or editing an Edgescan integration
- Improved refresh of data used to build graphs when loading Analytics module pages
- Fixed issue with Edgescan findings import in which only one filter could be used
- Fixing a bug that allowed duplicate asset names for a client
- Moved tooltip about findings and assets on Dashboard module to the Finding metrics tab
- Fixed issue that a report was displaying the default template instead of the properly assigned template
- Fixed issue of empty asset when importing same assets to different reports within a client
- Fixed issue of finding updates email notifications not sent correctly when using the status tracker/bulk update modal
deployed to cloud-hosted instances on 4-6-23
- Enhanced user experience when adding findings from an integration to a report
- Added ability to retain customized columns (where applicable)
- Added refresh of page after using ‘search and replace’ functionality in reports to better indicate changes were implemented
- Added ability to bulk paste email addresses when adding assets to a client
- Improved platform performance when creating clients
- Fixed data refresh issue that occurred after a bulk delete in WriteupsDB
- Fixed issue in which the short codes section of Admin Dashboard was not appearing for some non-admin roles after given access via Administration Permissions in RBAC
- Fixed error message that resulted after adding evidence for an affected asset and then deleting evidence before saving
- Fixed bug that occurred with risk score when exporting to CVS and some finding fields were null
- Fixed an issue in which the date to and date values from search filter were not filtering correctly for the Most Critical Findings box across all tenant clients
deployed to cloud-hosted instances on 3-27-23
- Fixed issue that occurs when an authorized analyst attempts to update the status of the finding in a published report and receives an unauthorized error message
- Icon changed in the Parent Asset box of the Create Affected Asset modal to accurately reflect that this field is a search box and not a pre-populated pulldown menu
- Fixed issue of the modal not disappearing when clicking the ellipses of an asset under the “Action” column of the Assets tab in the Clients module
- Fixed issue of a blank page appearing when an admin attempts to edit a template (Account Admin>Templates) of the Admin Dashboard
- Fixed issue of a linked template not being used when exporting a report as assigned by admin in the Export templates tab (Account Admin>Templates) of the Admin Dashboard
- Fixed issue with Tenable integration that could cause integration to fail
- Fixed issue in which a parent asset was not successfully removed when deleted as parent from the child asset on the Edit Asset page
deployed to cloud-hosted instances on 3-8-23
- Usability enhancements in Admin Dashboard>Templates with the addition of tool tips, easier to read tables, and updated modal designs
- Platform-wide enhancements to messaging in modals for better consistency and experience
- Fixed issue in which Analytics pages might crash when refreshing the page or redirecting after logging out
- Fixed issue that occurs if import source is changed in the middle of the process of adding a finding via an integration
- Fixed issue of an existing asset’s ports, services, and protocols being added by default when the asset is added as an affected asset to a new finding
deployed to cloud-hosted instances on 2-24-23
- Ability to sort (via table column), filter, and search by a parent asset in the Affected Assets tab of a finding
- Ability to view and navigate to the parent asset from the asset detail modal of an affected asset, and from the findings detail modal under Affected Assets
- New button and user options for adding a new asset to a client (now have option for a bulk paste)
- Added a notification banner for admins and users belonging to the default group if an error occurs that prevents a page from being saved (a link to PlexTrac support is provided in the banner)
- Platform-wide updates to presentation of messages and button labels for improved consistency and usability
- Enhanced authoring and viewing of narrative content sections by continuously displaying editor toolbar (previously toolbar would disappear if additional required scrolling down)
- Enhanced integration experience when importing from Findings tab
- Fixed issue when deleting a repository in WriteupsDB in which user had to click the same button twice to complete task
- Fixed bug of asset description not being saved on creation
- Fixed 400 error that occurred when adding a note to a child asset
- Fixed issue in which some users were experiencing issues with logo updates
- Fixed spelling errors on Edgescan field mappings page
- Fixed bug in which an analyst could see draft findings on a report's Assets tab
deployed to cloud-hosted instances on 2-10-23
- Enhanced modal usability for WriteupsDB
- Unified the asset import experience within Affected Assets and Client Assets, including file type verification, better styling, and improved notifications
- Added a “Parent Asset” column to the report asset list table
