PlexTrac offers easy access to detailed client information. By clicking on a client's row from the Clients module home page, the user is directed to the Client Summary page, which includes tabs for Reports, Findings, Assets, Details, Statistics, and Priorities.

These tabs offer insights into the client's reports, findings, asset inventory, client-specific details, and finding metrics. PlexTrac ensures a cohesive and organized approach to client management by centralizing all client data in one place.

Reports Tab

This tab lists all the reports associated with a client. It can also be reached by clicking Reports under the "Actions" column from the Client home page.

This tab displays the report title, status, classification, creation date, and finding count. It allows direct access to the Report Readout page and associated findings. Click one of the rows for more information about a specific report.

Bulk Actions

When editing multiple reports, PlexTrac offers bulk action capabilities. Bulk actions provide several advantages, including time-saving and increased efficiency by processing numerous items simultaneously.

Click Actions to see the list of options for reports.

Configuring Table View

The table view can be customized by clicking the column view icon to the right of the search bar.

Once clicked, a modal appears that lists all fields. To remove a column, click X within the bar.

When fields are removed, an "Add Column" pulldown menu is added at the bottom left of the modal to store the field. Any removed fields can be added later by clicking Add Column and selecting the field to add.

This modal represents the sequence of fields provided in the table, meaning the bar on top will be the column on the table's far left.

The order of columns can be adjusted within this modal by clicking the six dots on the left of the bar for a field and dragging the bar to the desired sequence place.

Click Save when finished.

Findings Tab

This tab lists all the findings associated with a client via a report.

Clicking a finding row pulls up a side-drawer and the findings detail view. From this view, a finding status can be edited by clicking the status value, and affected assets can be viewed and accessed directly for editing.

Bulk Actions

Bulk action options appear after one or more findings are selected by clicking the checkbox to the far left of the Finding Title field or by clicking the box next to the column header.

Click Actions to see the list of options available.

Configuring Views

The table view can be customized by clicking the column view icon to the right of the search bar.

Once clicked, a modal appears that lists all fields. To remove a column, click X within the bar.

When fields are removed, an "Add Column" pulldown menu is added at the bottom left of the modal to store the field. Any removed fields can be added later by clicking Add Column and selecting the field to add.

This modal represents the sequence of fields provided in the table, meaning the bar on top will be the column on the table's far left.

The order of columns can be adjusted within this modal by clicking the six dots on the left of the bar for a field and dragging the bar to the desired sequence place.

Click Save when finished.

Assets Tab

This tab lists all the assets associated with a client and the ability to view the asset, edit the asset properties, add any notes, or delete the asset.

Bulk Actions

Bulk action options appear after selecting one or more assets by clicking the checkbox to the far left of the Assets field or by clicking the box next to the column header.

Click Actions to see the list of options available.

Configuring Table View

The table view can be customized by clicking the column view icon to the right of the search bar.

Once clicked, a modal appears that lists all fields. To remove a column, click X within the bar.

When fields are removed, an "Add Column" pulldown menu is added at the bottom left of the modal to store the field. Any removed fields can be added later by clicking Add Column and selecting the field to add.

This modal represents the sequence of fields provided in the table, meaning the bar on top will be the column on the table's far left.

The order of columns can be adjusted within this modal by clicking the six dots on the left of the bar for a field and dragging the bar to the desired sequence place.

Click Save when finished.

Details Tab

This tab provides an overview of the client for all published reports. The primary purpose of this overview is to provide a snapshot of the client's security posture and the progress made in addressing the identified issues. It is a centralized dashboard where users can quickly assess the client's status at a glance, enabling efficient monitoring and decision-making.

In addition to the status overview, this tab also provides various functionalities and options to manage the client's information and related activities.

1. Edit the client's contact information and logo

2. Import assets associated with a client

3. Create a report

4. Manage authorized users

If relevant, banner messaging for user license status appears in the "User Access" section on the Details tab. Visit the RBAC section for more information on licensing users.

Statistics Tab

This tab offers a snapshot of a client's findings based on severity and status for all published reports.

By organizing findings by severity and status, users can quickly identify the number of open or unresolved findings that require attention and follow-up actions.

Priorities Tab

This tab provides a summary of all priorities associated with the client. The list displayed is based on whether the tenancy enables client-specific or tenant-level priorities.

It can be determined whether a priority applies to all clients or a specific one based on the "Client" column value. If a priority applies to all clients, an "All clients" value is displayed. If it is client-specific, the client's name will appear instead.

The priority can be accessed directly by clicking on its title or row.

Bulk Actions

Bulk action options appear after one or more priorities are selected by clicking the checkbox to the far left of the Priority field or by clicking the box next to the column header.

