LogoLogo
API DocumentationIntegrationsPlexTrac.com
  • Product Documentation
    • Using This Site
    • Security Advisories
    • Deployment and Maintenance Policy
    • Supported Applications
  • PlexTrac Modules
    • Dashboard
    • Clients
      • Clients Components
      • Creating a Client
      • Managing Clients
      • Managing Client Users
      • Adding Assets to a Client
      • Managing Assets
    • Schedule
      • Schedule Components
      • Creating an Engagement
      • Requesting an Engagement
      • Managing Engagements
      • Engagement Status
    • Assessments
      • Assessment Components
      • Managing Questionnaires
      • Starting an Assessment
      • Taking an Assessment
      • Reviewing an Assessment
      • Submitting an Assessment
    • Reports
      • Report Components
      • Creating a Report
      • Adding from NarrativesDB
      • Editing a Report
      • Using Short Codes in Reports
      • Findings
        • Creating a Finding
        • Collaborative Editing
        • Importing Findings from a File
        • CSV Findings Templates
          • Using Report Findings CSV Template
        • Importing Findings via an Integration
        • Importing Findings from WriteupsDB
        • Finding Status
        • Creating Jira Tickets
        • CVSS Scoring
        • Affected Assets
      • Importing a Report
      • Exporting a Report
    • Priorities
      • Priorities Components
      • Creating a Priority
      • Linking Findings and Assets
      • Managing Priorities
      • Priorities Metrics
    • Content Library
      • Types of Repositories
      • NarrativesDB
        • NarrativesDB Home Page
        • Managing Repositories
        • Managing Users
        • Creating a Repository
        • Managing Sections
        • Creating a Section
      • WriteupsDB
        • WriteupsDB Home Page
        • Managing Repositories
        • Managing Users
        • Creating a Repository
        • Creating a Writeup
        • Copying a Writeup
        • Adding to a Report
        • Importing via CSV Template
      • RunbooksDB
        • RunbooksDB Home Page
        • Managing Repositories
        • Managing Users
        • Creating a Repository
        • Creating a Procedure
        • Creating a Technique
        • Creating a Tactic
        • Creating a Methodology
    • Analytics
      • Findings
      • Assets
      • Runbooks
      • Trends & SLAs
    • Runbooks
      • Managing Engagements
        • Starting an Engagement
        • Submitting an Engagement
      • Managing Test Plans
        • Creating a Test Plan
        • Exporting a Test Plan
  • Tenant Management
    • Account Management
      • Profile (Personal Settings)
        • Managing User Profile
        • Managing Password
        • Setting Up Two-Factor Authentication
      • Account Admin
        • Tenant Settings
          • Account Information
          • General Settings
          • Email Settings
          • Tags Settings
          • Service-Level Agreements (SLAs)
          • Short Codes
        • Customizations
          • Layouts
          • Templates
            • Report Templates
            • Export Templates
            • Style Guides
          • Theme
        • Automations
          • Risk Scoring
            • Creating Equations
            • Managing Priority Equations
          • Parser Actions
        • Integrations & Webhooks
          • Integrations (API)
            • Cobalt
            • Edgescan
            • HackerOne
            • Jira
            • ServiceNow
            • Tenable Vulnerability Management
            • Tenable Security Center
          • Webhooks
        • Security & User Management
          • Audit Log
          • Security
            • Authentication Methods
              • OAuth/OpenID Setup
                • Microsoft Entra ID
                • Google OAuth
                • Okta
                • OpenID Connect
              • SAML Setup
            • General Authentication Settings
            • Authorization
            • Role Based Access (RBAC)
              • Custom Roles
            • Classification Tiers
          • Users
            • Adding Users
            • Managing Users
        • Licensing
          • Licensing
          • Priorities
          • Plex AI
            • Using AI
        • White Labeling
      • Help Center
      • Logout
    • Integrations and File Imports
      • Acunetix
      • BlindSPOT
      • Burp Suite
      • Checkmarx
      • Core Impact
      • HCL AppScan
      • Invicti
      • Nessus
      • Nexpose
      • Nipper
      • Nmap (Assets)
      • Nmap Vulners NSE
      • Nodeware
      • NodeZero
      • OpenVAS
      • OWASP ZAP
      • Pentera
      • Qualys (VM Parser)
      • Qualys (Web App Scanner)
      • RapidFire
      • Scythe
      • Veracode
  • API Documentation
    • Overview
    • Concept Definitions
    • Getting Started
    • Retrieving Parameter IDs
    • Object Structures
      • Client Object
      • Report Object
      • Finding Object
      • Asset Object
      • Evidence Object
    • Use Cases
    • API Change Policy
      • API Change Log
    • Webhooks
      • Webhook Payload Structure
      • Verifying Sender Requests
Powered by GitBook

Resources

  • Privacy Policy
  • Terms of Use
  • Vulnerability Policy

© 2025 PlexTrac, Inc. All rights reserved.

