Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
PlexTrac has region-specific deployment and maintenance windows to accommodate international growth and ensure minimal disruption to the global customer base. This approach offers several key benefits:
Targeted updates: PlexTrac can roll out updates during off-peak hours for each geographic area.
Reduced downtime: Ensures users experience system improvements outside their primary working hours.
Improved responsiveness: This allows PlexTrac to be more agile in addressing region-specific needs or issues.
Better resource allocation: Provides more targeted support and monitoring, ensuring smoother updates.
The start date for each deployment is listed in the Release Notes. The process begins in North America, followed by Australia/Eastern Asia and Europe/Western Asia the following day.
Australia/Eastern Asia
09:00 - 12:00
15:00 - 18:00
01:00 - 04:00 (SYD)
Europe/Western Asia
14:00 - 17:00
20:00 - 23:00
21:00 - 00:00 (LON)
North America
21:00 - 00:00 (following day)
03:00 - 06:00 (following day)
23:00 - 02:00 (NYC)
PlexTrac believes in maintaining transparency and open communication regarding security matters. This page is a centralized hub where details about newly discovered security flaws are published, along with their severity ratings, affected product versions, and instructions on mitigating or fixing those vulnerabilities.
PlexTrac strongly encourages all users to regularly review this page and promptly apply the recommended mitigations or updates to safeguard their systems against potential security risks.
For additional questions and comments, contact PlexTrac security at security@plextrac.com.
11/05/2024
This is not an incident notice or a breach notification. Your data remains safe, and the integrity of our platform remains intact.
Through collaboration with third-party researchers and processing responsible disclosure, the following security issues have been patched/remediated:
Within the PlexTrac application a vulnerability was identified which allowed an attacker to interact with internal application components utilizing a server-side request forgery variable.Upon discovery, the endpoint was identified as unused based on historic forensic log searching and static analysis for in-code references to the endpoint.
A vulnerability was identified within a dependency used in our runbooks module for handling the upload/import of custom runbooks. The maintainer of the package identified a potential vulnerability within their code and proactively patched it; however, static analysis and software composition analysis tools are not currently reporting or detecting the issue.
An undocumented and unpublished legacy endpoint was identified as having a local file inclusion vulnerability within the PlexTrac platform. Upon discovery, the endpoint was identified as unused based on historic forensic log searching and static analysis for in-code references to the endpoint.
An N1QL injection vulnerability was discovered within a legacy part of the application (slated for deprecation and removal). Upon initial report, the issue had already been resolved and was pending a scheduled platform release.
Within a dependency of PlexTrac's frontend, a denial of service vulnerability was identified. This allowed an attacker to craft a payload resulting in a temporary restart of the web server by oversaturating an active websocket connection.
Upon discovery, the package and its uses were evaluated, resulting in the removal of the vulnerable package and the disabling of the use of the affected websocket endpoint within the platform. No patches were available to resolve the underlying vulnerability.
An unsafe default within an open-source dependency that handles importing runbooks data into the platform was identified, allowing code execution within the legacy runbooks importer.
After concluding the initial triage, PlexTrac's team resolved the issue within the code to rely upon a safe method for handling parsing runbooks data files.
Within the PTRAC report import functionality of the PlexTrac platform, an arbitrary file write vulnerability was detected in the mechanism intended to facilitate transferring report artifacts between instances of the platform. This vulnerability is only exploitable when combined with an arbitrary directory write primitive.
After triage, the team was able to patch the issue and apply both validation/sanitization mechanisms to PTRAC files.
Within the runbooks module's attachment upload function, a directory traversal vulnerability was detected. This allowed end users to write non-arbitrary files outside their intended destination on the remote system to create arbitrary directories. These directories could then be used as part of other vulnerabilities to gain code execution.
Post triage, the team was able to patch the issue, apply both validation/sanitization mechanisms to the affected endpoints and prevent the directory traversal and arbitrary directory creation.
All findings noted above were identified and reported by the NAT Cyber Security Centre team, including:
Arnoldas Radisauskas
Selim Decamps
Ianis Bernard
To date, PlexTrac has not identified any exploitation of the items outlined within this advisory across privately hosted systems managed by PlexTrac's operations team. All items in this advisory were resolved within hours of the report, and your data/systems remain safe and secure.
9/10/2024
An information exposure issue was identified within the platform, which would allow users not granted permission VIEW CLIENT ASSETS
the ability to see information regarding affected assets within API responses.
Permission was enforced in several areas of the application. However, when viewing findings, the affected assets for that finding were inadvertently disclosed in an API response.
The issue has been patched to ensure proper asset restriction when viewing reports and findings throughout the platform.
This page provides information about the changes, updates, enhancements, fixes, and new features introduced when a new deployment is released.
This page provides information about the changes, updates, enhancements, fixes, and new features introduced when a new deployment is released. The date provided is when the started worldwide in Region 1.
11-5-24
Added a comment archive feature allowing users to view a historical list of accepted or rejected comments and associated metadata
Real-Time Collaboration enabled for findings, narratives, writeups, and the content library
10-8-24
Calendar invites from approved engagements are included as attachments in emails to the report operator
Admins can configure Plex AI access by user and client
Admins can configure report export options for users
Improved the autosave messaging across the application
Added the client name and a link to the report in the report status email template
Findings from Nessus file imports now include an exploit field
9-10-24
Improvements in performance and notifications when importing findings (Burp, Nessus, Veracode)
Support for Google OAuth email configuration (available for on-prem instances in 2.10.0)
New admin experience for managing users
AI responses now stream as generated
Fixed responsiveness issues with the export report button (ZD 7972)
Fixed 404 errors on the email templates manager page
8-13-24
UTF-8 support for the writeups CSV template (special characters are no longer stripped)
Support for drop-down custom fields in Jira integrations
Enhancements to Nessus parser import (support for larger files, new fields progress bar)
Bulk action options for severity updates added to findings tables
Auto-save functionality added to the report details page
Fixed issue of the CVE/CWE ID filter not working in the client findings tab
Fixed RBAC permission issue in which the Schedule module was appearing incorrectly after being disabled (ZD 7771)
Fixed alignment issues that existed between calendar and availability tabs for the Schedule module (ZD 7729, 7806)
Fixed issue with operators pulldown not containing values when creating a report within the client module (ZD 7657, 7769, 7780, 7803, 7908, 8136)
Fixed the issue of the start date value for a report disappearing as data was entered into the end date field
Fixed numbering format issue in report narratives shown on the report readout tab (ZD 6995)
Fixed issue in which users in the report reviewer pulldown menu did not appear if pages were refreshed (ZD 6492)
Fixed issue in which client description information was not appearing upon export (ZD 6501, 7650)
Fixed inconsistencies related to case sensitivity in the search functionality (ZD 6749, 6868, 7191, 7674, 8006)
7-16-24
Finding custom fields now available for use as a variable in an equation for contextual scoring in the Priorities module
Likelihood x Impact is now a scoring option on findings via a sliding scale
Enhancements to Burp parser imports
Provide the ability to direct users to a unique landing URL after SSO for SAML
Writeups CSV import allows duplicate writeup titles to be created upon import
Fixed issue that may occur during a Nessus file import (ZD 7613)
After an engagement is canceled in the Schedule module, associated reports are deleted (ZD 7491, 7718)
Fixed issue with Cobalt imports with the ‘declined’ field not being mapped to a severity value of ‘Informational’ (ZD 7270)
Fixed error message that occurred when exporting a report containing a procedure (ZD 7014)
Fixed an issue that occurred when exporting a report to CVS that contained multiple custom fields and CVSS scores (ZD 5568, 7646)
Fixed the issue with changing the sequence of writeups in the WriteupsDB module when editing (ZD 5590,6285,7318)
Fixed issue with code markup in rich-text fields not exporting correctly (ZD 6601,7576,7830)
Sorting of report templates within report details is now in alphabetical order to match the report creation modal
Fixed an issue in which a file imported a second time to the same report was not retaining history and comments from the first upload (ZD 7359)
6-17-24
Added notifications for the Schedule module
Added auto-format functionality within rich-text fields
Enabled the Code Samples tab for findings to be a rich-text field (ZD 6883)
Fixed the issue of execution steps within an engagement not printing from a report (ZD 6425)
Fixed issue with the finding severity order being displayed incorrectly (ZD 5704, 6254)
Fixed issue with the window size increasing after pasting a large code block into the rich-text field of a finding narrative (ZD 6038)
Fixed the issue of image IDs breaking when exporting to XML (ZD 3773, 5100)
5-21-24
CVSS 4 field added to Writeups CSV import file
Improvements to the Tenable scan date selector
Updated the Tenable Vulnerability Management integration to improve sorting data by tag
Runbooks now support OWASP test plans
Fixed the 400 error message that occurred when a user added a narrative section from a report to NarrativesDB (ZD ID6753, 6839, 7001, 7260, 7266)
Fixed a border issue occurring when exporting to a Word template (ZD ID6652)
Fixed header issue on the “edit priority page” where the client name was not being displayed properly
Fixed issue that occurred after copying a finding to WriteupsDB with a CVSS v3.1 vector containing lower-case letters
Updated Pentera file import integration to support accurate port data
Updated OpenVas file import integration to support accurate port data.
4-23-24
Updated functionality for editing and tracking changes in rich-text fields
Updated APIs to support side-drawer component
Updated contextual scoring permissions for the Priorities module to enable wider access to other users with relevant permissions
Ability to see a priority linked to an asset and edit within asset details
Ability to link a priority while creating/editing a finding
Fixed issue with audit log not searching by user name
Fixed issue with the Target Remediate Date field not appearing in a custom column in the Priorities module (ZD ID6426)
Updated notification emails with the correct Priorities documentation link
Fixed issue of an analyst being unable to update the status of a published finding until the report is published (ZD ID6100)
Fixed issue in which custom RBAC roles with the ability to edit assets could not update the status without additional unnecessary permissions (ZD ID5490, 5528, 5791, 6247)
3-25-24
Updated Mitre methodology in the default repository and Runbook test plan to include the techniques and tactics of MITRE v14.1 accompanied by procedure updates to Atomic Red Team atomics
Ability to view a finding’s details more easily via a side drawer for the Clients and Reports module (a side drawer also exists for the attack path tab and associated findings on assets)
Analyst users are now redirected back to the assessment view after an assessment is submitted
Nessus parser performance improvements that enable support for ingesting larger files
Fixed issue with the report readout card default sort order (critical now on top)
Fixed issue with date filters when formats other than MM/DD/YYYY are used (ZD ID6534)
Fixed issue of a tenant logo resizing incorrectly on some pages
Fixed issue of the client logo not displaying on the client profile page
Fixed issue with adding multiple entries of the same affected port for different services (ZD ID5135)
Fixed issue of a report not being created when an analyst user submitted an assessment (ZD ID6218)
3-6-24
New and improved Nexpose integration, including CVSS scores, new custom fields, added port data, and updated documentation of field mappings
API updates to support new Priorities module
Changes to the finding substatus field will initiate autosave
When parser actions are bypassed, the prompt in the file upload modal dynamically updates
Fixed issue of repositories built via API or CSV not displaying the number of writeups
Fixed issue of linebreaks for some text fields not being honored when exporting a CSV file (ZD ID5566)
Fixed issue of a custom RBAC role with the ability to edit assets is unable to update the asset status without additional unnecessary permissions (ZD ID5490,5528,5791,6247)
Fixed issue of ports not being saved as distinct items when adding multiple entries of the same affected port for different services (ZD ID5135)
Fixed issue that a disabled parser action did not remove the parser actions prompt from the file upload modal
1-30-24
Support for JIRA Data Center (in place of JIRA server) beginning on February 15th
Added a table column in the parser actions page of the Admin Dashboard to display “Original Severity”
Added ability for the user to bypass parser actions when importing a file into a report
Report narrative sections no longer automatically expand when the user creates a new section or starts typing in an existing section
Fixed issue of tenant logo resizing inconsistently
Fixed data discrepancy issue on the "Asset findings overview" table in the Analytics module
Fixed filtering issues occurring on the Asset tab of the Analytics module
Fixed sorting of columns issues occurring on the Asset tab of the Analytics module
Fixed filtering issues occurring on the Findings tab of the Analytics module
Fixed the issue of an empty “Findings by clients” box in the Findings tab of the Analytics module
Fixed the issue of an empty "Most critical findings" box in the Findings tab of the Analytics module
Fixed issue in “Breakdown by client” graph of Findings tab in Analytics module displaying Client ID instead of name when filtering by tags
Fixed issue of the client logo not displaying
Fixed issue of default fields being removed from tables
Fixed issue in which the user is unable to delete some comments in RTF fields
Fixed issue in which a custom RBAC role with the ability to edit assets cannot update the status without having to edit the report’s findings permission
Fixed issue with malformed tables upon report export to Word
Fixed issue of soft returns (shift+enter) not working on lists within a report export template
Fixed the issue of white labeling not working in some scenarios
1-2-24
Added affected asset port data to the CSV findings export
Added ability for user to opt out of warning modal when a findings layout is applied to a report
Findings will autosave after all required fields have been set
Added capability to customize the table columns for SLAs in the Admin Dashboard
Added field in Admin Dashboard for Cobalt URL when configuring the integration
Improvements to the Snyk integration
Improvements to how runbook procedures are ordered upon edit and creation
General platform performance improvements
Fixed issue with exported Word reports being impacted by styles even though no style guide was associated
Fixed issue of analytics not displaying filter data in the Analytics module
Fixed issue in which some users cannot copy/move writeups from their default repository to another repository
Fixed issue in which the user was unable to scroll through all findings for a report in the right column of the report Readout tab
Fixed issue in which published findings may not be visible to approved users if the report is not published
Fixed issue with the “Trend of findings opened vs. closed by month” table displayed on the Details tab for a client in the Clients module
Fixed issue with sorting of columns not working for the table on the Assets tab of the Analytics module
Fixed issue of assets not showing for selected reports in the Assets tab of the Analytics module
Fixed issue where clicking on the parent asset link in the Assets detail modal of a finding on the Findings tab of the Analytics module resulted in an error message
Fixed issue in which sort behavior changed the user navigated between pages on the Findings tab of a report when more than ten findings exist
Fixed issue with one-column tables not formatting correctly when exported
11-8-23
Added a new tab and messaging on the Dashboard for when a user has no assignments
Better handling of scoring when using the Acunetix parser
Added support of rich-text formatting to an assessment's description field
Added the ability to add captions to code blocks within a rich-text field
Improved experience when creating an asset and adding a new operating system or IP address
Improvements to Jira Server/Data Center integration
Added ability to customize the table columns on the Sections tab of NarrativesDB
Added ability to customize the table columns inside a repository of NarrativesDB
Added ability to customize the table columns on the Repositories tab of WriteupsDB
Added ability to customize the table columns on the Reports module home page
Added the ability to customize the table columns on the Assets tab of the Clients module
Made the description field of a question a rich-text field in the Assessments module
Added ability for admins to enable email notifications for finding substatus changes and when a report reviewer has been added
Deprecated endpoint Import Client Assets v1
Fixed issue of evidence sometimes not appearing for an affected asset on its details modal
Fixed issue where bulk delete of affected assets was not working
Fixed issue where bulk select of assets for a report was not matching bulk select behavior in other areas of the platform
Fixed issue where findings layout reverted to default layout instead of the custom one assigned
Fixed issue in which not all findings were displayed in the Findings overview box on the Readout tab in reports with more than 50 findings
Fixed export to Word error after importing a finding and adding an affected asset to it
Fixed format issue upon export to Word with Runbooks procedure logs
deploy to cloud-hosted instances on 10-10-23
Streamlined the process of creating a finding by putting custom fields on the Finding Details tab (Custom Field tab going away)
Improved the experience of creating a writeup to match that with the process of creating findings
Added a link within the platform to download the writeups CSV template (available by clicking the Import Writeups button)
Added ability to customize the table columns on the Affected Assets tab of a finding
Added ability to customize the table columns on the Assets tab of a report
Added messaging to alert when exporting a report if a layout template is associated so users are aware that required fields exist
Added error notification when a user attempts to update the published status of a finding that doesn't have all required fields
Fixed issue when larger images in reports with a style guide associated with them were not exporting as expected
Fixed issue with line breaks when pasting into CKEditor fields
Fixed issue with CKEditor window increasing in size when a large image is inserted and resized
Fixed issue of a blank screen after loading a finding from Acunetix and attempting to edit
deploy to cloud-hosted instances on 9-13-23
Improved report experience when selecting sections from NarrativesDB or writeups from WriteupsDB by truncating long sections of text, tables, code blocks, and hiding images
Improved Writeups CSV import to support soft returns within the file
Added additional fields Clients module home page table (Client POC Email and Description)
Added ability to configure and customize the table column experience for associated findings of an asset within the Clients module
Improved modal experience when importing a finding (no longer defaults to Nessus in the pulldown menu)
Improved usability on the Readout tab of a report by highlighting the box of the finding being viewed on the Report readout column
Users with write access to reports can delete comments created by other users
Updated BURP parser field mapping documentation
Fixed the issue of a CVSSv3.1 risk score not showing on the findings detail page
Fixed the issue that occurred when creating a custom role in the Admin Dashboard and disabling the “Ability to View the Administration Panel”
deploy to cloud-hosted instances on 8-21-23
Ability to bulk associate findings to ServiceNow (if integration is configured)
Ability to unlink a finding from ServiceNow (new option under "Actions" column (if integration is configured)
Updated references of “Tenable.io” to “Tenable Vulnerability Management”
For BURP HTML file imports, enhanced the usability of finding and viewing data by moving the HTTP request and response fields out of the findings details page (continues to be listed as evidence in the affected asset)
Better error messages to users and handling of data when importing large BURP files; now a notification is sent about the finding that did not get imported, and all other findings are loaded without impacting the entire file and instance stability
For users importing files with evidence-heavy data, significantly decreased loading time, an increase in the number of findings and assets that can be imported before performance is impacted, and improvements in any error messaging to provide helpful details to resolve any issues
Added count totals of rows in the table headers for Assessments and Runbooks modules
Added a red asterisk to the Client Name field to denote it is required
Arranged theme color options in Admin Dashboard>Theme so they are now displayed by severity impact instead of alphabetically
Added bulk actions button and options in the Assets tab for a report
Updated legacy color palette values in tooltips, icons, etc., throughout the platform for consistent user experience
Breaking change implemented for APIs using roleID variable in endpoints; legacy support will continue through 1.59
Fixed issue with erratic scrolling of page for comments left when tracking changes
Fixed issue with ServiceNow integration: now work notes, comments, and status
Fixed issue with CSV exporter that occurred in MS Word reports containing imported findings from API integrations
Added error handling to resolve asset names with over 10k characters that would previously cause a system error; names are now truncated to ensure the files load properly
Fixed the issue of the default parser action not filtering correctly
Fixed the issue of table sort order not being preserved when a questionnaire is deleted in the Assessments module
Fixed issue in parser actions in which placeholder field titles were in pulldown menus
Fixed issue in which the deduplication process for asset names was overwriting child asset names; child assets can now have the same name for different parents
Fixed issue with Help Center link in the profile pulldown menu being a different color than other items in the list; also added an icon next to the link informing users that clicking Help Center will open a new tab/window and take the user outside of the platform
Fixed the issue of a blank page appearing when clicking the Edit/Comment button on the Readout tab of a report if no narrative has been added; now, no button appears on that tab until the content has been created
Fixed issue with bulk selecting all assets in the Clients module in which some manually deselected assets were still being deleted
deploy to cloud-hosted instances on 7-18-23
Ability to manage and track changes within rich-text fields at the report level
Performance enhancements when importing findings from an integration for import into a report
Changed the term “scan output” to “evidence” throughout the platform for consistency
Improved experience when creating a writeup to better align with the process of creating a new finding
Better messaging to admins when deleting users to provide more detail, so if the action failed, admin can take action to remedy (i.e., the user is assigned a task)
Performance improvements when importing large amounts of affected assets with a finding via an integration
Improved messaging within the modal that appears when adding a writeup to a report with a findings layout assigned
Added count totals of rows in the table header for the Assessments module tab
Added count totals of rows in the table header for Admin Dashboard>Security>Authorization page
Fixed issue with Jira server (not cloud) integration not working as expected
Fixed issue with exporter failing for Parser and API integrations
Fixed issue in Edgescan integration that occurred when closed vulnerabilities for the past three years was selected in the pulldown menu during setup (the configuration would reset to default state)
deploy to cloud-hosted instances on 6-21-23
New design improving usability for admins when adding authorized users to a client
Added a total count of clients, reports, findings, and assets in the Clients module that is displayed as each tab is clicked
Overhaul of CSV export for reports that fixed known limitations and issues that occurred when exporting large data sets into cells
Bug Fixes
Fixed an issue in which a finding severity was not being adjusted from manual changes in the CVSSv3.1 calculator
Fixed an issue in which a writeup form would occasionally disappear after loading when trying to edit
Fixed an issue in which an analyst user was incorrectly able to add or remove reviewers from an assessment
deploy to cloud-hosted instances on 6-7-23
Changed bulk actions menu so actions are only visible to users with the correct permissions
Added better messaging and UX experience when integration synchronizations are taking longer than expected
Optimized affect asset retrieval for findings that had hundreds of affected assets
Bug Fixes
Fixed an issue in which available repositories were not appearing after typing into the box within WriteupsDB when trying to move or copy writeups
Fixed an issue in which assets imported from a Nmap.xml file were displaying a random “last seen” date in the Notes/Description tab for the affected asset
deploy to cloud-hosted instances on 5-30-23
Improved user experience and transparency with behavior regarding parser actions seen in Admin Dashboard>Parser Actions
Adding messaging to inform the user when an import takes longer than 100 seconds, explaining operation is taking longer than expected and to try importing later
Changed label of “Runbooks V2” to “Runbooks” (Runbooks V2 replaced legacy Runbooks module in 1.53)
Added messaging to inform users that a finding or assessment has been deleted if accessing from a notification link
New graph in the Analytics module in the Trends & SLAs tab to display the percentage of findings exceeding SLA
Bug Fixes
Fixed issue with saving when creating a new writeup and user not being directed to WriteupsDB homepage when finished
Fixed an issue in which tags for a previously created SLA were auto-populating on new SLAs
Fixed issue in which users not assigned to any clients were able to view reports
Removed the 2000 character limit for the rich-text field in the Custom Fields tab of a finding
Fixed an issue with the Tenable integration
deployed to cloud-hosted instances on 5-8-23
Added a documentation link to First CVSS at the bottom of CVSS calculator when creating a finding
Enhanced the user experience within the graph for the Trends & SLAs tab in the Analytics module
Added better visibility that an asset name is required through improved error messages and asterisk to denote it is a required field
Changes made to a finding status within the most critical findings box inside the Findings tab of the Analytics module are reflected immediately
Ability to view child assets (when applicable) from the parent affected asset
Added visible error messaging when editing the Evidence tab of an affected asset that changes were not saved when attempting to exit
The parent asset value within the table of the Assets tab of a report now links to the parent asset details page
Removed legacy Runbooks module from main menu
Fixed issue in which validation for duplicate assets was not catching an asset just created
Fixed issue during creation of a new asset that occurred with a field screen not disappearing after selecting a provided value
Fixed bug in which the number of findings listed in the Readout tab of a report was not accurately reflecting the number of findings in the report
Fixed issue of importing findings from an integration that findings created on the end date chosen in the filter was not appearing
Added logic so that after using filters in reports, leaving page, and then returning, the filter select boxes would contain previously selected values rather than be blank
Fixed issue in which findings with closed status were triggering SLA emails
deployed to cloud-hosted instances on 4-21-23
Added a field for URL available when setting up or editing an Edgescan integration
Improved refresh of data used to build graphs when loading Analytics module pages
Fixed issue with Edgescan findings import in which only one filter could be used
Fixing a bug that allowed duplicate asset names for a client
Moved tooltip about findings and assets on Dashboard module to the Finding metrics tab
Fixed issue that a report was displaying the default template instead of the properly assigned template
Fixed issue of empty asset when importing same assets to different reports within a client
Fixed issue of finding updates email notifications not sent correctly when using the status tracker/bulk update modal
deployed to cloud-hosted instances on 4-6-23
Enhanced user experience when adding findings from an integration to a report
Added ability to retain customized columns (where applicable)
Added refresh of page after using ‘search and replace’ functionality in reports to better indicate changes were implemented
Added ability to bulk paste email addresses when adding assets to a client
Improved platform performance when creating clients
Fixed data refresh issue that occurred after a bulk delete in WriteupsDB
Fixed issue in which the short codes section of Admin Dashboard was not appearing for some non-admin roles after given access via Administration Permissions in RBAC
Fixed error message that resulted after adding evidence for an affected asset and then deleting evidence before saving
Fixed bug that occurred with risk score when exporting to CVS and some finding fields were null
Fixed an issue in which the date to and date values from search filter were not filtering correctly for the Most Critical Findings box across all tenant clients
deployed to cloud-hosted instances on 3-27-23
Fixed issue that occurs when an authorized analyst attempts to update the status of the finding in a published report and receives an unauthorized error message
Icon changed in the Parent Asset box of the Create Affected Asset modal to accurately reflect that this field is a search box and not a pre-populated pulldown menu
Fixed issue of the modal not disappearing when clicking the ellipses of an asset under the “Action” column of the Assets tab in the Clients module
Fixed issue of a blank page appearing when an admin attempts to edit a template (Account Admin>Templates) of the Admin Dashboard
Fixed issue of a linked template not being used when exporting a report as assigned by admin in the Export templates tab (Account Admin>Templates) of the Admin Dashboard
Fixed issue with Tenable integration that could cause integration to fail
Fixed issue in which a parent asset was not successfully removed when deleted as parent from the child asset on the Edit Asset page
deployed to cloud-hosted instances on 3-8-23
