Release Notes

Check back here for an updated list of all the changes and additions made to the PlexTrac program.

+ October 1st Release Notes

Below are all of the additions and changes made in our October 1st update:

  • The addition of custom "Finding Sub-Statuses." Before this release it was possible to label findings as Open, In Progress, or Closed. Now you can define your own custom sub-statuses on the platform.

  • Enhancements to the Assessment module editing workflow. We've made many additions to the Assessments module recently, and now we've improved the editing process with two new features.

    • Sticky save bar, so the save button is always within view

    • Unsaved work notifications, so you know if your updated work has not been saved

  • The addition of preview for Tactics, Techniques, and Procedures in the Runbooks module. Now you can expand these out and view their description.

  • The ability to mark a run as "Completed" in Runbooks. Sometimes the Blue Team is able to thwart an attack straight away, not allowing you to complete your execution steps. Now you may mark these as completed.

  • Additional bug fixes, including:

    • Addressing an issue where the "Description" field contents were truncated when submitting an assessment

    • Fixed the inability to remove parent/child relationship from an asset

+ September 2nd Release Notes

Below are all of the additions and changes made in our September 2nd update:

  • Bug fixes, including:

    • Fixed issue where notes entered into one question in an assessment would populate into other questions

    • Fixed issue where files attached to one question in an assessment would populate into other questions.

    • Fixed issue with certain special characters resulting in an extraneous escape character when exporting Nessus scan results

+ August 19th Release Notes

Below are all of the additions and changes made in our August 19th update:

  • Addition of the much-requested ability to attach evidence to a question. When performing assessments there is often the need to attach supporting evidence to a specific question, and now you can do that in PlexTrac.

  • The ability to add custom input field in the assessments module. When administering an assessment there is often the need to include discrete information you wish to segregate from the generic.

  • The addition of static custom fields in the assessments module. The true value of assessments lies in the ability to pre-populate field that are "hidden" during the administration of the assessment, but pass through to findings afterwards. You may now create custom fields when entering a question natively instead of through the WriteupsDB.

  • We have also included the addition of a scroll feature on the questions list when editing a questionnaire. You may now keep the editing field in your field of view when sifting through the question list.

  • Additional bug fixes, including:

    • Fixing issue where some users experienced significant lag when typing in a search field.

    • Fixing issue where in-line images in Custom Narratives would drop from the editor field after saving and/or not be included in the exported report.

    • Fixing issue where capitalized characters in an image file extension would result in corruption of the finding.

    • Fixed several bugs relating to sorting of findings within a report.

+ August 6th Release Notes

Below are all of the additions and changes made in our August 6th update:

  • The ability to import and export Assessments as ISON files. This has many use cases, including the sharing of standardized question sets for both popular and highly specific assessment frameworks.

  • Additionally, the feature enables users to have File-based archiving of important Assessments to ensure rapid restoration in the event of Interruption and availability.

  • Lastly, this feature helps with versioning / tailoring of question sets.

  • This update brings a re-design of the UI in the Edit Finding page that is easier on the eyes.

  • Additional bug fixes, including:

    • Fixed issue where sort-by-severity was not working when viewing findings in a report

    • Fixed issue where inclusion of capital characters in an image extension prevented the upload of images to the Findings Screenshots section

    • Fixed issue where some users experienced significant lag when entering characters when performing a search bar search

    • Fixed issue preventing the importation of assets from an Nmap XML discovery scan into Client Assets

+ July 15th Release Notes

Below are all of the additions and changes made in our July 15th update:

  • The addition of Filters in Client Assets. We are pleased to announce this much-asked-for addition to the Client Assets page. Simply begin typing a portion of the asset you are looking for, and the list is narrowed to those assets which include your search string.

  • The addition of the ability to filter by tags in Reports. Tags are an amazing way of organizing and sorting your data in Analytics and in your document exports. We are pleased to now provide the ability to sort on your findings by tags.

  • Additional bug fixes, including:

    • Fixed an issue where in certain cases, creation of a parent/child relationship between assets could result in corruption of the asset data structure.

    • Fixed several issues related to the use of the mailer module with email servers that only support SSL or which do not allow credentialed authentication.

    • Fixed issue preventing non-global administrators from disabling users

    • Fixed issue preventing exporting of scan data from Burp and Accunetix for those clients who have enabled scan data export in their config.txt file.

    • Fixed UI issue where the last tags added when using bulk actions were retained in the UI for subsequent actions.

+ June 15th Release Notes

Below are all of the additions and changes made in our June 15th update:

  • The addition of "Trend Analytics" One of the most powerful new graphics is also one of the simplest – “Trend of Issues Opened vs Closed”. By simply looking at the relative position of the two lines, you can determine whether you are adding or removing security debt.

  • We are also excited to introduce an entirely new graphic – “Average Time from Creation to Closed.” This chart shows both the total historical and monthly trends for the amount of time taken to remediate findings based on severity.