- Bulk paste for affected assets now dynamically parses out asset name, parent asset name, and port to its relative columns in the table (before all information would be retained in asset name)
- Added a “View” link in the Affected Assets list of the Finding Detail modal to allow users quick access to the details of an asset without having to redirect to the client asset page
- Updated daily Jira synchronization (if a Jira integration is set by admin to update daily) to 4:45 UTC (9:45 PM Mountain Time)
- Removed “PlexTrac” as a file type to import for admins in pulldown menu when setting up parser actions to avoid confusion, as a .ptrac file is not tied to imported actions (still supported elsewhere in platform)
- Fixed bug that could cause the overall CVSS score to not reflect what was calculated using First CVSS calculator
deployed to cloud-hosted instances on 1-26-23
- Fixed issue of assets in a report not loading correctly on the Assets tab
- Usability improvements with labeling in Dashboard
- Autosave performance improvements in NarrativesDB module
- Fixed issue in which a new assessment might not display a 0% completion value as was incorrectly reflecting a previously edited assessment completion percentage
- Fixed issue in which large Nessus files were not loading
- Fixed issue in which CVE values were not loading correctly in some imports
deployed to cloud-hosted instances on 1-17-23
- Added version and fix version fields for Jira integration mapping
- Ability to filter by report name when adding findings from Cobalt
- Jira synchronization optimizations
- Added a check to see if an asset already exists within a client, and if so, use that asset ID to reduce duplication
- Created new endpoint to get findings older than 30 days that are not closed and in a published report
- Added filter ability to filter by tags during import of Edgescan findings
- Help Center link updated to direct users to new Zendesk solution
- Fixed Jira syncing issue in which the created date from Jira was displaying incorrectly on the findings table
- Fixed issues with Edgescan integration field mappings
- Fixed issue when new users to tenants in which MFA is required and enabled were not required to set up MFA until second login
- Fixed issue that was preventing admin user from changing password from profile screen (existing instances not affected)
- Fixed issue in which instance could crash when importing a scan file and parser actions are disabled
- Fixed issue in which Jira status change for a finding linked to a Jira ticket was not reflected in displayed status of finding table
deployed to cloud-hosted instances on 12-17-22
- Additional Jira integration field (data type) added for mapping options
- Enhanced Jira integration error messaging
- Fixed issue in which all CKEditor sections on a page were being saved at same time instead of just the section being edited
- Fixed issue preventing custom field on findings from being updated
- Fixed issue when editing a writeup that caused a 404 error and prevented writeup from being updated
- Fixed issue in which whitespace affected the parsing of parent/child assets when using bulk paste functionality to add affected assets to a finding
- Fixed issue in which a page could crash in some scenarios after clicking the finding status button on the Findings tab of a report and then clicking “Add Update”
- Fixed intermittent issue of image disappearing once loaded within a CKEditor field
- Fixed latency when page is loading findings for a report
- Fixed issue of finding titles not updating when edited on Findings tab of a report
- Fixed issue for tenants that had Classification Tiers enabled; users with appropriate permissions could not modify the classification after report was created
- Fixed multiple mapping issues with Edgescan integration (specifically description, recommendation, and severity mappings)
- Fixed issue of title search not working for findings in Client module
- Fixed issue in which a .ptrac import fails because an asset has a reference to a parent asset ID not in PlexTrac
deployed to cloud-hosted instances on 11-30-22
- Added a loading indicator to provide status for users using standard (non-MFA) login
- Ability to sort users by the last time log in occurred in the Admin Dashboard via “Last Login” column
- Added a modal to provide users more useful and relevant messaging when an export fails
- Fixed issue of tags being created after a search query
- Fixed issue in which an edited finding title may continue to display in browser cache
- Fixed issue with parent asset value not displaying in “Parent Asset” field when editing the child affected asset
- Fixed issue in which the “Change End Date” button was appearing when finding status was open or in progress instead of only appearing when status is closed
deployed to cloud-hosted instances on 11-17-22
- New Assigned To column displayed on the Asset Findings table for report assets
- New modal and ability to select templates when creating a new findings layout in Admin Dashboard
- Ability to add and sort by finding sub status on the Findings tab for a report
- Added messaging to confirm successful deletion of an engagement and test plan
- Updated Cobalt integration description messaging