Usability enhancements in Admin Dashboard>Templates with the addition of tool tips, easier to read tables, and updated modal designs
Platform-wide enhancements to messaging in modals for better consistency and experience
Fixed issue in which Analytics pages might crash when refreshing the page or redirecting after logging out
Fixed issue that occurs if import source is changed in the middle of the process of adding a finding via an integration
Fixed issue of an existing asset’s ports, services, and protocols being added by default when the asset is added as an affected asset to a new finding
deployed to cloud-hosted instances on 2-24-23
Ability to sort (via table column), filter, and search by a parent asset in the Affected Assets tab of a finding
Ability to view and navigate to the parent asset from the asset detail modal of an affected asset, and from the findings detail modal under Affected Assets
New button and user options for adding a new asset to a client (now have option for a bulk paste)
Added a notification banner for admins and users belonging to the default group if an error occurs that prevents a page from being saved (a link to PlexTrac support is provided in the banner)
Platform-wide updates to presentation of messages and button labels for improved consistency and usability
Enhanced authoring and viewing of narrative content sections by continuously displaying editor toolbar (previously toolbar would disappear if additional required scrolling down)
Enhanced integration experience when importing from Findings tab
Fixed issue when deleting a repository in WriteupsDB in which user had to click the same button twice to complete task
Fixed bug of asset description not being saved on creation
Fixed 400 error that occurred when adding a note to a child asset
Fixed issue in which some users were experiencing issues with logo updates
Fixed spelling errors on Edgescan field mappings page
Fixed bug in which an analyst could see draft findings on a report's Assets tab
deployed to cloud-hosted instances on 2-10-23
Enhanced modal usability for WriteupsDB
Added a “Parent Asset” column to the report asset list table
Bulk paste for affected assets now dynamically parses out asset name, parent asset name, and port to its relative columns in the table (before all information would be retained in asset name)
Updated daily Jira synchronization (if a Jira integration is set by admin to update daily) to 4:45 UTC (9:45 PM Mountain Time)
Removed “PlexTrac” as a file type to import for admins in pulldown menu when setting up parser actions to avoid confusion, as a .ptrac file is not tied to imported actions (still supported elsewhere in platform)
Fixed bug that could cause the overall CVSS score to not reflect what was calculated using First CVSS calculator
deployed to cloud-hosted instances on 1-26-23
Fixed issue of assets in a report not loading correctly on the Assets tab
Usability improvements with labeling in Dashboard
Autosave performance improvements in NarrativesDB module
Fixed issue in which a new assessment might not display a 0% completion value as was incorrectly reflecting a previously edited assessment completion percentage
Fixed issue in which large Nessus files were not loading
Fixed issue in which CVE values were not loading correctly in some imports
deployed to cloud-hosted instances on 1-17-23
Added version and fix version fields for Jira integration mapping
Ability to filter by report name when adding findings from Cobalt
Jira synchronization optimizations
Added a check to see if an asset already exists within a client, and if so, use that asset ID to reduce duplication
Created new endpoint to get findings older than 30 days that are not closed and in a published report
Added filter ability to filter by tags during import of Edgescan findings
Help Center link updated to direct users to new Zendesk solution
Fixed Jira syncing issue in which the created date from Jira was displaying incorrectly on the findings table
Fixed issues with Edgescan integration field mappings
Fixed issue when new users to tenants in which MFA is required and enabled were not required to set up MFA until second login
Fixed issue that was preventing admin user from changing password from profile screen (existing instances not affected)
Fixed issue in which instance could crash when importing a scan file and parser actions are disabled
Fixed issue in which Jira status change for a finding linked to a Jira ticket was not reflected in displayed status of finding table
deployed to cloud-hosted instances on 12-17-22
Additional Jira integration field (data type) added for mapping options
Enhanced Jira integration error messaging
Fixed issue in which all CKEditor sections on a page were being saved at same time instead of just the section being edited
Fixed issue preventing custom field on findings from being updated
Fixed issue when editing a writeup that caused a 404 error and prevented writeup from being updated
Fixed issue in which whitespace affected the parsing of parent/child assets when using bulk paste functionality to add affected assets to a finding
Fixed issue in which a page could crash in some scenarios after clicking the finding status button on the Findings tab of a report and then clicking “Add Update”
Fixed intermittent issue of image disappearing once loaded within a CKEditor field
Fixed latency when page is loading findings for a report
Fixed issue of finding titles not updating when edited on Findings tab of a report
Fixed issue for tenants that had Classification Tiers enabled; users with appropriate permissions could not modify the classification after report was created
Fixed multiple mapping issues with Edgescan integration (specifically description, recommendation, and severity mappings)
Fixed issue of title search not working for findings in Client module
Fixed issue in which a .ptrac import fails because an asset has a reference to a parent asset ID not in PlexTrac
deployed to cloud-hosted instances on 11-30-22
Added a loading indicator to provide status for users using standard (non-MFA) login
Ability to sort users by the last time log in occurred in the Admin Dashboard via “Last Login” column
Added a modal to provide users more useful and relevant messaging when an export fails
Fixed issue of tags being created after a search query
Fixed issue in which an edited finding title may continue to display in browser cache
Fixed issue with parent asset value not displaying in “Parent Asset” field when editing the child affected asset
Fixed issue in which the “Change End Date” button was appearing when finding status was open or in progress instead of only appearing when status is closed
deployed to cloud-hosted instances on 11-17-22
Ability to bulk paste assets associated with a finding
New Assigned To column displayed on the Asset Findings table for report assets
New modal and ability to select templates when creating a new findings layout in Admin Dashboard
Ability to add and sort by finding sub status on the Findings tab for a report
Added messaging to confirm successful deletion of an engagement and test plan
Updated Cobalt integration description messaging
Added validation and error message when importing findings to ensure selected file type and source match if either is changed by user
Improved browser caching to reduce data transfer for viewing assets
Fixed API issue with frontend acceptance of new password with MFA enabled
Improved handling of Boolean fields
Fixed an issue when exporting a report in Word (.docx)
deployed to cloud-hosted instances on 11-4-22
New API endpoint for retrieving all assets on a tenant (api/v2/tenant/assets)
Ability to move multiple sections from one NarrativesDB repository to another in a single action
Ability to filter reports by status on Reports module home page
Ability to do bulk edits to associated findings under an asset
Caching improvements after finding, report and client deletions
Completed assessments and closed findings removed from items count on Dashboard module
Ability to filter for findings that have no tags within the existing “Select Findings Tags” filter box that appears on the Findings tab of a report
Loading improvements for the Dashboard module
CSS improvements for text alignment on long custom answers and questions for assessments
Fixed issue with status field when importing a Nessus file
Fixed issue with ServiceNow OAuth credentials not being passed correctly when checking connection status during admin setup
Fixed issue in which SLAs enabled in Admin Dashboard were missing from the findings when a questionnaire was submitted from the Assessments module and a reported created
Fixed issue of notifications sometimes not behaving as expected in UI (bell should stay red until notification is marked as read)
Fixed issue of artifacts sometimes not uploading to answers when starting an assessment
Dynamic sizing/horizontal scrolling for recently viewed report cards on the dashboard page
Ability to select all available sections via a checkbox at top of page when adding narratives to a report
Ability to select all available findings writeups via a checkbox at top of page when adding writeups from WriteupsDB to a report
Increased field validation for illegal characters entered in CVE ID field for a finding
Added loading spinners to signify page is loading on dashboard to give users notice
Fixed bug in which multiple comments/changes in the same location could not be selected or viewed
Added confirmation modals and additional information for admins when managing users and enabling/disabling default group in the Admin Dashboard
Improved the usability of dialog box and added search capabilities when importing a PlexTrac Report (.ptrac)
Tooltip added to the tags inside repository cards for RunbooksDB module
Fixed incompatibility issues with dark mode theme on pages
Fixed issue that caused all table rows to load when clicking sync button for an integration
Improved method that CWE IDs display for values parsed from Invicti/Nodeware
Integration with Cobalt platform
Added notes to the asset GET method
Additional confirmation modals added to notify user of potential data loss when editing/updating content
Updated default theme colors
Updated logic for sorting of engagements within the Runbooks module
Ability to bulk delete affected assets for a finding in a report
Fixed formatting table issues and image support in exports to Word
Fixed error that may occur when copying a finding from a scan to WriteupsDB
WriteupsDB autosave bug fixes
Fixed finding sort issues that occurred when specific optional fields were selected
Changed default background color for dark mode from white to black/gray
Fixed issue with “Sync Now” button not showing for Tenable integration in Admin Dashboard
Added auto-save capabilities when creating and updating in WriteupsDB module
Added ability to see the allowed file types when uploading parser files
Ability to copy Content Library repositories from the card for both NarrativesDB and WriteupsDB modules
Updated Veracode export to use the new risk_score and common_identifer fields
Implement In Progress status for engagements
Caching improvements in Analytics module
Fixed issue of some selected filters not being deleted for findings in Analytics module
Fixed issue of some users with proper permissions unable to view Customizations section of Admin Dashboard
Fixed error that may occur when trying to update a new writeup immediately after creation
Fixed issue with Nessus scans with empty CVSS scores failing to import
Fixed issue with related findings not showing when importing findings into a report from a Nessus file
Misc. dark mode fixes
CKEditor update providing new functionality throughout the platform when entering content, such as indentation of lists, modification of color within code blocks, background text color options, etc.
When creating a new report, dropdown menu values are alphabetical and dynamically filtered by value typed in box by user
Added front-end validation to CVSS scoring to ensure user cannot submit a score that will fail backend validation
Added ability to add a Success Criteria step under “Execution Steps” when editing a procedure in the Runbooks module
Added CVE/CWE ID Relational Filtering to Finding and Trends/SLAs analytics pages
Ability to search the file type when importing a report
Added CVSS 3.1 to the Report Findings and Client Findings table
Narrative sections now reflect changes made from short code search/replace tasks
Removed tenant point of contact and address fields (populated from another source)
Misc. UX improvements in modals and dropdown menus
Dark Mode display enhancements
Fixed issue of CVE and CWE IDs not displaying in correct format in client findings list
General CSS enhancements to modals
Improvements with the storage of values when dynamic scoring for findings (CVSS, CVSS2, etc.) is used
UX improvements when editing email templates in Admin Dashboard
Platform-wide consistency on autosave functionality for performance and usability
Platform-wide consistency on labels and text for usability
Improved caching and performance
Fixed issue of scores for some findings being out of sync when imported
Fixed issue of CVSS score not appearing when editing a finding imported from WriteupsDB
Fixed issue of some associated assets not showing in the Analytics module Assets tab graphic and table
Updated all modals to confirm before closing work that any discard of changes by user is intentional
Ability to select all findings for mass edit and import during an integration upload
Ability to customize table columns and order on Findings tab in Reports module
Ability to customize table columns and order on Writeups tab in WriteupsDB module
Added CVE and CWE IDs to findings detail; tool will check to see if ID is valid based on CVE standards and link to documentation if valid
Added a CVSS 3.1 calculator to allow users to obtain scores within PlexTrac
Ability to select all findings for mass edit in the Report module
Added user notifications for tasks related to changing a score or using new calculator
Ability to view a finding score in the findings detail modal (between the description and recommendation)
General usability and design improvements
Fixed issue of not being able to add IPv6 address when creating a new asset
Fixed bugs when importing a file from Tenable
Improved response time when adding large amount of writeups to WriteupsDB module
Fixed issue of some filters not populating values for asset analytics
Fixed a bug where client ids were showing instead of names for preset filters
Updated user experience for importing and configuring parser actions with new descriptions, progress status, and links to documentation
Added column in Writeups tab of WriteupsDB module to track item’s parent repository
Ability to copy a writeup from one repository to another (click “Copy to” under Actions column of the writeup in WriteupsDB)
Fixed issue of HTML syntax appearing in exported reports with a finding or narrative
Fixed formatting issue of bullet lists in RTF table cell
Fixed error message that appeared when uploading a Jinja template file to create an export template
Resolved issue when importing a Nessus file
New modal design for importing parser files that includes a progression bar
Fixed issue of a .csv asset not populating fields properly when being imported
Fixed issue of default WriteupsDB Default Repository not populating correctly with new installation
Fixed “Client Users Error” 400 incorrectly appearing in some instances when navigating to Client module
Fixed bug in the applications image upload functionality that prevented users from uploading images within the runbooks edit procedure workflow
Fixed mapping issues when importing Veracode xml files
Fixed report logs error when importing a findings file
Fixed issue with save not working and incorrect permissions generated after creating a new custom role based on the Analyst role template
Fixed issue with a blank screen on Narratives tab after creating a new report using a report template that had a narratives section
Fixed issue of search not working in the “Link Writeup” pulldown menu in Admin Dashboard>Tools & Integrations>Parser Actions
Analytics module pages more printer-friendly
Performance improvements on Dashboard page load
Ability to search and filter a list of sections by tags on the Sections tab within NarrativesDB
Table presentation and caching improvements in Analytics>Trends & SLAs
SLA information presented on the finding table and finding detail sidebar
Updates to Inviciti parser integration mappings and support
Latency improvements when entering data in reports
Ability to configure date format in Personal Settings to one of the following options: YYYY-MM-DD, DD-MM-YYYY, or MM-DD-YYYY
Customizable columns for the client findings page
Improvements for admins to change settings for existing repositories within NarrativesDB and be seen immediately by users with access
Unicode copy/paste support for umlauts
Fixed 400 error when adding findings to WriteupsDB via csv upload or from a report
Fixed Date format of Start Time for Runbook Engagements
Fixed user access issue in WriteupsDB repository
Fixed issue of Assessment module not appearing in menu for some customers
Improved copy/paste formatting from external source to a report
Contains existing WriteupsDB and new NarrativesDB features
NarrativesDB allows for the organization, categorization, and management of content to be shared by multiple users and groups for producing reports
Search enhancements in Content Library
Search results for repositories and writeups refined based on text entered in search box
Capability to sort by title field in Content Library repositories
User management updates across Content Library and Runbooks
Access to content repositories is governed globally for each repository type by RBAC
The ACCESS permission enables users to see and use content within content repositories
The MANAGE permission enables users to manage settings and users of content repositories (who is allowed to view/edit a repo)
Ability for users with proper RBAC permissions to delete repositories
Ability to identify the source of a Finding via the Finding Detail modal view (includes manual imports and data from integrations)
Support of audit tracking when users are added/removed from PlexTrac
Fixed issue in which some Unicode values were not appearing correctly from source when copy/paste was used
Communicating age of data within analytics
Added manual refresh of data for analytics page
Added ability to create reviewers by state on reports
Added functionality to sort filters alphabetically
Changed account lockout behavior to be default, vs opt-in
Various fixes for log syntax
Enable account lockouts
Allow setting createdAt during finding creation
As a report creator, I can set a report state & assign reviewers
Writeups Do Not Require a Recommendation
Reorganized Admin Panel
Added CKEditor field to findings field template
Ampersands in Report Custom Fields missing in Word export
Fixed OWASP Zap Parser Descriptions and Recommendations Fields
Fixed Jinja Export Error missing type_of_piece
Fixed import Nipper XML
Fixed Hyperlink CKEditor formatting export error
Fixed front end user issue where the user appeared to be part of the default group, but was not. This disallowed ability to give authorize user for client access
Fixed intermittent Tenant Integration licensing error toast
CKEditor Code blocks - new lines are now getting created in Word export
SNOW - resolved issue with hardcoded URL suffix
Ability to add ports and services to affected assets
Added notes section to affected assets
Added evidence section to affected assets
URL/URI parsing for affected assets Update default table styling for exported Word documents
Allow use of field templates when creating Writeups in WriteupsDB
Option to auto-save work when editing narratives
Ability to set a report state and assign reviewers in report details
RBAC - separated out commenting and status changes permissions
Added ability to custom sort findings
Fixed ability to create Writeup from scratch
Fixed issue where some SNOW suffix URL’s could not be specified
Fixed caching issues when editing questionnaires
plextrac/plextracnginx:1.17.3 DIGEST: plextrac/plextracnginx@sha256:49bcd0e6d2793fa4aa06051f91c2cfaac2e60bb288e0213f1ab3c42b54ad8c62
plextrac/plextracapi:1.17.2 DIGEST: plextrac/plextracapi@sha256:00f147ca7b015497da6d78fc90ead9e0f39f4dcc290f6b02e1787e8b59fe97b3
Released tenable.io, tenable.sc integration
Enhancements to Affected Assets
Added ability to edit Affected Assets
Implemented new design for adding an Affected Asset
New evidence section URL/URI parsing Notes section
Added new RBAC permission splitting out comment vs status change in findings
Added auto-save custom fields, exhibits, code samples when editing a finding
Added ability to custom sort findings
Fixed styled text & nested HTML in image captions
Fixed Auto Numbered captions in CKEditor
Fixed scenario where missing data in a finding would result in a SDK error
Fixed MITRE and SCYTHE name consistency in Runbooks
Fixed contrast for code block text in Dark Mode
Fixed informational finding parsing in Checkmarx parser
Fixed issue where custom field search would fail on periods
plextrac/plextracnginx:1.16.10 DIGEST:sha256:c308d650fdd6ff7e7cec566b722fd19ca292ac7807ca4c8d8a42aed05c176156
plextrac/plextracapi:1.16.11 DIGEST:sha256:06eb3b62c075b2f875a05b15ba20ca978245f948182b45f3791118a20bfddfa2
Added hover to display dashboard trendline on Dashboard
Several design updates and fixes in analytics pages
New designs for edit finding page, edit narratives page
Preset Filters for analytics SAML IDP
User Provisioning
WriteupsDB Bulk Actions (Delete and TAGS)
Fixed error message when uploading license key
Affected asset scan data can now discretely reference scan evidence by affected asset
Export crashes with symbols in affected asset title
CKEditor Field Template
New Report navigation
Report Details Tab added to report navigation
CSV writeup importer updates
Filter analytics by assets
User Management Wizard for seeing what roles a user has for which clients
Role is now removed when done through User Permissions Wizard Qualys imports
Able to change affected assets status
Text Style in Tables Exports Correctly
Jira sync process now assigns valid statuses
Images can now be captions using CKEditor
OWASP ZAP Parser now parsing IP addresses to known_ips field for affected assets
Newlines are no longer removed from scanner output during export
Writeups created in WriteupsDB no longer requires references to save Report
Fixed Raw Evidence toggle switch
Ability to reference raw scan evidence as a callable field via Jinja Add hover display to dashboard trendline on security debt dashboard
Design updates for Runbooks analytics page
Use improved helping type for Asset Analytics Choose "Unspecified" option in the filter dropdown for Asset Types
Filter Open/Closed Issues on Date Range Improvements in Trend Analytics Parse port data from ZAP
Fixed OOM issue that caused API Crashes on Nessus Import with large number of scanner documents
Resolved bug where unable to change user auth after enabling two-factor authentication
Fixed problem where some users were unable to export report due to Non-Ascii characters in report
Resolved issue where adding assets with ports to a Finding crashes API
Resolved a UI bug where the details tab shows buttons in wrong places
The new Asset Analytics functionality provides you with an at-a-glance overview of every asset in your (or your clients’) company, by level of criticality, to help you better understand where you’re most vulnerable
With PlexTrac’s new integration with Tenable, you can import findings and assets tied to a Tenable tag directly into the Purple Teaming Platform
PlexTrac is also happy to announce the addition of security scanner tool parsers and imports for Horizon3 NodeZero, OWASP Zap, HCL AppScan, and Checkmarx
PlexTrac now supports IDP (Identity Provider) initiated SAML SSO
PlexTrac’s new Attack Path Visualization feature makes it as easy as drag-and-drop to create a visual representation of the tactics, techniques, and procedures (TTPs) used in a simulated attack.
Short codes are a powerful new time-saver in PlexTrac that provides a simpler way for users to search and replace text at the report or client level
Some assets are more important than others — and with our new Report Assets view, PlexTrac allows you to instantly see all the findings associated with those assets most important to you.
Additional bug fixes
Ability to collapse the left-hand panel, change the Logo, background text, and text highlight colors of the left panel. The update also includes the much-demanded Dark Mode!
When viewing Affected Assets under the preview modal, you can now Bulk Update the Status of Assets!
The Analytics module has been updated in many ways, including a new Findings by Client section, Preset Filters, and an all-new Runbooks Analytics Module which includes a MITRE type heatmap
You can now import SCYTHE Campaigns and MITRE Threat Emulations Plans as a Runbooks into PlexTrac
We have added the ability to assign procedures with a severity level while still working the Engagement
You can now copy a completed engagement and include all data. This feature can be used to pick up an accidentally closed Engagement or to add new information
You can now also view the Finding ID in the Preview modal.
Additional bug fixes
Comments: Added the ability to add comments to an ckeditor instance, beginning with report narratives.
Mitre ATT&CK v9.0 methodology added to runbooks
Backend scaffolding for audit logging (login, failed login, two-factor enable/disable, password reset/change)
Runbooks engagement procedures can now be assigned a severity level that will be used when creating a report finding
Runbook analytics can be filtered by engagement tags
Engagements which are imported and do not inherit tactics from the parent runbook can still be associated with tactics, if they are tagged
Runbook Analytics and Preset Filters are now available in production.
PTrac import bug was fixed
Newly uploaded artifacts now show a Creation Date
Date Reported on the Report Overview screen now shows in a proper format
Introduction, Methodology, and Summary Report Narratives now can be moved, deleted, and overwritten
Replaced placeholder text on the Service Now Integration screen
Removed HTML tags in .csv exports
Fixed casing for the WriteupsDB sidebar navigation
We have now added Custom Fields for both Client and Report Details! This can be incredibly useful in expanding the current functionality of Jinja Templates and reducing polish time after export.
Assessments — added a feature to require completion of specific steps in a questionnaire before submitting. This takes the form of check boxes beside the Overall Questionnaire (requiring ALL questions to be marked ‘completed’ before being able to be submitted), For Individual Questions, and for Individual answer type
Addressed issue with pasting tables into PlexTrac
FIxed Search bar for Runbooks Procedure Tags
PlexTrac has moved to a Continuous Integration/Continuous Deployment (CI/CD) development model.
You can now define tables in the Rich Text Boxes inside PlexTrac and export them to your report.
You can now add Custom Narratives from as many Report Template sources as desired.
We've added the Custom Answer Sets in the Assessments module, allowing you to define a set of custom answers into your question, instead of picking from the predefined Answer Sets
You can now copy a well-built question and duplicate it into another question in the Assessments Module.
Our Integration with Jira now supports generation of child tickets for assets.
We have added a Rich Text editor to the fields in the WriteupsDB
The addition of custom "Finding Sub-Statuses." Before this release it was possible to label findings as Open, In Progress, or Closed. Now you can define your own custom sub-statuses on the platform.
Enhancements to the Assessment module editing workflow. We've made many additions to the Assessments module recently, and now we've improved the editing process with two new features.
Sticky save bar, so the save button is always within view
Unsaved work notifications, so you know if your updated work has not been saved
The addition of preview for Tactics, Techniques, and Procedures in the Runbooks module. Now you can expand these out and view their description.
The ability to mark a run as "Completed" in Runbooks. Sometimes the Blue Team is able to thwart an attack straight away, not allowing you to complete your execution steps. Now you may mark these as completed.
Addressing an issue where the "Description" field contents were truncated when submitting an assessment
Fixed the inability to remove parent/child relationship from an asset
Fixed issue where notes entered into one question in an assessment would populate into other questions
Fixed issue where files attached to one question in an assessment would populate into other questions.
Fixed issue with certain special characters resulting in an extraneous escape character when exporting Nessus scan results
Addition of the much-requested ability to attach evidence to a question. When performing assessments there is often the need to attach supporting evidence to a specific question, and now you can do that in PlexTrac.
The ability to add custom input field in the assessments module. When administering an assessment there is often the need to include discrete information you wish to segregate from the generic.
The addition of static custom fields in the assessments module. The true value of assessments lies in the ability to pre-populate field that are "hidden" during the administration of the assessment, but pass through to findings afterwards. You may now create custom fields when entering a question natively instead of through the WriteupsDB.
We have also included the addition of a scroll feature on the questions list when editing a questionnaire. You may now keep the editing field in your field of view when sifting through the question list.
Fixing issue where some users experienced significant lag when typing in a search field.
Fixing issue where in-line images in Custom Narratives would drop from the editor field after saving and/or not be included in the exported report.
Fixing issue where capitalized characters in an image file extension would result in corruption of the finding.
Fixed several bugs relating to sorting of findings within a report.
The ability to import and export Assessments as ISON files. This has many use cases, including the sharing of standardized question sets for both popular and highly specific assessment frameworks.
Additionally, the feature enables users to have File-based archiving of important Assessments to ensure rapid restoration in the event of Interruption and availability.
Lastly, this feature helps with versioning / tailoring of question sets.
This update brings a re-design of the UI in the Edit Finding page that is easier on the eyes.
Fixed issue where sort-by-severity was not working when viewing findings in a report
Fixed issue where inclusion of capital characters in an image extension prevented the upload of images to the Findings Screenshots section
Fixed issue where some users experienced significant lag when entering characters when performing a search bar search
Fixed issue preventing the importation of assets from an Nmap XML discovery scan into Client Assets
The addition of Filters in Client Assets. We are pleased to announce this much-asked-for addition to the Client Assets page. Simply begin typing a portion of the asset you are looking for, and the list is narrowed to those assets which include your search string.
The addition of the ability to filter by tags in Reports. Tags are an amazing way of organizing and sorting your data in Analytics and in your document exports. We are pleased to now provide the ability to sort on your findings by tags.
Fixed an issue where in certain cases, creation of a parent/child relationship between assets could result in corruption of the asset data structure.
Fixed several issues related to the use of the mailer module with email servers that only support SSL or which do not allow credentialed authentication.
Fixed issue preventing non-global administrators from disabling users
Fixed issue preventing exporting of scan data from Burp and Accunetix for those clients who have enabled scan data export in their config.txt file.
Fixed UI issue where the last tags added when using bulk actions were retained in the UI for subsequent actions.
The addition of "Trend Analytics" One of the most powerful new graphics is also one of the simplest – “Trend of Issues Opened vs Closed”. By simply looking at the relative position of the two lines, you can determine whether you are adding or removing security debt.
We are also excited to introduce an entirely new graphic – “Average Time from Creation to Closed.” This chart shows both the total historical and monthly trends for the amount of time taken to remediate findings based on severity.
