Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
PlexTrac can be integrated with Jira and allow information about findings to be sent to Jira. Visit the Jira Cloud integrations page for details on setting up Jira.
Step 1: Navigate to the Findings tab of a report.
Step 2: Click the three dots under the "Actions" column of the finding to update.
Step 3: Click Link Jira Ticket.
Step 4: Select the Jira project and issue to associate the finding with. Click Create ticket.
Step 5: The Jira ticket is now listed under "Linked Ticket."
Clicking the linked ticket value will open Jira. If mapped by the Admin, the finding date reported value will appear in Jira as a value for "Start Date."
If set up for two-way data flow in integration mapping, updating the start date in Jira will update PlexTrac the next time synchronization occurs.
Step 1: Navigate to the Findings tab of a report.
Step 2: Click Status under the "Actions" column of the finding used to create a Jira ticket.
Step 3: Click Create Jira Ticket & Link.
Step 4: Select the Jira project and issue to link with. Click Create ticket.
A ticket in Jira is created, and the ticket number is listed under "Linked Ticket" on the Findings tab.
Step 1: Navigate to the Findings tab of a report.
Step 2: Click the three dots under the "Actions" column of the finding linked to a Jira ticket.
Step 3: Click Unlink Jira ticket.
Step 3: A modal appears, confirming the action. Click Ok.
Step 1: Navigate to the Findings tab of a report.
Step 2: Select the desired finding(s) by clicking the check box of the finding row.
Step 3: Hover over the "Actions" button to bring up the pulldown menu and click Create Jira Tickets.
Step 4: Select the Jira project and issue type to which the finding(s) should be assigned. Click Create ticket.
Step 5: A message will confirm that ticket(s) were created, and the linked ticket number will now be displayed for finding on the page.
Clicking the linked ticket value will take you directly to Jira for viewing.
PlexTrac can import findings from third-party tools and a CSV template for centralized data. This provides real-time visibility, holistic analysis, and efficient reporting, simplifying compliance and promoting proactive risk management.
If importing from a CSV file, visit the CSV Findings Templates page for more information.
For a list of all third-party tool integrations and field mappings, visit the Integrations and Mappings section.
Step 1: Within the Reports module, click the impacted report from the list to bring up the Readout tab.
Step 2: Click the Findings tab.
Step 3: Click Add Findings and select File Imports from the pulldown menu.
Step 4: Select the import source from the pulldown menu.
Step 5: Drop the file into the box provided or browse to it on the computer.
If the user does not want parser actions to be applied to the import file, they can uncheck the option provided in the modal.
Step 6: Click Continue.
Step 7: On the second tab, "Select tags & upload," add any desired finding and asset tags (optional). When finished, click Upload.
A dialog box will appear, confirming the import is in progress.
A status bar is also displayed at the top of the page to track progress.
The status will update progress dynamically and display a green checkmark, along with a notification when completed.
PlexTrac offers collaborative editing to save time and reduce errors when working on reports, writeups, narratives, and findings. Collaborative editing is a process in which multiple individuals work together to create, edit, and refine content in real-time, with contributors simultaneously working on the same document.
Collaborative editing exists in rich-text fields (RTFs) within the platform, such as:
In the Description, Recommendations, and References RTFs of the Findings Details tab of a finding
In the Value RTF within the Custom Fields tab of a finding
In the RTF of the Narrative tab for a report
In the Description, Recommendations, and References RTFs of the Readout tab of a report
In the Description, Recommendations, and References RTFs of a writeup in WriteupsDB
In the Section Body RTF in NarrativesDB
Track changes is not available until the content has been created and saved (i.e., the toolbar experience differs when creating a writeup vs. editing a writeup).
When a user edits one of the fields listed above, an avatar is displayed at the top right of the content box. Up to six avatars can be displayed.
The user's full name is provided if the cursor hovers over it.
Messaging at the top right of the page where collaborative editing exists indicates when content was last saved.
On pages with multiple content sections, autosave is per section (not page), and the time stamp will update when one of the collaborative editing content blocks is modified.