- Added validation and error message when importing findings to ensure selected file type and source match if either is changed by user
- Improved browser caching to reduce data transfer for viewing assets
- Fixed API issue with frontend acceptance of new password with MFA enabled
- Improved handling of Boolean fields
- Fixed an issue when exporting a report in Word (.docx)
deployed to cloud-hosted instances on 11-4-22
- New API endpoint for retrieving all assets on a tenant (api/v2/tenant/assets)
- Ability to move multiple sections from one NarrativesDB repository to another in a single action
- Ability to filter reports by status on Reports module home page
- Ability to do bulk edits to associated findings under an asset
- Caching improvements after finding, report and client deletions
- Completed assessments and closed findings removed from items count on Dashboard module
- Ability to filter for findings that have no tags within the existing “Select Findings Tags” filter box that appears on the Findings tab of a report
- Loading improvements for the Dashboard module
- CSS improvements for text alignment on long custom answers and questions for assessments
- Fixed issue with status field when importing a Nessus file
- Fixed issue with ServiceNow OAuth credentials not being passed correctly when checking connection status during admin setup
- Fixed issue in which SLAs enabled in Admin Dashboard were missing from the findings when a questionnaire was submitted from the Assessments module and a reported created
- Fixed issue of notifications sometimes not behaving as expected in UI (bell should stay red until notification is marked as read)
- Fixed issue of artifacts sometimes not uploading to answers when starting an assessment
- Dynamic sizing/horizontal scrolling for recently viewed report cards on the dashboard page
- Ability to select all available sections via a checkbox at top of page when adding narratives to a report
- Ability to select all available findings writeups via a checkbox at top of page when adding writeups from WriteupsDB to a report
- Increased field validation for illegal characters entered in CVE ID field for a finding
- Default short codes now listed in the Admin Dashboard under “Tenant Settings/Short Codes” for visibility with a link to the online product documentation
- Added loading spinners to signify page is loading on dashboard to give users notice
- Fixed bug in which multiple comments/changes in the same location could not be selected or viewed
- Actionable dashboard that lists all user assignments and recently viewed reports in additional to findings data and information
- Added confirmation modals and additional information for admins when managing users and enabling/disabling default group in the Admin Dashboard
- Improved the usability of dialog box and added search capabilities when importing a PlexTrac Report (.ptrac)
- Tooltip added to the tags inside repository cards for RunbooksDB module
- Fixed incompatibility issues with dark mode theme on pages
- Fixed issue that caused all table rows to load when clicking sync button for an integration
- Improved method that CWE IDs display for values parsed from Invicti/Nodeware
- Integration with Cobalt platform
- Added notes to the asset GET method
- Additional confirmation modals added to notify user of potential data loss when editing/updating content
- Updated default theme colors
- Updated logic for sorting of engagements within the Runbooks module
- Ability to bulk delete affected assets for a finding in a report
- Fixed formatting table issues and image support in exports to Word
- Fixed error that may occur when copying a finding from a scan to WriteupsDB
- WriteupsDB autosave bug fixes
- Fixed finding sort issues that occurred when specific optional fields were selected
- Changed default background color for dark mode from white to black/gray
- Fixed issue with “Sync Now” button not showing for Tenable integration in Admin Dashboard
- Added auto-save capabilities when creating and updating in WriteupsDB module
- Added ability to see the allowed file types when uploading parser files
- Ability to copy Content Library repositories from the card for both NarrativesDB and WriteupsDB modules
- Updated Veracode export to use the new risk_score and common_identifer fields
- Implement In Progress status for engagements
- Caching improvements in Analytics module
- Fixed issue of some selected filters not being deleted for findings in Analytics module
- Fixed issue of some users with proper permissions unable to view Customizations section of Admin Dashboard
- Fixed error that may occur when trying to update a new writeup immediately after creation
- Fixed issue with Nessus scans with empty CVSS scores failing to import
- Fixed issue with related findings not showing when importing findings into a report from a Nessus file
- Misc. dark mode fixes
- New integrated experience for admins to manage third-party integrations; all integrations with PlexTrac are now managed under the “Integrations” button in Admin Dashboard under "Tools & Integrations"
- CKEditor update providing new functionality throughout the platform when entering content, such as indentation of lists, modification of color within code blocks, background text color options, etc.
