Creating a finding within PlexTrac can be initiated either through the Clients module or the Reports module, but either approach involves selecting a report to add the findings. When created within PlexTrac, users can update using five tabs: Finding Details, Affected Assets, Screenshots/Videos, and Code Samples.

Step 1: From the Reports module, click the row of the impacted report.

Step 2: Click the Findings tab.

Step 3: Click Create Finding from the "Add Findings" pulldown menu.

Step 4: Enter a finding name and select the finding severity. Click Create.

Step 5: The edit finding page has four tabs for collecting data about a finding (further details on each tab are provided below).

1. Title (required): All finding titles must be unique within a report. The tool will provide an error message after clicking Save if an existing title is used.

2. Severity (required): Identifies the severity rating for the finding. The values are in ascending order: Informational, Low, Medium, High, and Critical.

3. Score type: Identifies the score associated with a finding. This can be used to record a general score, a CVSS 2.0 score, a CVSS 3.0 score, a CVSS 4.0 score, or dynamically create a CVSS 3.1 score using the provided calculator.

4. Priorities: Associate the finding with a priority in the Priorities module.

5. Status: Defines the status of the finding (Open, Closed, or In Process). It defaults to Open.

6. Sub-Status: Provides further details on the status of a finding if set up by admin. If no sub-status values have been configured, this field will not appear.

7. Assigned to: Identifies the user assigned to a finding. Only one user can be assigned, and an email will be sent once the finding is saved. The list in the pulldown menu is derived from the list of users added to a client.

8. Description (required): An RTF field allowing content, images, links, code examples, tables, and lists to be entered as needed. This field has collaborative editing enabled.

9. Recommendations: An RTF field allowing content, images, links, code examples, tables, and lists to be entered as needed. This field has collaborative editing enabled.

10. References: An RTF field allowing content, images, links, code examples, tables, and lists to be entered as needed. It has collaborative editing enabled.

11. CVE ID: Common Vulnerabilities and Exposures (CVE) identifier(s) assigned to the finding. This field requires a format of CVE prefix + Year + arbitrary digits. There is no limit to the number of random digits.

    • Example ID with four digits: CVE-2014-3127

    • Example ID with five digits: CVE-2018-54321

    • Example ID with six digits: CVE-2019-456132
12. CWE ID: The Common Weakness Enumeration (CWE) identifier(s) assigned to the finding. This field requires a two-to-four-digit number format.

    • Example ID with two digits: 99

    • Example ID with three digits: 243

    • Example ID with four digits: 1423
13. Tags: Stores any tags associated with a finding to help manage and retrieve the finding more easily later.

14. Custom Fields: Click Add custom field to insert more labels and values as needed.

Step 5: Click Save.

The information entered is now displayed in the Findings Details tab and can be modified as needed. More details of a finding can be added by continuing to the other available tabs.

Affected Assets Tab

This tab displays any affected assets associated with a finding. The Affected Assets page provides more information on this topic, such as how to import or create.

Screenshots/Videos Tab

This tab stores screenshots and videos associated with a finding, as videos are not allowed in the Finding Details rich-text fields.

To add a file, drag it onto the box on the page or click to navigate to files on the computer. Repeat as needed.

Code Samples Tab

This tab stores any code samples related to a finding for future reference. Click Add Section to add additional sections. The code will be formatted when the report is published.

Findings may be imported into PlexTrac via a licensed API integration and configured by an admin.

Importing from an Integration

Step 1: Within the Reports module, click a report from the list to bring up the Readout tab.

Step 2: Click the Findings tab.

Step 3: Click Add Findings and select Integrations from the pulldown menu.

Step 4: Select the desired integration from the pulldown menu (the values shown in the pulldown menu are entered by the admin when the integration is set up).

Step 5: Click Continue with X at the bottom of the page.

Step 6: The Select Findings tab appears with a list of filters and values that are tool-specific to an integration. Use the filters and facets to select the query parameters to determine which findings appear on the page.

Step 7: Click Search to retrieve the findings query results.

Step 8: Select the findings from the query results to import by clicking the box at the top left of the table header row or by selecting findings individually by clicking the box next to the finding.

At least one finding must be selected to continue.

Step 9: Click Continue with X issues.