  • A redesigned of the "Administration Panel". Over the last year we have added a lot of new features for tenancy administration, and the vertical listing of these had grown quite lengthy. Features are now logically grouped, and once selected the dashboard is minimized to provide maximum workspace.

  • The “Users” administration panel has received a facelift, providing much larger and easy-to-read displays of user settings.

  • Additional minor bug fixes, as listed below:

    • Issue that prevented some users from creating Jira tickets resolved.

    • Tags that are included for findings are now retained when those findings are exported and re-imported from a .ptrac file.

    • Users who navigate to a link to a specific page in PlexTrac are now directed to that page immediately after login.

+ May 15th Release Notes

Below are all of the additions and changes made in our May 15th update:

  • An analytics revamp! In our first iteration of the Analytics revamp we have focused on providing enhanced flexibility for filtering along with better graphics to help your team track an analyze your engagements. These include both enhanced filtering and updating graphics, with many more features coming in the near future!

  • The addition of the ability to apply bulk tagging for findings in a report. Our last update included the ability to apply bulk tags at the time of import, and this update now allows bulk tagging for the findings already in the report.

  • You now have the ability to completely customize the email notifications within PlexTrac to match your branding. You may now customize the "From name", "From address", "Email subject", and "Email body".

  • We have built out the CMMC function and it is now available in the platform for every customer. This addition also includes the references and authoritative guidance from appendix B of the CMMC, giving you all the information at your fingertips.

  • We have leveraged our tags around CMMC to make analyzing the results very easy right out of the box.

  • Additional minor bug fixes.

+ April 24th Release Notes

Below are all of the additions and changes made in our April 24th update:

  • The introduction of the "Draft/Published" flag, which provides you the ability to control which findings are reports are visible to users assigned the Analyst role. This feature is optional. Unless you enable this feature, Analysts will continue to have access to all findings in all reports for any clients they have been authorized to view.

  • The ability to change the date reported on findings. This ensures accurate tracking and analytics on historical data brought into PlexTrac. To update the created date on a finding, navigate to a report and use the bulk selection tools to “Change Reported Date”

  • PlexTrac now allows the use of any SAML Identity Provider to log into the application. Multiple providers can be configured for each tennant and are managed on a per user basis.

  • We have significantly enhanced the user experience when enabling or resetting the multi-factor authentication token. This new functionality prevents a user from locking themselves out by enabling MFA without capturing the QR code. Once a user chooses to enable (or reset) MFA, they are presented with both the QR code and a field to validate successful capture of that code by entering the 6-digit code provided by the authenticator app.

  • Additional minor bug fixes.

+ April 3rd Release Notes

Below are all of the additions and changes made in our April 3rd update:

  • Added support for Okta, Google, and Azure AD Authentication - support for all the leading single-sign on methods.

  • The ability to apply tags in bulk to both findings and associated assets when importing scanner results into your PlexTrac reports.

  • An overall revamp of the analyst experience. Those assigned with the analyst role have a simplified interface that eliminates UI hooks.

  • The addition of Jinja2 hook for expanded asset data. PlexTrac's asset section provides users with a consolidated view of all vulnerabilities from all reports for any given asset. But we're also a powerful asset management tool, providing a way to organize important metadata such as asset criticality, owner, data owner, and physical location. All of this information can now be referenced in your custom templates.

  • A brand new user interface for building assessments. This interface includes pagination and a widget to allow rapid navigation through long questionnaires. And of course, it's styled with purple throughout!

  • Administrators now have the ability to permanently delete users from their tenancy.

  • The multi-factor authentication feature now has an autofocus to ease entry of the 6-digit code.

  • Tags can now be added when building questions for an Assessment, which will pass through to the associated findings after submission.

  • Additional minor bug fixes.

+ March 10th Release Notes

Below are all of the additions and changes made in our March 10th update:

  • Our latest release begins the rollout of our new skin, incorporating modern UI design and demonstrating our love for all things purple!

  • The UI when taking an assessment has been streamlined, incorporating both pagination and collapsible questions

  • You now have the ability to view (and even resubmit) previously submitted questionnaires

  • We have now added the ability to parse Core Impact exports! With their recent acquisition of Cobalt Strike, Core Security continues to advance their capabilities and we are excited to offer this new integration

  • Nmap is the standard for a lightweight discovery tool, and PlexTrac now supports import of and display of open ports and services. Because Nmap doesn’t produce true findings, we took a different approach than with our other parsers. In the Assets view for a Client, there is a new “Import Assets” button. Using this enables you to import your .nmap file. All assets present in the file are added to the Client’s asset list. Open one of these assets, and navigate to the Notes/Description tab to view the data

  • Dramatic performance improvements when performing bulk deletion of findings, when deleting a report and when deleting a client

  • Additional supported file types in the Artifacts file manager

  • Modification of the CMMC framework in the Assessments Module to reflect the addition of Maturity Level

  • Prevention of overwriting the initial Date Reported when importing subsequent scan data that has identical findings.