Release Notes

Jinja Templating Service Desk API Documentation PlexTrac Home
Search…
Documentation Portal
Product Documentation
Authentication Methods
Integrations and Mappings
On-Premise Management
Release Notes
Release 1.31.0
New Capability 
​Integration support for Pentera​
New modal design for importing parser files that includes a progression bar
Bug Fixes
Fixed issue of a .csv asset not populating fields properly when being imported 
Fixed issue of default WriteupsDB Default Repository not populating correctly with new installation 
Fixed “Client Users Error” 400 incorrectly appearing in some instances when navigating to Client module 
Fixed bug in the applications image upload functionality that prevented users from uploading images within the runbooks edit procedure workflow
Fixed mapping issues when importing Veracode xml files 
Fixed report logs error when importing a findings file
Fixed issue with save not working and incorrect permissions generated after creating a new custom role based on the Analyst role template 
Fixed issue with a blank screen on Narratives tab after creating a new report using a report template that had a narratives section 
Fixed issue of search not working in the “Link Writeup” pulldown menu in Admin Dashboard>Tools & Integrations>Parser Actions
Release 1.30.0
New Capability 
Analytics module pages more printer-friendly 
Performance improvements on Dashboard page load 
Ability to search and filter a list of sections by tags on the Sections tab within NarrativesDB
Table presentation and caching improvements in Analytics>Trends & SLAs 
SLA information presented on the finding table and finding detail sidebar 
Updates to Inviciti parser integration mappings and support 
Latency improvements when entering data in reports 
Ability to configure date format in Personal Settings to one of the following options: YYYY-MM-DD, DD-MM-YYYY, or MM-DD-YYYY 
Customizable columns for the client findings page
Bug Fixes 
Improvements for admins to change settings for existing repositories within NarrativesDB and be seen immediately by users with access 
Unicode copy/paste support for umlauts 
Fixed 400 error when adding findings to WriteupsDB via csv upload or from a report 
Fixed Date format of Start Time for Runbook Engagements 
Fixed user access issue in WriteupsDB repository 
Fixed issue of Assessment module not appearing in menu for some customers 
Improved copy/paste formatting from external source to a report
Release 1.28.0
New Capability 
New Content Library container in main menu
Contains existing WriteupsDB and new NarrativesDB features
New Narratives Database (DB) feature
NarrativesDB allows for the organization, categorization, and management of content to be shared by multiple users and groups for producing reports
Search enhancements in Content Library
Search results for repositories and writeups refined based on text entered in search box
Capability to sort by title field in Content Library repositories
User management updates across Content Library and Runbooks
Access to content repositories is governed globally for each repository type by RBAC 
The ACCESS permission enables users to see and use content within content repositories
The MANAGE permission enables users to manage settings and users of content repositories (who is allowed to view/edit a repo) 
Ability for users with proper RBAC permissions to delete repositories
Ability to identify the source of a Finding via the Finding Detail modal view (includes manual imports and data from integrations)
Support of audit tracking when users are added/removed from PlexTrac
Bug Fixes 
Fixed issue in which some Unicode values were not appearing correctly from source when copy/paste was used
Release 1.20.0
New Capability 
Communicating age of data within analytics 
Added manual refresh of data for analytics page 
Added ability to create reviewers by state on reports 
Added functionality to sort filters alphabetically 
Changed account lockout behavior to be default, vs opt-in
Bug Fixes 
Various fixes for log syntax
Release 1.19.0
New Capability 
Enable account lockouts 
Allow setting createdAt during finding creation 
As a report creator, I can set a report state & assign reviewers
Writeups Do Not Require a Recommendation 
Reorganized Admin Panel 
Added CKEditor field to findings field template
Bug Fixes
Ampersands in Report Custom Fields missing in Word export 
Fixed OWASP Zap Parser Descriptions and Recommendations Fields 
Fixed Jinja Export Error missing type_of_piece 
Fixed import Nipper XML 
Fixed Hyperlink CKEditor formatting export error 
Fixed front end user issue where the user appeared to be part of the default group, but was not. This disallowed ability to give authorize user for client access 
Fixed intermittent Tenant Integration licensing error toast 
CKEditor Code blocks - new lines are now getting created in Word export 
SNOW - resolved issue with hardcoded URL suffix
Release 1.17.3