A redesigned of the "Administration Panel". Over the last year we have added a lot of new features for tenancy administration, and the vertical listing of these had grown quite lengthy. Features are now logically grouped, and once selected the dashboard is minimized to provide maximum workspace.
The “Users” administration panel has received a facelift, providing much larger and easy-to-read displays of user settings.
Issue that prevented some users from creating Jira tickets resolved.
Tags that are included for findings are now retained when those findings are exported and re-imported from a .ptrac file.
Users who navigate to a link to a specific page in PlexTrac are now directed to that page immediately after login.
An analytics revamp! In our first iteration of the Analytics revamp we have focused on providing enhanced flexibility for filtering along with better graphics to help your team track an analyze your engagements. These include both enhanced filtering and updating graphics, with many more features coming in the near future!
The addition of the ability to apply bulk tagging for findings in a report. Our last update included the ability to apply bulk tags at the time of import, and this update now allows bulk tagging for the findings already in the report.
You now have the ability to completely customize the email notifications within PlexTrac to match your branding. You may now customize the "From name", "From address", "Email subject", and "Email body".
We have built out the CMMC function and it is now available in the platform for every customer. This addition also includes the references and authoritative guidance from appendix B of the CMMC, giving you all the information at your fingertips.
We have leveraged our tags around CMMC to make analyzing the results very easy right out of the box.
The introduction of the "Draft/Published" flag, which provides you the ability to control which findings are reports are visible to users assigned the Analyst role. This feature is optional. Unless you enable this feature, Analysts will continue to have access to all findings in all reports for any clients they have been authorized to view.
The ability to change the date reported on findings. This ensures accurate tracking and analytics on historical data brought into PlexTrac. To update the created date on a finding, navigate to a report and use the bulk selection tools to “Change Reported Date”
PlexTrac now allows the use of any SAML Identity Provider to log into the application. Multiple providers can be configured for each tenant and are managed on a per user basis.
Enhanced user experience when enabling or resetting the multi-factor authentication token. This new functionality prevents a user from locking themselves out without capturing the QR code.
Added support for Okta, Google, and Azure AD Authentication - support for all the leading single-sign on methods.
The ability to apply tags in bulk to both findings and associated assets when importing scanner results into your PlexTrac reports.
An overall revamp of the analyst experience. Those assigned with the analyst role have a simplified interface that eliminates UI hooks.
The addition of Jinja2 hook for expanded asset data. PlexTrac's asset section provides users with a consolidated view of all vulnerabilities from all reports for any given asset. But we're also a powerful asset management tool, providing a way to organize important metadata such as asset criticality, owner, data owner, and physical location. All of this information can now be referenced in your custom templates.
A brand new user interface for building assessments. This interface includes pagination and a widget to allow rapid navigation through long questionnaires. And of course, it's styled with purple throughout!
Administrators now have the ability to permanently delete users from their tenancy.
The multi-factor authentication feature now has an autofocus to ease entry of the 6-digit code.
Tags can now be added when building questions for an Assessment, which will pass through to the associated findings after submission.
Our latest release begins the rollout of our new skin, incorporating modern UI design and demonstrating our love for all things purple!
The UI when taking an assessment has been streamlined, incorporating both pagination and collapsible questions
Ability to view (and even resubmit) previously submitted questionnaires
We have now added the ability to parse Core Impact exports! With their recent acquisition of Cobalt Strike, Core Security continues to advance their capabilities and we are excited to offer this new integration
Nmap is the standard for a lightweight discovery tool, and PlexTrac now supports import of and display of open ports and services. Because Nmap doesn’t produce true findings, we took a different approach than with our other parsers. In the Assets view for a Client, there is a new “Import Assets” button. Using this enables you to import your .nmap file. All assets present in the file are added to the Client’s asset list. Open one of these assets, and navigate to the Notes/Description tab to view the data
Dramatic performance improvements when performing bulk deletion of findings, when deleting a report and when deleting a client
Additional supported file types in the Artifacts file manager
Modification of the CMMC framework in the Assessments Module to reflect the addition of Maturity Level
Prevention of overwriting the initial Date Reported when importing subsequent scan data that has identical findings.
Greetings! This page guides the effective and efficient use of the PlexTrac Documentation website, including navigation, exporting content, leaving feedback, and using search.
The main navigation menu is on the left sidebar, and it features links to various sections and pages of the website. These links act as gateways to specific areas, allowing you to find the information you need quickly. To navigate to the desired section, simply click on the corresponding link.
This site contains four main sections:
🟣 Product Documentation: This includes the home page and general information about PlexTrac that applies to all users, along with the following helpful resources: a quick start guide for new users, a page highlighting new end-user features, and release notes.
🟣 PlexTrac Modules: This includes all the modules in the platform, including those licensed.
🟣 Tenant Management: This guide is for administrators and covers various PlexTrac topics. It includes information on the admin dashboard, authentication configuration, integrations, third-party file imports, supported operating systems and browsers.
🟣 API Documentation: This section provides a comprehensive guide on how to use our API. It includes a "Getting Started" guide, a list of object structures and their attributes, and practical use cases. The documentation also outlines the API Change policy and logs the changes to ensure transparency and inform users of any updates or changes.
This website provides multiple search options: keyword search, phrases in the form of a question, or selecting a query provided in the pulldown list.
To initiate a search query, click the "Search" box at the top right corner of the page or use the keyboard shortcut Ctrl-k
.
Users who type in the search bar will see dynamic search results. The search results will display relevant pages on the site for preview and context, which can be clicked to visit.
Clicking a question provides answers in the search box with relevant information and sourcing listed at the bottom.
Export to PDF is a function that downloads a digital file of a page or pages in PDF format that can be viewed, printed, and shared offline. To export a page, click Export as PDF, which can be found at the end of the page headings at the top right.
A preview page that can be printed or saved as a PDF appears.
Each page has a timestamp of when it was last updated.
Each page allows reader feedback on the helpfulness of the content (not a rating of the product functionality discussed on the page). Provide feedback by clicking one of the three options.
PlexTrac offers easy access to detailed client information. By clicking on a client's row from the Clients module home page, the user is directed to the Client Summary page, which includes tabs for Reports, Findings, Assets, Details, Statistics, and Priorities.
These tabs offer insights into the client's reports, findings, asset inventory, client-specific details, and finding metrics. PlexTrac ensures a cohesive and organized approach to client management by centralizing all client data in one place.
This tab lists all the reports associated with a client. It can also be reached by clicking Reports under the "Actions" column from the Client home page.
This tab displays the report title, status, classification, creation date, and finding count. It allows direct access to the Report Readout page and associated findings. Click one of the rows for more information about a specific report.
When editing multiple reports, PlexTrac offers bulk action capabilities. Bulk actions provide several advantages, including time-saving and increased efficiency by processing numerous items simultaneously.
Click Actions to see the list of options for reports.
The table view can be customized by clicking the column view icon to the right of the search bar.
Once clicked, a modal appears that lists all fields. To remove a column, click X within the bar.
Fields that are required do not have an X available.
When fields are removed, an "Add Column" pulldown menu is added at the bottom left of the modal to store the field. Any removed fields can be added later by clicking Add Column and selecting the field to add.
This modal represents the sequence of fields provided in the table, meaning the bar on top will be the column on the table's far left.
The order of columns can be adjusted within this modal by clicking the six dots on the left of the bar for a field and dragging the bar to the desired sequence place.
Click Save when finished.
This tab lists all the findings associated with a client via a report.
Clicking a finding row pulls up a side-drawer and the findings detail view. From this view, a finding status can be edited by clicking the status value, and affected assets can be viewed and accessed directly for editing.
If a client has multiple reports with the same finding, the highest severity value among all occurrences will be displayed at the client level. However, at the report level, the finding will only have the severity value assigned for that specific report.
Bulk action options appear after one or more findings are selected by clicking the checkbox to the far left of the Finding Title field or by clicking the box next to the column header.
Click Actions to see the list of options available.
The table view can be customized by clicking the column view icon to the right of the search bar.
Once clicked, a modal appears that lists all fields. To remove a column, click X within the bar.
Fields that are required do not have an X available.
When fields are removed, an "Add Column" pulldown menu is added at the bottom left of the modal to store the field. Any removed fields can be added later by clicking Add Column and selecting the field to add.
This modal represents the sequence of fields provided in the table, meaning the bar on top will be the column on the table's far left.
The order of columns can be adjusted within this modal by clicking the six dots on the left of the bar for a field and dragging the bar to the desired sequence place.
Click Save when finished.
This tab lists all the assets associated with a client and the ability to view the asset, edit the asset properties, add any notes, or delete the asset.
Bulk action options appear after selecting one or more assets by clicking the checkbox to the far left of the Assets field or by clicking the box next to the column header.
Click Actions to see the list of options available.
The table view can be customized by clicking the column view icon to the right of the search bar.
Once clicked, a modal appears that lists all fields. To remove a column, click X within the bar.
Fields that are required do not have an X available.
When fields are removed, an "Add Column" pulldown menu is added at the bottom left of the modal to store the field. Any removed fields can be added later by clicking Add Column and selecting the field to add.
This modal represents the sequence of fields provided in the table, meaning the bar on top will be the column on the table's far left.
The order of columns can be adjusted within this modal by clicking the six dots on the left of the bar for a field and dragging the bar to the desired sequence place.
Click Save when finished.
This tab provides an overview of the client for all published reports. The primary purpose of this overview is to provide a snapshot of the client's security posture and the progress made in addressing the identified issues. It is a centralized dashboard where users can quickly assess the client's status at a glance, enabling efficient monitoring and decision-making.
In addition to the status overview, this tab also provides various functionalities and options to manage the client's information and related activities.
This tab offers a snapshot of a client's findings based on severity and status for all published reports.
By organizing findings by severity and status, users can quickly identify the number of open or unresolved findings that require attention and follow-up actions.
It can be determined whether a priority applies to all clients or a specific one based on the "Client" column value. If a priority applies to all clients, an "All clients" value is displayed. If it is client-specific, the client's name will appear instead.
The priority can be accessed directly by clicking on its title or row.
Bulk action options appear after one or more priorities are selected by clicking the checkbox to the far left of the Priority field or by clicking the box next to the column header.
Once available, click on Actions to see the list of options.
The table view can be customized by clicking the column view icon to the right of the search bar.
Once clicked, a modal appears that lists all fields. To remove a column, click X within the bar.
Fields that are required do not have an X available.
When fields are removed, an "Add Column" pulldown menu is added at the bottom left of the modal to store the field. Any removed fields can be added later by clicking Add Column and selecting the field to add.
This modal also represents the sequence of fields provided in the table, meaning the bar on top will be the column on the table's far left.
The order of columns can be adjusted within this modal by clicking the six dots on the left of the bar for a field and dragging the bar to the desired sequence place.
Click Save when finished.
Added ability to create contextual equations to
Introduced to receive real-time, event-driven communication for specific events (cloud only)
Added import support for ’s DAST and SCA files
New process for customizing the login page logo (now uses the same process as in-app logo and icon management in the )
PlexTrac is updating its Jira integration to support multiple client-based integrations. This update has implications for those using the API in an unsupported workflow to add Jira ticket links to PlexTrac findings. to learn more.
New (available for on-prem instances in 2.10.0)
that allowed unauthorized users to view client asset details in API responses when accessing findings
New table experience for in the Admin Dashboard, along with a side drawer for additional options without leaving the page
New experience for admins when that provides more configuration and options on one page
OWASP parser improvements with a
Known Hostname and Detailed Results fields added to asset evidence in Nexpose integration ()
added for the Priorities module
New that allows users to create and manage engagements
Implementation of that can generate findings descriptions and remediation steps
Introduced licensed users and permissions, which impacts and
Added support within the application to configure (integration support with third-party tools coming later)
Updated
Updated
Updated
Created field mappings page for importing assets into the Clients module
Ability to have in rich-text fields that have auto-save enabled (this will be released in phases, with cloud-hosted customers gaining access by May 1 and on-prem customers gaining access beginning May 2)
Enhanced and options and documentation for field mappings (PlexTrac is now an approved Tenable Technology Partner)
Ability for administrators to view tenant activity via the button in the Admin Dashboard
New with custom equations launched
Updated
Added the ability for admins to configure and customize the experience of creating a finding via (Admin Dashboard>Layouts)
Added Proof of Concept field in
Added ability to create and customize for exported reports to Word (.doc) using a Jinja template
Uploaded a new version of the in the documentation
with a new product (Snyk Code) plus and deduplication logic for all Snyk products
Fixed issue with in which some fields were not importing
Unified the asset import experience within and , including file type verification, better styling, and improved notifications
of the Finding Detail modal to allow users quick access to the details of an asset without having to redirect to the client asset page
Ability to for a finding
Ability to by tag(s)
Ability to that do not have an assigned tag
Added a tally of report findings to the header of the table on the of a report
Enhanced capabilities
and available to those currently licensed for Runbooks and cloud-hosted
, enter finding information offline, and import into PlexTrac
under “Customizations” for managing findings templates
integration
under “Tenant Settings/Short Codes” for visibility with a link to the online product documentation
that lists all user assignments and recently viewed reports in additional to findings data and information
to manage third-party integrations; all integrations with PlexTrac are now managed under the “Integrations” button in Admin Dashboard under "Tools & Integrations"
New user experience for (Profile/Personal Settings)
New
for admins (OpenID Connect)
Added ability to in the Analytics module
New container in main menu
New feature
Visit the of this site for documentation on creating, editing, importing, and exporting reports.
Visit the of this site for documentation on creating, editing, and importing findings.
for more information on adding an asset to a report.
If relevant, banner messaging for user license status appears in the "User Access" section on the Details tab. Visit the for more information on licensing users.
This tab provides a summary of all priorities associated with the client. The list displayed is based on whether the .
To ensure the best experience when using PlexTrac, the following recommendations for applications and utilities are provided below. These recommendations maximize the functionality and efficiency of PlexTrac's capabilities.
PlexTrac does not support iOS and Android operating systems.
Using an updated browser ensures access to the full range of features available. Other browsers or older versions of supported browsers are not guaranteed to keep all features.
The Dashboard is a centralized hub offering a single location for users to view relevant information. Users access by clicking Dashboard in the application's main menu.
The Dashboard provides information regarding reports, assets, and findings based on a user's role, permission settings, and access to published reports.
Information can be filtered by selecting the client from the pulldown menu.
Clicking data points within the graphs and charts will open a side drawer with further information about the findings and assets referenced in the data.
This page displays assignments as users receive them and a list of recently accessed reports.
The My Work page is accessed by clicking the icon found at the top right of the page.
Once a report is viewed, a box will appear at the top of the page. This box displays the report's title, status, client, and the number of findings and assets. The report can be accessed by clicking the box.
Assignments are grouped by type.
My findings
My reports
My assessments
My priorities
Assignments result from associations made from multiple areas of PlexTrac, such as being identified as a report operator, an assignee of a finding, or a reviewer of an assessment.
Click a tab for more information about each topic assignment, including the assigned role for the report or assessment.
The columns displayed in the table view of each assignment tab can be added or removed by clicking the column icon on the right of the page.
Once clicked, a modal appears that lists all fields that exist for that box.
To remove a column, click X within the bar.
Fields that are required and cannot be eliminated do not have an X available.
When fields are removed, an "Add Column" pulldown menu is added at the bottom left of the modal to store the field. Any removed fields can be added later by clicking Add Column and selecting the field to add.
This modal represents the sequence of fields provided in the table, meaning the bar on top will be the column that appears on the far left of the relevant box.
The order of columns can be adjusted within this modal by clicking the six dots on the left of the bar for a field and dragging the bar to the desired sequence place.
Each topic has its list of fields and must be customized separately.
Messages received within PlexTrac are stored on the Notifications page.
This page is accessed by clicking the bell icon at the top of any PlexTrac page next to the user name and then clicking View All.
When new notifications exist, the bell will have a red outline.
Clicking a new notification directly will send the user to the page that prompted it, and the notification will be set to the "Read" status.
Assets within PlexTrac are stored outside of reports at the client level within the platform. An asset can exist as a standalone file in the Clients module or associated with a finding, referred to as an affected asset.
Organizations can efficiently manage and track their cybersecurity resources by utilizing PlexTrac to organize and store assets. This centralized approach ensures that important files and information are readily accessible when necessary, facilitating collaboration, efficient vulnerability management, and streamlined remediation efforts.
Step 1: From the Clients module home page, click the row of the client or View under the "Actions" column.
Step 2: Click the Assets tab.
Step 3: Click the Add asset(s) pulldown menu and select Create asset.
Step 4: The "New Asset" modal appears. Enter the desired information into the appropriate fields.
Asset Name is the only required field.
Step 5: Click Save at the bottom of the modal.
The asset now appears in the Assets tab.
Step 1: From the Clients module home page, click the row of the client or View under the "Actions" column.
Step 2: Click the Assets tab.
Step 3: Click Add Asset(s), then select Bulk paste assets from the pulldown menu.
Step 4: Paste asset information into the provided box as a return- or comma-separated list.
PlexTrac will parse the assets and add them to the finding. URLs with paths (i.e., www.plextrac.com/test/) will be separated into parent and child assets.
Step 5: Click Next.
Step 6: PlexTrac will search for assets in the bulk paste that match existing assets and identify them separately from new assets on the Review tab. This provides the option to deselect any assets before import.
Step 7: Click Next.
Step 8: Add any tags (optional). Click Add X assets.
A message confirming import and assets are viewable from the Assets tab will appear.
PlexTrac supports asset imports using an NMAP file or a CSV template:
NMAP files: Network Mapper is a free, open-source network discovery and security auditing utility. More information on NMAP can be found on PlexTrac's Integrations section of this site.
CSV: PlexTrac provides a template for uploading assets to a client. Click the file below to download the template:
The template is prepopulated with all permitted fields and sample values.
Do not add additional columns, or some data may not be imported.
name
Asset Name
temp-asset-1
ip addresses
IP address of the asset
10.0.0.10
criticality
Importance level of the asset
High
data owner
Person responsible for the data
Jane Pentester
physical location
Geographic location of the asset
Boise
system owner
Person responsible for the system
John
ports
Open/closed ports and associated services
22/open/tcp//ssh//OpenSSH 4.3 (protocol 2.0)/
Each port can have up to eight values, separated by a slash. See the Ports section below after the table for more information.
tags
Categorization tags
Karbo
description
Brief description of the asset
csv-desc1
parent
Hierarchical relationship
Child 1
type
Asset type
Workstation
The value for this field must be one of the following: Workstation
, Server
, Network Device
, Application
, or General
. If another value is used, it will be ignored, and the Asset Type value will display in PlexTrac as "Not Set."
This field is not case-sensitive.
host fqdn
Fully Qualified Domain Name
hostname
Name of the host
temp-asset-1
host rdns
Reverse DNS lookup
4.3.2.1.in-addr.arpa
dns name
DNS name associated with the asset
192.0.2.44
mac address
Media Access Control address
00-B0-D0-63-C2-26
netbios name
NetBIOS name of the asset
temp-asset-1
total cves
Total number of Common Vulnerabilities and Exposures
8
pci status
Payment Card Industry compliance status
Fail
The value for this field must be blank, Pass
or Fail
. If another value is used, it will be ignored, and the Asset Type value will display in PlexTrac as "Not Set."
This field is not case-sensitive.
operating system
OS running on the asset
Windows 11
Column G ingests port information. Once imported, this information is found in the asset's Notes/Description tab.
Multiple values for the ports cell are separated by commas, such as:
22/open/tcp//ssh//OpenSSH 4.3 (protocol 2.0)/, 25/open/tcp//smtp///, 53/closed/tcp//domain///, 70/open/tcp//gopher///, 80/open/tcp//http//Apache http 2.2.3 ((CentOS))/, 113/open/tcp//auth///, 31337/open/tcp//Elite///
Each port can have up to eight values, separated by a slash. This means there must be seven slash characters (/) for each port ingested, even if no data exists within the slashes. If the correct number of slashes is not used, an import error will appear, and the file will not be accepted.
Examples of valid data values for the ports field:
80///////
80/open//////
80/open/tcp/////
80/closed/tcp/auth////
80/open/tcp/auth/ssh///
80/open/tcp/auth/ssh/test 6//
80/open/tcp/auth/ssh/test 6/Apache http 2.2.3 (CentOS)/
The first value captures the port number. The second value captures the port status (any ports with a status of Closed
will not be imported). The third value captures the protocol. The fifth value captures the service, and the seventh value captures the version.
If the port has a defined closed status, the cell is left blank entirely (the field is optional), or just one value is entered (such as 15.22.161.22
), then it is not necessary to include all seven slashes.
Step 1: From the Clients module home page, click the report row or View under the "Actions" column.
Step 2: Click the Assets tab.
Step 3: Click Import assets.
Step 4: Drag a file into the modal or click the box to navigate to the file on the computer.
Step 5: Click Import.
A message will appear confirming import.
The new assets are displayed on the Assets tab. Click View of the imported asset to see imported values.
To view imported port information, click Notes/Descriptions.
In the Clients module, users can group and categorize data as needed. This helps manage confidentiality, integrity, and availability effectively while enhancing collaboration and catering to individual client needs.
Users access the module by clicking Clients in the application's main menu.
PlexTrac defines a client as a logical grouping utilized to segregate data. The term holds various meanings within different organizations, depending on the context in which it is used.
In the case of teams external to the consulting organization, the term "client" typically refers to those individuals or entities who utilize their services. These clients may include businesses, government agencies, or other organizations that engage the consulting team to assess their cybersecurity posture, conduct vulnerability assessments, or provide related services. For these external teams, the client represents the entity they work for and to whom they deliver their expertise.
For teams operating within the boundaries of an organization or company, a client could refer to a specific project, a business unit, a regional office, or a program within the organization. The purpose of defining a client in this manner is to facilitate the segregation of data, findings, reports, and assets, ensuring that information is appropriately isolated within the relevant groupings.
By organizing data according to different clients, teams can effectively manage and maintain confidentiality, integrity, and availability of information. This approach allows for more collaboration and reporting within specific client-based units, preventing data overlap and ensuring that each client's unique requirements and concerns are adequately addressed.
The Clients module home page displays all clients in a tenancy and provides access to the following:
Adding a new client: Clicking the New Client button launches a modal to enter information for a new client.
A count of how many clients exist for the tenancy.
Customizing the table view: Clicking the icon allows the configuration of the columns on this page.
Viewing a client dashboard: Clicking View under the "Actions" column goes directly to the Details tab of the Client Summary page.
Viewing all reports associated with a client: Clicking Reports under the "Actions" tab goes directly to the Reports tab of the Client Summary page.
Viewing all assets associated with a client: Clicking View Assets under the "Actions" tab goes directly to the Assets tab of the Client Summary page.
Deleting a client: Clicking View Assets under the "Actions" tab goes directly to the Assets tab of the Client Summary page.
The table view on the Clients home page can be customized by clicking the column view icon to the right of the search bar.
Once clicked, a modal appears that lists all fields.
To remove a column, click X within the bar.
Fields that are required and cannot be eliminated do not have an X available.
When fields are removed, an "Add Column" pulldown menu is added at the bottom left of the modal to store the field. Any removed fields can be added later by clicking Add Column and selecting the field to add.
This modal also represents the sequence of fields provided in the table, meaning the bar on top will be the column that appears on the far left of the relevant box.
The order of columns can be adjusted within this modal by clicking the six dots on the left of the bar for a field and dragging the bar to the desired sequence place.
Click Save when finished.
PlexTrac offers role-based access controls (RBAC) at the client level. RBAC allows teams to efficiently manage user privileges and permissions based on specific client requirements, enabling effective collaboration and task accomplishment.
Within PlexTrac, three default levels of access exist that can be assigned to users based on their responsibilities:
Administrator: An Administrator has the highest access level within PlexTrac. They possess extensive privileges and can perform various tasks, including creating reports, adding findings, tracking status, managing users, configuring settings, and accessing all areas of the platform related to the client.
Standard User: A Standard User plays a crucial role in managing and documenting activities for a client. They can create reports, add findings, and track the status of ongoing projects. This level of access allows Standard Users to contribute actively, collaborate with other team members, and provide valuable insights throughout the process.
Analyst: An Analyst is a user with a more limited role. Their primary responsibility is to track and update the status of identified vulnerabilities. While they may not have the authority to create reports or add findings, their role is essential in ensuring the accurate documentation and timely resolution of identified issues. Analysts can provide real-time updates on the progress of vulnerability mitigation efforts, making it easier for the broader team to stay informed and take necessary actions.
These default access levels ensure each team member has the appropriate privileges and responsibilities aligned with their role and contribution to the client's initiatives. By assigning specific access levels, teams can streamline workflows, maintain data integrity, and improve overall efficiency in managing and securing client environments.
The RBAC page provides more information on default roles, permissions throughout the platform, and user licensing.
When adding a user to a role that is licensed, an icon will appear at the end of the role title, regardless of the number of licenses available.
Any messaging regarding user licenses will appear as a banner on the "Authorize Client Users" modal.
Visit the RBAC page for information on the various messaging related to licensed users and their relationship to permissions.
Step 1: From the Clients module home page, click View under the "Actions" menu for the impacted client.
Step 2: Scroll to the User Access section and click Add/Authorize User.
Step 3: Select the user to add from the "User" field pulldown menu.
Only existing users in the tenancy who are not authorized for the client appear in the pulldown menu.
After adding a user, the "Role" and "Classification" fields will be automatically filled in but can be changed.
Step 4: Click Add User to add additional users (if applicable). Click Save when finished.
Step 1: From the Clients module home page, click View under the "Actions" menu for the impacted client.
Step 2: Scroll down to the "User Access" section and click Revoke under the "Actions" column in the user's row to remove access permissions.
Step 3: A dialog box will appear confirming the action. Click Revoke.
Step 1: From the Clients module home page, click View under the "Actions" menu for the impacted client.
Step 2: Under the "User Access" section, select the new role from the pulldown menu in the "Role" column for the user.
The change is immediate. A dialog box will appear at the bottom left of the screen confirming the change.
Step 1: From the Clients module home page, click View under the "Actions" menu for the impacted client.
Step 2: Scroll down to the "User Access" section and click the pulldown menu under the "Classification Level" column of the user impacted.