For example, when one user updates the finding description at the same time another user updates the finding recommendation, both updates are saved, and the time stamp represents the last edit.
If the internet or VPN connection is lost, an error notification will indicate the connection has been lost.
or
Users cannot modify any collaborative editing sections until they return online.
Track changes is a feature that records any modifications made to the text, formatting, or other elements. It can be enabled for a particular RTF or at the report level.
When the track changes feature is enabled, any modifications made to the document are highlighted and displayed. These changes can include additions, deletions, formatting adjustments, and comments. The original content remains visible, while the modifications are marked with specific indicators, such as colored text, underlines, or strike-throughs. Additionally, users can leave comments or annotations to provide further context or explanations regarding the changes made.
Collaborators can accept or reject individual changes, and the document owner or editor can review and make final decisions on which modifications to keep. This feature is helpful when multiple individuals must work on a document simultaneously or when documents undergo several revisions.
The toggle to enable track changes in an RTF is located in the RTF toolbar. Click the track changes icon to enable.
Track changes can also be enabled by clicking the icon and toggle on from the pulldown menu.
When enabled, the track changes icon in the RTF toolbar is blue.
Any content additions are now shown in green, deletions will be red, and a log of changes will appear to the right of the RTF.
Changes can be accepted or rejected by clicking the checkmark or X in the audit box.
Once accepted or rejected, the box and markup will disappear, and the content will reflect the choices.
Track changes can be controlled at the report level and, when enabled, apply to all RTFs within a report. This toggle appears to the right of the tab headers of a report.
When track changes is enabled at the report level, individual RTFs will indicate that changes are being tracked (the track changes icon in the toolbar is blue). The toggle bar available from the pulldown menu is green (track changes is on), but the ability to turn off track changes for an RTF is greyed out.
If turned on at the report level, track changes can only be turned off at the report level.
Comments can be added by highlighting content and clicking the comment icon in the RTF toolbar.
A comment box appears on the right of the RTF to capture any notes. The content the comment refers to stays highlighted to denote it as having an associated comment.
Click Comment or Cancel to complete the task.
For scenarios where multiple changes were made in an RTF, users can accept or reject with one click using the options provided in the track changes pulldown menu.
The solutions available depend on the scenario:
If a user has not specified specific RTF modifications, only "Accept all suggestions" and "Discard all suggestions" will be available.
If a user has manually highlighted RTF content, additional options are provided, allowing the user to approve only the selected content.
Creating a finding within PlexTrac can be initiated either through the Clients module or the Reports module, but either approach involves selecting a report to add the findings. When created within PlexTrac, users can update using five tabs: Finding Details, Affected Assets, Screenshots/Videos, and Code Samples.
Step 1: From the Reports module, click the row of the impacted report.
Step 2: Click the Findings tab.
Step 3: Click Create Finding from the "Add Findings" pulldown menu.
Step 4: The "Create New Finding" page appears with five tabs to collect data about a finding (further details on each tab exist below).
At a minimum, enter a finding title, select the finding severity, and enter a finding description as required fields. All other fields are optional.
Title (required): All finding titles must be unique within a report. If an existing title is used, the tool will provide an error message after clicking Save.
Severity (required): Identifies the severity rating for the finding. The values are in ascending order: Informational
, Low
, Medium
, High
, and Critical
.
Score type: Identifies the score associated with a finding. This can be used to record a general score, a CVSS 2.0 score, a CVSS 3.0 score, a CVSS 4.0 score, or dynamically create a CVSS 3.1 score using the provided calculator.
Status: Defines the status of the finding (Open, Closed, or In Process).
Sub-Status: Provides further details on the status of a finding if set up by admin. If no sub-status values have been configured, this field will not appear.
Assigned to: Identifies the user assigned to a finding. Only one user can be assigned and will receive an email once the finding is saved. The list in the pulldown menu is derived from the list of users added to a client.