New Capability
Ability to add ports and services to affected assets 
Added notes section to affected assets 
Added evidence section to affected assets 
URL/URI parsing for affected assets Update default table styling for exported Word documents
Allow use of field templates when creating Writeups in WriteupsDB 
Option to auto-save work when editing narratives 
Ability to set a report state and assign reviewers in report details 
RBAC - separated out commenting and status changes permissions 
Added ability to custom sort findings
Bug Fixes 
Fixed ability to create Writeup from scratch 
Fixed issue where some SNOW suffix URL’s could not be specified 
Fixed caching issues when editing questionnaires
Version Digests
plextrac/plextracnginx:1.17.3 DIGEST: plextrac/[email protected]:49bcd0e6d2793fa4aa06051f91c2cfaac2e60bb288e0213f1ab3c42b54ad8c62
plextrac/plextracapi:1.17.2 DIGEST: plextrac/[email protected]:00f147ca7b015497da6d78fc90ead9e0f39f4dcc290f6b02e1787e8b59fe97b3
Release 1.16
New Capability
Released tenable.io, tenable.sc integration 
Enhancements to Affected Assets 
Added ability to edit Affected Assets 
Implemented new design for adding an Affected Asset 
New evidence section URL/URI parsing Notes section 
Added new RBAC permission splitting out comment vs status change in findings 
Added auto-save custom fields, exhibits, code samples when editing a finding 
Added ability to custom sort findings
Bug Fixes 
Fixed styled text & nested HTML in image captions 
Fixed Auto Numbered captions in CKEditor 
Fixed scenario where missing data in a finding would result in a SDK error 
Fixed MITRE and SCYTHE name consistency in Runbooks 
Fixed contrast for code block text in Dark Mode 
Fixed informational finding parsing in Checkmarx parser 
Fixed issue where custom field search would fail on periods
Version Digests
plextrac/plextracnginx:1.16.10 DIGEST:sha256:c308d650fdd6ff7e7cec566b722fd19ca292ac7807ca4c8d8a42aed05c176156
plextrac/plextracapi:1.16.11 DIGEST:sha256:06eb3b62c075b2f875a05b15ba20ca978245f948182b45f3791118a20bfddfa2
​
Release 1.14
New Capability
Added hover to display dashboard trendline on Dashboard 
Several design updates and fixes in analytics pages 
New designs for edit finding page, edit narratives page 
Preset Filters for analytics SAML IDP 
User Provisioning 
WriteupsDB Bulk Actions (Delete and TAGS)
Bug Fixes
Fixed error message when uploading license key 
Affected asset scan data can now discretely reference scan evidence by affected asset 
Export crashes with symbols in affected asset title
Release 1.13.1 
New Capability
CKEditor Field Template 
New Report navigation 
Report Details Tab added to report navigation 
CSV writeup importer updates 
Filter analytics by assets 
User Management Wizard for seeing what roles a user has for which clients
Bug Fixes
Role is now removed when done through User Permissions Wizard Qualys imports
Able to change affected assets status 
Text Style in Tables Exports Correctly 
Jira sync process now assigns valid statuses 
Images can now be captions using CKEditor 
OWASP ZAP Parser now parsing IP addresses to known_ips field for affected assets 
Newlines are no longer removed from scanner output during export
Writeups created in WriteupsDB no longer requires references to save Report 
Fixed Raw Evidence toggle switch
Release 1.12
New Capability
Ability to reference raw scan evidence as a callable field via Jinja Add hover display to dashboard trendline on security debt dashboard 
Design updates for Runbooks analytics page
Use improved helping type for Asset Analytics Choose "Unspecified" option in the filter dropdown for Asset Types 
Filter Open/Closed Issues on Date Range Improvements in Trend Analytics Parse port data from ZAP
Bug Fixes
Fixed OOM issue that caused API Crashes on Nessus Import with large number of scanner documents 
Resolved bug where unable to change user auth after enabling two-factor authentication 
Fixed problem where some users were unable to export report due to Non-Ascii characters in report 
Resolved issue where adding assets with ports to a Finding crashes API
Resolved a UI bug where the details tab shows buttons in wrong places
August 31, 2021
New Capability
The new Asset Analytics functionality provides you with an at-a-glance overview of every asset in your (or your clients’) company, by level of criticality, to help you better understand where you’re most vulnerable 
With PlexTrac’s new integration with Tenable, you can import findings and assets tied to a Tenable tag directly into the Purple Teaming Platform
PlexTrac is also happy to announce the addition of security scanner tool parsers and imports for Horizon3 NodeZero, OWASP Zap, HCL AppScan, and Checkmarx
PlexTrac now supports IDP (Identity Provider) initiated SAML SSO
PlexTrac’s new Attack Path Visualization feature makes it as easy as drag-and-drop to create a visual representation of the tactics, techniques, and procedures (TTPs) used in a simulated attack.
