Creating a Finding
Last updated
Was this helpful?
Last updated
Was this helpful?
Creating a finding within PlexTrac can be initiated either through the Clients module or the Reports module, but either approach involves selecting a report to add the findings. When created within PlexTrac, users can update using five tabs: Finding Details, Affected Assets, Screenshots/Videos, and Code Samples.
Step 1: From the Reports module, click the row of the impacted report.
Step 2: Click the Findings tab.
Step 3: Click Create Finding from the "Add Findings" pulldown menu.
Step 4: Enter a finding name and select the finding severity. Click Create.
Step 5: The edit finding page has four tabs for collecting data about a finding (further details on each tab are provided below).
Title (required): All finding titles must be unique within a report. The tool will provide an error message after clicking Save if an existing title is used.
Severity (required): Identifies the severity rating for the finding. The values are in ascending order: Informational, Low, Medium, High, and Critical.
Priorities: Associate the finding with a priority in the Priorities module.
CVE ID: Common Vulnerabilities and Exposures (CVE) identifier(s) assigned to the finding. This field requires a format of CVE prefix + Year + arbitrary digits. There is no limit to the number of random digits.
Example ID with four digits: CVE-2014-3127
Example ID with five digits: CVE-2018-54321
Example ID with six digits: CVE-2019-456132
CWE ID: The Common Weakness Enumeration (CWE) identifier(s) assigned to the finding. This field requires a two-to-four-digit number format.
Example ID with two digits: 99
Example ID with three digits: 243
Example ID with four digits: 1423
Tags: Stores any tags associated with a finding to help manage and retrieve the finding more easily later.
Custom Fields: Click Add custom field to insert more labels and values as needed.
Step 5: Click Save.
The information entered is now displayed in the Findings Details tab and can be modified as needed. More details of a finding can be added by continuing to the other available tabs.
This tab displays any affected assets associated with a finding. The Affected Assets page provides more information on this topic, such as how to import or create.
This tab stores screenshots and videos associated with a finding, as videos are not allowed in the Finding Details rich-text fields.
To add a file, drag it onto the box on the page or click to navigate to files on the computer. Repeat as needed.
This tab stores any code samples related to a finding for future reference. Click Add Section to add additional sections. The code will be formatted when the report is published.
Score type: Identifies the score associated with a finding. This can be used to record a general score, a CVSS 2.0 score, a CVSS 3.0 score, a CVSS 4.0 score, or .
Status: Defines the (Open, Closed, or In Process). It defaults to Open.
Sub-Status: Provides further details on the status of a finding if . If no sub-status values have been configured, this field will not appear.
Assigned to: Identifies the user assigned to a finding. Only one user can be assigned, and an email will be sent once the finding is saved. The list in the pulldown menu is derived from the list of .
Description (required): An RTF field allowing content, images, links, code examples, tables, and lists to be entered as needed. This field has enabled.
Recommendations: An RTF field allowing content, images, links, code examples, tables, and lists to be entered as needed. This field has enabled.
References: An RTF field allowing content, images, links, code examples, tables, and lists to be entered as needed. It has enabled.
