Links

Creating a Finding

This page explains how to create a finding.
Findings can be added to reports, which then can be copied to WriteupsDB for future use.
Step 1: Navigate to the desired report, click the report row to bring up the Report Readout view, then click the Findings tab.
Step 2: Click Add Findings.
Step 3: Click Create Finding from the pulldown menu.
Step 4: The Create New Finding page has five tabs to collect data about a finding (more details on each tab exists below on this page).
Step 5: Click Save when finished. The finding is now associated with that report and client.

Finding Details Tab

This tab contains the main body of the finding and the following fields:
  • Title (required): The title of the finding.
  • Severity (required): The severity rating for the finding.
  • Score type: The score associated with a finding. This can be used to record a score for CVSS
  • Status: The status of the finding. This can be used to record a general score, a CVSS 2.0 score, a CVSS 3.0 score, or dynamically create a CVSS 3.1 score using the provided calculator.
  • Sub-Status: Further details on the status for an open or in-process finding.
  • Assigned to: A list of users who are assigned to a finding from a pulldown menu of users in PlexTrac. Only one can be assigned at a time.
  • Description: An RTF field that allows for content, images, links, code examples, tables, and lists to be entered as needed.
  • Recommendations: An RTF field that allows for content, images, links, code examples, tables, and lists to be entered as needed.
  • References: An RTF field that allows for content, images, links, code examples, tables, and lists to be entered as needed.
  • CVE ID: Common Vulnerabilities and Exposures (CVE) identifier(s) assigned to the finding. This field requires a format of CVE prefix + Year + arbitrary digits. There is no limit to the number of arbitrary digits.
    • Example ID with four digits: CVE-2014-3127
    • Example ID with five digits: CVE-2018-54321
    • Example ID with six digits: CVE-2019-456132
  • CWE ID: Common Weakness Enumeration (CWE) identifier(s) assigned to the finding. This field requires a format of a two-to-four digit number.
    • Example ID with two digits: 99
    • Example ID with three digits: 243
    • Example ID with four digits: 1423
  • Tags: Any tags associated with a finding to help manage and retrieve the finding easier at a later time. As many tags can be added as desired.
Videos can be added under the Screenshots/Videos tab.

Affected Assets Tab

This tab displays any assets that are associated with a finding. Click Add Assets to create a new asset, select an existing asset in PlexTrac, or import an asset (individually or bulk) into PlexTrac.

Bulk Asset Import

Step 1: From the Affected Assets tab when creating or editing a finding, click Add Assets.
Step 2: Select Bulk paste.
Step 3: Enter or paste the assets into the provided box and separate each asset with either a keyboard return or a comma.
or
Step 4: Click Next.
Step 5: Review the asset list. Uncheck any assets that are not to be added. Click Next.
Any subdirectories listed for an asset's domain and will be loaded as its own asset and considered a 'child' in relationship to the 'parent' domain. This relationship will be tracked and maintained within PlexTrac. For example: www.plextrac.com/home will become two assets, with /home a child to www.plextrac.com.
Step 6: Add any desired tags (optional). Click Add x assets.
Step 7: Open or edit the assets as desired.

Custom Fields Tab

This tab displays any custom fields created for a finding. Click Add Field to insert more labels and values for the finding and repeat as needed.

Screenshots and Videos Tab

This tab stores any screenshot and videos associated with a finding, as videos are not allowed in the Finding Details RTF. To add any files, drag them from your desktop onto the box provided, or click the box to navigate directly to the files on your computer.

Code Sample Tab

This tab stores any codes samples related to a finding for future reference. Click Add Code Sample to insert content.
Click Next below to learn how to add a finding from WriteupsDB.