Short codes are a powerful new time-saver in PlexTrac that provides a simpler way for users to search and replace text at the report or client level
Some assets are more important than others — and with our new Report Assets view, PlexTrac allows you to instantly see all the findings associated with those assets most important to you.
Additional bug fixes
June 28, 2021
New Capability
Ability to collapse the left-hand panel, change the Logo, background text, and text highlight colors of the left panel. The update also includes the much-demanded Dark Mode!
When viewing Affected Assets under the preview modal, you can now Bulk Update the Status of Assets!
The Analytics module has been updated in many ways, including a new Findings by Client section, Preset Filters, and an all-new Runbooks Analytics Module which includes a MITRE type heatmap
You can now import SCYTHE Campaigns and MITRE Threat Emulations Plans as a Runbooks into PlexTrac
We have added the ability to assign procedures with a severity level while still working the Engagement
You can now copy a completed engagement and include all data. This feature can be used to pick up an accidentally closed Engagement or to add new information
You can now also view the Finding ID in the Preview modal.
Additional bug fixes
June 11, 2021
New Capability
Comments: Added the ability to add comments to an ckeditor instance, beginning with report narratives.
Mitre ATT&CK v9.0 methodology added to runbooks
Backend scaffolding for audit logging (login, failed login, two-factor enable/disable, password reset/change)
Runbooks engagement procedures can now be assigned a severity level that will be used when creating a report finding
Runbook analytics can be filtered by engagement tags
Engagements which are imported and do not inherit tactics from the parent runbook can still be associated with tactics, if they are tagged
Runbook Analytics and Preset Filters are now available in production.
Bug Fixes
PTrac import bug was fixed
Newly uploaded artifacts now show a Creation Date
Date Reported on the Report Overview screen now shows in a proper format
Introduction, Methodology, and Summary Report Narratives now can be moved, deleted, and overwritten
Replaced placeholder text on the Service Now Integration screen
Removed HTML tags in .csv exports
Fixed casing for the WriteupsDB sidebar navigation
April 9, 2021
New Capability
We have now added Custom Fields for both Client and Report Details! This can be incredibly useful in expanding the current functionality of Jinja Templates and reducing polish time after export.
Assessments — added a feature to require completion of specific steps in a questionnaire before submitting. This takes the form of check boxes beside the Overall Questionnaire (requiring ALL questions to be marked ‘completed’ before being able to be submitted), For Individual Questions, and for Individual answer type
Bug Fixes
Addressed issue with pasting tables into PlexTrac
FIxed Search bar for Runbooks Procedure Tags
February 11, 2021
New Capability
PlexTrac has moved to a Continuous Integration/Continuous Deployment (CI/CD) development model.
You can now define tables in the Rich Text Boxes inside PlexTrac and export them to your report.
You can now add Custom Narratives from as many Report Template sources as desired.
We've added the Custom Answer Sets in the Assessments module, allowing you to define a set of custom answers into your question, instead of picking from the predefined Answer Sets
You can now copy a well-built question and duplicate it into another question in the Assessments Module.
Our Integration with Jira now supports generation of child tickets for assets.
We have added a Rich Text editor to the fields in the WriteupsDB
October 1, 2020
New Capability
The addition of custom "Finding Sub-Statuses." Before this release it was possible to label findings as Open, In Progress, or Closed. Now you can define your own custom sub-statuses on the platform.