Step 10: Insert desired tags associated with each finding and asset when imported (optional). Click Import X Findings.

Notifications will appear confirming that the import was successful.

PlexTrac offers collaborative editing to save time and reduce errors when working on reports, writeups, narratives, and findings. Collaborative editing is a process in which multiple individuals work together to create, edit, and refine content in real-time, with contributors simultaneously working on the same document.

Collaborative editing exists in rich-text fields (RTFs) within the platform, such as:

• In the Description, Recommendations, and References RTFs of the Findings Details tab of a finding

• In the Value RTF within the Custom Fields tab of a finding

• In the RTF of the Narrative tab for a report

• In the Description, Recommendations, and References RTFs of the Readout tab of a report

• In the Description, Recommendations, and References RTFs of a writeup in WriteupsDB

• In the Section Body RTF in NarrativesDB

Avatar Notification

When a user edits one of the fields listed above, an avatar is displayed at the top right of the content box. Up to six avatars can be displayed.

The user's full name is provided if the cursor hovers over it.

Auto-Save Rules

Messaging at the top right of the page where collaborative editing exists indicates when content was last saved.

On pages with multiple content sections, autosave is per section (not page), and the time stamp will update when one of the collaborative editing content blocks is modified.

For example, when one user updates the finding description at the same time another user updates the finding recommendation, both updates are saved, and the time stamp represents the last edit.

Offline Messaging

If the internet or VPN connection is lost, an error notification will indicate the connection has been lost.

or

Users cannot modify any collaborative editing sections until they return online.

Tracking Changes

Track changes is a feature that records any modifications made to the text, formatting, or other elements. It can be enabled for a particular RTF or at the report level.

When the track changes feature is enabled, any modifications made to the document are highlighted and displayed. These changes can include additions, deletions, formatting adjustments, and comments. The original content remains visible, while the modifications are marked with specific indicators, such as colored text, underlines, or strike-throughs. Additionally, users can leave comments or annotations to provide further context or explanations regarding the changes made.

Collaborators can accept or reject individual changes, and the document owner or editor can review and make final decisions on which modifications to keep. This feature is helpful when multiple individuals must work on a document simultaneously or when documents undergo several revisions.

Tracking Changes at the RTF Level

The toggle to enable track changes in an RTF is located in the RTF toolbar. Click the track changes icon to enable.

Track changes can also be enabled by clicking the icon and toggle on from the pulldown menu.

When enabled, the track changes icon in the RTF toolbar is blue.

Any content additions are now shown in green, deletions will be red, and a log of changes will appear to the right of the RTF.

Changes can be accepted or rejected by clicking the checkmark or X in the audit box.

Once accepted or rejected, the box and markup will disappear, and the content will reflect the choices.

Tracking Changes at the Report Level

Track changes can be controlled at the report level and, when enabled, apply to all RTFs within a report. This toggle appears to the right of the tab headers of a report.

When track changes is enabled at the report level, individual RTFs will indicate that changes are being tracked (the track changes icon in the toolbar is blue). The toggle bar available from the pulldown menu is green (track changes is on), but the ability to turn off track changes for an RTF is greyed out.

If turned on at the report level, track changes can only be turned off at the report level.

Adding Comments

Comments can be added by highlighting content and clicking the comment icon in the RTF toolbar.

A comment box appears on the right of the RTF to capture any notes. The content the comment refers to stays highlighted to denote it as having an associated comment.

Click Comment or Cancel to complete the task.

Bulk Actions

For scenarios where multiple changes were made in an RTF, users can accept or reject with one click using the options provided in the track changes pulldown menu.

The solutions available depend on the scenario:

• If a user has not specified specific RTF modifications, only "Accept all suggestions" and "Discard all suggestions" will be available.

PlexTrac can import findings from third-party tools and a CSV template for centralized data. This provides real-time visibility, holistic analysis, and efficient reporting, simplifying compliance and promoting proactive risk management.

Importing From a File

Step 1: Within the Reports module, click the impacted report from the list to bring up the Readout tab.

Step 2: Click the Findings tab.

Step 3: Click Add Findings and select File Imports from the pulldown menu.

Step 4: Select the import source from the pulldown menu.

Step 5: Drop the file into the box provided or browse to it on the computer.

