# Findings

A finding is a weakness in systems, processes, policies, or procedures that could be exploited. It arises from penetration testing, vulnerability assessments, and compliance audits. These findings reveal potential points of compromise, categorized by severity, and often come with recommended remediation actions.

Organizations can use findings to allocate resources and improve security efficiently.

Findings are the most common object in PlexTrac and can be added to a report in multiple ways:

* [created from scratch within a report](https://docs.plextrac.com/plextrac-documentation/product-documentation/reports/add-custom-finding/creating-a-finding)
* [migrated from WriteupsDB](https://docs.plextrac.com/plextrac-documentation/product-documentation/reports/add-custom-finding/adding-findings-from-writeupsdb)
* imported via [files generated from third-party tools](https://docs.plextrac.com/plextrac-documentation/product-documentation-1/integrations-and-file-imports#third-party-tools), such as Nessus or Pentera
* imported from one of PlexTrac’s [CSV finding templates](https://docs.plextrac.com/plextrac-documentation/product-documentation/reports/findings/csv-findings-templates)
* imported from an [API integration](https://docs.plextrac.com/plextrac-documentation/product-documentation-1/integrations-and-file-imports#apis), such as Snyk or HackerOne
* [imported via PlexTrac’s API endpoints](https://api-docs.plextrac.com/#fb4b754f-e02b-46a6-9708-1a532a5594da)
* [created after an assessment was completed](https://docs.plextrac.com/plextrac-documentation/product-documentation/assessments/take-assessment-1#assessment-findings-status)
* [created after an engagement was submitted](https://docs.plextrac.com/plextrac-documentation/product-documentation/runbooks-1/engagements#submitting-an-engagement) in the **Runbooks** module

## Accessing Findings

Findings can be accessed either through a report or the **Clients** module:

### **Via a Report:** 

1. Click **Reports** from the main menu.
2. Select a report.
3. Click the **Findings** tab. 

### **Via the Clients module:** 

1. Click **Clients** from the main menu.
2. Select the client.
3. Click the **Findings** tab. 

A count for the number of findings is displayed at the top of the table to the left of the filter boxes.

<div align="left"><figure><img src="https://4252973360-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-LXA6EayCcg12qfDcfXd%2Fuploads%2Fy1mLHhIOvzRdxYmQz2FF%2Fimage.png?alt=media&#x26;token=a93d7c54-08d3-4f21-bc4a-46ee67522a4e" alt=""><figcaption></figcaption></figure></div>

## Identifying the Finding Source

The source of a finding can be found on the Finding detail side drawer, which appears when clicking the row of a finding seen in the **Findings** tab of a report or client. If the finding was created in PlexTrac, a value of `plextrac` exists. If the finding was imported, the source of that file or integration is also recorded.

<figure><img src="https://4252973360-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-LXA6EayCcg12qfDcfXd%2Fuploads%2FIb821lEoTy2wuKs0z6oH%2Fimage.png?alt=media&#x26;token=05a5fdfb-4327-4e04-97c8-39adfe73dcd9" alt=""><figcaption></figcaption></figure>

## Finding ID

The finding ID can be found on the Finding detail side drawer, which appears when clicking the row of a finding in the **Findings** tab of a report or client. The finding ID is generated by importing it from the source tool or dynamically by PlexTrac when the finding is created.&#x20;

For example, [importing a Nessus file](https://docs.plextrac.com/plextrac-documentation/product-documentation/reports/findings/import-scanner-data) will pull in the Nessus `plugin ID` as the PlexTrac `Finding ID`.

<figure><img src="https://4252973360-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-LXA6EayCcg12qfDcfXd%2Fuploads%2FXfs1wfBkPzER2ioKW0fV%2Fimage.png?alt=media&#x26;token=3e8aa4a7-1499-43c2-a1cb-20ffc0873bda" alt=""><figcaption></figcaption></figure>

Every finding in a PlexTrac report must have a unique finding title.&#x20;

When importing findings from two scans into the same report, only additional findings from the second scan and any assets tied to existing findings are imported, even if duplicates exist.

When two findings with the same title are created in two different reports for the same client, they are displayed on the **Findings** tab in the **Clients** module, as they each receive a unique finding ID.

## **Finding Reported Date**

The finding reported date is when the finding was added to the report. This value is displayed under the "Date Reported" column from the **Findings** tab. This value can be modified through the "Actions" button when selecting one or more findings.

<div align="left"><figure><img src="https://4252973360-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-LXA6EayCcg12qfDcfXd%2Fuploads%2FtLxhhdLlhLXI4HcMl4LP%2Fimage.png?alt=media&#x26;token=85d3abc8-fdef-4da9-9acb-8255e428d38f" alt=""><figcaption></figcaption></figure></div>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.plextrac.com/plextrac-documentation/product-documentation/reports/findings.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.