A finding refers to the evaluation results of an organization's security readiness. It identifies a specific security weakness or vulnerability that could be exploited, whether a system, process, policy, or procedure. Findings can be identified during various tasks, such as a pentest, vulnerability assessment, compliance audits, etc.
Findings are the most common object in PlexTrac. They can be added to a report in PlexTrac in multiple ways:
sourcefield, found on the Finding Detail modal (appears when clicking the row of a finding), records where the finding was created.
The finding ID is generated either by importing the ID (when applicable) from the source tool or dynamically by PlexTrac with every unique finding title. As such, every finding title in a report must have a unique value.
Suppose findings are imported from two scans into the same report, and duplicates exist on the second scan. In that case, only additional findings from the second scan are imported, as well as any other assets tied to existing findings.
Visit this page for documentation on the different fields and values that can exist for a finding, as well as the finding object structure in the database.
Findings are accessed through multiple paths within PlexTrac, including the following:
Via the Reports module:
- 1.Click Reports from the main menu.
- 2.Select a report.
- 3.Click the Findings tab.
Via the Clients module:
- 1.Click Clients from the main menu.
- 2.Select the client.
- 3.Click the Findings tab.
The number of findings in a report is displayed at the top of the table to the left of the filter boxes.
Findings can be in draft or published mode, and this status is provided visually within the Findings tab. Findings in draft mode have an orange background row color and an orange dot next to the title. Findings that are published have a white background row color with no dot.
Analyst user roles cannot view draft findings, so publishing the finding before publishing a report allows other user roles within PlexTrac to see critical issues that the client needs to address immediately without requiring the report to be completed.
The table view for the Findings tab can be customized to display specific fields in a desired sequence on the page.
Step 1: From the Findings tab of a report, click the column view icon to the right of the search bar.
Step 2: Click the six dots at the left of the field title to grab and move the bars up and down to change the sequence in which they appear on the page.
Step 3: Remove fields by clicking X at the end of the field row to remove. The "Finding Title" and "Actions" columns must always exist, so no "X" appears for those fields.
Step 4: Any available fields not currently presented appear in the "Add Column" pulldown menu. If all fields are now displayed, this button does not appear.
Click Add Column to see available options and select fields to add to the Findings tab view.
Step 5: Click Save.
PlexTrac provides the ability to reduce the list of findings displayed on the Findings tab for reports that have findings across multiple pages.
- 1.Published or Draft: Allows findings to be filtered by whether the finding was published or is in draft status. It defaults to all findings.
- 2.Status: Allows findings to be filtered by whether they are open, closed, or in progress. It defaults to all findings.
- 3.Sub Status: Allows findings to be filtered by sub status values set by the admin in the Admin Dashboard under Tenant Settings/General Settings. It defaults to all sub statuses.
- 4.Tags: Allows findings to be filtered or searched via specific tag(s) associated with a finding, either by selecting the desired tag(s) from the pulldown menu list or by typing the desired tag(s) directly into the box. An option also exists to display only findings without tags, which exists at the top of the pulldown menu. This option provides a count in parenthesis of how many findings do not have any tags.
- 5.Search: Allows findings to be filtered by any value or character in the finding title. This field is not case-sensitive.