If the user does not want parser actions to be applied to the import file, they can uncheck the option provided in the modal.

Step 6: Click Continue.

Step 7: On the second tab, "Select tags & upload," add any desired finding and asset tags (optional). When finished, click Upload.

A dialog box will appear, confirming the import is in progress.

A status bar is also displayed at the top of the page to track progress.

The status will update progress dynamically and display a green checkmark, along with a notification when completed.

PlexTrac understands the importance of simplifying the process of importing findings and other data into the platform, whether for a specific report or multiple reports and assets. To facilitate this, PlexTrac offers CSV templates and scripts that help streamline the import process and make it more efficient.

CSV templates serve as pre-defined structures that align with the required format for importing data. These templates specify the fields and corresponding data types expected when importing findings or other information. Users can leverage these templates to ensure that their data is correctly mapped and formatted for import, minimizing errors and ensuring consistency.

Two CSV options are available to import findings into a report. Consult the table below to determine the most suitable solution for your needs.

*The script can create parsed findings in PlexTrac by sending API calls to create each finding individually (which results in an extended script runtime) or by generating a PTRAC file. Manually importing the generated PTRAC file takes the same time as the PlexTrac Report Finding CSV Template.

Report Findings CSV Template

Please click on the box below to access instructions and a downloadable CSV file that can serve as a template for uploading findings into a report. The CSV file contains fields pre-filled with sample values.

Python General CSV Template

Click on the box below to learn about importing data through the PlexTrac API using a script. The script requires two CSV files: one for importing data and another for field mappings.

This script is designed to help users import data into multiple clients and reports. It works by parsing a CSV file and creating client, report, finding, and asset objects. Once the objects are generated, the script uses the PlexTrac API to import and create them in the user's tenant.

PlexTrac can be integrated with Jira and allow information about findings to be sent to Jira. Visit the Jira Cloud integrations page for details on setting up Jira.

Linking a Finding to a Jira ticket

Step 1: Navigate to the Findings tab of a report.

Step 2: Click the three dots under the "Actions" column of the finding to update.

Step 3: Click Link Jira Ticket.

Step 4: Select the Jira project and issue to associate the finding with. Click Create ticket.

Step 5: The Jira ticket is now listed under "Linked Ticket."

Clicking the linked ticket value will open Jira. If mapped by the Admin, the finding date reported value will appear in Jira as a value for "Start Date."

If set up for two-way data flow in integration mapping, updating the start date in Jira will update PlexTrac the next time synchronization occurs.

Creating a Jira Ticket

Step 1: Navigate to the Findings tab of a report.

Step 2: Click Status under the "Actions" column of the finding used to create a Jira ticket.

Step 3: Click Create Jira Ticket & Link.

Step 4: Select the Jira project and issue to link with. Click Create ticket.

A ticket in Jira is created, and the ticket number is listed under "Linked Ticket" on the Findings tab.

Unlinking a Jira Ticket

Step 1: Navigate to the Findings tab of a report.

Step 2: Click the three dots under the "Actions" column of the finding linked to a Jira ticket.

Step 3: Click Unlink Jira ticket.

Step 3: A modal appears, confirming the action. Click Ok.

Bulk Creating Jira Tickets

Step 1: Navigate to the Findings tab of a report.

Step 2: Select the desired finding(s) by clicking the check box of the finding row.

Step 3: Hover over the "Actions" button to bring up the pulldown menu and click Create Jira Tickets.

Step 4: Select the Jira project and issue type to which the finding(s) should be assigned. Click Create ticket.

Step 5: A message will confirm that ticket(s) were created, and the linked ticket number will now be displayed for finding on the page.

Clicking the linked ticket value will take you directly to Jira for viewing.

Affected assets are managed from the finding, as opposed to the client. Affected assets contain information about an affected asset and relational metadata about the finding it is tied to.

An affected asset object on a finding will have a subset of fields compared to the client asset with the same ID. Some additional fields make sense when the finding and client asset are viewed together, such as the date the finding started affecting the client asset, the affected ports, location access to vulnerability, vulnerable parameters, and evidence of the affection.

Viewing Affected Assets

Step 1: From the Reports module, click the row of the impacted report.

Step 2: Click the Findings tab.

Step 3: Click the row of a finding.

