Links

Pentera

PlexTrac supports file imports from Pentera. Pentera is an automated security validation platform that empowers security and IT professionals to perform autonomous penetration testing on their networks. Pentera’s workflow is geared towards a continuous cycle of testing, remediation, and revalidation, to ensure the proper configuration of security controls.

Exporting Pentera Findings

Findings of any Pentera task can be exported to a JSON compatible format to be imported into PlexTrac.
Step 1: Click Testing History from the left menu.
Step 2: Select a test from the list to open.
Choose a test that has finished and no longer in progress.
Step 3: Click the Export icon.
Step 4: From the modal that appears, under "Export to other tools," click PlexTrac.
The findings of the test will be downloaded in a JSON format that is compatible with PlexTrac.
Each export file from Pentera contains the following:
  • The list of assets tested by Pentera within the scope of the particular test.
  • The list of vulnerabilities discovered during the test, and the assets affected by each vulnerability. Discovery time is included in the dataset.
  • The list of Pentera achievements during the test, and the assets affected by each achievement. Discovery time is included in the dataset. In Pentera, an achievement is Pentera’s ethical exploitation of a vulnerability or exposure, intended to demonstrate its exploitability.

Mappings

Below are the mappings of fields from Pentera to PlexTrac. Only JSON files exported specifically for PlexTrac from Pentera will be accepted through import.

Mappings to Pentera Achievements

PlexTrac record
PlexTrac field
Pentera file
Pentera field
Comments
Finding
ID
Achievements
ID
Finding
Title
Achievements
Name
Finding
Severity
Achievements
Severity
Finding
Status
Default Value
Default Value
set to value 'Open', so customer can manage in PlexTrac
Finding
Description
Achievements
Insight
Finding
Start Date
Achievements
Creation Time
set when achievement is created
Finding
Custom Fields (Severity Score)
Achievements
Severity
captures original Pentera score
Affected Assets
Name
Achievements
target: target ID
Affected Assets
Ports
Achievements
results: Port
Affected Assets
Protocol
Achievements
results: Protocol
Affected Assets
Scan Evidence - Title
set to value 'Results'
Affected Assets
Scan Evidence - Description
Achievements
results - all data
Affected Assets
Scan Evidence - Title
set to value 'Parameters'
Affected Assets
Scan Evidence - Description
Achievements
parameters - all data
captures data in parameters as a section piece of scanner evidence PlexTrac auto-populates based on affected asset data
Asset
Ports
Calculated Value
Calculated Value
PlexTrac auto-populates based on affected asset data
Asset
Service
Calculated Value
Calculated Value
PlexTrac auto-populates based on affected asset data
Asset
Protocol
Calculated Value
Calculated Value
PlexTrac auto-populates based on affected asset data
Asset
Parent Asset
n/a
n/a
Asset
Known IPs
Achievements
results:"Hosts"
Asset
Evidence
Calculated Value
Calculated Value
PlexTrac auto-populates based on affected asset data
Asset
First Found
Achievements
n/a

Mappings to Pentera Vulnerabilities

PlexTrac record
PlexTrac field
Pentera file
Pentera field
Comments
Finding
ID
Vulnerabilities
ID
Finding
Title
Vulnerabilities
Name
Finding
Severity
Vulnerabilities
Severity
Finding
Status
Default Value
Default Value
Set status to 'Open'
Finding
Description
Vulnerabilities
Insight
Finding
Start Date
Vulnerabilities
Creation Time
Finding
Recommendation
Vulnerabilities
Remediation
Finding
Custom Fields (Severity Score)
Vulnerabilities
Severity
Finding
Custom Fields (Priority)
Vulnerabilities
Priority
Affected Asset
Name
Vulnerabilities
target: target_id
Affected Asset
Ports
Vulnerabilities
port
Affected Asset
Protocol
Vulnerabilities
protocol
Asset
Name
Vulnerabilities
target: target_id
Asset
Ports
Calculated Value
Calculated Value
PlexTrac auto-populates based on affected asset data
Asset
Protocol
Calculated Value
Calculated Value
PlexTrac auto-populates based on affected asset data
Asset
Known IPs
Calculated Value
Calculated Value
PlexTrac auto-populates based on affected asset data
Asset
Evidence
Calculated Value
Calculated Value
PlexTrac auto-populates based on affected asset data

Finding Severity Mappings

Pentera uses a numerical range of 1 to 10 to capture a finding severity, while PlexTrac uses five qualitative values: Informational, Low, Medium, High, Critical. For the purposes of importing findings from Pentera, the following mapping exists:
PlexTrac
Pentera
Informational
0
Low
0.01 to 2.49
Medium
2.5 to 4.99
High
5 to 7.49
Critical
7.5 to 10
A Pentera finding may be either a vulnerability or an achievement, where an achievement is Pentera’s ethical exploitation of a vulnerability or exposure, intended to demonstrate its exploitability.
Click Next below to see more mappings.