Once available, click on Actions to see the list of options.

Configuring Table View

The table view can be customized by clicking the column view icon to the right of the search bar.

Once clicked, a modal appears that lists all fields. To remove a column, click X within the bar.

When fields are removed, an "Add Column" pulldown menu is added at the bottom left of the modal to store the field. Any removed fields can be added later by clicking Add Column and selecting the field to add.

This modal also represents the sequence of fields provided in the table, meaning the bar on top will be the column on the table's far left.

The order of columns can be adjusted within this modal by clicking the six dots on the left of the bar for a field and dragging the bar to the desired sequence place.

Click Save when finished.

PlexTrac offers role-based access controls (RBAC) at the client level. RBAC allows teams to efficiently manage user privileges and permissions based on specific client requirements, enabling effective collaboration and task accomplishment.

Within PlexTrac, three default levels of access exist that can be assigned to users based on their responsibilities:

1. Administrator: An Administrator has the highest access level within PlexTrac. They possess extensive privileges and can perform various tasks, including creating reports, adding findings, tracking status, managing users, configuring settings, and accessing all areas of the platform related to the client.

2. Standard User: A Standard User plays a crucial role in managing and documenting activities for a client. They can create reports, add findings, and track the status of ongoing projects. This level of access allows Standard Users to contribute actively, collaborate with other team members, and provide valuable insights throughout the process.

3. Analyst: An Analyst is a user with a more limited role. Their primary responsibility is to track and update the status of identified vulnerabilities. While they may not have the authority to create reports or add findings, their role is essential in ensuring the accurate documentation and timely resolution of identified issues. Analysts can provide real-time updates on the progress of vulnerability mitigation efforts, making it easier for the broader team to stay informed and take necessary actions.

These default access levels ensure each team member has the appropriate privileges and responsibilities aligned with their role and contribution to the client's initiatives. By assigning specific access levels, teams can streamline workflows, maintain data integrity, and improve overall efficiency in managing and securing client environments.

Licensing

When adding a user to a role that is licensed, an icon will appear at the end of the role title, regardless of the number of licenses available.

Any messaging regarding user licenses will appear as a banner on the "Authorize Client Users" modal.

Adding Users to a Client

Step 1: From the Clients module home page, click View under the "Actions" menu for the impacted client.

Step 2: Scroll to the User Access section and click Add/Authorize User.

Step 3: Select the user to add from the "User" field pulldown menu.

Only existing users in the tenancy who are not authorized for the client appear in the pulldown menu.

After adding a user, the "Role" and "Classification" fields will be automatically filled in but can be changed.

Step 4: Click Add User to add additional users (if applicable). Click Save when finished.

Deleting a User

Step 1: From the Clients module home page, click View under the "Actions" menu for the impacted client.

Step 2: Scroll down to the "User Access" section and click Revoke under the "Actions" column in the user's row to remove access permissions.

Step 3: A dialog box will appear confirming the action. Click Revoke.

Changing User Roles

Step 1: From the Clients module home page, click View under the "Actions" menu for the impacted client.

Step 2: Under the "User Access" section, select the new role from the pulldown menu in the "Role" column for the user.

The change is immediate. A dialog box will appear at the bottom left of the screen confirming the change.

Changing User Classification Level

Step 1: From the Clients module home page, click View under the "Actions" menu for the impacted client.

Step 2: Scroll down to the "User Access" section and click the pulldown menu under the "Classification Level" column of the user impacted.

Step 3: Select the new classification level.

The change is immediate. A dialog box confirming the change will appear at the bottom left of the screen.

Existing assets in PlexTrac are managed from the Clients module. Assets may be found either from the Assets tab of a client, the Assets tab of a report, or via the Findings>Affected Assets tab when creating or modifying a finding.

Modifying an Asset for a Client

Step 1: Within a client, click the Assets tab.

Step 2: Click Edit under the "Actions" column of the asset to modify.

Step 3: Update desired fields on the "Edit Asset" page, then click Asset Detail.

Step 4: A list of asset metadata and the Associated findings tab are presented. Click Edit of the associate finding to update that asset, or click Notes/Description.

Step 5: Add any notes to help provide context by clicking Add Note.

Step 6: Click the Child assets tab to view any child assets that may exist.

Bulk Actions

Bulk action options appear after selecting one or more assets by clicking the checkbox or the box next to the column header.

Click Actions to see the options available, such as linking to a priority or deleting.

In the Clients module, users can group and categorize data as needed. This helps manage confidentiality, integrity, and availability effectively while enhancing collaboration and catering to individual client needs.

Users access the module by clicking Clients in the application's main menu.