Step 4: If an affected asset(s) exist for this finding, they are listed on the Finding Detail modal.

A parent asset can be accessed directly by clicking the provided link within the table.

Step 5: Click View under the "Actions" column of the affected asset to see more information.

The Asset Detail modal appears with information about the affected asset and a link to any parent, if applicable.

Configuring Views

The table view can be customized by clicking the column view icon to the right of the Add assets button.

Once clicked, a modal appears that lists all fields. To remove a column, click X within the bar.

When fields are removed, an "Add Column" pulldown menu is added at the bottom left of the modal to store the field. Any removed fields can be added later by clicking Add Column and selecting the field to add.

This modal represents the sequence of fields provided in the table, meaning the bar on top will be the column on the table's far left.

The order of columns can be adjusted within this modal by clicking the six dots on the left of the bar for a field and dragging the bar to the desired sequence place.

Click Save when finished.

Creating an Affected Asset

Step 1: From the Reports module, click the impacted report.

Step 2: Click the Findings tab.

Step 3: Click Edit of the finding the affected asset is being added to.

Step 4: Click the Affected Assets tab.

Step 5: Click the Add Assets button and select Create new asset.

Step 6: Enter information about the affected asset in the appropriate fields within the Asset Information tab.

Step 7: Click the Affected Areas tab. Enter information about the following:

• Affected Ports: Network ports vulnerable to a security exploit or attack.

• Location/URL: The URL of the affected asset.

• Vulnerable Parameters: The inputs or settings in a system or program that an attacker can exploit to compromise the security or integrity of the system. These parameters can include usernames, passwords, API keys, and configuration files.

• Notes: A text box for any additional information to provide context on the affected asset.

Step 8: Click the Evidence tab. This tab contains two text fields (title and description) per item but as many items of evidence can be added as needed. Evidence represents when or how the affected asset was found, and often is the scanner output from the scanning process.

Step 9: Click Save.

The asset is now listed in the Affected Assets tab of the finding.

Editing an Affected Asset

Step 1: From the Affected Assets tab of a finding, click Edit under the "Actions" menu.

Step 2: Edit or add information as desired and click Save.

Deleting an Affected Asset

Step 1: From the Affected Assets tab of a finding, click Remove under the "Actions" menu.

A modal appears, confirming the deletion. Click Remove.

Adding Existing Assets

Assets already in PlexTrac can also be added as an affected asset for a finding.

Step 1: From the Affected Assets tab of a finding, click the Add Assets button and select Add existing assets from the pulldown menu.

Step 2: Choose the asset(s) from the pulldown menu and click Save.

Importing Affected Assets

Step 1: From the Affected Assets tab of a finding, click the Add Assets button and select Import assets from the pulldown menu.

Step 2: Drag a file into the modal or click the box to navigate to the file on the computer.

Step 3: Click Import.

A message will appear confirming import.

The asset(s) are now listed in the Affected Assets tab.

Bulk Importing Affected Assets

Step 1: From the Affected Assets tab of a finding, click the Add Assets button and select Bulk paste from the pulldown menu.

Step 2: Enter the assets into the box by separating each value with a comma. PlexTrac will parse the assets and add them to the finding. URLs with paths (ex., www.plextrac.com/test/) will be separated into parent and child assets. Click Next.

Step 3: Asset, ports, and child asset values are dynamically assigned. Review and uncheck the box next to any new assets that should not be added. Click Next.

Step 4: Add any desired optional tags. Tags will be assigned to all added assets. Existing assets will retain current tags. Click Add X assets.

The new assets are displayed in the Affected Assets tab of the findings.

Bulk Updating

Step 1: From the Affected Assets tab of a finding, click the box in the header row to the left of "Asset."

Step 2: The "Actions" button appears with the following options:

• Add affected location/url

• Add affected ports

• Delete

Click the desired task from the pulldown menu and continue reading for additional details on each action.

Add Affected Location/URL

A modal will appear with a field to enter a URL. The query parameters will be parsed out into the inputs provided. Click Add Parameter to include vulnerable parameters. Click Save when finished.

The new value appears on the Affected Assets tab under the "Location/URL" column.

Add Affected Ports

A modal will appear with a field to enter any affected ports. Click Add Port to repeat the process as needed. Click Save when done.