- When creating a new report, dropdown menu values are alphabetical and dynamically filtered by value typed in box by user
- Added front-end validation to CVSS scoring to ensure user cannot submit a score that will fail backend validation
- Added ability to add a Success Criteria step under “Execution Steps” when editing a procedure in the Runbooks module
- Added CVE/CWE ID Relational Filtering to Finding and Trends/SLAs analytics pages
- Ability to search the file type when importing a report
- Added CVSS 3.1 to the Report Findings and Client Findings table
- Narrative sections now reflect changes made from short code search/replace tasks
- Removed tenant point of contact and address fields (populated from another source)
- Misc. UX improvements in modals and dropdown menus
- Dark Mode display enhancements
- Fixed issue of CVE and CWE IDs not displaying in correct format in client findings list
- General CSS enhancements to modals
- Improvements with the storage of values when dynamic scoring for findings (CVSS, CVSS2, etc.) is used
- UX improvements when editing email templates in Admin Dashboard
- Platform-wide consistency on autosave functionality for performance and usability
- Platform-wide consistency on labels and text for usability
- Improved caching and performance
- Fixed issue of scores for some findings being out of sync when imported
- Fixed issue of CVSS score not appearing when editing a finding imported from WriteupsDB
- Fixed issue of some associated assets not showing in the Analytics module Assets tab graphic and table
- New user experience for setting up and configuring two-factor authentication (Profile/Personal Settings)
- Updated all modals to confirm before closing work that any discard of changes by user is intentional
- Ability to select all findings for mass edit and import during an integration upload
- Ability to customize table columns and order on Findings tab in Reports module
- Ability to customize table columns and order on Writeups tab in WriteupsDB module
- Added CVE and CWE IDs to findings detail; tool will check to see if ID is valid based on CVE standards and link to documentation if valid
- Added a CVSS 3.1 calculator to allow users to obtain scores within PlexTrac
- Ability to select all findings for mass edit in the Report module
- Added user notifications for tasks related to changing a score or using new calculator
- Ability to view a finding score in the findings detail modal (between the description and recommendation)
- General usability and design improvements
- Fixed issue of not being able to add IPv6 address when creating a new asset
- Fixed bugs when importing a file from Tenable
- Improved response time when adding large amount of writeups to WriteupsDB module
- Fixed issue of some filters not populating values for asset analytics
- Fixed a bug where client ids were showing instead of names for preset filters
- Updated user experience for importing and configuring parser actions with new descriptions, progress status, and links to documentation
- Added column in Writeups tab of WriteupsDB module to track item’s parent repository
- Ability to copy a writeup from one repository to another (click “Copy to” under Actions column of the writeup in WriteupsDB)
- Fixed issue of HTML syntax appearing in exported reports with a finding or narrative
- Fixed formatting issue of bullet lists in RTF table cell
- Fixed error message that appeared when uploading a Jinja template file to create an export template
- Resolved issue when importing a Nessus file
- New modal design for importing parser files that includes a progression bar
- Fixed issue of a .csv asset not populating fields properly when being imported
- Fixed issue of default WriteupsDB Default Repository not populating correctly with new installation
- Fixed “Client Users Error” 400 incorrectly appearing in some instances when navigating to Client module
- Fixed bug in the applications image upload functionality that prevented users from uploading images within the runbooks edit procedure workflow
- Fixed mapping issues when importing Veracode xml files
- Fixed report logs error when importing a findings file
- Fixed issue with save not working and incorrect permissions generated after creating a new custom role based on the Analyst role template
- Fixed issue with a blank screen on Narratives tab after creating a new report using a report template that had a narratives section
- Fixed issue of search not working in the “Link Writeup” pulldown menu in Admin Dashboard>Tools & Integrations>Parser Actions
- Analytics module pages more printer-friendly
- Performance improvements on Dashboard page load
- Ability to search and filter a list of sections by tags on the Sections tab within NarrativesDB
- Table presentation and caching improvements in Analytics>Trends & SLAs
- SLA information presented on the finding table and finding detail sidebar
- Updates to Inviciti parser integration mappings and support
- Latency improvements when entering data in reports
- Ability to configure date format in Personal Settings to one of the following options: YYYY-MM-DD, DD-MM-YYYY, or MM-DD-YYYY
- Customizable columns for the client findings page
- Improvements for admins to change settings for existing repositories within NarrativesDB and be seen immediately by users with access