Step 3: Select the new classification level.
The change is immediate. A dialog box confirming the change will appear at the bottom left of the screen.
Once clients have been added, PlexTrac offers a range of features that facilitate editing and managing information, including contact details, custom fields, logos, and additional notes and details. With just a few clicks, users can ensure client information remains accurate and relevant.
Step 1: From the Clients module home page, click View under the "Actions" menu for the impacted client to reach the Details tab.
Step 2: Click the Details tab.
Step 3: Click Edit Client Information.
Step 4: The "Edit Client Information" modal appears and can be modified as desired. Click Submit when finished.
Step 1: From the Clients module home page, click the three dots under the "Actions" column corresponding to the client and click Delete Client.
A modal will appear, confirming the action. Click Delete.
The "Create New Client" modal allows users to input essential information, such as the client's name, logo, point of contact, client notes, tags, and custom fields.
Users can create a comprehensive profile for each client, enabling efficient data collection, organization, and management within PlexTrac.
Step 1: From the Clients module home page, click New Client.
Step 2: A modal appears with the following fields:
Client Logo: To visually represent the client, drag an image or click the designated box to navigate to a picture on the computer.
Client Name (required): Enter the client or project name that will identify this data collection throughout PlexTrac.
Point of Contact: Enter the resource's name to contact about the data collection.
Point of Contact Email: Enter the resource's email address. If the email of a current PlexTrac user is entered, this person is added as a client user with the analyst role. If the person creating the client adds themselves as the point of contact, their default tenancy role is assigned (i.e., admin). All roles can be adjusted.
Client Description/Details: Enter any pertinent information to help provide users context.
Tags: Enter any tags associated with the client (new or existing). Any special characters will be removed, and any spaces will be replaced with an underscore (_).
Add Custom Field: Enter additional fields and values needed to enhance the client's management.
Step 3: Click Submit.
The new client now appears on the Clients module home page.
Users who do not have permission to approve an engagement can still request one.
Step 1: From the Calendar tab of the Schedule module, click Request engagement.
Step 2: Enter the engagement details in the provided side drawer. Click Continue.
Step 3: Add any relevant files for context. Click Submit.
A dialog box will appear explaining the next steps. Click Ok.
The engagement is now listed as pending on the Calendar and List tabs.
From the Schedule home page, users can view and access engagements for clients they have access to. The view defaults to a calendar. Additional tabs include a list of all engagements and resource availability (depending on permissions).
This tab lists all client engagements a user can access, depending on the filtered view chosen (All, Pending, Schedule, In progress, In review, and Complete). The engagements are color-coded to identify their status quickly.
This tab displays a list view of all client engagements a user can access, depending on the filtered view chosen (All, Pending, Schedule, In progress, In review, and Complete). Engagements can be viewed or edited from this tab by clicking the task under the "Actions" column of the engagement.
This tab displays a list view of all users in the tenancy who have permission to view and edit reports.
What permissions have been assigned to the user dictate the user experience (what tabs can be viewed and what tasks can be completed) in the Schedule module. In addition, users will only see engagements associated with clients they can access.
This module's permissions list can be viewed and customized for enabled roles on the Role-Based Access page of the Admin Dashboard under "Engagement Scheduler Permissions."
Users with permission to approve an engagement will have a "New engagement" button available in the Schedule module.
Step 1: Click New engagement from the Calendar tab of the Schedule module.
Step 2: Enter information about the engagement. Required fields are identified with a red asterisk. Click Continue.
Step 3: Add any relevant files for context. Click Continue.
Step 4: Enter report details. Click Continue.
Step 5: Select the dates to begin and end work on the engagement by inserting the cursor into the "Engagement dates" box and clicking the desired dates.
Step 6: Assign resources to work on the engagement by clicking the checkbox next to the desired resource under the "Operators" column. After selecting an operator, the engagement will appear next to that resource. Any existing resources that the operator is working on will also be displayed. Click Save.
Report operators will receive an email with an attached .ics file. Most calendar applications, such as Microsoft Outlook, Google Calendar, and Apple Calendar, support ICS files.
The engagement now appears on the Calendar and List tabs for viewing and modification.
Short codes are small snippets that perform search and replace operations throughout the platform. They are designed to streamline the creation of reports and promote data reuse, saving time and ensuring consistency across reports. Short codes can be utilized within report narratives and findings rich-text fields to automate specific tasks and provide standardized content.
Creating reports can be simplified using short codes by eliminating the need to modify repetitive or common content sections manually. Users can define code snippets once and reuse them across multiple reports with short codes. This saves time and ensures consistency by applying the same language, formatting, or information throughout different reports.
Administrators handle creating and managing short codes.
If applicable, the user can add a short code at the client level to all reports related to that client. However, if the short code is only relevant to a specific subset of reports, short codes can be inserted at the report level.
Step 1: From the Clients module home page, click View under the "Actions" menu for the impacted client to reach the Details tab.
Step 2: Click Edit Client Information.
Step 3: At the bottom of the modal, click Add Custom Field.
Step 4: In the first box on the left, enter the label value that corresponds with the appropriate short code and insert the text value that will replace the short code in the second box on the right.
The "Value" box value will replace the short code (i.e., %%LOCATION%%
) whenever found in the report's narratives or finding's rich-text fields.
The Custom Field label is the key linking the short code to the value (text data) that is to replace it. For example:
Label: Location
Value: Boise
Short Code: %%LOCATION%%
Short Codes in PlexTrac always begin and end with %%, have only CAPITAL letters, and have underscores rather than spaces.
Step 5: Click Submit when finished.
Step 6: Use the short code in any report narrative or findings rich-text field.
Step 7: Go to the Narrative tab of the report and click Search & Replace at the top right of the page.
Step 8: The Search & Replace modal appears. Click Replace Short Codes to replace all short codes in the report with their corresponding text data.
Step 9: Click Confirm.
After a few minutes, a confirmation message will appear.
Step 10: Validate that the change(s) occurred as desired.
If unsuccessful, ask an admin to verify the short code was set up correctly in the Admin Dashboard.
In the Schedule module, users can request and view engagements while others can create, approve and allocate resources to work on reports.
Users access the module by clicking Schedule in the application's main menu.
The Schedule module streamlines scheduling, resource management, and team visibility to enhance pentesting and report efficiency.
For Managed Security Service Providers (MSSPs), the scheduler offers comprehensive oversight of ongoing projects and facilitates efficient handling of incoming requests. On the client side, the portal experience consolidates all relevant information and provides intuitive tools for requesting new engagements within PlexTrac instead of email. Users can easily document and communicate engagement details to the team, while resource managers receive a holistic view to optimize scheduling.
Any report managed by an engagement will display this information on the Details tab of a report, with a link directly to the engagement.
Existing assets in PlexTrac are managed from the Clients module. Assets may be found either from the Assets tab of a client, the Assets tab of a report, or via the Findings>Affected Assets tab when creating or modifying a finding.
Step 1: Within a client, click the Assets tab.
Step 2: Click Edit under the "Actions" column of the asset to modify.
Step 3: Update desired fields on the "Edit Asset" page, then click Asset Detail.
Step 4: A list of asset metadata and the Associated findings tab are presented. Click Edit of the associate finding to update that asset, or click Notes/Description.
The Associated findings tab table view can be customized by clicking the icon to the right of the search bar.
Step 5: Add any notes to help provide context by clicking Add Note.
Step 6: Click the Child assets tab to view any child assets that may exist.
Bulk action options appear after selecting one or more assets by clicking the checkbox or the box next to the column header.
Click Actions to see the options available, such as linking to a priority or deleting.
Existing engagements are managed from the List tab of the Schedule module.
Multiple tasks can be performed on existing engagements depending on the user's permissions. If a user has view access but nothing else, a message will appear on the engagement side drawer when accessed.
Users with the appropriate permissions can view engagements.
Step 1: From the List tab of the Schedule module, click the row or View under the "Actions" column of the desired engagement.
On the Files tab, a side drawer will appear describing the details of the engagement and any provided support files. For easy access, a link directly to the report is provided.
Step 2: Click X at the top right of the drawer to exit.
If permissions allow, the user can edit or cancel the engagement from this screen.
Users with the appropriate permissions can approve engagements.
Step 1: From the List tab of the Schedule module, click the row or View under the "Actions" column of the desired engagement.
Step 2: A side drawer will appear describing the details of the engagement and any provided support files. Click Schedule & create report.
Step 3: Review the first three tabs of the submitted engagement for accuracy and add any additional information. When finished, click Continue to move on to the next tab.
Step 4: On the fourth tab, Select & assign operators and assign resources to work on the engagement by clicking the checkbox next to the desired resource under the "Operators" column. After selecting an operator, the engagement will appear next to that resource. Any existing resources that the operator is working on will also be displayed. Click Save.
Users with the appropriate permissions can cancel engagements.
This action can not be undone. If canceled, the engagement will need to be created again manually.
Step 1: From the List tab of the Schedule module, click the row or View under the "Actions" column of the desired engagement.
Step 2: A side drawer will appear describing the details of the engagement and any provided support files. Click Cancel request.
Step 3: A modal will appear, asking for confirmation. Click Cancel Request.
Users with the appropriate permissions can edit engagements.
Step 1: From the List tab of the Schedule module, click the row or View under the "Actions" column of the desired engagement.
Step 2: A side drawer describing the engagement details and any provided support files will appear. Click Edit.
Step 3: Edit the engagement as desired by changing content until the end and clicking Save.
See the Creating an Engagement page for more details on the various parts of an engagement.
Step 1: From the List tab of the Schedule module, click the row or View under the "Actions" column of the desired engagement.
Step 2: A side drawer describing the engagement details and any provided support files will appear. Click the Files tab.
Step 3: Click the download icon of the file to access it.
The Assessments module offers security consultancies and pentesters a streamlined approach to developing and managing framework-based governance risk and compliance assessments and scoping questionnaires. This functionality promotes consistency across assessments and reduces the time and effort required for their creation and management. An additional benefit of managing assessment questionnaires in PlexTrac is the ability to utilize PlexTrac's Reports and Analytics modules to track and report on the status of the assessment findings.
Users access by clicking Assessments in the application's main menu.
Assessments are crucial for identifying, evaluating, and prioritizing security weaknesses in systems, networks, or applications. They aim to uncover vulnerabilities that malicious actors could exploit. Organizations can strengthen their security defenses and reduce the likelihood of successful attacks and data breaches by systematically reviewing and analyzing areas prone to risks, such as software bugs, misconfigurations, and other security weaknesses.
Various paradigms concentrate on evaluating security in vulnerability assessments. Network vulnerability assessments focus on scrutinizing network infrastructure, devices, and protocols to identify potential weak points that attackers could exploit. Web application vulnerability assessments specialize in detecting and remedying security flaws specific to web-based applications. Host-based vulnerability assessments concentrate on individual systems or hosts, including servers and workstations, to identify potential vulnerabilities and implement necessary safeguards.
Some of the most commonly used assessment frameworks in PlexTrac include CMMC (Cybersecurity Maturity Model Certification), NIST (National Institute of Standards and Technology), CIS (Center for Internet Security), ISO (International Organization for Standardization), FFIEC (Federal Financial Institutions Examination Council), and NYDFS (New York Department of Financial Services).
Assessment questionnaires are valuable for gathering relevant information and evaluating security practices. These questionnaires serve many purposes, such as identifying vendor risk management, conducting internal and external audits, or obtaining SOC2 certification. By utilizing well-crafted questionnaires, organizations can systematically gather data regarding their security practices, policies, and procedures, which are then used to assess the effectiveness and compliance with established standards. These questionnaires facilitate a structured approach to evaluating security measures, streamlining the process, and ensuring consistent evaluation across different projects and organizations.
The Assessments module has two tabs:
In Progress/Completed: This shows all assessments the user can view, including assessments that have been completed and are in progress. Client and status can filter assessments.
Manage Questionnaires: This displays the list of questionnaires available in the tenancy for assessment purposes. It also allows users to create and manage questionnaires and import questions from a JSON file.
The engagement status reflects the lifecycle stage and comprises six values labeled with color coding throughout the module.
Below are the different status states for a report and engagement, the relationship mapping, and any additional notes. Some of the engagement status values are tied to the status of the associated report.
(not applicable)
Pending
This status indicates the engagement has been requested but not approved.
Draft
Scheduled
This status indicates that the engagement has been approved and is slated to begin later.
Draft
In Progress
This status reveals that an approved engagement start date has been reached.
The status will move automatically to In Progress
on the start date based on queries that run every hour.
Ready for Review
In Review
This status reveals that the report associated with the engagement is in one of the three view stages.
In Review
In Review
This status reveals that the report associated with the engagement is in one of the three view stages.
Approved
In Review
This status reveals that the report associated with the engagement is in one of the three view stages.
Published
Complete
This status reveals that the report associated with the engagement has been published.
(not applicable)
Canceled
This status indicates the engagement was terminated.
PlexTrac's assessment module offers a user-friendly interface that enables effective assessment management, progress tracking, data collection, and collaboration. It ultimately facilitates the submission and presentation of comprehensive assessment findings.
Questionnaire progress bar: Visually displays the progress made on the assessment and provides a percentage representation. Users can track their progress as they complete questions, with the bar gradually filling up as the questionnaire is completed.
Question navigator box: This box allows searching the title of any question within the assessment. The key icon explains the different circle expressions next to a question.
Filter by status box: Further filters the results list by question status.
Results count: This displays the number of questions in the assessment and dynamically updates based on filter and search queries.
Questions column: Lists all questions that exist in an assessment. The view will change dynamically based on filter and search queries. Select a question from this list to view or complete.
Questions column navigation: Provides access to questions that appear on different pages, when applicable.
Question details box: Presents the question selected for viewing and completion.
Reviewers button: Used to assign assessment reviewers (this option disappears for completed assessments).
Submit assessment button: Used to submit the assessment and move it to "Completed" status.
The Manage Questionnaires tab is a directory of assessment questionnaires available for a tenant. This tab provides a centralized location where users can perform various actions, such as creating new questionnaires, modifying existing ones, importing questionnaires from external sources, or deleting no longer needed questionnaires.
The primary objectives of assessment questions are twofold. First, they aim to bolster the effectiveness and thoroughness of the assessment process by providing additional context and relevant information. By including well-crafted questions, the assessment becomes more comprehensive and capable of capturing a broader range of data.
Second, the information collected through these assessment questions is crucial in generating meaningful findings when the assessment is completed and submitted as a report. These findings, derived from the accumulated data, serve as valuable insights and recommendations.
Furthermore, the Manage Questionnaires tab also provides the functionality to initiate client assessments. This feature streamlines the assessment workflow by seamlessly integrating the questionnaire creation and initiation steps within the same interface.
Step 1: Click New Questionnaire from the Manage Questionnaires tab of the Assessments module.
Step 2: Enter a unique title and select the reference framework from the pulldown menu.
The reference framework value tags assessments and questions for future categorization and management.
Step 3: Click Create Questionnaire.
The "Edit Questionnaire" page has been launched. This page has multiple sections that are further explained below.
Step 4: Edit this section as needed.
Questionnaire Title (required): This value entered in Step 3 can be edited here. This value will appear in the expanded section of the questionnaire (reference number one in the question example below).
Reference Framework: This value was selected in Step 3 and cannot be edited. The reference framework value tags assessments and questions for future categorization and management.
Require Completion of All Questions: If all questions must be answered before completing the assessment, check the box.
Step 5: Click Save Basic Info.
Title (required): Question title and value that will appear in the expanded section of the questionnaire (see number 1 in the example below).
Description (required): Description of the question that will appear as additional context for the user when answering the question (see number 2 in the example below).
Answer Types (required): Header value for multiple-choice questions (see number 3 in the example below). Additional multiple-choice questions can be added by clicking Add Answer Type, which is helpful for assessments that score off multiple categories, such as Process and Practice maturity in CMMC. Check the box under "Require?" to make answering the question mandatory when completing the assessment. The list of values available for each multiple-choice question can be previewed by hovering over the informational icon to the right of the "Answer Types" label (but only admins can edit answer type labels and answer type values).
Add Input Field: An additional label can be provided and made mandatory if necessary (see number 4 in the example below). The label will be presented to the user with a box for data entry. Enter as many Input Fields as required.
Add Custom Field: Provides additional RTF fields with a label, if needed. Repeat as often as needed.
Default Severity: Pulldown menu list of values to define the default severity of the question. If a question is based on a Framework Control, it may have a predefined severity. This will be the severity of the report finding that this question will become upon submission.
Default Score: Optional method for providing a default score.
Default Score Calculation: If required, enter as a plain text string.
Tags: Additional information to improve search and reporting.
Recommendations: Recommendations relevant to the question, such as a remediation technique or policy suggestion.
References: References to questions to assist with implementing or verifying the assertion, such as website links.
Information from a writeup can be linked to a question. This metadata and content from the writeup will not appear in the assessment. Still, after the assessment is submitted and the question becomes a finding, the writeup information is included on the finding detail page.
Writeup: Pulldown menu list of available writeups to link to the question.
Tags: Additional information to improve search and reporting. This is the same field found under the "Custom" button.
Step 6: Click Create.
The created question now appears in the "All Questions" column on the left.
This section contains a record of all questions in an assessment and provides the sequence in which they will appear.
Step 7: Create more questions to complete the assessment. This can be done in two ways:
Step 8: Click Create after completing the second question. Create as many questions as needed to complete the assessment.
After multiple questions exist, the ability to sequence each question is provided should the creation of steps be outside the desired final sequence.
Questions can be moved by clicking the "All Questions" question box and dragging it to the desired arrangement on the list. The numbering will dynamically change so that they are ordered as shown on the page (i.e., the question on top is always Question #1).
PlexTrac allows questionnaires in JSON file format to be imported.
Step 1: From the Assessments module, click the Manage Questionnaires tab.
Step 2: Click Import.
Step 3: Drag the JSON file to the modal or click to browse the file on the computer. Repeat if necessary. When finished, click Upload.
Importing a questionnaire removes all linked writeups.
If the wrong JSON file is used, an error message will appear. If the import is successful, the new file will appear in the list of questionnaires.
A questionnaire can be exported as a JSON file for backup or imported to another instance. Questionnaires can be exported during editing or directly from the Manage Questionnaires page.
Step 1: From the Assessments module, click the Manage Questionnaires tab.
Step 2: Click the three dots under the "Actions" menu of the questionnaire and then click Export.
Step 3: A confirmation appears. Click Export.
The questionnaire is downloaded locally as a JSON file.
Step 1: From the Assessments module, click the Manage Questionnaires tab.
Step 2: Click Edit under the "Actions" menu of the questionnaire to export.
Step 3: Click Export.
The questionnaire is downloaded locally as a JSON file.
Clicking the row of the questionnaire on the Manage Questionnaire tab displays all question titles, descriptions, and tags. The questions are listed in sequence.
Users have two options for beginning an assessment. First, they can navigate to the Manage Questionnaires tab, choose the preferred assessment questionnaire, and click Begin Assessment. After starting the assessment, they can select the client/project.
Second, users can start a new assessment from the In Progress/Completed tab. This approach permits them to choose the client and questionnaire they want to use as the first step. The assessment automatically populates data from the selected questionnaire, eliminating the need for manual copying and pasting. This simplifies the assessment process, making it more efficient and practical.
PlexTrac also provides a convenient way to involve participants. If there's a question that someone needs to answer, users can copy the URL at the top of the browser and send it via email or IM. If the recipients have an account in the PlexTrac instance, they can access the question and provide the necessary answers. This feature enhances collaboration and ensures that assessments progress smoothly, even with remote participants.
Step 1: Click the Start New Assessment tab from the Assessments default home page.
Step 2: Select the client the assessment applies to from the pulldown menu, then select the questionnaire. Click Next.
Step 3: A new page appears, presenting the assessment for modification.
Step 1: From the Assessments default home page, click the Manage Questionnaires tab.
Step 2: Click Begin Assessment under the "Actions" column for the desired questionnaire.
Step 3: Select the associated client/project value from the pulldown menu and click Begin Assessment.
Step 4: A new page appears, presenting the assessment for modification.
If no action is taken after an assessment is created or is not finished, the assessment will receive an "In Progress" status and be accessible from the In Progress/Completed tab.
An assessment can be completed by clicking Edit under the "Actions" column.
The Reports module makes generating security reports for penetration tests more efficient and effective. The module enhances the value and quality of the reports, presenting the test findings clearly and concisely with relevant context and actionable recommendations. This helps ensure that all vulnerabilities, weaknesses, and potential risks are thoroughly documented, allowing clients and stakeholders to understand their systems or applications' security posture.
Users access the module by clicking Reports in the application's main menu.
The Reports module home page displays all reports that a user has access to view with the following fields:
Client Name: The name of the client for which the report was written.
Report Title: The name of the report.
Status: The status of the report, such as Published
or Draft
.
Classification: If applicable, a custom classification tier value will appear, giving the user insight into the report's security. The default value is Unclassified
.
Current Finding Count: The number of associated findings.
Actions: Provides access to view a readout of the report, all report findings, or delete a report.
Reports can also be imported or created from this page.
To access the bulk actions menu, click on any box to the left of a report's name or the "Client Name" field label.
After clicking on a box, an Actions button will appear, offering the option to update one or more reports with various tasks.
The table view can be customized by clicking the column view icon to the right of the search bar.
Once clicked, a modal appears that lists all fields. To remove a column, click X within the bar.
Fields that are required do not have an X available.
When fields are removed, an "Add Column" pulldown menu is added at the bottom left of the modal to store the field. Any removed fields can be added later by clicking Add Column and selecting the field to add.
This modal represents the sequence of fields provided in the table, meaning the bar on top will be the column on the table's far left.
The order of columns can be adjusted within this modal by clicking the six dots on the left of the bar for a field and dragging the bar to the desired sequence place.
Click Save when finished.
Individual reports can be accessed from either the Clients or Reports module. Once a report is selected, users can manage and update it using seven tabs: Readout, Details, Narrative, Findings, Assets, Artifacts, and Attack Path.
In the Readout tab, you can access the Report Narrative, Report Readout column, Findings Overview summary box, and Findings Status box. The Report Readout column has a convenient scrolling feature, making it simple for users to move through the list of findings.
Report narratives can be edited from this tab (by clicking Edit/Comment) or on the Narrative tab.
To view a finding narrative, click the corresponding box in the "Report Readout" column. To edit this content, click Edit/Comment.
Click Report Narrative to return to the default report readout view.
Hovering the cursor over the pie chart in Finding Status can provide more information about the findings.
The Details tab offers an interface to view and modify the information entered when the report was created. For more detailed guidance on each field and its significance, refer to the Creating a Report page.
The Narrative tab offers an interface to view and modify existing rich-text fields (RTFs) or add new ones manually or from NarrativesDB. The existing narrative sections can be expanded or collapsed using the arrow at the right of the box.
Visit the Collaborative Editing page for more information about track changes and commenting functionality within the RTFs.
Narrative sections can be added to a report from this page in two ways:
A new section can be created by clicking the Custom Section button.
An existing section can be added from the NarrativesDB module by clicking the Add from NarrativesDB button.
The Findings tab lists all findings associated with a report and provides the ability to view a finding and conduct additional finding management and configuration.
Clicking a finding row will launch the findings details side drawer, which is a snapshot view of the finding and all associated content, assets, and tags.
Bulk action options appear after one or more findings are selected by clicking the checkbox to the far left of the row of the finding or by clicking the box next to the column header.
Click Actions to see the list of options available.
The table view can be customized by clicking the column view icon to the right of the search bar.
Once clicked, a modal appears that lists all fields. To remove a column, click X within the bar.
Fields that are required do not have an X available.
When fields are removed, an "Add Column" pulldown menu is added at the bottom left of the modal to store the field. Any removed fields can be added later by clicking Add Column and selecting the field to add.
This modal represents the sequence of fields provided in the table, meaning the bar on top will be the column on the table's far left.
The order of columns can be adjusted within this modal by clicking the six dots on the left of the bar for a field and dragging the bar to the desired sequence place.
Click Save when finished.
The Assets tab displays all assets in the report that are linked via a finding. Assets are not added to a report directly; they only exist within a report when they are part of a finding that has been added to the report.
Visit Adding Assets for more information.
Bulk action options appear after one or more findings are selected by clicking the checkbox to the far left of the row of the finding or by clicking the box next to the column header.
Click Actions to see the list of options available.
The table view can be customized by clicking the column view icon to the right of the search bar.
Once clicked, a modal appears that lists all fields. To remove a column, click X within the bar.
Fields that are required do not have an X available.
When fields are removed, an "Add Column" pulldown menu is added at the bottom left of the modal to store the field. Any removed fields can be added later by clicking Add Column and selecting the field to add.
This modal also represents the sequence of fields provided in the table, meaning the bar on top will be the column on the table's far left.
The order of columns can be adjusted within this modal by clicking the six dots on the left of the bar for a field and dragging the bar to the desired sequence place.
Click Save when finished.
The Artifacts tab provides a dedicated space to load and associate additional information with a report. This functionality allows for the inclusion of various artifacts, such as registry keys, files, time stamps, and event logs, which can provide context and support the findings and conclusions presented in the report.
The Attack Path tab visually represents the tactics, techniques, and procedures (TTPs) employed in a simulated attack, as discussed in the report. This tab offers a flexible and interactive interface that allows users to manipulate and sequence the attack path as desired.
This visual representation helps stakeholders understand the attack methodology and visualize how an attacker could exploit vulnerabilities within the system.
More information about a finding can be accessed by clicking the eye icon within a box to pull up the Finding Details page.
Step 1: From the Reports module, select a report and click the Narrative tab.
Step 2: Scroll to the bottom of existing narratives and click Add From NarrativesDB.
Step 3: Search or use the provided pulldown filters to find the desired section(s) to add.
Only repositories and sections a user can view will appear in search results.
Step 4: Click the box next to the section(s) to add, and the narrative will appear on the right under the "TO BE ADDED TO NARRATIVE" column.
To add all available sections (or start with all sections selected and then uncheck those not desired), click the box next to "Sections" in the table header below the search bar.