The new values will appear under the appropriate columns on the Affected Assets tab.

Delete

A modal will appear, asking for confirmation of the action. Click Delete Assets.

A finding is a weakness in systems, processes, policies, or procedures that could be exploited. It arises from penetration testing, vulnerability assessments, and compliance audits. These findings reveal potential points of compromise, categorized by severity, and often come with recommended remediation actions.

Organizations can use findings to allocate resources and improve security efficiently.

Findings are the most common object in PlexTrac and can be added to a report in multiple ways:

• imported via , such as Nessus or Pentera

• imported from one of PlexTrac’s

• imported from an , such as Snyk or HackerOne

• in the Runbooks module

Accessing Findings

Findings can be accessed either through a report or the Clients module:

Via a Report:

1. Click Reports from the main menu.

2. Select a report.

3. Click the Findings tab.

Via the Clients module:

1. Click Clients from the main menu.

2. Select the client.

3. Click the Findings tab.

A count for the number of findings is displayed at the top of the table to the left of the filter boxes.

Identifying the Finding Source

The source of a finding can be found on the Finding detail side drawer, which appears when clicking the row of a finding seen in the Findings tab of a report or client. If the finding was created in PlexTrac, a value of plextrac exists. If the finding was imported, the source of that file or integration is also recorded.

Finding ID

The finding ID can be found on the Finding detail side drawer, which appears when clicking the row of a finding in the Findings tab of a report or client. The finding ID is generated by importing it from the source tool or dynamically by PlexTrac when the finding is created.

Every finding in a PlexTrac report must have a unique finding title.

When importing findings from two scans into the same report, only additional findings from the second scan and any assets tied to existing findings are imported, even if duplicates exist.

When two findings with the same title are created in two different reports for the same client, they are displayed on the Findings tab in the Clients module, as they each receive a unique finding ID.

Finding Reported Date

The finding reported date is when the finding was added to the report. This value is displayed under the "Date Reported" column from the Findings tab. This value can be modified through the "Actions" button when selecting one or more findings.

Findings are associated with metadata and labels that provide status and current standing. Visual cues using color in the platform also identify specific finding status states.

Draft or Published State

Findings can be in draft or published mode, and this status is provided visually within the Findings tab.

Findings in draft mode have an orange background row color and a dot next to the title. The published findings have a white background row color with no dot.

Setting to Draft or Published

Step 1: Navigate to the desired finding and click Edit under the "Actions" column.

Step 2: Update the finding status by clicking the toggle button to the desired state. Changes are autosaved.

Bulk Editing Draft or Published

Step 1: From the Findings tab, select one or more findings. An Actions button will appear.

Step 2: Click the Actions button and click Set Published Status.

Step 3: Toggle the publish status and click Save.

Finding Status

A finding can either be Open, In Process, or Closed. That status is displayed on the Findings tab.

Findings may also have a sub-status value. These do not exist unless added by an admin. Once added, they will be available to associate with a finding but are optional.

The Sub Status column is available when viewing findings in a report. It does not exist when viewing findings for a client.

Updating Finding Status

Step 1: From the Findings tab, click the status button of the finding to change.

Step 2: Click Add Update.

Step 3: The "Add Update" model appears with any previously populated values. Use the pulldown menus to update Status, Sub-Status, and Assigned to values. Enter any optional comments to provide context.

Click Save.

The changes are reflected in the log notes of the finding status tracker, which can be viewed at any time by clicking the finding status label.

Bulk Updating Finding Status

Step 1: From the Findings tab, select one or more findings. An Actions button will appear.

Step 2: Click the Actions button and click Assign/Update Status.

Step 3: The "Add Update" modal appears with any previously entered values. Use the pulldown menus to update Status, Sub-Status, and Assigned to. Enter any optional comments to provide context.

Click Save.

The changes are added to the selected findings.

PlexTrac provides a downloadable CSV file that can be used as a template for uploading findings offline and later using the Add Findings button within the Findings tab of a report.

To download the template, click the file below:

The file has the required fields prepopulated in the CSV file, along with sample values.

Importing the CSV File

Step 1: Download the CSV file above.

When importing the file via the Add Findings button in the Findings tab of a report, select the value "CSV" from the pulldown menu.

Step 4: Select the CSV file to upload and click Continue.