- Unicode copy/paste support for umlauts
- Fixed 400 error when adding findings to WriteupsDB via csv upload or from a report
- Fixed Date format of Start Time for Runbook Engagements
- Fixed user access issue in WriteupsDB repository
- Fixed issue of Assessment module not appearing in menu for some customers
- Improved copy/paste formatting from external source to a report
- Contains existing WriteupsDB and new NarrativesDB features
- NarrativesDB allows for the organization, categorization, and management of content to be shared by multiple users and groups for producing reports
- Search enhancements in Content Library
- Search results for repositories and writeups refined based on text entered in search box
- Capability to sort by title field in Content Library repositories
- User management updates across Content Library and Runbooks
- Access to content repositories is governed globally for each repository type by RBAC
- The ACCESS permission enables users to see and use content within content repositories
- The MANAGE permission enables users to manage settings and users of content repositories (who is allowed to view/edit a repo)
- Ability for users with proper RBAC permissions to delete repositories
- Ability to identify the source of a Finding via the Finding Detail modal view (includes manual imports and data from integrations)
- Support of audit tracking when users are added/removed from PlexTrac
- Fixed issue in which some Unicode values were not appearing correctly from source when copy/paste was used
- Communicating age of data within analytics
- Added manual refresh of data for analytics page
- Added ability to create reviewers by state on reports
- Added functionality to sort filters alphabetically
- Changed account lockout behavior to be default, vs opt-in
- Various fixes for log syntax
- Enable account lockouts
- Allow setting createdAt during finding creation
- As a report creator, I can set a report state & assign reviewers
- Writeups Do Not Require a Recommendation
- Reorganized Admin Panel
- Added CKEditor field to findings field template
- Ampersands in Report Custom Fields missing in Word export
- Fixed OWASP Zap Parser Descriptions and Recommendations Fields
- Fixed Jinja Export Error missing type_of_piece
- Fixed import Nipper XML
- Fixed Hyperlink CKEditor formatting export error
- Fixed front end user issue where the user appeared to be part of the default group, but was not. This disallowed ability to give authorize user for client access
- Fixed intermittent Tenant Integration licensing error toast
- CKEditor Code blocks - new lines are now getting created in Word export
- SNOW - resolved issue with hardcoded URL suffix
- Ability to add ports and services to affected assets
- Added notes section to affected assets
- Added evidence section to affected assets
- URL/URI parsing for affected assets Update default table styling for exported Word documents
- Allow use of field templates when creating Writeups in WriteupsDB
- Option to auto-save work when editing narratives
- Ability to set a report state and assign reviewers in report details
- RBAC - separated out commenting and status changes permissions
- Added ability to custom sort findings
- Fixed ability to create Writeup from scratch
- Fixed issue where some SNOW suffix URL’s could not be specified
- Fixed caching issues when editing questionnaires
plextrac/plextracnginx:1.17.3 DIGEST: plextrac/[email protected]:49bcd0e6d2793fa4aa06051f91c2cfaac2e60bb288e0213f1ab3c42b54ad8c62
plextrac/plextracapi:1.17.2 DIGEST: plextrac/[email protected]:00f147ca7b015497da6d78fc90ead9e0f39f4dcc290f6b02e1787e8b59fe97b3
- Released tenable.io, tenable.sc integration
- Enhancements to Affected Assets
- Added ability to edit Affected Assets
- Implemented new design for adding an Affected Asset
- New evidence section URL/URI parsing Notes section
- Added new RBAC permission splitting out comment vs status change in findings
- Added auto-save custom fields, exhibits, code samples when editing a finding
- Added ability to custom sort findings
- Fixed styled text & nested HTML in image captions
- Fixed Auto Numbered captions in CKEditor
- Fixed scenario where missing data in a finding would result in a SDK error
- Fixed MITRE and SCYTHE name consistency in Runbooks
- Fixed contrast for code block text in Dark Mode
- Fixed informational finding parsing in Checkmarx parser
- Fixed issue where custom field search would fail on periods
plextrac/plextracnginx:1.16.10 DIGEST:sha256:c308d650fdd6ff7e7cec566b722fd19ca292ac7807ca4c8d8a42aed05c176156
plextrac/plextracapi:1.16.11 DIGEST:sha256:06eb3b62c075b2f875a05b15ba20ca978245f948182b45f3791118a20bfddfa2
- Added hover to display dashboard trendline on Dashboard
- Several design updates and fixes in analytics pages
- New designs for edit finding page, edit narratives page
- Preset Filters for analytics SAML IDP
- User Provisioning
- WriteupsDB Bulk Actions (Delete and TAGS)
- Fixed error message when uploading license key
- Affected asset scan data can now discretely reference scan evidence by affected asset
- Export crashes with symbols in affected asset title
- CKEditor Field Template
- New Report navigation
- Report Details Tab added to report navigation
- CSV writeup importer updates
- Filter analytics by assets
- User Management Wizard for seeing what roles a user has for which clients