Description (required): An RTF field allowing content, images, links, code examples, tables, and lists to be entered as needed. This field has collaborative editing enabled.
Recommendations: An RTF field allowing content, images, links, code examples, tables, and lists to be entered as needed. This field has collaborative editing enabled.
References: An RTF field allowing content, images, links, code examples, tables, and lists to be entered as needed. It has collaborative editing enabled.
CVE ID: Common Vulnerabilities and Exposures (CVE) identifier(s) assigned to the finding. This field requires a format of CVE prefix + Year + arbitrary digits. There is no limit to the number of random digits.
Example ID with four digits: CVE-2014-3127
Example ID with five digits: CVE-2018-54321
Example ID with six digits: CVE-2019-456132
CWE ID: The Common Weakness Enumeration (CWE) identifier(s) assigned to the finding. This field requires a two-to-four-digit number format.
Example ID with two digits: 99
Example ID with three digits: 243
Example ID with four digits: 1423
Tags: Stores any tags associated with a finding to help manage and retrieve the finding more easily later.
Custom Fields: Click Add custom field to insert more labels and values as needed.
Step 5: Click Save.
The information entered is now displayed in the Findings Details tab and can be modified as needed. More details of a finding can be added by continuing to the other available tabs.
This tab displays any affected assets associated with a finding. More information on this topic, such as how to import or create, can be found on the Affected Assets page.
This tab stores screenshots and videos associated with a finding, as videos are not allowed in the Finding Details rich-text fields.
To add a file, drag it onto the box on the page or click to navigate to files on the computer. Repeat as needed.
This tab stores any code samples related to a finding for future reference. Click Add Section to add additional sections. The code will be formatted when the report is published.
PlexTrac understands the importance of simplifying the process of importing findings and other data into the platform, whether for a specific report or multiple reports and assets. To facilitate this, PlexTrac offers CSV templates and scripts that help streamline the import process and make it more efficient.
CSV templates serve as pre-defined structures that align with the required format for importing data. These templates specify the fields and corresponding data types expected when importing findings or other information. Users can leverage these templates to ensure that their data is correctly mapped and formatted for import, minimizing errors and ensuring consistency.
Two CSV options are available to import findings into a report. Consult the table below to determine the most suitable solution for your needs.
Report Findings CSV Import | Python General CSV Import |
---|---|
*The script can create parsed findings in PlexTrac by sending API calls to create each finding individually (which results in an extended script runtime) or by generating a PTRAC file. Manually importing the generated PTRAC file takes the same time as the PlexTrac Report Finding CSV Template.
The generated PTRAC only contains the report and finding information. Asset information will not be added.
Please click on the box below to access instructions and a downloadable CSV file that can serve as a template for uploading findings into a report. The CSV file contains fields pre-filled with sample values.
Click on the box below to learn about importing data through the PlexTrac API using a script. The script requires two CSV files: one for importing data and another for field mappings.
This script is designed to help users import data into multiple clients and reports. It works by parsing a CSV file and creating client, report, finding, and asset objects. Once the objects are generated, the script uses the PlexTrac API to import and create them in the user's tenant.
PlexTrac provides a downloadable CSV file that can be used as a template for uploading findings offline and later using the Add Findings button within the Findings tab of a report.
To download the template, click the file below:
The file has the required fields prepopulated in the CSV file, along with sample values.
Save the file in CSV UTF-8 format to prevent including non-UTF characters that may break the importer.
Step 1: Download the CSV file above.
When importing the file via the Add Findings button in the Findings tab of a report, select the value "CSV" from the pulldown menu.
Step 4: Select the CSV file to upload and click Continue.
Step 5: Add any optional tags or leave them blank. Click Upload.
A message will appear, validating that the file is uploading.
Step 6: Validate that the information was added to the report. When the data has been imported successfully, the screen will display the information without refreshing the page.
The time required to load depends on the amount of data in the CSV file.
The source of the finding will list "CSV" as the value. Below is how the data is displayed in the Finding Detail window using the sample values in the CSV template.