Enhancements to the Assessment module editing workflow. We've made many additions to the Assessments module recently, and now we've improved the editing process with two new features.
Sticky save bar, so the save button is always within view
Unsaved work notifications, so you know if your updated work has not been saved
The addition of preview for Tactics, Techniques, and Procedures in the Runbooks module. Now you can expand these out and view their description.
The ability to mark a run as "Completed" in Runbooks. Sometimes the Blue Team is able to thwart an attack straight away, not allowing you to complete your execution steps. Now you may mark these as completed.
Bug Fixes
Addressing an issue where the "Description" field contents were truncated when submitting an assessment
Fixed the inability to remove parent/child relationship from an asset
September 2, 2020
Bug Fixes
Fixed issue where notes entered into one question in an assessment would populate into other questions
Fixed issue where files attached to one question in an assessment would populate into other questions.
Fixed issue with certain special characters resulting in an extraneous escape character when exporting Nessus scan results
August 19, 2020
New Capability
Addition of the much-requested ability to attach evidence to a question. When performing assessments there is often the need to attach supporting evidence to a specific question, and now you can do that in PlexTrac.
The ability to add custom input field in the assessments module. When administering an assessment there is often the need to include discrete information you wish to segregate from the generic.
The addition of static custom fields in the assessments module. The true value of assessments lies in the ability to pre-populate field that are "hidden" during the administration of the assessment,  but pass through to findings afterwards. You may now create custom fields when entering a question natively instead of through the WriteupsDB.
We have also included the addition of a scroll feature on the questions list when editing a questionnaire. You may now keep the editing field in your field of view when sifting through the question list.
Bug Fixes
Fixing issue where some users experienced significant lag when typing in a search field.
Fixing issue where in-line images in Custom Narratives would drop from the editor field after saving and/or not be included in the exported report.
Fixing issue where capitalized characters in an image file extension would result in corruption of the finding.
Fixed several bugs relating to sorting of findings within a report.
August 6, 2020
New Capability
The ability to import and export Assessments as ISON files. This has many use cases, including the sharing of standardized question sets for both popular and highly specific assessment frameworks.
Additionally, the feature enables users to have File-based archiving of important Assessments to ensure rapid restoration in the event of Interruption and availability.
Lastly, this feature helps with versioning / tailoring of question sets.
This update brings a re-design of the UI in the Edit Finding page that is easier on the eyes.
Bug Fixes
Fixed issue where sort-by-severity was not working when viewing findings in a report
Fixed issue where inclusion of capital characters in an image extension prevented the upload of images to the Findings Screenshots section
Fixed issue where some users experienced significant lag when entering characters when performing a search bar search
Fixed issue preventing the importation of assets from an Nmap XML discovery scan into Client Assets
July 15th, 2020
New Capability
The addition of Filters in Client Assets. We are pleased to announce this much-asked-for addition to the Client Assets page. Simply begin typing a portion of the asset you are looking for, and the list is narrowed to those assets which include your search string.
The addition of the ability to filter by tags in Reports. Tags are an amazing way of organizing and sorting your data in Analytics and in your document exports. We are pleased to now provide the ability to sort on your findings by tags.
Bug Fixes
Fixed an issue where in certain cases, creation of a parent/child relationship between assets could result in corruption of the asset data structure.
Fixed several issues related to the use of the mailer module with email servers that only support SSL or which do not allow credentialed authentication.
Fixed issue preventing non-global administrators from disabling users
Fixed issue preventing exporting of scan data from Burp and Accunetix for those clients who have enabled scan data export in their config.txt file.
Fixed UI issue where the last tags added when using bulk actions were retained in the UI for subsequent actions.
June 15th, 2020
New Capability
The addition of "Trend Analytics" One of the most powerful new graphics is also one of the simplest – “Trend of Issues Opened vs Closed”. By simply looking at the relative position of the two lines, you can determine whether you are adding or removing security debt.
We are also excited to introduce an entirely new graphic – “Average Time from Creation to Closed.” This chart shows both the total historical and monthly trends for the amount of time taken to remediate findings based on severity.
A redesigned of the "Administration Panel". Over the last year we have added a lot of new features for tenancy administration, and the vertical listing of these had grown quite lengthy. Features are now logically grouped, and once selected the dashboard is minimized to provide maximum workspace.