Step 5: Click the Add X Section button at the bottom of the page. The new section(s) now exists in the Narrative tab for editing.
Step 6: Click the three dots to display the option to add tags or delete the section.
Sections deleted from the Narratives tab will not delete the section from NarrativesDB.
Step 1: From the Reports module home page, click Readout under the "Actions" column of the report to edit.
Step 2: From the Readout tab, click Edit/Comment.
If no report narrative was added when the report was created and no findings with narratives were added, editing from this tab will not be possible. The user must first go to the Narrative tab and enter content or add findings.
Step 3: Modify the content as needed. All changes are autosaved.
This page does not allow editing of headings, and some other functionality is limited. As such, editing from the Narratives tab is recommended.
Step 1: From the Reports module home page, click Readout under the "Actions" column of the report to edit.
Step 2: Click the Narrative tab.
Step 3: Edit the text and titles as desired.
Users can generate a report by accessing the Clients module or creating one within the Reports module. The process and experience are identical, except if a report is created from within the Clients module, there is no need to select a client. Assuming the user is currently in the Reports module, they can follow the instructions below.
Step 1: From the Reports home page, click Create Report.
Step 2: Select the client from the pulldown menu. All clients for a tenancy will be available for selection.
Step 3: The modal then expands. Enter the desired data in the fields (required fields are marked with a red asterisk).
Report Name: Appears throughout PlexTrac as the report title. It is a required field.
Status: Provides the status of the report. By default, the report will be in Draft
mode. The user can select other options, such as Ready for Review
, In Review
, Approved
, or Published
from the pulldown menu.
Operators: Identifies users who work on the report, and any user with their name in this field will see the report listed on their Dashboard under the "Your reports" tab. Enter users by placing the cursor in the field box, selecting a value, or typing a name. This field can be blank or contain multiple users. Once added, an operator can be removed by clicking the "X" to the right of the name.
Start Date: Identifies the start date of the report. Place the cursor in the field box to select a date from the calendar.
End Date: Identifies the end date of the report. Place the cursor in the field box to select a date from the calendar.
Reviewers: Identifies users who review the report, and any user with their name in this field will see the report listed on their Dashboard under the "Your reports" tab. Enter users by placing the cursor in the field box, selecting a value, or typing a name. This field can be blank or contain multiple users. Once added, a reviewer can be removed by hovering over the user name and clicking the red trash can icon.
Tags: Provides help when searching for the report elsewhere in the application. Click on the field to add tags and type in your desired value. You can also scroll through the list or type in characters to narrow down your options and make a selection. This field can be blank or contain multiple tags. Once added, a tag can be removed by clicking the "x" at the end of the value.
Include Raw Evidence in Export: Ensures that all raw evidence in the report is included when exported. This is turned off by default but can be clicked to toggle on.
Custom Fields: Add any desired custom fields by clicking Add Custom Field or selecting existing custom fields from a template to import via the pulldown menu.
Step 3: Click Submit.
Upon submission, the system creates the initial framework of the report, ready for further content addition and collaboration. Other tabs can now be accessed to make necessary changes, such as adding findings or assets.
Step 4: Click the Narrative tab.
Step 5: Add a report narrative. An existing narrative can be reused by clicking Add from NarrativesDB or a new one can be added by clicking Custom Section.
Step 6: The user is prompted to input a title and content for a custom section, with the ability to add more sections by repeating the process. The system will automatically save any changes made.
After finishing an assessment, users can easily choose reviewers from a dropdown menu. This feature simplifies the procedure of sharing findings and removes the necessity of sending confidential documents through email.
When a reviewer is added, the assessment is changed to a draft format with an "In Review" status. This prevents premature submission and ensures that the assessment cannot be completed or submitted until the review is complete.
The number of current reviewers and remaining approvals needed for an assessment is listed on the In Progress/Completed tab.
After the reviewers finish evaluating the assessment and find it suitable, they mark it as approved. If all the reviewers approve the assessment but it is not yet submitted, the assessment will be labeled "Approved," and the overall status will be "In Progress."
In the case of a single reviewer, the user can either submit the assessment or continue working on it. However, if there are other pending reviews, the assessment will be marked as "In Review" and cannot be approved until all reviews have been completed.
Step 1: From the Assessments module home page, click the row of the assessment to work on or Edit from the "Actions" menu.
Step 2: Click Add Reviewers at the top right of the page.
Step 3: Select the reviewer(s) from the entries in the pulldown menu of users. Typing text into the box will narrow the list. Repeat as needed. No limit exists on how many reviewers can be added. When finished, click Save.
The person assigned as a reviewer will receive an email notifying them of the task. The assessment is now in review mode.
Step 1: From the Assessments module home page, click the row of the assessment to work on or Edit from the "Actions" menu.
Step 2: Click the In review button.
A modal appears listing the reviewers and if they have approved the assessment.
The only two options are "Approved" and "Pending Approval."
Step 1: From the Assessments module home page, click the row of the assessment to work on or Edit from the "Actions" menu.
Step 2: Click the In review button.
A modal appears listing the reviewers. Current reviewers can be removed by clicking the "X" next to their name, and new ones can be added by placing the cursor in the box and selecting a new reviewer. Click Save when finished.
Removed users will appear in the main list until Save is clicked.
Step 1: From the Assessments module home page, click the row of the assessment to work on or Edit from the "Actions" menu.
Step 2: Click the In review button.
A modal appears listing the reviewers. A user who is also an approver will see an Approve button.
Step 3: Click Approve.
After a reviewer clicks Approve, the status changes within the modal to "Approved."
Step 4: Click Save.
The modal disappears. If all reviewers have approved, the status of the assessments changes on the button previously clicked in Step 2.
In addition, the status of the assessments changes on the In Progress/Completed tab.
A user can revoke the approval of an assessment that has not been submitted (i.e., a status of "In Progress") by opening the assessment, clicking the Approved button at the top right of the screen, and then clicking Remove approval from the modal.
This will return the assessment approval status to "In Review" and display the reviewer as "Pending Approval."
Once an assessment is submitted in PlexTrac, the platform automatically generates a report and directs the user to the Report module readout view, and all questions are turned into findings. This published report contains all the findings from the assessment, making it readily accessible to stakeholders and analyst users. This feature enables quick dissemination of information to relevant parties.
Step 1: From the Assessments module home page, click the row of the assessment to work on or Edit from the "Actions" menu.
Step 2: Click Submit assessment.
This action cannot be undone. Once submitted, a report will be generated with recorded responses.
Step 3: If all questions have been completed, a message confirming action appears. Click Submit assessment.
A report readout from the Reports tab of the Clients module will be presented, providing assessment details. The answered questions are now findings. Each finding includes the question, description, assigned score, checkbox status, and any accompanying notes and relevant documentation incorporated into the assessment.
If required, users can make edits to the report before exporting it. This feature ensures that the final report accurately reflects any updates or changes made during the assessment process. Users can review and modify the report as necessary, guaranteeing its accuracy and completeness before sharing it with stakeholders.
The assessment is still listed within the Assessment module, now with a "Completed" status.
Once an assessment is submitted, all questions, including custom fields, are transformed into findings. PlexTrac then assigns a status to each finding, using business rules corresponding to the answer type and values of the question.
Below are the guidelines used to determine the value given to a finding status. These rules are followed in sequence until the status is resolved and a value is determined.
To ensure the accuracy of the rules listed in the table, the answer type value must match the value in the table, where applicable. For example, an answer type value of Not Compliant
will result in a match and a findings status assigned, while a value of Non Compliant
will not.
The same logic is applied to custom fields. If, for example, a custom field answer type is "Yes (Pass) / No (Fail)" and the value is "Yes," the finding status assigned is Closed
. If the custom field answer type scenario and value are not found below, the finding status assigned is In Process
.
If multiple answer types exist for a question, only the first answer type assigns a status to a finding.
Assessments can be started immediately after creation or worked on later by opening one to complete from the In Progress/Completed tab. If no action is taken after an assessment is created or the assessment is not finished, the assessment will have an "In Progress" status.
To save progress on an assessment, click the Save button within the question box as questions are answered.
To open and complete an "In Progress" assessment, go to the In Progress/Completed tab, select the desired assessment, and click Edit.
The assessment module provides progress tracking for questionnaires. A visual bar indicates the questionnaire's completion status, gradually filling up as more questions are answered until it reaches 100%.
Users can provide answers, observations, notes, and attachments as questions are completed, such as policy documents, screenshots, code samples, and videos. Attachments are facilitated through a modal where files can be dragged, dropped, pasted, or browsed from the computer.
Questions can be marked as complete, and users can continue to another question by clicking the question in the left column, entering the question number in the provided box, clicking the navigation arrow to reach the previous or next question in sequence, or using search/filtering to find a specific question.
The progress bar will update as data is entered, questions are completed, and the user moves to the next question. Completed questions will have a checkmark in the circle next to the question.
Questions that are optional for the assessment will have a circle with a dotted outline next to the question's title, while questions that are required will have a circle with a solid outline. Questions touched but not marked as completed are identified with a shaded purple within the circle. Questions that have not been touched retain a white background until modified.
When an assessment has all questions completed, all questions will have a checkmark, and the questionnaire progress bar will be full and display a green checkmark.
Questions are answered by selecting the question title in the Questions column, which inserts the question in the main window. The edited question is highlighted with a shaded background in the left column.
A question defaults to the status of "Not Started." When a question receives input in any available field, it updates to "In Progress."
After a question has been answered, click the circle next to "Mark question complete," which will update its status to "Completed" and impact the questionnaire progress bar.
Users can gather evidence directly and securely on the platform, eliminating the need to email sensitive documents while completing assessments.
Step 1: Click Add attachment(s).
Step 2: Drag a file onto the modal or browse it from a local computer.
Step 3: Add any additional notes as needed. Repeat the process if more than one file is loaded. Click Save.
The attachment is listed on the question after the "Notes" box. Hover over the attachment filename for icons to download or delete the file.
The "Label" box value must exist in the list of tenant short codes and be set as "Client Field" for Source.
Not every field edited for a question will be displayed during the assessment. Still, it will be passed to a finding in the report generated upon submission, as each question in the assessment will become a finding. The screenshot below illustrates this: Every field greyed out and below the yellow line will not appear in the assessment but will be passed on to the finding details page after an assessment is submitted.
Clicking Add Question brings up a new blank list of fields.
Clicking the copy icon of the question to clone.
For more details on tracking changes and adding comments in the rich-text field, visit the page.
Report Classification: Defines the classification for the report, which can then be used to restrict access.
Report Template: are predefined layouts that define the structure and format of a report. They can include narrative sections, custom fields, and other elements. Select the desired template from the pulldown menu to associate a report to a template.
Findings Layout: are predefined templates that provide a consistent structure for collecting data when creating a finding. Select the desired template from the pulldown menu to associate a layout with a report.
Visit the page for more information.
Step 6: Visit the , , , and tabs to add more information and continue building the report. These sections are explained in more detail elsewhere on this site.
If no reviewers are assigned, an anytime.
If a submittal is attempted with questions not completed, a warning message will appear:
More information on answer types and values can be found on the and under of the Admin Dashboard.
1
Answer type value is Yes AND Answer type is "Yes (Pass) / No (Fail)"
Yes
Closed
Answer type value is Yes AND Answer type is NOT "Yes (Pass) / No (Fail)"
Yes
Open
2
Answer type value is No AND Answer type is "Yes (Pass) / No (Fail)"
No
Open
Answer type value is No AND Answer type is NOT "Yes (Pass) / No (Fail)"
No
Closed
3
Answer type is "CMMC Processes" or "CMMC Practices"
Any value
Open
4
Answer type value was left blank or not answered
Open
5
Answer type value is checked against a list of values that are mapped (if the answer type is Multiple Choice and more than one box was checked, the value of the topmost option is used)
No (Pass)
Closed
Not Started
Open
Strongly Disagree
Open
Initial
Open
Yes (Fail)
Open
Operational
Closed
Strongly Agree
Closed
Optimizing
Closed
Compliant
Closed
Not Compliant
Open
Required
Open
Extremely Effective
Closed
Not Effective
Open
In Place
Closed
Not In Place
Open
N/A
Closed
In Place w/CCW
Closed
Not Tested
Open
6
Finding still does not have an assigned status
In Process
Creating a finding within PlexTrac can be initiated either through the Clients module or the Reports module, but either approach involves selecting a report to add the findings. When created within PlexTrac, users can update using five tabs: Finding Details, Affected Assets, Screenshots/Videos, and Code Samples.
Step 1: From the Reports module, click the row of the impacted report.
Step 2: Click the Findings tab.
Step 3: Click Create Finding from the "Add Findings" pulldown menu.
Step 4: Enter a finding name and select the finding severity. Click Create.
Step 5: The edit finding page has four tabs for collecting data about a finding (further details on each tab are provided below).
Title (required): All finding titles must be unique within a report. The tool will provide an error message after clicking Save if an existing title is used.
Severity (required): Identifies the severity rating for the finding. The values are in ascending order: Informational
, Low
, Medium
, High
, and Critical
.
Score type: Identifies the score associated with a finding. This can be used to record a general score, a CVSS 2.0 score, a CVSS 3.0 score, a CVSS 4.0 score, or dynamically create a CVSS 3.1 score using the provided calculator.
Priorities: Associate the finding with a priority in the Priorities module.
Status: Defines the status of the finding (Open
, Closed
, or In Process
). It defaults to Open
.
Sub-Status: Provides further details on the status of a finding if set up by admin. If no sub-status values have been configured, this field will not appear.
Assigned to: Identifies the user assigned to a finding. Only one user can be assigned, and an email will be sent once the finding is saved. The list in the pulldown menu is derived from the list of users added to a client.
Description (required): An RTF field allowing content, images, links, code examples, tables, and lists to be entered as needed. This field has collaborative editing enabled.
Recommendations: An RTF field allowing content, images, links, code examples, tables, and lists to be entered as needed. This field has collaborative editing enabled.
References: An RTF field allowing content, images, links, code examples, tables, and lists to be entered as needed. It has collaborative editing enabled.
CVE ID: Common Vulnerabilities and Exposures (CVE) identifier(s) assigned to the finding. This field requires a format of CVE prefix + Year + arbitrary digits. There is no limit to the number of random digits.
Example ID with four digits: CVE-2014-3127
Example ID with five digits: CVE-2018-54321
Example ID with six digits: CVE-2019-456132
CWE ID: The Common Weakness Enumeration (CWE) identifier(s) assigned to the finding. This field requires a two-to-four-digit number format.
Example ID with two digits: 99
Example ID with three digits: 243
Example ID with four digits: 1423
Tags: Stores any tags associated with a finding to help manage and retrieve the finding more easily later.
Custom Fields: Click Add custom field to insert more labels and values as needed.
Step 5: Click Save.
The information entered is now displayed in the Findings Details tab and can be modified as needed. More details of a finding can be added by continuing to the other available tabs.
This tab displays any affected assets associated with a finding. The Affected Assets page provides more information on this topic, such as how to import or create.
This tab stores screenshots and videos associated with a finding, as videos are not allowed in the Finding Details rich-text fields.
To add a file, drag it onto the box on the page or click to navigate to files on the computer. Repeat as needed.
This tab stores any code samples related to a finding for future reference. Click Add Section to add additional sections. The code will be formatted when the report is published.
PlexTrac offers collaborative editing to save time and reduce errors when working on reports, writeups, narratives, and findings. Collaborative editing is a process in which multiple individuals work together to create, edit, and refine content in real-time, with contributors simultaneously working on the same document.
Collaborative editing exists in rich-text fields (RTFs) within the platform, such as:
In the Description, Recommendations, and References RTFs of the Findings Details tab of a finding
In the Value RTF within the Custom Fields tab of a finding
In the RTF of the Narrative tab for a report
In the Description, Recommendations, and References RTFs of the Readout tab of a report
In the Description, Recommendations, and References RTFs of a writeup in WriteupsDB
In the Section Body RTF in NarrativesDB
Track changes is not available until the content has been created and saved (i.e., the toolbar experience differs when creating a writeup vs. editing a writeup).
When a user edits one of the fields listed above, an avatar is displayed at the top right of the content box. Up to six avatars can be displayed.
The user's full name is provided if the cursor hovers over it.
Messaging at the top right of the page where collaborative editing exists indicates when content was last saved.
On pages with multiple content sections, autosave is per section (not page), and the time stamp will update when one of the collaborative editing content blocks is modified.
For example, when one user updates the finding description at the same time another user updates the finding recommendation, both updates are saved, and the time stamp represents the last edit.
If the internet or VPN connection is lost, an error notification will indicate the connection has been lost.
or
Users cannot modify any collaborative editing sections until they return online.
Track changes is a feature that records any modifications made to the text, formatting, or other elements. It can be enabled for a particular RTF or at the report level.
When the track changes feature is enabled, any modifications made to the document are highlighted and displayed. These changes can include additions, deletions, formatting adjustments, and comments. The original content remains visible, while the modifications are marked with specific indicators, such as colored text, underlines, or strike-throughs. Additionally, users can leave comments or annotations to provide further context or explanations regarding the changes made.
Collaborators can accept or reject individual changes, and the document owner or editor can review and make final decisions on which modifications to keep. This feature is helpful when multiple individuals must work on a document simultaneously or when documents undergo several revisions.
The toggle to enable track changes in an RTF is located in the RTF toolbar. Click the track changes icon to enable.
Track changes can also be enabled by clicking the icon and toggle on from the pulldown menu.
When enabled, the track changes icon in the RTF toolbar is blue.
Any content additions are now shown in green, deletions will be red, and a log of changes will appear to the right of the RTF.
Changes can be accepted or rejected by clicking the checkmark or X in the audit box.
Once accepted or rejected, the box and markup will disappear, and the content will reflect the choices.
Track changes can be controlled at the report level and, when enabled, apply to all RTFs within a report. This toggle appears to the right of the tab headers of a report.
When track changes is enabled at the report level, individual RTFs will indicate that changes are being tracked (the track changes icon in the toolbar is blue). The toggle bar available from the pulldown menu is green (track changes is on), but the ability to turn off track changes for an RTF is greyed out.
If turned on at the report level, track changes can only be turned off at the report level.
Comments can be added by highlighting content and clicking the comment icon in the RTF toolbar.
A comment box appears on the right of the RTF to capture any notes. The content the comment refers to stays highlighted to denote it as having an associated comment.
Click Comment or Cancel to complete the task.
For scenarios where multiple changes were made in an RTF, users can accept or reject with one click using the options provided in the track changes pulldown menu.
The solutions available depend on the scenario:
If a user has not specified specific RTF modifications, only "Accept all suggestions" and "Discard all suggestions" will be available.
PlexTrac can import findings from third-party tools and a CSV template for centralized data. This provides real-time visibility, holistic analysis, and efficient reporting, simplifying compliance and promoting proactive risk management.
If importing from a CSV file, visit the for more information.
For a list of all third-party tool integrations and field mappings, visit the section.
Step 1: Within the Reports module, click the impacted report from the list to bring up the Readout tab.
Step 2: Click the Findings tab.
Step 3: Click Add Findings and select File Imports from the pulldown menu.
Step 4: Select the import source from the pulldown menu.
Step 5: Drop the file into the box provided or browse to it on the computer.
If the user does not want parser actions to be applied to the import file, they can uncheck the option provided in the modal.
Step 6: Click Continue.
Step 7: On the second tab, "Select tags & upload," add any desired finding and asset tags (optional). When finished, click Upload.
A dialog box will appear, confirming the import is in progress.
A status bar is also displayed at the top of the page to track progress.
The status will update progress dynamically and display a green checkmark, along with a notification when completed.
Findings may be imported into PlexTrac via a licensed API integration and configured by an admin.
Step 1: Within the Reports module, click a report from the list to bring up the Readout tab.
Step 2: Click the Findings tab.
Step 3: Click Add Findings and select Integrations from the pulldown menu.
Step 4: Select the desired integration from the pulldown menu (the values shown in the pulldown menu are entered by the admin when the integration is set up).
If an integration is not licensed or not configured by an admin, the option will not appear in the pulldown menu.
Step 5: Click Continue with X at the bottom of the page.
Step 6: The Select Findings tab appears with a list of filters and values that are tool-specific to an integration. Use the filters and facets to select the query parameters to determine which findings appear on the page.
Step 7: Click Search to retrieve the findings query results.
Step 8: Select the findings from the query results to import by clicking the box at the top left of the table header row or by selecting findings individually by clicking the box next to the finding.
At least one finding must be selected to continue.
Step 9: Click Continue with X issues.
Step 10: Insert desired tags associated with each finding and asset when imported (optional). Click Import X Findings.
Notifications will appear confirming that the import was successful.
PlexTrac understands the importance of simplifying the process of importing findings and other data into the platform, whether for a specific report or multiple reports and assets. To facilitate this, PlexTrac offers CSV templates and scripts that help streamline the import process and make it more efficient.
CSV templates serve as pre-defined structures that align with the required format for importing data. These templates specify the fields and corresponding data types expected when importing findings or other information. Users can leverage these templates to ensure that their data is correctly mapped and formatted for import, minimizing errors and ensuring consistency.
Two CSV options are available to import findings into a report. Consult the table below to determine the most suitable solution for your needs.
*The script can create parsed findings in PlexTrac by sending API calls to create each finding individually (which results in an extended script runtime) or by generating a PTRAC file. Manually importing the generated PTRAC file takes the same time as the PlexTrac Report Finding CSV Template.
The generated PTRAC only contains the report and finding information. Asset information will not be added.
Please click on the box below to access instructions and a downloadable CSV file that can serve as a template for uploading findings into a report. The CSV file contains fields pre-filled with sample values.
Click on the box below to learn about importing data through the PlexTrac API using a script. The script requires two CSV files: one for importing data and another for field mappings.
This script is designed to help users import data into multiple clients and reports. It works by parsing a CSV file and creating client, report, finding, and asset objects. Once the objects are generated, the script uses the PlexTrac API to import and create them in the user's tenant.
Using can significantly improve the efficiency of data representation and can be created to represent specific data fields at the and report levels.
With pre-defined codes, users can quickly insert data without manually entering lengthy information. This saves time and effort during the report creation process.
Moreover, standardized placeholders help maintain consistency in data presentation across different reports, ensuring a uniform format and structure that creates a professional and organized image.
Shortcodes offer flexibility and adaptability, allowing users to customize formats and update information without altering the underlying data. This ensures reports are presented according to individual preferences and industry standards, reducing the risk of errors and increasing accuracy.
Short Codes are managed by admins in Admin Dashboard>"Tenant Settings">Short Codes.
Step 1: From the Reports module home page, click Readout under the "Actions" column of the report to edit.
Step 2: Click the Details tab.
Step 2: Click the Add Custom Field button at the bottom of the page.
Step 3: Add a label value in the first box on the left to correspond with the short code, and insert the text value that will replace the short code in the second box on the right.
This value will replace the short code used in the report's narratives or a finding's text fields.
Repeat the process to add another short code.
Step 4: Click Save when finished.
The Custom Field label links the short code to the value (text data) that is to replace it. For example:
Label: Contact Email
Value (text data): janep@karbo.com
Short Code: %%Contact_Email%%
Short Codes in PlexTrac always begin and end with %% and have underscores rather than spaces.
Step 5: Use the short code in any report narrative. Changes will be autosaved.
Step 6: To activate the short codes, click Search & Replace, which is found at the top right of the page within the Reports module.
Step 7: The Search & Replace modal appears. Click Replace Short Codes to replace all short codes in the report with their corresponding text data.
Step 8: Click Confirm.
A confirmation message will appear.
Step 9: Validate that the change occurred as desired, assuming the short code exists in the tenant settings.
If the fields did not process as expected, kindly request the administrator to confirm their setup in the Admin Dashboard and ensure that the appropriate short code was utilized. Then, proceed to repeat steps 6-8.
A finding is a weakness in systems, processes, policies, or procedures that could be exploited. It arises from penetration testing, vulnerability assessments, and compliance audits. These findings reveal potential points of compromise, categorized by severity, and often come with recommended remediation actions.
Organizations can use findings to allocate resources and improve security efficiently.
Findings are the most common object in PlexTrac and can be added to a report in multiple ways:
imported via , such as Nessus or Pentera
imported from one of PlexTrac’s
imported from an , such as Snyk or HackerOne
in the Runbooks module
Findings can be accessed either through a report or the Clients module:
Click Reports from the main menu.
Select a report.
Click the Findings tab.
Click Clients from the main menu.
Select the client.
Click the Findings tab.
A count for the number of findings is displayed at the top of the table to the left of the filter boxes.
The source of a finding can be found on the Finding detail side drawer, which appears when clicking the row of a finding seen in the Findings tab of a report or client. If the finding was created in PlexTrac, a value of plextrac
exists. If the finding was imported, the source of that file or integration is also recorded.
The finding ID can be found on the Finding detail side drawer, which appears when clicking the row of a finding in the Findings tab of a report or client. The finding ID is generated by importing it from the source tool or dynamically by PlexTrac when the finding is created.
Every finding in a PlexTrac report must have a unique finding title.
When importing findings from two scans into the same report, only additional findings from the second scan and any assets tied to existing findings are imported, even if duplicates exist.
When two findings with the same title are created in two different reports for the same client, they are displayed on the Findings tab in the Clients module, as they each receive a unique finding ID.
The finding reported date is when the finding was added to the report. This value is displayed under the "Date Reported" column from the Findings tab. This value can be modified through the "Actions" button when selecting one or more findings.
PlexTrac provides a downloadable CSV file that can be used as a template for uploading findings offline and later using the Add Findings button within the Findings tab of a report.
To download the template, click the file below:
The file has the required fields prepopulated in the CSV file, along with sample values.
Save the file in CSV UTF-8 format to prevent including non-UTF characters that may break the importer.
Step 1: Download the CSV file above.
When importing the file via the Add Findings button in the Findings tab of a report, select the value "CSV" from the pulldown menu.
Step 4: Select the CSV file to upload and click Continue.
Step 5: Add any optional tags or leave them blank. Click Upload.
A message will appear, validating that the file is uploading.
Step 6: Validate that the information was added to the report. When the data has been imported successfully, the screen will display the information without refreshing the page.