All fields below must appear as column headers when importing the CSV file. All field values must follow the rules defined in the table, or the file may be rejected when imported or require further manual editing within PlexTrac.
Title, description, and severity are required.
The CSV import will accept custom fields, which must be added at the spreadsheet's end after the template's columns.
Row A of the CSV template will be the custom field title, and subsequent row(s) will be the custom field value(s), as entered in the spreadsheet. Add multiple columns and values as needed.
When imported, the custom fields will appear on the Finding Detail page.
The custom fields can be edited or deleted after import via the Custom Fields tab of the finding.
Step 2: Remove the sample values and populate the fields with desired values. A and is below.
Step 3: .
PlexTrac Field | CSV Header Label | Notes |
---|
Imports to a single report
Imports to multiple reports
Request is processed on the backend in less than five minutes
Each finding is processed individually and can take up to several hours*
Must order CSV columns to match template schema exactly
CSV columns are mapped to findings on a finding and sequence is not relevant
Imports to select finding fields only
Imports to all finding and asset fields
Does not import client and report information
Imports client and report information
Report Finding Template
Findings/Reports
CSV
Python General Template
Findings/Reports
CSV
title | title | This is a required field. |
severity | severity | This is a required field. The severity value must be one of the following (not case-sensitive): Informational, Low, Medium, High, Critical If no value is provided in CSV, a value of "Informational" will be assigned. |
status | status | Value must be one of the following: Open, Closed, In Process |
description | description | This is a required field. |
recommendations | recommendations | This is the findings recommendations. |
references | references | This field accepts multiple values delimited with a comma. For example: "Item 1, Item 2, Item 3" NOTE: Do not use commas if providing complete sentences, as any comma will result in a para break. Periods do not trigger a para break. |
assets | affected_assets | This field accepts multiple values delimited with a comma. For example: "Item 1, Item 2, Item 3" |
tags | tags | This field accepts multiple values delimited with a comma. For example: "Item 1, Item 2, Item 3" |
riskScore | cvss_temporal | This is the CVSS 3.0 score. Example value: "5.5" |
common identifiers | cwe | This field requires a format of CWE prefix + a two-to-four digit number. Example value: "CWE-772" |
common identifiers | cve | This field requires a format of CVE prefix + Year + arbitrary digits. Example value: "CVE-2018-54321" |
field: category | This column must exist in the CSV and is imported as a custom field. |
label | category | The column header must be "category". |
value | category value | This is the value entered for the category. |
The Common Vulnerability Scoring System (CVSS) is an industry benchmark for evaluating the seriousness of identified vulnerabilities. It calculates a CVSS score by considering three metric categories (base, temporal, and environmental) encompassing various aspects of a vulnerability's impact and ability to persist in different contexts.
PlexTrac allows users to input or adjust scores when generating or revising findings, facilitating precise vulnerability assessment.
CVSS is owned by FIRST and used with permission. This calculator is based on FIRST CVSS documentation.
Step 1: From the Findings tab, click Edit under the "Actions" column of the finding to modify.
Step 2: On the Finding Details tab, select the applicable standard from the Score type pulldown menu (information specifically on CVSS v3.1 and CVSS v4.0 is located further below). If not using CVSS, click General.
Step 3: Enter values in the provided fields.
The score information for that finding is now displayed on the Finding Detail page.
PlexTrac has a built-in calculator that generates a CVSS score based on selected input values. It also generates a CVSS vector and assigns severity to a finding based on the information selected and calculated score.
Users can create a value by clicking through the provided calculator, typing in a vector, or combining both actions.
The calculator is available when CVSS v3.1
or CVSS v4.0
is selected from the "Score type" field.
If the value in the Severity field is manually changed at any point after a CVSSv3.1 score has been created, a warning message will appear:
If the score is already known, it can be entered in the "Score" field, and the finding's severity will update to match the score.
If the CVSS vector is known, entering the value in the "Vectore" field will dynamically set the finding severity.