Overview

PlexTrac defines a client as a logical grouping utilized to segregate data. The term holds various meanings within different organizations, depending on the context in which it is used.

In the case of teams external to the consulting organization, the term "client" typically refers to those individuals or entities who utilize their services. These clients may include businesses, government agencies, or other organizations that engage the consulting team to assess their cybersecurity posture, conduct vulnerability assessments, or provide related services. For these external teams, the client represents the entity they work for and to whom they deliver their expertise.

For teams operating within the boundaries of an organization or company, a client could refer to a specific project, a business unit, a regional office, or a program within the organization. The purpose of defining a client in this manner is to facilitate the segregation of data, findings, reports, and assets, ensuring that information is appropriately isolated within the relevant groupings.

By organizing data according to different clients, teams can effectively manage and maintain confidentiality, integrity, and availability of information. This approach allows for more collaboration and reporting within specific client-based units, preventing data overlap and ensuring that each client's unique requirements and concerns are adequately addressed.

The Clients module home page displays all clients in a tenancy and provides access to the following:

1. Adding a new client: Clicking the New Client button launches a modal to enter information for a new client.

2. A count of how many clients exist for the tenancy.

3. Customizing the table view: Clicking the icon allows the configuration of the columns on this page.

4. Viewing a client dashboard: Clicking View under the "Actions" column goes directly to the Details tab of the Client Summary page.

5. Viewing all reports associated with a client: Clicking Reports under the "Actions" tab goes directly to the Reports tab of the Client Summary page.

6. Viewing all assets associated with a client: Clicking View Assets under the "Actions" tab goes directly to the Assets tab of the Client Summary page.

7. Deleting a client: Clicking View Assets under the "Actions" tab goes directly to the Assets tab of the Client Summary page.

Configuring Table View

The table view on the Clients home page can be customized by clicking the column view icon to the right of the search bar.

Once clicked, a modal appears that lists all fields.

To remove a column, click X within the bar.

When fields are removed, an "Add Column" pulldown menu is added at the bottom left of the modal to store the field. Any removed fields can be added later by clicking Add Column and selecting the field to add.

This modal also represents the sequence of fields provided in the table, meaning the bar on top will be the column that appears on the far left of the relevant box.

The order of columns can be adjusted within this modal by clicking the six dots on the left of the bar for a field and dragging the bar to the desired sequence place.

Click Save when finished.

Short codes are small snippets that perform search and replace operations throughout the platform. They are designed to streamline the creation of reports and promote data reuse, saving time and ensuring consistency across reports. Short codes can be utilized within report narratives and findings rich-text fields to automate specific tasks and provide standardized content.

Creating reports can be simplified using short codes by eliminating the need to modify repetitive or common content sections manually. Users can define code snippets once and reuse them across multiple reports with short codes. This saves time and ensures consistency by applying the same language, formatting, or information throughout different reports.

If applicable, the user can add a short code at the client level to all reports related to that client. However, if the short code is only relevant to a specific subset of reports, .

Adding Short Codes

Step 1: From the Clients module home page, click View under the "Actions" menu for the impacted client to reach the Details tab.

Step 2: Click Edit Client Information.

Step 3: At the bottom of the modal, click Add Custom Field.

Step 4: In the first box on the left, enter the label value that corresponds with the appropriate short code and insert the text value that will replace the short code in the second box on the right.

The "Value" box value will replace the short code (i.e., %%LOCATION%%) whenever found in the report's narratives or finding's rich-text fields.

The Custom Field label is the key linking the short code to the value (text data) that is to replace it. For example:

• Label: Location

• Value: Boise

• Short Code: %%LOCATION%%

Step 5: Click Submit when finished.

Step 6: Use the short code in any report narrative or findings rich-text field.

Step 7: Go to the Narrative tab of the report and click Search & Replace at the top right of the page.

Step 8: The Search & Replace modal appears. Click Replace Short Codes to replace all short codes in the report with their corresponding text data.

Step 9: Click Confirm.

After a few minutes, a confirmation message will appear.

Step 10: Validate that the change(s) occurred as desired.

If unsuccessful, ask an admin to verify the short code was set up correctly in the Admin Dashboard.

Once clients have been added, PlexTrac offers a range of features that facilitate editing and managing information, including contact details, custom fields, logos, and additional notes and details. With just a few clicks, users can ensure client information remains accurate and relevant.

Editing Client Information

Step 1: From the Clients module home page, click View under the "Actions" menu for the impacted client to reach the Details tab.

Step 2: Click the Details tab.

Step 3: Click Edit Client Information.

Step 4: The "Edit Client Information" modal appears and can be modified as desired. Click Submit when finished.