The time required to load depends on the amount of data in the CSV file.
The source of the finding will list "CSV" as the value. Below is how the data is displayed in the Finding Detail window using the sample values in the CSV template.
All fields below must appear as column headers when importing the CSV file. All field values must follow the rules defined in the table, or the file may be rejected when imported or require further manual editing within PlexTrac.
Title, description, and severity are required.
The CSV import will accept custom fields, which must be added at the spreadsheet's end after the template's columns.
Row A of the CSV template will be the custom field title, and subsequent row(s) will be the custom field value(s), as entered in the spreadsheet. Add multiple columns and values as needed.
When imported, the custom fields will appear on the Finding Detail page.
The custom fields can be edited or deleted after import via the Custom Fields tab of the finding.
PlexTrac can be integrated with Jira and allow information about findings to be sent to Jira. Visit the for details on setting up Jira.
Step 1: Navigate to the Findings tab of a report.
Step 2: Click the three dots under the "Actions" column of the finding to update.
Step 3: Click Link Jira Ticket.
Step 4: Select the Jira project and issue to associate the finding with. Click Create ticket.
Step 5: The Jira ticket is now listed under "Linked Ticket."
Clicking the linked ticket value will open Jira. If mapped by the Admin, the finding date reported value will appear in Jira as a value for "Start Date."
If set up for two-way data flow in integration mapping, updating the start date in Jira will update PlexTrac the next time synchronization occurs.
Step 1: Navigate to the Findings tab of a report.
Step 2: Click Status under the "Actions" column of the finding used to create a Jira ticket.
Step 3: Click Create Jira Ticket & Link.
Step 4: Select the Jira project and issue to link with. Click Create ticket.
A ticket in Jira is created, and the ticket number is listed under "Linked Ticket" on the Findings tab.
Step 1: Navigate to the Findings tab of a report.
Step 2: Click the three dots under the "Actions" column of the finding linked to a Jira ticket.
Step 3: Click Unlink Jira ticket.
Step 3: A modal appears, confirming the action. Click Ok.
Step 1: Navigate to the Findings tab of a report.
Step 2: Select the desired finding(s) by clicking the check box of the finding row.
Step 3: Hover over the "Actions" button to bring up the pulldown menu and click Create Jira Tickets.
Step 4: Select the Jira project and issue type to which the finding(s) should be assigned. Click Create ticket.
Step 5: A message will confirm that ticket(s) were created, and the linked ticket number will now be displayed for finding on the page.
Clicking the linked ticket value will take you directly to Jira for viewing.
Affected assets are managed from the finding, as opposed to the client. Affected assets contain information about an affected asset and relational metadata about the finding it is tied to.
An affected asset object on a finding will have a subset of fields compared to the client asset with the same ID. Some additional fields make sense when the finding and client asset are viewed together, such as the date the finding started affecting the client asset, the affected ports, location access to vulnerability, vulnerable parameters, and evidence of the affection.
for more information about the affected asset object structure and all the fields and values it might contain.
Step 1: From the Reports module, click the row of the impacted report.
Step 2: Click the Findings tab.
Step 3: Click the row of a finding.
Step 4: If an affected asset(s) exist for this finding, they are listed on the Finding Detail modal.
A parent asset can be accessed directly by clicking the provided link within the table.
Step 5: Click View under the "Actions" column of the affected asset to see more information.
The Asset Detail modal appears with information about the affected asset and a link to any parent, if applicable.
The table view can be customized by clicking the column view icon to the right of the Add assets button.
Once clicked, a modal appears that lists all fields. To remove a column, click X within the bar.
Fields that are required do not have an X available.
When fields are removed, an "Add Column" pulldown menu is added at the bottom left of the modal to store the field. Any removed fields can be added later by clicking Add Column and selecting the field to add.
This modal represents the sequence of fields provided in the table, meaning the bar on top will be the column on the table's far left.
The order of columns can be adjusted within this modal by clicking the six dots on the left of the bar for a field and dragging the bar to the desired sequence place.
Click Save when finished.
Step 1: From the Reports module, click the impacted report.
Step 2: Click the Findings tab.
Step 3: Click Edit of the finding the affected asset is being added to.
Step 4: Click the Affected Assets tab.
Step 5: Click the Add Assets button and select Create new asset.
Step 6: Enter information about the affected asset in the appropriate fields within the Asset Information tab.
Step 7: Click the Affected Areas tab. Enter information about the following:
Affected Ports: Network ports vulnerable to a security exploit or attack.
Location/URL: The URL of the affected asset.
Vulnerable Parameters: The inputs or settings in a system or program that an attacker can exploit to compromise the security or integrity of the system. These parameters can include usernames, passwords, API keys, and configuration files.
Notes: A text box for any additional information to provide context on the affected asset.
Step 8: Click the Evidence tab. This tab contains two text fields (title and description) per item but as many items of evidence can be added as needed. Evidence represents when or how the affected asset was found, and often is the scanner output from the scanning process.
Step 9: Click Save.
The asset is now listed in the Affected Assets tab of the finding.
Step 1: From the Affected Assets tab of a finding, click Edit under the "Actions" menu.
Step 2: Edit or add information as desired and click Save.
Step 1: From the Affected Assets tab of a finding, click Remove under the "Actions" menu.
A modal appears, confirming the deletion. Click Remove.
Assets already in PlexTrac can also be added as an affected asset for a finding.
Step 1: From the Affected Assets tab of a finding, click the Add Assets button and select Add existing assets from the pulldown menu.
Step 2: Choose the asset(s) from the pulldown menu and click Save.
Step 1: From the Affected Assets tab of a finding, click the Add Assets button and select Import assets from the pulldown menu.
Step 2: Drag a file into the modal or click the box to navigate to the file on the computer.
Step 3: Click Import.
A message will appear confirming import.
The asset(s) are now listed in the Affected Assets tab.
Step 1: From the Affected Assets tab of a finding, click the Add Assets button and select Bulk paste from the pulldown menu.
Step 2: Enter the assets into the box by separating each value with a comma. PlexTrac will parse the assets and add them to the finding. URLs with paths (ex., www.plextrac.com/test/) will be separated into parent and child assets. Click Next.
Step 3: Asset, ports, and child asset values are dynamically assigned. Review and uncheck the box next to any new assets that should not be added. Click Next.
Step 4: Add any desired optional tags. Tags will be assigned to all added assets. Existing assets will retain current tags. Click Add X assets.
The new assets are displayed in the Affected Assets tab of the findings.
Step 1: From the Affected Assets tab of a finding, click the box in the header row to the left of "Asset."
Step 2: The "Actions" button appears with the following options:
Add affected location/url
Add affected ports
Delete
Click the desired task from the pulldown menu and continue reading for additional details on each action.
A modal will appear with a field to enter a URL. The query parameters will be parsed out into the inputs provided. Click Add Parameter to include vulnerable parameters. Click Save when finished.
The new value appears on the Affected Assets tab under the "Location/URL" column.
A modal will appear with a field to enter any affected ports. Click Add Port to repeat the process as needed. Click Save when done.
The new values will appear under the appropriate columns on the Affected Assets tab.
A modal will appear, asking for confirmation of the action. Click Delete Assets.
Exported PTRAC files (.ptrac) can be imported into PlexTrac for cross-team collaboration. For instance, a red team from one tenant can share with a blue team client with its own PlexTrac instance.
Reports can be imported either in the Client module or the Reports module. The instructions below are specific to the Reports module and assume the user has an exporting report in PTRAC format.
Admins can configure the options to import files via the Admin Dashboard on the "Role Based Access" page. To accomplish this, select a custom role and click the "Ability to export reports" button. A dialog box will appear with options to turn on/off the ability to import reports, along with the ability to configure importing a PTRAC file.
Step 1: From the Reports module home page, click Import Report.
Step 2: Select the client the report will be associated with from the pulldown menu on the modal.
Step 3: Drag the .ptrac file to the box provided or click the box and navigate to the file on the computer.
Step 4: Click Submit.
A progress bar will indicate the status; the upload may take a minute or two.
When completed successfully, a confirmation message will appear.
is a repository for all PlexTrac writeups. It categorizes, associates them with use cases, and facilitates reuse. By structuring and refining findings, writeups can be used in other deliverables, such as a report.
Once a writeup becomes a finding, it is a standalone object that is not impacted if the source writeup or repository is deleted or the same writeup added to another report is edited or deleted.
Step 1: From the Reports module, click the report row or Readout under the "Actions" column.
Step 2: Click the Findings tab.
Step 3: Click Add Findings, then select From WriteupsDB from the pulldown menu.
Step 4: Search or use the provided filters to find the desired writeups to add, then click the box to select them.
Selected writeups to be added are shown in the column on the far right.
Step 5: Click Add X Writeups at the bottom of the page.
A confirmation message will briefly appear, and the writeups are added to the report and listed on the Findings tab.
After creating a priority, findings and assets can be associated with the Priorities module.
Findings and assets can also be linked to a priority from the Clients module using bulk actions.
Step 1: From the Priorities module home page, click the row or View under the "Actions" column of the priority to update.
Step 2: Click the Findings tab.
Step 3: Click Link Findings.
Step 4: Use the filters on the left nav bar to reduce the list.
Step 5: Select the findings to link. Click Continue with X findings.
Step 6: Select any affected assets to link. Use the assets filters to narrow the search results. Click Link affected asset or Continue without assets.
The user is returned to the Findings tab page. A notification will appear confirming the action, and the page will refresh with the recently added findings.
Any affected assets added will be displayed on the Assets tab.
Step 1: From the Priorities module home page, click the row or View under the "Actions" column of the priority to update.
Step 2: Click the Assets tab.
Step 3: Click Link Assets.
Step 4: Use the filters so that the list only shows assets relevant to the priority.
Step 5: Select the assets to link. Click Continue with X assets.
Step 6: Select any associated findings to link. Use the findings filters to narrow the search results. Click Link x associated findings or Continue without findings.
The user is returned to the Assets tab page. A notification will appear confirming the action, and the page will refresh with the recently added assets appearing.
Findings and assets included in a priority can be removed individually or via bulk actions. Any removed findings or assets from a priority will remain in their existing reports and not be deleted from PlexTrac.
Any assets associated with a finding will remain in the priority after the finding is unlinked, and any findings added via its association with an asset will remain after an asset is unlinked.
Step 1: Click the Findings tab from the priority details page.
Step 2a: Click the meatballs menu of the priority and click Unlink finding from priority.
Step 2b: Select multiple findings, click the Actions button, and click Unlink findings from priority.
Step 3: A dialog box will appear asking for confirmation. Click Unlink.
Step 1: Click the Assets tab from the priority details page.
Step 2a: Click the meatballs menu of the priority and click Unlink asset from priority.
Step 2b: Select multiple findings, click the Actions button, and click Unlink assets from priority.
Step 3: A dialog box will appear asking for confirmation. Click Unlink.
If a user has manually highlighted RTF content, additional options are provided, allowing the user to approve only the selected content.
More information on specific tools, such as field mappings, can be found on the
The short code value must exist and be set by an admin as a "Report Custom Field" for Source. If not, contact the admin to add the short code via Admin Dashboard>"Tenant Settings">Short Codes.
For example, will pull in the Nessus plugin ID
as the PlexTrac Finding ID
.
Step 2: Remove the sample values and populate the fields with desired values. A and is below.
Step 3: .
Assets can be imported using a PlexTrac CSV Asset import template. to download the template and enter asset data to import.
Any subdirectories listed for an asset's domain will be loaded as its asset and considered a 'child' in relation to the 'parent' domain. This relationship will be tracked and maintained within PlexTrac. For example, www.plextrac.com/home will become two assets, with /home a child to www.plextrac.com.
title
title
This is a required field.
severity
severity
This is a required field. The severity value must be one of the following (not case-sensitive): Informational, Low, Medium, High, Critical If no value is provided in CSV, a value of "Informational" will be assigned.
status
status
Value must be one of the following: Open, Closed, In Process
description
description
This is a required field.
recommendations
recommendations
This is the findings recommendations.
references
references
This field accepts multiple values delimited with a comma.
For example: "Item 1, Item 2, Item 3" NOTE: Do not use commas if providing complete sentences, as any comma will result in a para break. Periods do not trigger a para break.
assets
affected_assets
This field accepts multiple values delimited with a comma.
For example: "Item 1, Item 2, Item 3"
tags
tags
This field accepts multiple values delimited with a comma.
For example: "Item 1, Item 2, Item 3"
riskScore
cvss_temporal
This is the CVSS 3.0 score. Example value: "5.5"
common identifiers
cwe
This field requires a format of CWE prefix + a two-to-four digit number. Example value: "CWE-772"
common identifiers
cve
This field requires a format of CVE prefix + Year + arbitrary digits. Example value: "CVE-2018-54321"
field: category
This column must exist in the CSV and is imported as a custom field.
label
category
The column header must be "category".
value
category value
This is the value entered for the category.
Imports to a single report
Imports to multiple reports
Request is processed on the backend in less than five minutes
Each finding is processed individually and can take up to several hours*
Must order CSV columns to match template schema exactly
CSV columns are mapped to findings on a finding and sequence is not relevant
Imports to select finding fields only
Imports to all finding and asset fields
Does not import client and report information
Imports client and report information
Findings are associated with metadata and labels that provide status and current standing. Visual cues using color in the platform also identify specific finding status states.
Findings can be in draft or published mode, and this status is provided visually within the Findings tab.
Findings in draft mode have an orange background row color and a dot next to the title. The published findings have a white background row color with no dot.
Analyst user roles cannot view draft findings, so publishing the finding before publishing a report allows other user roles within PlexTrac to see critical issues the client needs to address immediately without requiring the report to be completed.
Step 1: Navigate to the desired finding and click Edit under the "Actions" column.
Step 2: Update the finding status by clicking the toggle button to the desired state. Changes are autosaved.
Step 1: From the Findings tab, select one or more findings. An Actions button will appear.
Step 2: Click the Actions button and click Set Published Status.
Step 3: Toggle the publish status and click Save.
A finding can either be Open
, In Process
, or Closed
. That status is displayed on the Findings tab.
Click here for the business rules on a question in an assessment that is assigned a status as a finding after the assessment is submitted.
Findings may also have a sub-status value. These do not exist unless added by an admin. Once added, they will be available to associate with a finding but are optional.
The Sub Status column is available when viewing findings in a report. It does not exist when viewing findings for a client.
Step 1: From the Findings tab, click the status button of the finding to change.
Step 2: Click Add Update.
Step 3: The "Add Update" model appears with any previously populated values. Use the pulldown menus to update Status, Sub-Status, and Assigned to values. Enter any optional comments to provide context.
Click Save.
The changes are reflected in the log notes of the finding status tracker, which can be viewed at any time by clicking the finding status label.
Step 1: From the Findings tab, select one or more findings. An Actions button will appear.
Step 2: Click the Actions button and click Assign/Update Status.
Step 3: The "Add Update" modal appears with any previously entered values. Use the pulldown menus to update Status, Sub-Status, and Assigned to. Enter any optional comments to provide context.
Click Save.
The changes are added to the selected findings.
The Common Vulnerability Scoring System (CVSS) is an industry benchmark for evaluating the seriousness of identified vulnerabilities. It calculates a CVSS score by considering three metric categories (base, temporal, and environmental) encompassing various aspects of a vulnerability's impact and ability to persist in different contexts.
PlexTrac allows users to input or adjust scores when generating or revising findings, facilitating precise vulnerability assessment.
CVSS is owned by FIRST and used with permission. This calculator is based on FIRST CVSS documentation.
Step 1: From the Findings tab, click Edit under the "Actions" column of the finding to modify.
Step 2: On the Finding Details tab, select the applicable standard from the Score type pulldown menu (information specifically on CVSS v3.1 and CVSS v4.0 is located further below). If not using CVSS, click General.
Step 3: Enter values in the provided fields.
The score information for that finding is now displayed on the Finding Detail page.
PlexTrac has a built-in calculator that generates a CVSS score based on selected input values. It also generates a CVSS vector and assigns severity to a finding based on the information selected and calculated score.
Users can create a value by clicking through the provided calculator, typing in a vector, or combining both actions.
The calculator is available when CVSS v3.1
or CVSS v4.0
is selected from the "Score type" field.
If the value in the Severity field is manually changed at any point after a CVSSv3.1 score has been created, a warning message will appear:
If the score is already known, it can be entered in the "Score" field, and the finding's severity will update to match the score.
If the CVSS vector is known, entering the value in the "Vectore" field will dynamically set the finding severity.
Step 1: In the "Score type" field, select CVSS v3.1
or CVSS v4.0
, then click Calculate Score.
Step 2: To create a vector, select values by clicking the fields provided. All values must be entered.
The metrics available to configure differ depending on the score type selected.
After entering a value for all fields, a severity score, severity value, and vector value are populated.
Validation is performed on multiple fields to ensure accurate score and severity using vector string and record, which must be kept in sync.
The calculator updates the vector record string when a field is clicked. However, the string is displayed only when all base values are selected. The option to save will appear afterward.
When the vector string has changed, the string is then validated. If the string is valid, the record and selected values are updated in the calculator modal. If not, a warning message is displayed, and the save button is disabled.
Step 3: For more advanced scoring options, expand "Show temporal and environmental scoring."
Additional fields specific to the score type will be displayed for editing.
Step 5: When finished, scroll to the bottom of the modal and click Save. The severity, score, and vector are populated in the appropriate fields on the Findings Details tab.
CVSS 3.1 scores can also be viewed on the Findings tab of a report or client if that field has been configured to appear in the table.
PlexTrac reports can be shared between tenants to enable cross-team collaboration through importing and exporting.
For example, an external red team of one tenant may want to export a report and share it with an internal blue team client that manages its instance of PlexTrac.
The following export file options exist for reports:
Portable Document Format (.pdf): While a .pdf file is not easily editable, it offers a reliable way to share and distribute documents while maintaining original formatting and visual integrity.
Microsoft Word (.doc): A .doc file can contain various elements and formatting options, such as font styles, sizes, and colors. It supports rich text formatting, allowing users to customize the appearance of their documents.
Markdown (.md): Markdown is a lightweight markup language that allows authoring in plain text that is then converted into formatted content using plain text characters to denote elements like headings, lists, emphasis (bold or italic), links, images, code blocks, etc.
Comma-separated values (.csv): A .csv file is a plain text file format commonly used for storing and exchanging tabular data that allows data to be organized in rows and columns, similar to a spreadsheet. Each line typically represents a row of data, and commas separate the values within the row. Each value corresponds to a specific column, allowing the data to be structured in a tabular format.
Extensible Markup Language (.xml): An .xml file is a plain text file that uses tags to define elements and their hierarchical relationships.
PlexTrac/JSON (.ptrac): A .ptrac file provides more structure and ability to maintain relational data similar to JSON and XML than a CSV. Images are stored using Base64, a binary-to-text encoding scheme representing binary data as a sequence of ASCII characters.
Comments made within a report are not exported, and images with a border larger than 6 points may not export correctly.
Admins can configure the options users see in the platform via the Admin Dashboard on the "Role Based Access" page. To accomplish this, select a custom role and click the "Ability to export reports" button.
A dialog box will appear with options to turn on/off the ability to export reports, along with the ability to configure via file type.
Step 1: From the Clients module, click the desired row or click Reports under the "Actions" column.
Step 2: Click the row of the report to export.
Step 3: The page defaults to the Findings tab of the report. Click Export report at the top right of the page.
Step 4: Select the desired format from the pulldown menu.
Options available depend on whether a specific export template is associated with the report.
The file download to the local system begins processing.
If an error exists, a message providing more information will appear.
The Metrics tab in the Priorities module provides a comprehensive overview and management system for priorities. It aims to give security teams a centralized place to track priority remediation efforts and related findings and assets.
Users have the ability to filter by various criteria, utilize charts for in-depth analysis, and gain insights into top findings, asset tags, and severity breakdowns.
This page is available by clicking Metrics from the Priorities home page.
The page is divided into multiple sections to help users quickly navigate and access the information. The modular layout ensures that each topic is self-contained, allowing users to find relevant details more efficiently.
The fields displayed in a graph can be modified by clicking the field name above the chart to delete it. Once removed, the field is shown in grey.
Although the field is removed for display purposes, it does not change the overall calculation of the metrics.
Click a field that is greyed out to add it back.
Some graphics provide more details by hovering over the image with the cursor.
Clicking results (when available) within a graphic will launch a side drawer with more information about the priorities being referenced.
This section enables filtering of priority metrics displayed to the client by date range, severity, owner, tags, and status.
The URLs within the Metrics tab will contain the filters used and shared with other users.
This section displays key priority metrics.
Click a box to view more detailed information about each metric (all boxes will open a side drawer except the "Percentage of linked findings to priorities" box).
Clicking the priority listed in the side drawer will open the Priority Detail side drawer for further investigation.
This box provides a bar or pie chart of priorities by status and score. Toggle between the two views by clicking the desired option in the upper right-hand corner.
This box provides a bar or pie chart of priorities by status and the score based on the formula Likelihood x Impact
(for example, 6 x 8 = 48). Toggle between the two views by clicking the desired option in the upper right-hand corner.
This box provides a bar chart of the owner's priority status to better understand resource allocation. If no owner is assigned, the value "No priority owner" is leveraged.
The box has an embedded scroll bar when applicable.
This box provides a bar chart of priority status by treatment owner to better understand resource allocation. The value "No treatment owner" is leveraged if no owner is assigned.
The box has an embedded scroll bar when applicable.
This box provides a bar or pie chart of findings in priorities by tag and severity. Toggle between the two views by clicking the desired option in the upper right-hand corner.
The box has an embedded scroll bar when applicable.
This box provides a bar or pie chart of asset priorities by tag and criticality. Toggle between the two views by clicking the desired option in the upper right-hand corner.
The box has an embedded scroll bar when applicable.
Users can view and access all priorities related to their tenancy on the Priorities home page. This view provides options for sorting and filtering on multiple fields.
Clicking the priority row or View under a priority's "Actions" column directs users to the priority Details summary page, including additional tabs for Findings and Assets.
The Details tab provides the priority description, recommendation, treatment, and any assigned tags. The column on the right provides additional information about the priority.
This tab displays all findings contained in the priority.
Bulk action options appear after one or more findings are selected on the home page by clicking the checkbox to the far left of the finding title field or by clicking the box next to the column header.
Click Actions to see the list of options.
The table view can be customized by clicking the column view icon to the right of the search bar.
Once clicked, a modal appears that lists all fields. To remove a column, click X within the bar.
Fields that are required do not have an X available.
When fields are removed, an "Add Column" pulldown menu is added at the bottom left of the modal to store the field. Any removed fields can be added later by clicking Add Column and selecting the field to add.
This modal represents the sequence of fields provided in the table, meaning the bar on top will be the column on the table's far left.
The order of columns can be adjusted within this modal by clicking the six dots on the left of the bar for a field and dragging the bar to the desired sequence place.
Click Save when finished.
This tab displays all assets contained in the priority.
Bulk action options appear after one or more findings are selected on the home page by clicking the checkbox to the far left of the finding title field or by clicking the box next to the column header.
Click Actions to see the list of options.
The table view can be customized by clicking the column view icon to the right of the search bar.
Once clicked, a modal appears that lists all fields. To remove a column, click X within the bar.
Fields that are required do not have an X available.
When fields are removed, an "Add Column" pulldown menu is added at the bottom left of the modal to store the field. Any removed fields can be added later by clicking Add Column and selecting the field to add.
This modal represents the sequence of fields provided in the table, meaning the bar on top will be the column on the table's far left.
The order of columns can be adjusted within this modal by clicking the six dots on the left of the bar for a field and dragging the bar to the desired sequence place.
Click Save when finished.
Admins do additional setup and configuration in the Admin Dashboard.
It is recommended to read the admin settings documentation before using priorities to understand the impact each setting has on the experience.
Priorities can be set at the tenant or client levels and configured under "General Settings" of the Admin Dashboard.
PlexTrac allows admins to leverage a priority score equation instead of the manual approach of setting a score based on likelihood and impact. Equations can be enabled and customized under the "Automations" section of the Admin Dashboard.
The priority score can be viewed under the progress bar on the Details tab of a priority.
The equation's name and formula are listed if contextual scoring is enabled.
In the Content Library, three types of repositories exist:
Open Repository: Open repositories are available to anyone with repository access. Users with permission can view and edit the content within this repository. Open repositories are designed to be easily accessible and collaborative, enabling users to contribute and modify content freely. They function as a shared space.
Managed Repository: Managed repositories are accessible to anyone with repository access, allowing them to view the repository content. Editors must be added manually. Managed repositories are suitable for creating shared spaces where multiple users can access and utilize the content but have limited editing capabilities.
Private Repository: Private repositories are the most restricted. Only added users with specific permissions can view and edit the content within private repositories. Private repositories are ideal for in-process documents or content that should only be accessible to select individuals.
Users' level of access and editing permissions should be considered when selecting a repository type.
Managed repositories allow for broader access with limited editing capabilities, private repositories restrict access to authorized individuals, and open repositories provide an open and collaborative environment for content sharing and editing.
Definition: A “Dropbox” to which any user with feature-level access may contribute content.
Default behavior: None
Recommended Use: To enable all users to contribute without restriction.
Definition: Users can view, but only those added to a given repository as an editor and have an RBAC of MANAGE_{content}_REPOSITORIES
under Content Library permissions may add or edit content.
Default behavior: View-only access unless an editor is added to enable modification of content or the user has appropriate RBAC permissions.
Recommended Use: To restrict edit access to qualified individuals (copy editors) within a defined set of narrative sections. This is ideal for teams working on various projects who want to maintain their versions of narrative sections and small to mid-size teams that don’t need to restrict access to use but want to limit curation to leadership.
Definition: A repository to store narrative sections is unavailable unless a user is explicitly given read and edit permissions.
Default behavior: Users may view only (Viewer) or edit (Editor).
Recommended Use: This is a place to copy manually created sections that may contain client-specific data that needs to be sanitized, a place to work on drafts for new narrative sections not ready for general use, or a place to store final narrative sections not available for general use.
The progress meter for a priority can be viewed on the Priorities home page (if configured) or the Details tab of a priority.