On this page
  • Affected Assets Tab
  • Screenshots/Videos Tab
  • Code Samples Tab

Was this helpful?

Export as PDF
  1. PlexTrac Modules
  2. Reports
  3. Findings

Creating a Finding

PreviousFindingsNextCollaborative Editing

Last updated 5 months ago

Was this helpful?

Creating a finding within PlexTrac can be initiated either through the Clients module or the Reports module, but either approach involves selecting a report to add the findings. When created within PlexTrac, users can update using five tabs: Finding Details, Affected Assets, Screenshots/Videos, and Code Samples.

Step 1: From the Reports module, click the row of the impacted report.

Step 2: Click the Findings tab.

Step 3: Click Create Finding from the "Add Findings" pulldown menu.

Step 4: Enter a finding name and select the finding severity. Click Create.

Step 5: The edit finding page has four tabs for collecting data about a finding (further details on each tab are provided below).

  1. Title (required): All finding titles must be unique within a report. The tool will provide an error message after clicking Save if an existing title is used.

  2. Severity (required): Identifies the severity rating for the finding. The values are in ascending order: Informational, Low, Medium, High, and Critical.

  3. Priorities: Associate the finding with a priority in the Priorities module.

  4. CVE ID: Common Vulnerabilities and Exposures (CVE) identifier(s) assigned to the finding. This field requires a format of CVE prefix + Year + arbitrary digits. There is no limit to the number of random digits.

    • Example ID with four digits: CVE-2014-3127

    • Example ID with five digits: CVE-2018-54321

    • Example ID with six digits: CVE-2019-456132

  5. CWE ID: The Common Weakness Enumeration (CWE) identifier(s) assigned to the finding. This field requires a two-to-four-digit number format.

    • Example ID with two digits: 99

    • Example ID with three digits: 243

    • Example ID with four digits: 1423

  6. Tags: Stores any tags associated with a finding to help manage and retrieve the finding more easily later.

  7. Custom Fields: Click Add custom field to insert more labels and values as needed.

Step 5: Click Save.

The information entered is now displayed in the Findings Details tab and can be modified as needed. More details of a finding can be added by continuing to the other available tabs.

Affected Assets Tab

This tab displays any affected assets associated with a finding. The Affected Assets page provides more information on this topic, such as how to import or create.

Screenshots/Videos Tab

This tab stores screenshots and videos associated with a finding, as videos are not allowed in the Finding Details rich-text fields.

To add a file, drag it onto the box on the page or click to navigate to files on the computer. Repeat as needed.

Code Samples Tab

This tab stores any code samples related to a finding for future reference. Click Add Section to add additional sections. The code will be formatted when the report is published.

Score type: Identifies the score associated with a finding. This can be used to record a general score, a CVSS 2.0 score, a CVSS 3.0 score, a CVSS 4.0 score, or .

Status: Defines the (Open, Closed, or In Process). It defaults to Open.

Sub-Status: Provides further details on the status of a finding if . If no sub-status values have been configured, this field will not appear.

Assigned to: Identifies the user assigned to a finding. Only one user can be assigned, and an email will be sent once the finding is saved. The list in the pulldown menu is derived from the list of .

Description (required): An RTF field allowing content, images, links, code examples, tables, and lists to be entered as needed. This field has enabled.

Recommendations: An RTF field allowing content, images, links, code examples, tables, and lists to be entered as needed. This field has enabled.

References: An RTF field allowing content, images, links, code examples, tables, and lists to be entered as needed. It has enabled.

dynamically create a CVSS 3.1 score using the provided calculator
status of the finding
users added to a client
collaborative editing
collaborative editing
collaborative editing
set up by admin