Creating a Finding
Creating a finding within PlexTrac can be initiated either through the Clients module or the Reports module, but either approach involves selecting a report to add the findings. When created within PlexTrac, users can update using five tabs: Finding Details, Affected Assets, Screenshots/Videos, and Code Samples.
Step 1: From the Reports module, click the row of the impacted report.
Step 2: Click the Findings tab.
Step 3: Click Create Finding from the "Add Findings" pulldown menu.
Step 4: The "Create New Finding" page appears with five tabs to collect data about a finding (further details on each tab exist below).
At a minimum, enter a finding title, select the finding severity, and enter a finding description as required fields. All other fields are optional.
Title (required): All finding titles must be unique within a report. If an existing title is used, the tool will provide an error message after clicking Save.
Severity (required): Identifies the severity rating for the finding. The values are in ascending order:
Informational,Low,Medium,High, andCritical.Score type: Identifies the score associated with a finding. This can be used to record a general score, a CVSS 2.0 score, a CVSS 3.0 score, a CVSS 4.0 score, or dynamically create a CVSS 3.1 score using the provided calculator.
Status: Defines the status of the finding (Open, Closed, or In Process).
Sub-Status: Provides further details on the status of a finding if set up by admin. If no sub-status values have been configured, this field will not appear.
Assigned to: Identifies the user assigned to a finding. Only one user can be assigned and will receive an email once the finding is saved. The list in the pulldown menu is derived from the list of users added to a client.
Description (required): An RTF field allowing content, images, links, code examples, tables, and lists to be entered as needed. This field has collaborative editing enabled.
Recommendations: An RTF field allowing content, images, links, code examples, tables, and lists to be entered as needed. This field has collaborative editing enabled.
References: An RTF field allowing content, images, links, code examples, tables, and lists to be entered as needed. It has collaborative editing enabled.
CVE ID: Common Vulnerabilities and Exposures (CVE) identifier(s) assigned to the finding. This field requires a format of CVE prefix + Year + arbitrary digits. There is no limit to the number of random digits.
Example ID with four digits:
CVE-2014-3127Example ID with five digits:
CVE-2018-54321Example ID with six digits:
CVE-2019-456132
CWE ID: The Common Weakness Enumeration (CWE) identifier(s) assigned to the finding. This field requires a two-to-four-digit number format.
Example ID with two digits:
99Example ID with three digits:
243Example ID with four digits:
1423
Tags: Stores any tags associated with a finding to help manage and retrieve the finding more easily later.
Custom Fields: Click Add custom field to insert more labels and values as needed.
Step 5: Click Save.
The information entered is now displayed in the Findings Details tab and can be modified as needed. More details of a finding can be added by continuing to the other available tabs.
Affected Assets Tab
This tab displays any affected assets associated with a finding. More information on this topic, such as how to import or create, can be found on the Affected Assets page.
Screenshots and Videos Tab
This tab stores screenshots and videos associated with a finding, as videos are not allowed in the Finding Details rich-text fields.
To add a file, drag it onto the box on the page or click to navigate to files on the computer. Repeat as needed.
Code Sample Tab
This tab stores any code samples related to a finding for future reference. Click Add Code Sample to insert content. Click Add Section to add a caption and the code. The code will be formatted when the report is published.
The code will be formatted when the report is published.
Last updated