The value displays 0% when the priority is created. Progress is updated manually. To edit the progress value, perform the following steps:
Step 1: Click Update progress from the Details tab of a priority.
Step 2: Select the desired value on the scale with the cursor in increments of ten.
Step 3: Click Update.
The updated value now appears on the page.
The priority score is viewed on the Priorities home page and the Details tab of a priority.
It can be updated by clicking Update Score under the meatballs menu.
The priority status is viewed on the Priorities home page and the Details tab of a priority.
Status can be updated via bulk actions, but to update for one priority, perform the following steps:
Step 1: Click the priority status flag on the Priorities home page (or click the priority status flag displayed on the Details page).
Step 2: Select the desired status indicator from the pulldown menu.
Step 3: Click Update status.
A notification confirms the action.
Existing priorities can be updated in two ways:
Step 1a: From the Priorities home page, click Edit priority under the meatballs menu.
Step 1b: From the Details tab of a priority, click Edit Priority.
All fields available when the priority was created can now be edited.
Step 2: Click Save when finished.
Bulk action options appear after one or more priorities are selected by clicking the checkbox to the far left of the Priority title field or by clicking the box next to the column header.
Click Actions to see the list of options.
The NarrativesDB home page consists of two tabs:
Repositories: A centralized location where all sections can be stored and managed.
Sections: A dedicated space to create reusable content for narrative sections within a report.
PlexTrac provides a sample narratives repository containing six sample narrative sections to demonstrate how content reuse might exist.
The sample repository is an Open repository that cannot be deleted but can be modified.
Sections are containers that contain a title, body, and tags. They are reusable in reports and are stored in this tab.
The table view can be customized by clicking the column view icon to the right of the search bar.
Once clicked, a modal appears that lists all fields. To remove a column, click X within the bar.
Fields that are required do not have an X available.
When fields are removed, an "Add Column" pulldown menu is added at the bottom left of the modal to store the field. Any removed fields can be added later by clicking Add Column and selecting the field to add.
This modal represents the sequence of fields provided in the table, meaning the bar on top will be the column on the table's far left.
The order of columns can be adjusted within this modal by clicking the six dots on the left of the bar for a field and dragging the bar to the desired sequence place.
Click Save when finished.
NarrativesDB is a repository that houses all of the narrative sections within PlexTrac. Its primary purpose is facilitating categorization, association with defined use cases, and reusability.
Users access by clicking Content Library in the application's main menu and then clicking NarrativesDB.
Reports use narratives to provide context, clarify complex information, and improve comprehension. These narratives also serve as persuasive tools, influencing opinions and motivating action through storytelling. By placing data and facts into real-life contexts, narratives help audiences understand the relevance of information, making them a versatile and impactful tool. As a result, narratives are a valuable asset in reports and promote effective communication.
NarrativesDB enables users to create and manage this messaging, freeing up time for problem-solving.
For example, instead of initiating each report from scratch and composing a unique narrative every time, organizations have the flexibility to create simple sections that serve as a starting point. These sections can be reused or further enhanced to align with the specific needs of each report, providing a time-saving and efficient solution for report generation.
Step 1: From the Repositories tab of the NarrativesDB module, click New Repository.
Step 2: Enter information in the fields (a red asterisk marks required fields), select the desired security access for the repository, and click Create.
The Section ID Prefix value informs the future relationship of all sections created within the repository to a specific repository. Once assigned to a particular repository with the prefix, sections will automatically increment as they are added.
The new repository is now listed on the Repositories tab.
Admins can modify the repository name, prefix, description and access setting.
Step 1: From the Repositories tab of the NarrativesDB home page, click the card of the repository to modify.
Step 2: Click Repository Settings.
Step 3: Click Update.
Step 1: From the Repositories tab of the NarrativesDB module, click the three dots in a repository card and click Copy Repository.
Step 2: Update the repository name, add a section ID, and validate access permissions. Click Copy.
The new repository is created and listed on the Repositories tab.
This action will permanently delete the repository and all its sections for all users.
Admins can delete a repository in two ways:
Click the three dots in a repository card from the NarrativesDB home page, then click Delete Retory.
or
Go to the repository settings and click Delete Repository.
The table view can be customized by clicking the column view icon to the right of the search bar.
Once clicked, a modal appears that lists all fields. To remove a column, click X within the bar.
Fields that are required do not have an X available.
When fields are removed, an "Add Column" pulldown menu is added at the bottom left of the modal to store the field. Any removed fields can be added later by clicking Add Column and selecting the field to add.
This modal represents the sequence of fields provided in the table, meaning the bar on top will be the column on the table's far left.
The order of columns can be adjusted within this modal by clicking the six dots on the left of the bar for a field and dragging the bar to the desired sequence place.
Click Save when finished.
NarrativesDB comes with six sections that are part of the sample repository. These sections can be modified, copied to another repository, or deleted.
Narrative sections can be created/edited but not copied from an external source. They can be added to a report from NarrativesDB but not from a report to NarrativesDB.
Step 1: From the Repositories tab of the NarrativesDB module, click Sections.
Step 2: Navigate to the desired section to update and click Edit.
Step 3: Make desired edits to the section. Click Close when finished.
All changes are saved dynamically.
Step 1: From the Repositories tab of the NarrativesDB module, click Sections.
Step 2: Navigate to the desired section to update and click Copy To.
Step 3: Select the repository to copy the section from the pulldown menu.
Step 4: Click Copy.
A notification confirms the action was successful, and the copied section now appears in the new repository.
Completing this task permanently deletes the section and cannot be undone.
Step 1: From the Repositories tab of the NarrativesDB module, click Sections.
Step 2: Click the three dots under the "Actions" column, then click Delete.
Step 3: A modal will appear, confirming the action. Click Delete Section.
When editing multiple sections, PlexTrac offers bulk action capabilities. Bulk actions provide several advantages, including time-saving and increased efficiency by processing numerous items simultaneously.
Bulk action options appear after selecting one or more sections by clicking the checkbox or the box next to the column header.
Click Actions to see the list of options available.
The table view can be customized by clicking the column view icon to the right of the search bar.
Once clicked, a modal appears that lists all fields. To remove a column, click X within the bar.
Fields that are required do not have an X available.
When fields are removed, an "Add Column" pulldown menu is added at the bottom left of the modal to store the field. Any removed fields can be added later by clicking Add Column and selecting the field to add.
This modal also represents the sequence of fields provided in the table, meaning the bar on top will be the column on the table's far left.
The order of columns can be adjusted within this modal by clicking the six dots on the left of the bar for a field and dragging the bar to the desired sequence place.
Click Save when finished.
WriteupsDB serves as a central repository for all the writeups available in PlexTrac. Its purpose is to categorize, associate them with specific use cases, and facilitate reuse. By structuring and refining the findings, writeups can be seamlessly incorporated into other deliverables, such as a report.
Users access by clicking Content Library in the application's main menu and then clicking WriteupsDB.
WriteupsDB serves as a valuable tool for tracking and organizing vulnerability information. Benefits of WriteupsDB include:
Enhanced Organization and Access: WriteupsDB provides a centralized database where items can be added or imported, making it effortless to organize and access information related to vulnerabilities. This centralized approach improves efficiency and streamlines tracking and documenting vulnerabilities.
Improved Permissions and Segregation: With the introduction of repositories, PlexTrac offers improved permissions and segregation capabilities. Instead of managing writeups as a list, users can create repositories to categorize and segregate writeups based on different contexts, such as incident response or vulnerability management. This feature ensures that the right users have the appropriate level of access in their specific domains and can work without interference from unrelated teams.
Standardization and Collaboration: WriteupsDB enables the standardization of vulnerability documentation by encouraging and reusing templates. This ensures consistency in the format and language, making it easier for stakeholders to understand and analyze vulnerabilities. The platform also supports collaboration, allowing multiple users to work on writeups simultaneously and facilitating peer reviews for improved quality and accuracy.
Writeups can be copied within the WriteupsDB module or from a finding within a report.
Step 1: Within a report, click the Findings tab.
Step 2: Find the finding to copy. Click the meatballs menu (three dots) under "Actions" and click Copy to WriteupsDB.
Step 3: Select the repository from the pulldown menu and click Copy.
Finding details unique to this report will also be copied; be sure to remove any sensitive information.
Step 1: From the WriteupsDB module, go to the writeup to copy and click Copy To under the "Actions" column.
Step 2: Select the destination repository from the pulldown menu and click Copy.
Step 1: From a report, click the Findings tab.
Step 2: Click Add Findings and select "From WriteupsDB" from the pulldown menu.
Step 3: Search or use the provided pulldown filters to display the desired writeups(s) to add.
Step 4: Click the box next to the writeup(s) to add. Selected writeups will appear on the right in the "TO BE ADDED TO REPORT" column. Click Add X Writeups.
Click the box next to "Writeups" in the table header to add all available writeups.
The selected writeups now appear on the Findings tab of the report.
Once a writeup becomes a finding, it is a standalone object that is not impacted if the source writeup or repository is deleted or the same writeup added to another report is edited or deleted.
To add all available writeups (or start with all writeups selected to begin with and then uncheck those not desired), click the box next to "Writeups" in the table header below the search bar.
If the repository is not an "Open" type repository, admins have the option of managing users by clicking Users & Permissions.
Step 1: From the Repositories tab of the NarrativesDB home page, click the card of the repository to modify.
Step 2: Click Users & Permissions.
Step 3: Click Add User.
Step 4: Type in the user from the pulldown menu and select the permission. Repeat as necessary. Click Add X Users.
Step 5: Edit the permission or delete a user, if needed. Click Done.
Step 1: From the Repositories tab of the NarrativesDB home page, click the card of the repository to modify.
Step 2: Click Users & Permissions.
Step 3: Identify the user to remove and click the X in that row.
Step 4: Click Done.
The WriteUpsDB module has two tabs:
Repositories: Displays all writeup repositories that exist in a tenancy. A repository can be Open, Managed, or Private.
Writeups: Displays all writeups in various repositories, including those created manually and imported.
By default, PlexTrac provides a default repository container to contain any existing writeups. This repository can be renamed, modified, and deleted.
Once added, any extra repositories will be displayed on the page alphabetically according to their title.
Each repository card provides the following information:
Repository Title
Repository Type: Open, Managed, or Private
Meatballs Menu: options to copy or delete the repository
Repository Description
Number of contained writeups
Number of added users
Click the Writeups tab to view all writeups for a tenancy. This view will display useful information such as the writeup ID, parent repository, writeup severity, source, assigned tags, and the ability to edit, copy, or delete any selected writeup.
When editing multiple reports, PlexTrac offers bulk action capabilities. Bulk actions provide several advantages, including time-saving and increased efficiency by processing numerous items simultaneously.
Bulk action options appear after one or more writeups are selected by clicking the checkbox to the far left of the Title field or by clicking the box next to the column header.
Click Actions to see the list of options.
The table view can be customized by clicking the column view icon to the right of the search bar.
Once clicked, a modal appears that lists all fields. To remove a column, click X within the bar.
Fields that are required do not have an X available.
When fields are removed, an "Add Column" pulldown menu is added at the bottom left of the modal to store the field. Any removed fields can be added later by clicking Add Column and selecting the field to add.
This modal represents the sequence of fields provided in the table, meaning the bar on top will be the column on the table's far left.
The order of columns can be adjusted within this modal by clicking the six dots on the left of the bar for a field and dragging the bar to the desired sequence place.
Click Save when finished.
If the repository is not an "Open" type repository, admins have the option of managing users by clicking Users & Permissions.
Step 1: From the Repositories tab of the WriteupsDB home page, click the card of the repository to modify.
Step 2: Click Users & Permissions.
Step 3: Click Add User.
Step 4: Type in the user from the pulldown menu and select the permission. Repeat as necessary. Click Add X Users.
Step 5: Edit the permission or delete a user, if needed. Click Done.
Step 1: From the WriteupsDB home page, select the desired repository card and click Users & Permissions.
Step 2: Select the user to modify and change permissions from the pulldown menu.
Step 3: When finished, click Done.
Step 1: From the WriteupsDB home page, select the desired repository card and click Users & Permissions.
Step 2: Select the user to remove and click the X in that row.
Step 3: When finished, click Done.
The process of creating a writeup is similar to that of creating a finding.
Step 1: From the WriteupsDB home page, click the Writeups tab.
Step 2: Click New Writeup.
Step 3: A modal will appear with the option to start from default finding fields or use a custom findings layout. Choose an option and click Start.
Step 4: Enter the information in the provided fields on the "Create New Writeup" page. Required fields are denoted with a red asterisk.
Visit the Creating a Finding page for documentation on the fields referenced below.
New sections for the writeup can be added by clicking Add Field at the bottom of the page. There is no limit to the number of new sections. Any section can be deleted by clicking the Remove button.
Step 5: Scroll back to the top of the page and click Close. All changes are autosaved.
A repository is a versatile tool for managing writeups. It organizes content into structured categories, allowing for efficient reuse across reports. Repositories grant varying access permissions, enhancing collaboration and control.
Step 1: From the WriteupsDB module home page, click the repository card to update.
Step 2: Click Repository Settings.
If the repository is not configured as an "Open" type repository, admins will see the Users & Permissions link.
All fields that existed when creating the repository are available for editing, with an additional button to delete the repository.
Step 3: Click Submit when finished.
Step 1: From the Repositories tab of the WriteupsDB module, click the meatballs menu found on the repository card.
Step 2: Click Copy Repository.
Step 3: Change the repository name, add a section ID, update the description as needed, and validate access permissions. Click Save.
The new repository is created and listed on the Repositories tab.
This action will delete the repository and all its writeups for all users.
A repository can be deleted in two ways:
A warning message will appear asking for validation. Click Delete to continue.
The table view can be customized by clicking the column view icon to the right of the search bar.
Once clicked, a modal appears that lists all fields. To remove a column, click X within the bar.
Fields that are required do not have an X available.
When fields are removed, an "Add Column" pulldown menu is added at the bottom left of the modal to store the field. Any removed fields can be added later by clicking Add Column and selecting the field to add.
This modal represents the sequence of fields provided in the table, meaning the bar on top will be the column on the table's far left.
The order of columns can be adjusted within this modal by clicking the six dots on the left of the bar for a field and dragging the bar to the desired sequence place.
Click Save when finished.
RunbooksDB enables collaborative testing for threat emulation and simulation, known as Purple Teaming. Organizations can create reusable test plans that encompass a set of procedures.
Users access by clicking Content Library in the application's main menu and then clicking RunbooksDB.
Runbooks comprise a particular methodology, a series of tactics, techniques, and procedures collectively known as TTPs. Runbooks are executed and turned into an engagement tied to a specific client. Once the engagement is finished and submitted, it becomes a report.
RunbooksDB offers several benefits:
Standardization: Runbooks provide standardized procedures and workflows for various tasks and processes. This consistency helps ensure that critical steps are not missed during an operation.
Efficiency: By having predefined procedures and automation scripts within runbooks, teams can respond to incidents and complete tasks more efficiently. This reduces the time and effort required for routine operations.
Consistency: Runbooks help maintain consistency in the way tasks are performed. This is crucial in cybersecurity and incident response, as consistent procedures are necessary to identify and mitigate threats effectively.
Training and Onboarding: Runbooks are valuable training materials for new team members. They can use runbooks to learn how to perform various tasks and understand best practices, ensuring a smooth onboarding process.
PlexTrac provides a downloadable CSV file that can be used as a template for entering writeups offline and importing later into WriteupsDB.
Step 1: From the WriteupsDB module, click the Writeups tab.
Step 2: Click Import Writeups.
Step 3: Click Download CSV template file.
The file will be downloaded locally for editing.
Save the CSV template in UTF-8 format to prevent including non-UTF characters that may break the importer.
When importing the CSV file, all fields below must appear as column headers and follow the rules defined in the table. Otherwise, the file may be rejected when imported or require further manual editing within PlexTrac.
Title, description, and severity are required.
Step 1: From the WriteupsDB module, click the Writeups tab.
Step 2: Click Import Writeups.
Step 3: Drag the file into the designated box or navigate to the file on the computer.
Step 4: Click Upload.
When completed, the imported writeups will be displayed within the selected repository.
Step 1: From the Repositories tab of the RunbooksDB module, click New Repository.
Step 2: Enter information in the fields (a red asterisk marks required fields), select the desired security access for the repository, and click Save.
Repository Name: Describes the repository and is displayed on the repository card from the Repositories tab.
Writeup ID Prefix: A three-character value that is unique to this repository. If the prefix already exists, an error message will display after clicking the Create button.
Description: Describes the repository.
Repository Access: Defines what the writeups in this repository.
The new repository now has a card on the Repositories tab.
A procedure is a predefined set of steps and actions that need to be followed to accomplish a specific security-related task or address a particular issue. Procedures are often documented and provide a systematic approach to incident response, patch management, access control, and vulnerability assessment. Procedures help ensure that tasks are executed consistently and comply with security policies.
Step 1: Click the Procedures tab of the RunbooksDB module.
Step 2: Click New Procedure.
Step 3: Fill out the provided fields.
Procedure Title (required): The procedure title should include MITRE technique numbers when applicable (i.e., T1027) with an additional local indicator to distinguish from the official MITRE technique, such as "Obfuscated Files or Information AE-T1027."
Procedure ID (required): The procedure title should include MITRE technique numbers when applicable (i.e., T1027) with an additional local indicator to distinguish from the official MITRE technique, such as "AE-T1027."
RunbooksDB Repository (required): Every procedure must be associated with a RunbooksDB repository, and only repositories that the user can edit appear in the pulldown menu.
Procedure Description (required): A rich-text field to enter any content, images, or tables needed to describe the procedure.
Tags: Enter any tags to help future search and filtering tasks.
Execution Steps (required): A set of steps to achieve specific security-related goals and address potential threats or vulnerabilities. A procedure must have at least one step.
Add Step Success Criteria: Click this to access a rich-text field to provide the success criteria of the previously entered step.
Add Another Execution Step: Click this button to add additional steps.
Step 4: Click Save at the top of the page.
The procedure is now available from the Procedures tab and can be viewed, edited, or deleted from this location.
Click the meatballs menu in the repository card and then click Delete Repository.
Click the repository card, click Repository Settings, and then click Delete Repository, which is found at the bottom of the modal.
Techniques: Click Add Techniques to add existing techniques in RunbooksDB to the procedure. They will then appear on the "New Procedure" page.
title
title
This is a required field.
severity
severity
This is a required field. The severity value must be one of the following (not case-sensitive): "Informational, Low, Medium, High, Critical" If no value is provided in CSV, a value of "Informational" will be assigned.
description
description
This is a required field.
recommendations
recommendations
These are the writeup recommendations.
references
references
This field accepts multiple values delimited with a comma.
For example: "Item 1, Item 2, Item 3" NOTE: Do not use commas if providing complete sentences, as any comma will result in a para break. Periods do not trigger a para break.
tags
tags
This field accepts multiple values delimited with a comma.
For example: "Item 1, Item 2, Item 3"
custom field
The headers will be converted to keys and labels in the writeup after import. As many custom fields can be used as desired. For example, "custom field 1," "custom field 2," etc.
score::cvss3
The value before the double colon is the score; the value after is the vector string (calculation), if provided. For example: "9.8::CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
score::cvss
For example: "9.5"
score::YourLabel
Replace "YourLabel" with the Label of a custom scoring system. The value before the double colon is the score; the value after is the vector string (calculation), if provided. For example: "1000::a+b+c+d"
cves
Separate values with a column. For example: "CVE-1999-0001, CVE-2000-0001"
cwes
Separate values with a column. For example: "CWE-787, CWE-79, CWE-89"
score::cvss3.1
The value before the double colon is the score; the value after is the vector string (calculation), if provided. For example: "3.7::AV:A/AC:H/PR:H/UI:R/S:C/C:N/I:L/A:L"
score::cvss4
The value before the double colon is the score; the value after is the vector string (calculation), if provided. For example: "5.7::AV:L/AC:H/AT:P/PR:L/UI:A/VC:N/VI:L/VA:H/SC:H/SI:L/SA:N"
Step 1: From the WriteupsDB module home page, click New Repository.
Step 2: Fill out the provided fields.
Repository Name: Describes the repository and is displayed on the repository card from the Repositories tab.
Repository Access: Defines what users and roles can access the writeups in this repository.
Step 3: Click Create.
A notification will appear confirming the action, and the repository will appear as a card on the Repositories tab.
Tactics are higher-level categories or strategies used by adversaries to achieve their goals. In the MITRE ATT&CK framework, tactics are broader than techniques and represent the overall objectives of an attack. For example, tactics might include "Execution," "Persistence," "Privilege Escalation," and "Defense Evasion." Tactics encompass a range of techniques that support a specific objective.
Step 1: Click the Tactics tab of the RunbooksDB module.
Step 2: Click New Tactic.
Step 3: Fill out the provided fields.
Tactic Title (required)
Tactic ID (required)
Techniques: Click Add Techniques to bring up a new modal to add techniques to the tactic.
Methodologies: Click Add Methodologies to bring up a new modal to add methodologies to the tactic.
Tactic Description: A rich-text field to enter any content, images, or tables to describe the tactic.
Tags: Enter any tags to help future search and filtering tasks.
Step 4: Click Save.
The tactic is now available from the Tactics tab and can be viewed, edited, or deleted from this location.
Cyber attackers or threat actors use specific methods, tactics, and procedures known as techniques to compromise computer systems, gain unauthorized access, or achieve their malicious objectives. These techniques exploit vulnerabilities and weaknesses in computer systems and networks by adversaries.
Step 1: Click the Techniques tab of the RunbooksDB module.
Step 2: Click New Technique.
Step 3: Fill out the provided fields.
Technique Title (required)
Technique ID (required)
Procedures: Click Add Procedures to bring up a new modal to add procedures to the technique.
Tactic: Click Add Tactics to bring up a new modal to add tactics to the technique.
Technique Description: A rich-text field to enter any content, images, or tables to describe the technique.
Tags: Enter any tags to help future search and filtering tasks.
Step 4: Click Save.
The technique is now available from the Techniques tab and can be viewed, edited, or deleted from this location.
The Findings tab has two containers of information that can be expanded or collapsed:
Findings: an overall view of all findings that the user has access to view and have been published
Findings By Client: a view of findings filtered by the client
Only published findings from reports with a "Published" status are included in the analytics module. In the Admin Dashboard, administrators can default findings to "Published" upon creation.
When filters are selected, the data displayed refreshes, and the active filters are listed at the top of the page.
Search filters allow users to refine and narrow their search results based on specific criteria or parameters.
Analytics filter values and data sets are updated every minute. If a tag or field was updated but did not appear as expected, wait one minute and try again.
A list of all filters and values for the Findings tab exists below:
Client(s)
Client Tags
Date Range
Asset(s)
Asset Tags
Finding Severity: Unchecking a severity will hide any asset with only findings of that severity.
Critical
High
Medium
Low
Informational
Asset Severity
Critical
High
Medium
Low
Informational
Unspecified
Finding Tags
Finding Status
Open
In Process
Closed
Report
Report Tags
Graph View
Assignees: This field only relates to Clients, Client Tags, Finding Tags, Reports, and Report Tags. If other fields are selected, the pulldown menu for Assignees will be blank. Similarly, if a report with no assignees is set, the pulldown menu for Assignees will be empty.
CVE ID
CWE ID
The CVE and CWE filters use an “and” query condition that requires both of the specified search terms or conditions to be present in the results. In other words, the search results must meet all of the specified conditions to be included in the results. For example, if two CVE values are added as a filter, the results will only display findings that contain both values.
The Findings container displays the status, severity, client breakdown, and most critical findings for all tenant findings within defined query parameters and user permissions.
The Findings By Client container breaks down findings per client. Scroll down to see additional clients in the tenant.
More details about a specific finding can be obtained in the "Most Critical Findings" table.
Clicking the row of a finding brings up the finding details modal. From this modal, the user can:
Access the Findings tab of the Report module for further editing by clicking the "Finding ID" value.
Modify the finding status by clicking the "Status" value.
View information on an affected asset by clicking the table row of the asset.
View information on the CVE ID by clicking the link provided (when applicable).
The RunbooksDB home page consists of five tabs:
Repositories: A set of processes that can be reused and have controlled access.
Procedures: A set of steps required to execute a tactic. For example, a procedure for browser extension-based persistence could describe how a malicious extension is injected to maintain persistence.
Techniques: A grouping of procedures. Techniques are added to a tactic for use in an engagement. For example, if a tactic is persistence, a technique could exist for browser extensions.
Tactics: A grouping of techniques. Tactics are added to a methodology for use in a runbook. This usually represents a type of attack, such as persistence or a privilege escalation from the MITRE ATT&CK framework. This can also be a logical grouping or structure for techniques.
Methodologies: A grouping of tactics that are put into a runbook. It contains a title, ID, description, and the series of tactics selected. Tactics can be chosen to apply to the methodology when used as a runbook. This is similar to how the MITRE ATT&CK is broken down, where the methodology represents the framework for TTPs.
PlexTrac provides a container for all instances called "PlexTrac Curated" that contains community-produced procedures on MITRE/CTI.
This repository contains over 1100 MITRE procedures from the ATT&CK matrix that can be leveraged. This repository is available to all users and cannot be deleted.
Once a test plan is imported, another repository called "Import" is created, which contains all procedures that were part of imported test plans.
The default repositories cannot be deleted.
Once added, any additional repositories will be displayed on the page alphabetically according to their title.
Each repository card provides the following information:
Repository Title
Repository Type: Open, Managed, or Private
Meatballs Menu: options to copy or delete the repository
Repository Description
Number of contained procedures
Number of added users
To view all procedures, click the Procedures tab. This view will display useful information such as the procedure ID, repository ID, methodology, repository, source, assigned tags, and the ability to edit or delete a procedure.
To view all techniques, click the Techniques tab. This view will display useful information such as the title, ID, leveraged tactics, and the ability to edit or delete.
To view all tactics, click the Tactics tab. This view will display useful information such as the title, ID, leveraged methodology, and the ability to edit or delete.