Step 1: In the "Score type" field, select CVSS v3.1
or CVSS v4.0
, then click Calculate Score.
Step 2: To create a vector, select values by clicking the fields provided. All values must be entered.
The metrics available to configure differ depending on the score type selected.
After entering a value for all fields, a severity score, severity value, and vector value are populated.
Validation is performed on multiple fields to ensure accurate score and severity using vector string and record, which must be kept in sync.
The calculator updates the vector record string when a field is clicked. However, the string is displayed only when all base values are selected. The option to save will appear afterward.
When the vector string has changed, the string is then validated. If the string is valid, the record and selected values are updated in the calculator modal. If not, a warning message is displayed, and the save button is disabled.
Step 3: For more advanced scoring options, expand "Show temporal and environmental scoring."
Additional fields specific to the score type will be displayed for editing.
Step 5: When finished, scroll to the bottom of the modal and click Save. The severity, score, and vector are populated in the appropriate fields on the Findings Details tab.
CVSS 3.1 scores can also be viewed on the Findings tab of a report or client if that field has been configured to appear in the table.
Findings may be imported into PlexTrac via a licensed API integration and configured by an admin.
Step 1: Within the Reports module, click a report from the list to bring up the Readout tab.
Step 2: Click the Findings tab.
Step 3: Click Add Findings and select Integrations from the pulldown menu.
Step 4: Select the desired integration from the pulldown menu (the values shown in the pulldown menu are entered by the admin when the integration is set up).
If an integration is not licensed or not configured by an admin, the option will not appear in the pulldown menu.
Step 5: Click Continue with X at the bottom of the page.
Step 6: The Select Findings tab appears with a list of filters and values that are tool-specific to an integration. Use the filters and facets to select the query parameters to determine which findings appear on the page.
Step 7: Click Search to retrieve the findings query results.
Step 8: Select the findings from the query results to import by clicking the box at the top left of the table header row or by selecting findings individually by clicking the box next to the finding.
At least one finding must be selected to continue.
Step 9: Click Continue with X issues.
Step 10: Insert desired tags associated with each finding and asset when imported (optional). Click Import X Findings.
Notifications will appear confirming that the import was successful.
More information on specific tools, such as field mappings, can be found on the admin integrations page.
WriteupsDB is a repository for all PlexTrac writeups. It categorizes, associates them with use cases, and facilitates reuse. By structuring and refining findings, writeups can be used in other deliverables, such as a report.
Once a writeup becomes a finding, it is a standalone object that is not impacted if the source writeup or repository is deleted or the same writeup added to another report is edited or deleted.
Step 1: From the Reports module, click the report row or Readout under the "Actions" column.
Step 2: Click the Findings tab.
Step 3: Click Add Findings, then select From WriteupsDB from the pulldown menu.
Step 4: Search or use the provided filters to find the desired writeups to add, then click the box to select them.
Selected writeups to be added are shown in the column on the far right.
Step 5: Click Add X Writeups at the bottom of the page.
A confirmation message will briefly appear, and the writeups are added to the report and listed on the Findings tab.
A finding is a weakness in systems, processes, policies, or procedures that could be exploited. It arises from penetration testing, vulnerability assessments, and compliance audits. These findings reveal potential points of compromise, categorized by severity, and often come with recommended remediation actions.
Organizations can use findings to allocate resources and improve security efficiently.
Findings are the most common object in PlexTrac and can be added to a report in multiple ways:
imported via files generated from third-party tools, such as Nessus or Pentera
imported from one of PlexTrac’s CSV finding templates
imported from an API integration, such as Snyk or HackerOne
created after an engagement was submitted in the Runbooks module
Findings can be accessed either through a report or the Clients module:
Click Reports from the main menu.
Select a report.
Click the Findings tab.
Click Clients from the main menu.
Select the client.
Click the Findings tab.
A count for the number of findings is displayed at the top of the table to the left of the filter boxes.
The source of a finding can be found on the Finding detail side drawer, which appears when clicking the row of a finding seen in the Findings tab of a report or client. If the finding was created in PlexTrac, a value of plextrac
exists. If the finding was imported, the source of that file or integration is also recorded.