Deleting a Client

Step 1: From the Clients module home page, click the three dots under the "Actions" column corresponding to the client and click Delete Client.

A modal will appear, confirming the action. Click Delete.

The "Create New Client" modal allows users to input essential information, such as the client's name, logo, point of contact, client notes, tags, and custom fields.

Users can create a comprehensive profile for each client, enabling efficient data collection, organization, and management within PlexTrac.

Step 1: From the Clients module home page, click New Client.

Step 2: A modal appears with the following fields:

1. Client Logo: To visually represent the client, drag an image or click the designated box to navigate to a picture on the computer.

2. Client Name (required): Enter the client or project name that will identify this data collection throughout PlexTrac.

3. Point of Contact: Enter the resource's name to contact about the data collection.

5. Client Description/Details: Enter any pertinent information to help provide users context.

6. Tags: Enter any tags associated with the client (new or existing). Any special characters will be removed, and any spaces will be replaced with an underscore (_).

7. Add Custom Field: Enter additional fields and values needed to enhance the client's management.

Step 3: Click Submit.

The new client now appears on the Clients module home page.

Assets within PlexTrac are stored outside of reports at the client level within the platform. An asset can exist as a standalone file in the Clients module or associated with a finding, referred to as an affected asset.

Organizations can efficiently manage and track their cybersecurity resources by utilizing PlexTrac to organize and store assets. This centralized approach ensures that important files and information are readily accessible when necessary, facilitating collaboration, efficient vulnerability management, and streamlined remediation efforts.

Creating an Asset

Step 1: From the Clients module home page, click the row of the client or View under the "Actions" column.

Step 2: Click the Assets tab.

Step 3: Click the Add asset(s) pulldown menu and select Create asset.

Step 4: The "New Asset" modal appears. Enter the desired information into the appropriate fields.

Step 5: Click Save at the bottom of the modal.

The asset now appears in the Assets tab.

Adding Assets via Bulk Paste

Step 1: From the Clients module home page, click the row of the client or View under the "Actions" column.

Step 2: Click the Assets tab.

Step 3: Click Add Asset(s), then select Bulk paste assets from the pulldown menu.

Step 4: Paste asset information into the provided box as a return- or comma-separated list.

Step 5: Click Next.

Step 6: PlexTrac will search for assets in the bulk paste that match existing assets and identify them separately from new assets on the Review tab. This provides the option to deselect any assets before import.

Step 7: Click Next.

Step 8: Add any tags (optional). Click Add X assets.

A message confirming import and assets are viewable from the Assets tab will appear.

Importing Assets to Clients

PlexTrac supports asset imports using an NMAP file or a CSV template:

• NMAP files: Network Mapper is a free, open-source network discovery and security auditing utility. More information on NMAP can be found on PlexTrac's Integrations section of this site.

• CSV: PlexTrac provides a template for uploading assets to a client. Click the file below to download the template:

CSV Asset Template Rules

The template is prepopulated with all permitted fields and sample values.

Ports

Column G ingests port information. Once imported, this information is found in the asset's Notes/Description tab.

Multiple values for the ports cell are separated by commas, such as:

22/open/tcp//ssh//OpenSSH 4.3 (protocol 2.0)/, 25/open/tcp//smtp///, 53/closed/tcp//domain///, 70/open/tcp//gopher///, 80/open/tcp//http//Apache http 2.2.3 ((CentOS))/, 113/open/tcp//auth///, 31337/open/tcp//Elite///

Each port can have up to eight values, separated by a slash. This means there must be seven slash characters (/) for each port ingested, even if no data exists within the slashes. If the correct number of slashes is not used, an import error will appear, and the file will not be accepted.

Examples of valid data values for the ports field:

• 80///////

• 80/open//////

• 80/open/tcp/////

• 80/closed/tcp/auth////

• 80/open/tcp/auth/ssh///

• 80/open/tcp/auth/ssh/test 6//

• 80/open/tcp/auth/ssh/test 6/Apache http 2.2.3 (CentOS)/

The first value captures the port number. The second value captures the port status (any ports with a status of Closed will not be imported). The third value captures the protocol. The fifth value captures the service, and the seventh value captures the version.

Importing Assets

Step 1: From the Clients module home page, click the report row or View under the "Actions" column.

Step 2: Click the Assets tab.

Step 3: Click Import assets.

Step 4: Drag a file into the modal or click the box to navigate to the file on the computer.

Step 5: Click Import.

A message will appear confirming import.

The new assets are displayed on the Assets tab. Click View of the imported asset to see imported values.

To view imported port information, click Notes/Descriptions.