Findings

PlexTrac's enhanced findings management capabilities aim to streamline Continuous Threat Exposure Management (CTEM) by breaking away from traditional report-centric workflows. These improvements give users a centralized and dynamic approach to managing findings, enabling real-time insights into security issues, prioritization, and remediation activities.

This approach allows pentesters to look at the vulnerability from the perspective of a finding or an instance.

The key difference between a finding and an instance lies in their granularity and scope in identifying asset vulnerabilities.

Finding: A finding refers to identifying a vulnerability on an asset. It represents a single occurrence of a vulnerability appearing on an asset, uniquely identified by attributes such as plugin ID, port, and protocol. Findings determine whether an asset is vulnerable to a specific issue. For example, if a vulnerability affects 50 assets, there will be 50 findings, one for each affected asset.

Instance: An instance is a more granular representation of how a vulnerability manifests on an asset. It refers to the specific condition(s) on an asset that cause it to be vulnerable. An asset can have multiple instances of the same vulnerability due to factors like multiple versions of vulnerable software installed or exposure through different network ports. Instances provide the most detailed view of vulnerabilities and are critical for assessing risk at the most specific level.

The views and functionality seen in the findings and instances tabs are the same if viewed from within the Clients module.

Key Benefits

The findings and instances tabs offer several key benefits that enhance vulnerability management and workflow efficiency.

  • Improved Visibility Across Clients: The findings tab allows users to see all unique vulnerabilities across their authorized clients. This enables enterprise-level oversight of issues, deduplicated by source, title, and client, providing clarity on the scope of vulnerabilities within an organization.

  • Granular Breakdown of Vulnerabilities: The instances page complements the findings view by detailing specific occurrences of each vulnerability across individual assets. This differentiation helps users assess whether an issue is widespread across critical assets or isolated to low-priority ones, aiding in risk prioritization.

  • Support for Light Vulnerability Management: The tabs enable a streamlined approach to vulnerability management by creating unique records of vulnerabilities on specific assets. This allows organizations to track issues more effectively and navigate workflows more precisely.

  • First Seen Tracking: The platform tracks when vulnerabilities were first detected in external tools and within the platform itself. This historical context supports better risk assessment and positions the platform as a data aggregation tool for managing security issues.

  • Simplified Permissions Model: The tabs leverage existing client authorization without introducing new permissions.

  • Automation of Findings and Instances Creation: When reports are published, findings and instances are automatically created based on the data provided. This reduces manual effort and ensures accurate tracking of vulnerabilities across assets.

Last updated

Was this helpful?