The finding ID can be found on the Finding detail side drawer, which appears when clicking the row of a finding in the Findings tab of a report or client. The finding ID is generated by importing it from the source tool or dynamically by PlexTrac when the finding is created.
For example, importing a Nessus file will pull in the Nessus plugin ID
as the PlexTrac Finding ID
.
Every finding in a PlexTrac report must have a unique finding title.
When importing findings from two scans into the same report, only additional findings from the second scan and any assets tied to existing findings are imported, even if duplicates exist.
When two findings with the same title are created in two different reports for the same client, they are displayed on the Findings tab in the Clients module, as they each receive a unique finding ID.
The finding reported date is when the finding was added to the report. This value is displayed under the "Date Reported" column from the Findings tab. This value can be modified through the "Actions" button when selecting one or more findings.
Findings are associated with metadata and labels that provide status and current standing. Visual cues using color in the platform also identify specific finding status states.
Findings can be in draft or published mode, and this status is provided visually within the Findings tab.
Findings in draft mode have an orange background row color and a dot next to the title. The published findings have a white background row color with no dot.
Analyst user roles cannot view draft findings, so publishing the finding before publishing a report allows other user roles within PlexTrac to see critical issues the client needs to address immediately without requiring the report to be completed.
Step 1: Navigate to the desired finding and click Edit under the "Actions" column.
Step 2: Update the finding status by clicking the toggle button to the desired state. Changes are autosaved.
Step 1: From the Findings tab, select one or more findings. An Actions button will appear.
Step 2: Click the Actions button and click Set Published Status.
Step 3: Toggle the publish status and click Save.
A finding can either be Open
, In Process
, or Closed
. That status is displayed on the Findings tab.
Click here for the business rules on a question in an assessment that is assigned a status as a finding after the assessment is submitted.
Findings may also have a sub-status value. These do not exist unless added by an admin. Once added, they will be available to associate with a finding but are optional.
The Sub Status column is available when viewing findings in a report. It does not exist when viewing findings for a client.
Step 1: From the Findings tab, click the status button of the finding to change.
Step 2: Click Add Update.
Step 3: The "Add Update" model appears with any previously populated values. Use the pulldown menus to update Status, Sub-Status, and Assigned to values. Enter any optional comments to provide context.
Click Save.
The changes are reflected in the log notes of the finding status tracker, which can be viewed at any time by clicking the finding status label.
Step 1: From the Findings tab, select one or more findings. An Actions button will appear.
Step 2: Click the Actions button and click Assign/Update Status.
Step 3: The "Add Update" modal appears with any previously entered values. Use the pulldown menus to update Status, Sub-Status, and Assigned to. Enter any optional comments to provide context.
Click Save.
The changes are added to the selected findings.
Affected assets are managed from the finding, as opposed to the client. Affected assets contain information about an affected asset and relational metadata about the finding it is tied to.
An affected asset object on a finding will have a subset of fields compared to the client asset with the same ID. Some additional fields make sense when the finding and client asset are viewed together, such as the date the finding started affecting the client asset, the affected ports, location access to vulnerability, vulnerable parameters, and evidence of the affection.
Click here for more information about the affected asset object structure and all the fields and values it might contain.
Step 1: From the Reports module, click the row of the impacted report.
Step 2: Click the Findings tab.
Step 3: Click the row of a finding.
Step 4: If an affected asset(s) exist for this finding, they are listed on the Finding Detail modal.
A parent asset can be accessed directly by clicking the provided link within the table.
Step 5: Click View under the "Actions" column of the affected asset to see more information.
The Asset Detail modal appears with information about the affected asset and a link to any parent, if applicable.
The table view can be customized by clicking the column view icon to the right of the Add assets button.
Once clicked, a modal appears that lists all fields. To remove a column, click X within the bar.
Fields that are required do not have an X available.