- Role is now removed when done through User Permissions Wizard Qualys imports
- Able to change affected assets status
- Text Style in Tables Exports Correctly
- Jira sync process now assigns valid statuses
- Images can now be captions using CKEditor
- OWASP ZAP Parser now parsing IP addresses to known_ips field for affected assets
- Newlines are no longer removed from scanner output during export
- Writeups created in WriteupsDB no longer requires references to save Report
- Fixed Raw Evidence toggle switch
- Ability to reference raw scan evidence as a callable field via Jinja Add hover display to dashboard trendline on security debt dashboard
- Design updates for Runbooks analytics page
- Use improved helping type for Asset Analytics Choose "Unspecified" option in the filter dropdown for Asset Types
- Filter Open/Closed Issues on Date Range Improvements in Trend Analytics Parse port data from ZAP
- Fixed OOM issue that caused API Crashes on Nessus Import with large number of scanner documents
- Resolved bug where unable to change user auth after enabling two-factor authentication
- Fixed problem where some users were unable to export report due to Non-Ascii characters in report
- Resolved issue where adding assets with ports to a Finding crashes API
- Resolved a UI bug where the details tab shows buttons in wrong places
- The new Asset Analytics functionality provides you with an at-a-glance overview of every asset in your (or your clients’) company, by level of criticality, to help you better understand where you’re most vulnerable
- With PlexTrac’s new integration with Tenable, you can import findings and assets tied to a Tenable tag directly into the Purple Teaming Platform
- PlexTrac is also happy to announce the addition of security scanner tool parsers and imports for Horizon3 NodeZero, OWASP Zap, HCL AppScan, and Checkmarx
- PlexTrac now supports IDP (Identity Provider) initiated SAML SSO
- PlexTrac’s new Attack Path Visualization feature makes it as easy as drag-and-drop to create a visual representation of the tactics, techniques, and procedures (TTPs) used in a simulated attack.
- Short codes are a powerful new time-saver in PlexTrac that provides a simpler way for users to search and replace text at the report or client level
- Some assets are more important than others — and with our new Report Assets view, PlexTrac allows you to instantly see all the findings associated with those assets most important to you.
- Additional bug fixes
- Ability to collapse the left-hand panel, change the Logo, background text, and text highlight colors of the left panel. The update also includes the much-demanded Dark Mode!
- When viewing Affected Assets under the preview modal, you can now Bulk Update the Status of Assets!
- The Analytics module has been updated in many ways, including a new Findings by Client section, Preset Filters, and an all-new Runbooks Analytics Module which includes a MITRE type heatmap
- You can now import SCYTHE Campaigns and MITRE Threat Emulations Plans as a Runbooks into PlexTrac
- We have added the ability to assign procedures with a severity level while still working the Engagement
- You can now copy a completed engagement and include all data. This feature can be used to pick up an accidentally closed Engagement or to add new information
- You can now also view the Finding ID in the Preview modal.
- Additional bug fixes
- Comments: Added the ability to add comments to an ckeditor instance, beginning with report narratives.
- Mitre ATT&CK v9.0 methodology added to runbooks
- Backend scaffolding for audit logging (login, failed login, two-factor enable/disable, password reset/change)
- Runbooks engagement procedures can now be assigned a severity level that will be used when creating a report finding
- Runbook analytics can be filtered by engagement tags
- Engagements which are imported and do not inherit tactics from the parent runbook can still be associated with tactics, if they are tagged
- Runbook Analytics and Preset Filters are now available in production.
- PTrac import bug was fixed
- Newly uploaded artifacts now show a Creation Date
- Date Reported on the Report Overview screen now shows in a proper format
- Introduction, Methodology, and Summary Report Narratives now can be moved, deleted, and overwritten
- Replaced placeholder text on the Service Now Integration screen
- Removed HTML tags in .csv exports
- Fixed casing for the WriteupsDB sidebar navigation
- We have now added Custom Fields for both Client and Report Details! This can be incredibly useful in expanding the current functionality of Jinja Templates and reducing polish time after export.
- Assessments — added a feature to require completion of specific steps in a questionnaire before submitting. This takes the form of check boxes beside the Overall Questionnaire (requiring ALL questions to be marked ‘completed’ before being able to be submitted), For Individual Questions, and for Individual answer type
- Addressed issue with pasting tables into PlexTrac
- FIxed Search bar for Runbooks Procedure Tags
- PlexTrac has moved to a Continuous Integration/Continuous Deployment (CI/CD) development model.
- You can now define tables in the Rich Text Boxes inside PlexTrac and export them to your report.
- You can now add Custom Narratives from as many Report Template sources as desired.