The “Users” administration panel has received a facelift, providing much larger and easy-to-read displays of user settings.
Bug Fixes
Issue that prevented some users from creating Jira tickets resolved.
Tags that are included for findings are now retained when those findings are exported and re-imported from a .ptrac file.
Users who navigate to a link to a specific page in PlexTrac are now directed to that page immediately after login.
May 15, 2020
New Capability
An analytics revamp! In our first iteration of the Analytics revamp we have focused on providing enhanced flexibility for filtering along with better graphics to help your team track an analyze your engagements. These include both enhanced filtering and updating graphics, with many more features coming in the near future!
The addition of the ability to apply bulk tagging for findings in a report. Our last update included the ability to apply bulk tags at the time of import, and this update now allows bulk tagging for the findings already in the report.
You now have the ability to completely customize the email notifications within PlexTrac to match your branding. You may now customize the "From name", "From address", "Email subject", and "Email body".
We have built out the CMMC function and it is now available in the platform for every customer. This addition also includes the references and authoritative guidance from appendix B of the CMMC, giving you all the information at your fingertips.
We have leveraged our tags around CMMC to make analyzing the results very easy right out of the box.
April 24, 2020
New Capability
The introduction of the "Draft/Published" flag, which provides you the ability to control which findings are reports are visible to users assigned the Analyst role. This feature is optional. Unless you enable this feature, Analysts will continue to have access to all findings in all reports for any clients they have been authorized to view.
The ability to change the date reported on findings. This ensures accurate tracking and analytics on historical data brought into PlexTrac. To update the created date on a finding, navigate to a report and use the bulk selection tools to “Change Reported Date”
PlexTrac now allows the use of any SAML Identity Provider to log into the application. Multiple providers can be configured for each tenant and are managed on a per user basis.
Enhanced user experience when enabling or resetting the multi-factor authentication token. This new functionality prevents a user from locking themselves out without capturing the QR code. 
April 3, 2020
New Capability
Added support for Okta, Google, and Azure AD Authentication - support for all the leading single-sign on methods.
The ability to apply tags in bulk to both findings and associated assets when importing scanner results into your PlexTrac reports.
An overall revamp of the analyst experience. Those assigned with the analyst role have a simplified interface that eliminates UI hooks.
The addition of Jinja2 hook for expanded asset data. PlexTrac's asset section provides users with a consolidated view of all vulnerabilities from all reports for any given asset. But we're also a powerful asset management tool, providing a way to organize important metadata such as asset criticality, owner, data owner, and physical location. All of this information can now be referenced in your custom templates.
A brand new user interface for building assessments. This interface includes pagination and a widget to allow rapid navigation  through long questionnaires. And of course, it's styled with purple throughout!
Administrators now have the ability to permanently delete users from their tenancy.
The multi-factor authentication feature now has an autofocus to ease entry of the 6-digit code.
Tags can now be added when building questions for an Assessment, which will pass through to the associated findings after submission.
March 10, 2020
New Capability
Our latest release begins the rollout of our new skin, incorporating modern UI design and demonstrating our love for all things purple!
The UI when taking an assessment has been streamlined, incorporating both pagination and collapsible questions
Ability to view (and even resubmit) previously submitted questionnaires
We have now added the ability to parse Core Impact exports! With their recent acquisition of Cobalt Strike, Core Security continues to advance their capabilities and we are excited to offer this new integration
Nmap is the standard for a lightweight discovery tool, and PlexTrac now supports import of and display of open ports and services. Because Nmap doesn’t produce true findings, we took a different approach than with our other parsers. In the Assets view for a Client, there is a new “Import Assets” button. Using this enables you to import your .nmap file. All assets present in the file are added to the Client’s asset list. Open one of these assets, and navigate to the Notes/Description tab to view the data
Dramatic performance improvements when performing bulk deletion of findings, when deleting a report and when deleting a client
Additional supported file types in the Artifacts file manager
Modification of the CMMC framework in the Assessments Module to reflect the addition of Maturity Level
Prevention of overwriting the initial Date Reported when importing subsequent scan data that has identical findings.
Moving Backup Data
Last modified 4d ago