To view all methodologies, click the Methodologies tab. This view will display useful information such as the title, ID, and the ability to edit or delete.
This tab only supports the legacy Runbooks V1 solution.
The Runbooks tab allows the ability to view success at remediating issues over time by displaying data from all published runbooks a user has permission to view. It reveals trends to see how blue and red team outcomes change (or not) over time to ensure that blue team success increases as red team success decreases.
Each runbook is separated by a container that can be expanded or collapsed.
Clicking a container for a runbook provides a graphical view of the following information:
Runbook Stats: overviews clients impacted, findings generated, and tactics covered.
Tactics Covered: shows how many procedures in a runbook were created as findings and how effective a security program was at stopping a technique.
Red Team Outcomes: provides a view and percentage breakdown of red team outcomes; moving the cursor around the pie chart provides additional information.
Blue Team Outcomes: provides a view and percentage breakdown of blue team outcomes; moving the cursor around the pie chart provides further information.
Client Engagement Analysis: provides a bar chart graph visual of blue and red team outcomes by date to measure progress over time
When filters are selected, the data displayed refreshes, and the active filters are listed at the top of the page.
Search filters allow users to refine and narrow their search results based on specific criteria or parameters.
Analytics filter values and data sets are updated every minute. If a tag or field was updated but did not appear as expected, wait one minute and try again.
A list of all filters and values for the tab exists below:
Client(s)
Date range (values selected shown in query bar)
Runbooks (values selected shown in query bar)
Methodologies (values selected shown in query bar)
Engagements (values selected shown in query bar)
Engagement Tags
Tactics (values selected shown in query bar)
Red Team Outcome
Success
Partial Success
Failed
Unknown
Blue Team Outcome
Blocked
Alerted
Logged
No Evidence
Included as Finding
True
False
The Assets tab has two containers that can be expanded or collapsed to display all assets that the user has access to view:
Asset findings overview: an overview of all assets
Assets: a table view of assets with sortable headings
Only assets from reports with a "Published" status are included in the analytics module.
Search filters allow users to refine and narrow search results based on specific criteria or parameters.
Analytics filter values and data sets are updated every minute. If a tag or field was updated but did not appear as expected, wait one minute and try again.
A list of all filters and values for the Assets tab exists below:
Client(s)
Client Tags
Asset Types
Asset(s)
Asset Tags
Ports
Finding Severity
Critical
High
Medium
Low
Informational
Asset Severity
Critical
High
Medium
Low
Informational
Unspecified
Finding Tags
Report
Report Tags
Operating System
Data Owner
System Owner
Physical Location
This container graphically displays the number of assets that have findings and provides a breakdown of the severity of findings (for those assets with findings).
This container displays a table that lists the asset name, client, criticality, type, and finding count. Column headers can be clicked to change the sort order and how the data is displayed.
Click an asset row for more information and a list of associated findings.
Assets can be edited directly by clicking Edit Asset at the top right of the page.
If the repository is not an "Open" type repository, admins have the option of managing users by clicking Users & Permissions.
Step 1: From the Repositories tab of the RunbooksDB home page, click the card of the repository to modify.
Step 2: Click Users & Permissions.
Step 3: Click Add User.
Step 4: Type in the user from the pulldown menu and select the permission. Repeat as necessary. Click Add X Users.
Step 5: Edit the permission or delete a user, if needed. Click Done.
Step 1: From the RunbooksDB home page, click the desired repository card and click Users & Permissions.
Step 2: Select the user to modify and change permissions from the pulldown menu.
Step 3: When finished, click Done.
Step 1: From the RunbooksDB home page, click the desired repository card and click Users & Permissions.
Step 2: Select the user to remove and click the X in that row.
Step 3: When finished, click Done.
The Trends & SLAs tab displays how a security program is meeting goals from an SLA perspective and provides trending data about findings in a security program. It allows the configuration of SLAs based on specific criteria and allows visual data to determine if those criteria are being met.
The Trends and SLAs tab contains multiple containers:
Mean time to remediate by severity: This includes only closed findings. The MTTR number is derived from the following calculation: Total Sum of Creation to Closure Time / Total Number of Findings Closed.
Trend of findings opened vs closed: This graph shows progress over a period of time. To better utilize space, days with zero findings opened or closed are hidden.
Service-Level Agreements (SLAs): This section will list every SLA that has been enabled for the tenant.
Search filters allow users to refine and narrow search results based on specific criteria or parameters.
Analytics filter values and data sets are updated every minute. If a tag or field was updated but did not appear as expected, wait one minute and try again.
A list of all filters and values exists below:
Client
Client Tags
Date Range
Finding Severity
Critical
High
Medium
Low
Informational
Finding Tags
Report
Report Tags
CVE ID
CWE ID
The MTTR number is derived from the following calculation: Total Sum of Creation to Closure Time / Total Number of Findings Closed.
This graph includes only closed findings.
This container displays a bar graph showing the monthly trend chart of open and closed findings over the period specified in the filter for findings that match the criteria.
A trending blue line shows the total number of open findings. A green bar identifies the number of closed findings, while a red bar identifies the number of opened findings.
To make the graph easier to view, days with zero findings opened or closed are hidden.
These containers provide visual representations and snapshots of findings based on enabled SLAs and selected query parameters.
A total count for all findings that exceed, are nearing or are within one day of the SLA.
A view of the mean time to remediate, plus any findings nearing one day of SLA over time.
A view of how many findings by a percentage of overall findings exceeded SLA over a period of time.
Further details and the ability to directly edit any findings that apply to the SLA can be obtained by clicking on the appropriate box under "CURRENT SNAPSHOT."
Admins can modify the repository name, prefix, description and access setting.
Step 1: From the Repositories tab of the RunbooksDB home page, click the card of the repository to modify.
Step 2: Click Repository Settings.
Step 3: Make the desired changes, then click Save.
This action will permanently delete the repository and all its sections for all users.
Click the three dots in the repository card and click Delete Repository.
A warning message appears asking for validation. Click Delete Repository.
The Analytics module provides one central location to obtain valuable metrics and view findings, assets, runbooks, and SLA trends. This module consists of four sections: Findings, Assets, and Trends & SLAs.
Users with data from the legacy Runbooks V1 solution will see a fourth tab for .
Analytics filter values and data sets are updated every minute. If a tag or field was updated but does not appear as expected, wait one minute and try again.
The Analytics module defaults to the Findings tab.
Only data for findings from published reports (a status of "Published") that the user has permission to view are displayed.
Data can be refined using one or more filters in the right column. When filters are selected, the data displayed refreshes, and the active filters are listed at the top of the page.
The number of active filters is displayed next to "Active Filters." Click Clear All to reset filters.
Filter options are specific to the type of data being queried, and the facets and values available dynamically change when navigating through the Findings, Assets, and Trends & SLAs tabs.
A search filter set is a collection of search filters grouped to provide a more comprehensive set of options for search results. Effective search filter sets can improve the user experience by reducing the time and effort required to find relevant search results and increasing the likelihood of a successful search.
Preset filters are available for all tabs in the Analytics module.
Step 1: Select the filters that will make up the preset.
Step 2: Click Create Preset at the top of the filter column.
Step 3: Enter a value for "Filter Name." This value will be used to select the query later, so it should be intuitive.
To make this preset the default filter, check the box next to "Make Default Filter."
Step 4: Click Create Filter.
The filter preset now appears in the pulldown menu as an available option.
This process can be used to rename an existing filter preset, adjust the filter parameters, or use it as a clone to create a new filter preset.
Step 1: Select the filter preset to delete from the pulldown menu.
Step 2: Adjust the filter parameters.
Step 3: Click Update Selected Filer.
Step 4: A modal appears. Rename the filter to keep the original filter unchanged, or click Update.
Step 1: Select the filter preset to delete from the pulldown menu.
Step 2: Click Delete Selected Filter.
Step 3: A modal appears confirming action. Click Delete Filter.
Step 1: From the Runbooks module home page (the Engagements tab), click Start New Engagement.
Step 2: Select the client from the Client pulldown menu.
Step 3: Select if the engagement is new or to be modified from an existing test plan.
Existing test plans are greyed out unless "Start from an existing Test Plan" is selected. These plans can be leveraged as a starting point by clicking Select next to the test plan.
To reduce the list of test plans provided, filter by tactic or test plan title in the search box.
Step 4: Click Next.
Step 5: On the Engagement Details tab, enter a title (required), a description, and any required tags. If an existing test plan was selected in the previous step, information in that test plan is populated by default and can be edited.
Click Continue.
Step 6: On the Select Procedures tab, select the procedures for this engagement by clicking the Select button next to the procedure to add. If leveraging an existing test plan, all procedures from that template are displayed in the right-hand column.
This list can be reduced by clicking the x button of the procedure to remove at the right of the box.
The procedure sequence can be adjusted by clicking and dragging the procedure to its desired line.
The list of procedures displayed on the screen can be adjusted using the provided filter options.
Step 7: Click Add X Procedures when finished.
Step 8: View a summary of the engagement from the Finalize Engagement tab. The title, description, tags, engagement coverage, and assigned procedures are displayed.
Click Create Engagement.
The engagement is now active and ready to be executed.
It also is now listed on the Engagements tab.
A methodology is a structured approach or framework to guide a comprehensive and systematic process. In cybersecurity, a methodology is often a documented set of guidelines and procedures for performing tasks such as penetration testing, risk assessment, security assessments, or incident response. Methodologies provide a structured way to conduct activities and ensure consistency in approach.
Step 1: Click the Methodologies tab of the RunbooksDB module.
Step 2: Click New Methodology.
Step 3: Enter a methodology title and ID (both fields are required).
Step 4: Click Add Tactics. A modal will appear with available tactics to add to the methodology. Select the tactics, click Add X Tactics, and the added tactics appear on the page.
Step 5: Enter a methodology description and any desired tags.
Step 6: Click Save at the top of the page.
The methodology is now available from the Methodologies tab and can be viewed, edited, or deleted from this location.
Writeup ID Prefix: A three-character value that is unique to this repository. The Section ID Prefix value informs the future relationship of all sections created within the repository to a specific repository. Once assigned to a particular repository with the prefix, sections will automatically increment as they are added. If the prefix already exists, an error message will display after clicking the Create button.
Description: Describes the repository in 350 characters or less. The number of characters remaining in the description is presented at the bottom right of the box.
Admins can through the Admin Dashboard (Tenant Settings>Service-Level Agreements) or by clicking SLA Settings.
If required procedures have not yet been created, the engagement can be completed and procedures added later, but it is recommended to create the procedures first in .
Test plans can be exported locally as a YAML file.
From the Test Plans tab of the Runbooks module, click the three dots under the "Actions" menu of the test plan and then click Export.
A dialog box will appear confirming the download. Click Continue export.
The test plan will download to the local device as a YAML file.
Step 1: From the Test Plans tab of the Runbooks module, click New Test Plan.
Step 2: Select whether to start a new plan or modify an existing test plan.
If starting from scratch, click Next.
If starting from an existing test plan, select that option, then click Select next to the plan to use as a template. Click Next.
Step 3: From the Test Plan Details tab, insert the test plan title (required) and enter a description and tags. Click Continue.
Step 4: From the Select Procedures tab, add the relevant procedures to the test plan. Use the filtering options to find desired procedures.
Add new procedures by clicking Select next to the procedure to include or delete existing ones from the engagement by clicking the x within the procedure box in the right-hand column. Click Add X Procedures.
Step 5: Review the engagement coverage. The plan can still be modified from this page by clicking Add Procedures or clicking the X to remove an existing procedure. The order of procedures can also be changed by selecting a box and dragging it to the desired location.
When ready, click Create Test Plan.
The engagement is now ready to be started. Click Start new engagement, or click Close and return to the Test Plans tab.
The test plan is now listed for future access on the Test Plans tab.
Test plans are displayed on the Test Plans tab of the Runbooks module.
Step 1: From the Test Plans tab of the Runbooks module, click Start under the "Actions" menu of the test plan.
Step 2: Select the client from the pulldown menu. Click Next.
Step 3: Review and update details as desired. Click Continue.
Step 4: Review the engagement. Add new procedures by clicking Select next to the procedure to include or delete existing ones from the engagement by clicking the x within the procedure box in the right-hand column. Click Add X Procedures.
Step 5: Review the engagement coverage. The plan can still be modified from this page by clicking Add Procedures or clicking the X to remove an existing procedure. The order of procedures can also be changed by selecting a box and dragging it to the desired location.
When ready, click Start new engagement.
Step 6: Begin engagement by selecting a procedure and clicking View.
Step 7: The procedure page will appear. Conduct the procedure, then click Save.
Step 8: Click Close to return to the page of the test plan that lists all contained procedures, or click the navigation arrow to move to the following procedure.
Click Close from the test plan overview page to return to the Engagements tab.
From the Test Plans tab of the Runbooks home page, click View under the "Actions" menu of the test plan.
From the Test Plans tab of the Runbooks home page, click Edit under the "Actions" menu of the test plan. If the user cannot edit, the option will not exist.
From the Test Plans tab of the Runbooks home page, click the three dots under the "Actions" menu of the test plan and then click Delete. If the user cannot delete it, the option will not exist.
Engagements are displayed on the Engagements tab of the Runbooks module.
This view shows the engagement title, associated test plan, associated client, date the engagement was last updated, and engagement progress. Engagements can also be viewed, edited or deleted from the "Actions" column.
Engagements are identified as submitted, not submitted, or in progress.
Progress is based on the completion of contained procedures, and progress is displayed in two locations:
On the Engagements tab as a progress bar:
Within the top toolbar of the engagement's home page:
Engagements completed but not submitted will display "Not Submitted" under the 100% progress bar.
Engagements submitted become reports and are identified with a green checkmark and label and will remain listed in Runbooks until deleted.
Only engagements that are in progress can be edited. Once an engagement is submitted and becomes a report, it cannot be edited.
Step 1: Click View under the "Actions" column of an in-progress engagement.
Step 2: The engagement overview page provides information about the engagement and all included procedures.
Step 3: Click View under the "Actions" column of the procedure to update.
Step 4: Update the procedure status and finding severity by selecting the desired values from the pulldown menus.
Step 5: Add operators by clicking Managing operators. These names appear on the test plan when the runbook is submitted and becomes a report.
Step 6: Assign an operator(s) for the red and blue teams. Click Save.
Step 7: Run the execution steps for the procedure, and when completed, identify the outcomes for blue and red teams from the provided options and enter an attack source in the provided box.
Step 8: Add assets, procedure logs, attachments, and notes as needed to provide additional support and context.
Step 9: Scroll to the top of the page and click Save.
Step 10: Continue to the next procedure in the engagement by clicking the page navigation aid at the top of the page.
Procedures can be viewed and edited without leaving this page using the navigation icons at the top of the screen.
In the Runbooks module, users can create detailed guides for red teaming and penetration testing, documenting the procedures, vulnerabilities, and recommendations for enhancing security.
Runbooks work with the RunbooksDB repository in the Content Library, enabling the reuse of existing procedures, tactics, and methodologies with or without modifications to fit new test plans.
Users access the module by clicking Runbooks in the application's main menu.
In cybersecurity, professionals often rely on a practice known as red teaming to test and strengthen their defenses. This process involves simulating real-world cyberattacks to assess vulnerabilities and response capabilities. During such engagements, teams create what are known as runbooks to guide their actions and record their findings.
These runbooks serve as comprehensive records, documenting various procedures and tactics employed during the engagements. They outline the steps the red team takes, the vulnerabilities they exploit, and the recommendations they make to improve security. In essence, runbooks are the playbook for these security exercises.
The ultimate objective of these engagements is to evaluate the red team's proficiency in executing attack procedures and the blue team's capability to detect, protect against, and respond to them. The outcomes of these engagements are compiled in reports, which are then shared with clients or internal teams. These reports offer valuable insights into the effectiveness of the existing security measures and provide recommendations for improvements.
The Runbooks module has two tabs:
Engagements: Displays all runbooks created for a client, including those in progress and those submitted as a report (if not deleted).
Test Plans: Displays all existing test plans created or imported.
Step 1: Click View under the "Actions" column of an engagement.
Step 2: Click Submit Engagement.
Clicking Submit Engagement cannot be reversed.
The engagement is now a report, and PlexTrac redirects to the Procedures tab of the Reports module.
Submitted engagements will still be displayed in the Runbooks module, but the engagement can no longer be viewed or edited, and the link provided under the "Actions" column will open the Reports module.
Deleting a submitted engagement in Runbooks does not delete the report.
Users can change their password in the Personal Settings section by navigating to the Change Password tab. This feature empowers users to maintain the security and integrity of their accounts by periodically updating their passwords.
All of the listed requirements must be met to create an acceptable password.
a minimum of 12 characters
one lowercase character
one uppercase character
one number
one special character
Users can access the password requirements within the platform by clicking on the "?" next to the "Enter New Password" label.
PlexTrac enables two-factor authentication at the account level and is managed on the Two-Factor Authentication tab of the Personal Settings page. Two-factor authentication is a security measure that requires users to provide two forms of identification to access an account or system.
Two-factor authentication (2FA) is a security measure that significantly protects against unauthorized access to sensitive information and accounts. It works by adding an extra layer of verification to the traditional password or PIN login process. When users log in, they must provide their regular credentials, such as a username and password, and a second form of authentication.
The second authentication factor can take various forms, such as a unique code sent to the user's mobile device via SMS or generated by an authentication app, a fingerprint or facial recognition scan, a hardware token, or even a one-time password sent to an email address. The significance of 2FA lies in its ability to counteract the vulnerabilities of using passwords alone.
Step 1: Click the Two-Factor Authentication tab on the Personal Settings page.
Step 2: Click Set up Two-Factor Authentication.
Step 3: Scan the QR code with the phone and input the token provided on the device.
Step 4: Click Confirm. The modal will disappear, and a message will confirm that Two-factor Authentication is enabled.
Step 1: Click the Two-Factor Authentication tab on the Personal Settings page.
Step 2: Click Reset Token.
Step 3: A confirmation modal appears. Click Reset.
Step 4: Scan the QR code and click Confirm.
Step 1: Click the Two-Factor Authentication tab on the Personal Settings page.
Step 2: Click Disable Two-Factor Authentication.
Step 3: A confirmation appears. Click Disable.
Account settings are accessed by clicking the user name in the upper right of the page.
For standard users (non-admins), the drop-down menu will provide options to select Profile, Help Center, and Logout:
For admins, the drop-down menu will provide options to select Profile, Account Admin, Help Center, and Logout:
The Profile tab allows users to customize and manage their accounts by adjusting their user names and profile pictures. They can also tailor the date format to their personal preference or regional settings. Plus, there's an option for a dark mode interface that's easy on the eyes in low-light conditions.
Step 1: From the Profile tab of the Personal Settings page, click the avatar circle under "Profile Image" to bring up a dialog box.
Step 2: Drag an image to the dialog box or click the box to navigate to the file on the computer. Click Submit.
The new image is now shown in the Profile tab and next to the user name at the top right of the page.
Step 1: From the Profile tab of the Personal Settings page, click the avatar circle under "Profile Image" to bring up a dialog box.
Step 2: Click Delete Profile Image. The modal will disappear, and PlexTrac will revert to the default grey avatar icon.
The modal will disappear, and PlexTrac will revert to the default grey avatar icon.
The name displayed for a user throughout PlexTrac is managed here. Users can update their information by entering the desired values in the "First Name" and "Last Name" fields.
After making the necessary changes, click Update Settings at the bottom of the page to save the updated information.
The new name value may not appear immediately without a browser refresh. To confirm the change, an email will be sent to the address on file.
To switch between Light and Dark Mode on PlexTrac, adjust the toggle button under "Theme Mode."
The date format can be configured to display in one of three options: YYYY-MM-DD, DD-MM-YYYY, or MM-DD-YYYY.
The Personal Settings page allows users to upload a profile image, change the user display name, view the email on file, select a theme mode (light or dark), update the user password, configure how dates are displayed, and set up and manage multi-factor authentication (MFA).
The personal settings page is reached by clicking the user name in the upper right and then clicking Profile.
The Personal Settings page has three tabs:
PlexTrac helps cybersecurity teams improve and centralize workflow management processes across the entire lifecycle. The platform streamlines all aspects of the process, from staging offensive engagements and conducting assessments to analyzing data and reporting, prioritizing critical issues, collaborating between teams, and communicating with stakeholders.
Visit the page for orientation and tips about using the site navigation, exporting pages to PDF, using search, and leaving page feedback.
When logging in to PlexTrac, users are greeted by the Dashboard page. Seven modules exist besides the Dashboard: Clients, Assessments, Reports, Priorities, Content Library, Analytics, and Runbooks.
Click a box to learn about a module.
PlexTrac provides many options for configuring a tenant. Below are links to documentation for administration tasks, configuring user-specific settings, configuring authentication (OATH and SAML), integrating with APIs and parsers, installing and maintaining PlexTrac locally, and much more.
Click a box to learn about a topic.
All engagement sections are contained in containers that can be collapsed or expanded for usability.
RunbooksDB is accessible at any time on both tabs by clicking Manage RunbooksDB.
All changes to a user name must be confirmed by clicking Update Settings.
The Priorities module enables users to access an advanced view that provides valuable insights into their security efforts. This module is crucial for effectively managing findings and assets by offering a collaborative platform that empowers team members to work together and address security challenges efficiently. Additionally, users can customize security measures to meet the unique requirements of individual clients or business groups.
Users access the module by clicking Priorities in the application's main menu.
It is recommended to read the admin settings documentation before using priorities. More detailed instructions regarding the impact of tenant-level vs. client-level settings can be found in the Licensing section, while information on equations can be found in the Automations section.
The Priorities module offers value to teams seeking to streamline and automate reporting processes while providing a layer of risk assessment to existing manual pentests and offensive security data.
Key benefits include:
Automated Workflow Efficiency: Automating workflow processes streamlines reporting cycles, reducing manual efforts and time spent on tasks.
Risk Prioritization: Enables custom scoring equations to prioritize identified risks, allowing teams to focus on the most critical issues for immediate remediation.
Proactive Risk Management: This tool enables a proactive approach to managing offensive security data by providing an aggregated view of vulnerabilities, allowing for better risk assessment and remediation planning.
Continuous Risk Reduction: Through ongoing validation, it demonstrates a continuous reduction in risk, ensuring that remediation efforts effectively mitigate future security risks.
If a user is an owner or author of a priority, an indicator will be displayed on the Dashboard home page under the Your assignments tab. Clicking the Your priorities box will display the priorities and role assigned, along with other fields specific to the Priorities module.
The following roles are related to Priorities and, when assigned, will result in a user having a priority box displayed on the Dashboard:
Priority Owner
Priority Author
Treatment Owner
Depending on the tenancy configuration and user role assignment, an email may be sent to users for the following event changes:
Priority status
Priority assignment
Finding status
Finding substatus
Assignment
Notifications will also be provided in the app, accessible by clicking the bell icon at the top of any PlexTrac page next to the user name.
Step 1: From the Priorities module home page, click Create Priority.
Step 2: If client-level priorities are enabled, select a client by scrolling through the list or using the search box to filter. When the client is found, click Select.
If only tenant-level priorities are enabled, the user will go directly to Step 4.
Step 3: Click Next.
Step 4: Enter a priority name and additional information into the fields on the page.
Priority (required): The title of the priority.
Status: The status of the overall priority.
Severity: The severity of the overall priority.
Priority author: This value is auto-populated, and the user's email who created the priority. Another email can be selected by clicking within the box and choosing from the pulldown menu.
Priority owner: The priority owner. Select the priority owner(s) by clicking within the box and choosing from the pulldown menu.
Identification date: This is the date that the priority was identified. The priority may have been determined or observed at a prior date.
Priority description: An RTF field to enter the description of the priority.
Recommendation: An RTF field to enter a recommendation for remediating the priority. A recommendation is the ideal advice or guidance to address a particular issue or concern. It suggests a best practice or a course of action to help prevent or mitigate security risks.
Treatment: An RTF field to enter a treatment of the priority. Treatments are the remediation taken, often not the ideal recommendation due to resource and time constraints.
Treatment owners: A list of owner(s) who will own the priority treatment.
Tags: Enter any tags associated with the client (new or existing). Any special characters will be removed, and any spaces will be replaced with an underscore (_).
Target remediation date: Identifies the ideal date that findings for the priority will be resolved. Place the cursor in the field box to select a date from the calendar.
Actual remediation date: Identifies the date that the priority was remediated. Place the cursor in the field box to select a date from the calendar.
Likelihood (score): Select a number from one to ten to denote the probability that the findings and assets in this priority will result in malicious actions.
Impact (score): Select a number from one to ten to denote the effects of malicious actions on the findings and assets in this priority.
Priority score: This value is the product of the two factors (likelihood and impact values) entered previously.
Reason for score: This field allows for an explanation for others on the rationale for entering the values used for the priority score.
Step 5: Scroll back to the top of the page and click Save.
The information entered is presented on the priority details page.
This page is the Details tab view reached when clicking View under the "Actions" column in the row of an existing priority on the Priorities module home page.
The Content Library is a menu item that provides access to repositories for narratives, writeups and runbooks. These repositories allow users to create, manage, and reuse content across the platform when generating reports or findings.
Users access it by clicking Content Library in the application's main menu.
The Content Library repositories offer numerous advantages:
Reusability: Users can create and access reusable items such as writeups and narrative sections. Instead of recreating content from scratch, users can leverage existing content, saving time and effort.
Standardization and Consistency: The Content Library promotes standardization and consistency by organizing reusable content within repositories. Users can load and access predefined repositories and templates.
Efficiency: Users can quickly locate and retrieve relevant content, streamlining the report creation process and improving overall efficiency.
Collaboration: The Content Library is designed to promote collaboration and knowledge sharing. It allows users to designate repositories for multiple individuals to access and contribute.
Scalability: As the Content Library grows with the accumulation of reusable items, it becomes a valuable resource that scales with the organization's needs. New users can leverage existing content, maintaining consistency even as the user base expands.
Customization: Users can create repositories, set permissions for viewing and editing, organize content within repositories, establish templates, customize layout, add tags or metadata, and integrate with external tools.
macOS
Ventura
Windows
10, 11