When fields are removed, an "Add Column" pulldown menu is added at the bottom left of the modal to store the field. Any removed fields can be added later by clicking Add Column and selecting the field to add.
This modal represents the sequence of fields provided in the table, meaning the bar on top will be the column on the table's far left.
The order of columns can be adjusted within this modal by clicking the six dots on the left of the bar for a field and dragging the bar to the desired sequence place.
Click Save when finished.
Step 1: From the Reports module, click the impacted report.
Step 2: Click the Findings tab.
Step 3: Click Edit of the finding the affected asset is being added to.
Step 4: Click the Affected Assets tab.
Step 5: Click the Add Assets button and select Create new asset.
Step 6: Enter information about the affected asset in the appropriate fields within the Asset Information tab.
Step 7: Click the Affected Areas tab. Enter information about the following:
Affected Ports: Network ports vulnerable to a security exploit or attack.
Location/URL: The URL of the affected asset.
Vulnerable Parameters: The inputs or settings in a system or program that an attacker can exploit to compromise the security or integrity of the system. These parameters can include usernames, passwords, API keys, and configuration files.
Notes: A text box for any additional information to provide context on the affected asset.
Step 8: Click the Evidence tab. This tab contains two text fields (title and description) per item but as many items of evidence can be added as needed. Evidence represents when or how the affected asset was found, and often is the scanner output from the scanning process.
Step 9: Click Save.
The asset is now listed in the Affected Assets tab of the finding.
Step 1: From the Affected Assets tab of a finding, click Edit under the "Actions" menu.
Step 2: Edit or add information as desired and click Save.
Step 1: From the Affected Assets tab of a finding, click Remove under the "Actions" menu.
A modal appears, confirming the deletion. Click Remove.
Assets already in PlexTrac can also be added as an affected asset for a finding.
Step 1: From the Affected Assets tab of a finding, click the Add Assets button and select Add existing assets from the pulldown menu.
Step 2: Choose the asset(s) from the pulldown menu and click Save.
Assets can be imported using a PlexTrac CSV Asset import template. Click here to download the template and enter asset data to import.
Step 1: From the Affected Assets tab of a finding, click the Add Assets button and select Import assets from the pulldown menu.
Step 2: Drag a file into the modal or click the box to navigate to the file on the computer.
Step 3: Click Import.
A message will appear confirming import.
The asset(s) are now listed in the Affected Assets tab.
Step 1: From the Affected Assets tab of a finding, click the Add Assets button and select Bulk paste from the pulldown menu.
Step 2: Enter the assets into the box by separating each value with a comma. PlexTrac will parse the assets and add them to the finding. URLs with paths (ex., www.plextrac.com/test/) will be separated into parent and child assets. Click Next.
Step 3: Asset, ports, and child asset values are dynamically assigned. Review and uncheck the box next to any new assets that should not be added. Click Next.
Any subdirectories listed for an asset's domain will be loaded as its asset and considered a 'child' in relation to the 'parent' domain. This relationship will be tracked and maintained within PlexTrac. For example, www.plextrac.com/home will become two assets, with /home a child to www.plextrac.com.
Step 4: Add any desired optional tags. Tags will be assigned to all added assets. Existing assets will retain current tags. Click Add X assets.
The new assets are displayed in the Affected Assets tab of the findings.
Step 1: From the Affected Assets tab of a finding, click the box in the header row to the left of "Asset."
Step 2: The "Actions" button appears with the following options:
Add affected location/url
Add affected ports
Delete
Click the desired task from the pulldown menu and continue reading for additional details on each action.
A modal will appear with a field to enter a URL. The query parameters will be parsed out into the inputs provided. Click Add Parameter to include vulnerable parameters. Click Save when finished.
The new value appears on the Affected Assets tab under the "Location/URL" column.
A modal will appear with a field to enter any affected ports. Click Add Port to repeat the process as needed. Click Save when done.
The new values will appear under the appropriate columns on the Affected Assets tab.
A modal will appear, asking for confirmation of the action. Click Delete Assets.