Step 5: Add any optional tags or leave them blank. Click Upload.

A message will appear, validating that the file is uploading.

Step 6: Validate that the information was added to the report. When the data has been imported successfully, the screen will display the information without refreshing the page.

The source of the finding will list "CSV" as the value. Below is how the data is displayed in the Finding Detail window using the sample values in the CSV template.

CSV Finding Field Mappings

All fields below must appear as column headers when importing the CSV file. All field values must follow the rules defined in the table, or the file may be rejected when imported or require further manual editing within PlexTrac.

Custom Fields

The CSV import will accept custom fields, which must be added at the spreadsheet's end after the template's columns.

Row A of the CSV template will be the custom field title, and subsequent row(s) will be the custom field value(s), as entered in the spreadsheet. Add multiple columns and values as needed.

When imported, the custom fields will appear on the Finding Detail page.

The custom fields can be edited or deleted after import via the Custom Fields tab of the finding.

WriteupsDB is a repository for all PlexTrac writeups. It categorizes, associates them with use cases, and facilitates reuse. By structuring and refining findings, writeups can be used in other deliverables, such as a report.

Once a writeup becomes a finding, it is a standalone object that is not impacted if the source writeup or repository is deleted or the same writeup added to another report is edited or deleted.

Importing from WriteupsDB

Step 1: From the Reports module, click the report row or Readout under the "Actions" column.

Step 2: Click the Findings tab.

Step 3: Click Add Findings, then select From WriteupsDB from the pulldown menu.

Step 4: Search or use the provided filters to find the desired writeups to add, then click the box to select them.

Selected writeups to be added are shown in the column on the far right.

Step 5: Click Add X Writeups at the bottom of the page.

A confirmation message will briefly appear, and the writeups are added to the report and listed on the Findings tab.

The Common Vulnerability Scoring System (CVSS) is an industry benchmark for evaluating the seriousness of identified vulnerabilities. It calculates a CVSS score by considering three metric categories (base, temporal, and environmental) encompassing various aspects of a vulnerability's impact and ability to persist in different contexts.

PlexTrac allows users to input or adjust scores when generating or revising findings, facilitating precise vulnerability assessment.

Entering a Findings Score

Step 1: From the Findings tab, click Edit under the "Actions" column of the finding to modify.

Step 2: On the Finding Details tab, select the applicable standard from the Score type pulldown menu (information specifically on CVSS v3.1 and CVSS v4.0 is located further below). If not using CVSS, click General.

Step 3: Enter values in the provided fields.

The score information for that finding is now displayed on the Finding Detail page.

CVSS v3.1/v4.0 Calculator

PlexTrac has a built-in calculator that generates a CVSS score based on selected input values. It also generates a CVSS vector and assigns severity to a finding based on the information selected and calculated score.

Users can create a value by clicking through the provided calculator, typing in a vector, or combining both actions.

The calculator is available when CVSS v3.1 or CVSS v4.0 is selected from the "Score type" field.

Entering a Score Manually

If the score is already known, it can be entered in the "Score" field, and the finding's severity will update to match the score.

Entering a Vector Manually

If the CVSS vector is known, entering the value in the "Vectore" field will dynamically set the finding severity.

Using the Calculator

Step 1: In the "Score type" field, select CVSS v3.1 or CVSS v4.0, then click Calculate Score.

Step 2: To create a vector, select values by clicking the fields provided. All values must be entered.

After entering a value for all fields, a severity score, severity value, and vector value are populated.

Validation is performed on multiple fields to ensure accurate score and severity using vector string and record, which must be kept in sync.

The calculator updates the vector record string when a field is clicked. However, the string is displayed only when all base values are selected. The option to save will appear afterward.

When the vector string has changed, the string is then validated. If the string is valid, the record and selected values are updated in the calculator modal. If not, a warning message is displayed, and the save button is disabled.

Step 3: For more advanced scoring options, expand "Show temporal and environmental scoring."

Additional fields specific to the score type will be displayed for editing.

Step 5: When finished, scroll to the bottom of the modal and click Save. The severity, score, and vector are populated in the appropriate fields on the Findings Details tab.

CVSS 3.1 scores can also be viewed on the Findings tab of a report or client if that field has been configured to appear in the table.