Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Users can change their password in the Personal Settings section by navigating to the Change Password tab. This feature empowers users to maintain the security and integrity of their accounts by periodically updating their passwords.
All of the listed requirements must be met to create an acceptable password.
a minimum of 12 characters
one lowercase character
one uppercase character
one number
one special character
Users can access the password requirements within the platform by clicking on the "?" next to the "Enter New Password" label.
Account settings are accessed by clicking the user name in the upper right of the page.
For standard users (non-admins), the drop-down menu will provide options to select Profile, Help Center, and Logout:
For admins, the drop-down menu will provide options to select Profile, Account Admin, Help Center, and Logout:
The Admin Dashboard is reached by clicking the user name in the upper right of the page and then clicking Account Admin.
The Admin Dashboard includes the following sections:
PlexTrac enables two-factor authentication at the account level and is managed on the Two-Factor Authentication tab of the Personal Settings page. Two-factor authentication is a security measure that requires users to provide two forms of identification to access an account or system.
Two-factor authentication (2FA) is a security measure that significantly protects against unauthorized access to sensitive information and accounts. It works by adding an extra layer of verification to the traditional password or PIN login process. When users log in, they must provide their regular credentials, such as a username and password, and a second form of authentication.
The second authentication factor can take various forms, such as a unique code sent to the user's mobile device via SMS or generated by an authentication app, a fingerprint or facial recognition scan, a hardware token, or even a one-time password sent to an email address. The significance of 2FA lies in its ability to counteract the vulnerabilities of using passwords alone.
Step 1: Click the Two-Factor Authentication tab on the Personal Settings page.
Step 2: Click Set up Two-Factor Authentication.
Step 3: Scan the QR code with the phone and input the token provided on the device.
Step 4: Click Confirm. The modal will disappear, and a message will confirm that Two-factor Authentication is enabled.
Step 1: Click the Two-Factor Authentication tab on the Personal Settings page.
Step 2: Click Reset Token.
Step 3: A confirmation modal appears. Click Reset.
Step 4: Scan the QR code and click Confirm.
Step 1: Click the Two-Factor Authentication tab on the Personal Settings page.
Step 2: Click Disable Two-Factor Authentication.
Step 3: A confirmation appears. Click Disable.
In Tenant Settings, admins can manage different aspects of their tenant effectively. They can change the tenant name, activate dark mode for a personalized feel, view and add licenses, set default finding status, configure sub-status options, manage notification and server settings, create email templates, and set up short codes.
Tenant Settings contains the following sections:
The General Settings button under "Tenant Settings" in the Admin Dashboard allows management of answer types, the default behavior of findings status for published reports, managing finding sub-status and enabling rapid templating.
Click Save at the bottom of the page after each configuration change in General Settings.
All users can select a custom data set when creating a question under an Assessment Questionnaire, but only Admins can define the custom data set. Once an assessment is submitted, all questions are transformed into findings, including custom fields. PlexTrac then assigns a status to each finding, using business rules corresponding to the answer type and values of the question.
PlexTrac-provided answer sets cannot be edited or deleted. The 14 default out-of-the-box answer sets are displayed in the following screenshot:
Step 1: Click the collapsed container under Answer Types.
Step 2: Click Create.
Step 3: Enter an answer type label, then click Add Answer.
To hide the answer type from users temporarily without deleting, toggle the "Visible" field to "Hidden."
Step 4: Enter an answer value and click Add Answer again (every answer type value must have at least two answers). When finished, click Save.
By default, the answer type appears at the bottom of the table.
If configured to be visible, the answer set can now be selected from the available Answer Types when building a question inside a Questionnaire.
To edit an answer type created by an admin, find the answer type from the list and click the green circle icon:
To delete an answer type created by an admin, find the answer type from the list and click the red trash can icon:
This configuration determines if findings are set to "Draft" or "Published" when added to a report that has already been published.
Toggle the button to the desired status.
If the findings default status is set to "Draft," all new findings are created in draft status and not viewable to analysts until published (individually or in bulk). If set to "Published," analysts will have access to all findings in published reports for clients they are authorized to view.
Regardless of the Default Finding Status, a report with "Draft" status is invisible to authorized analysts.
This allows an admin to add additional tags available for an additional level of detail to associate with a finding in the "Sub Status" field, which exists under the Findings Details tab of a finding.
The value(s) provided to a user in the pulldown menu are dictated by the value selected for the status of the finding, as the values have a child relationship to the parent value.
To add a sub-status value, place the cursor in the desired parent status field and enter the value. To delete a value, click the "x" of the value to remove it.
This feature determines the options available to a user when exporting a report. Toggle the button under "Rapid Templating" to the desired status.
When Rapid Templating is off, and a report is exported, the report will immediately download to the local environment in the format associated with the report.
When Rapid Templating is on, after the desired export format is selected from the pulldown menu, an additional modal will appear, allowing a specific template to be used.
Select the desired export template and click Export.
Email settings are located under the "Tenant Settings" section in the Admin Dashboard. This section provides administrators with options to manage and configure various aspects related to email setup and notifications. The Email Settings page displays three tabs, enabling admins to adjust and personalize the email settings based on their preferences. These tabs facilitate access and control over notification settings, email servers, and email templates.
The Notification Settings tab is used to manage when email notifications are sent to users. Notifications can be configured by the report, finding, substatus, or assignment by clicking the toggle bar on or off.
When all email notifications are disabled, the system only sends emails regarding actions related to a user's profile (personal settings).
The notification of report status changes for assigned users is permanently disabled.
The Server Settings tab manages the configuration of a custom email server. PlexTrac defaults to its email service but supports SMTP (Simple Mail Transfer Protocol) and OAuth (Open Authorization).
Step 1: From the Admin Dashboard, click Email Settings under "Tenant Settings."
Step 2: Click Configure Mail Server.
Step 3: A modal appears. Enter the appropriate information in the required fields.
Email Server URL: Refers to the domain or hostname of the server that handles incoming and outgoing emails for the email account or domain. The specific email server name can vary depending on the email service provider or the organization's email infrastructure.
Port: PlexTrac supports standard SMTP (Simple Mail Transfer Protocol) ports, and those options are provided in the pulldown menu for this field:
SMTP with SSL/TLS encryption (SMTPS): 465 (secure)
SMTP (unencrypted): 25 (not secure)
SMTP with STARTTLS encryption: 587 (not secure)
Step 4: Select the mail server authentication type if different than the default value of "None."
None: No authentication is used, and the email server allows open relay without requiring credentials. It is not secure or recommended, but it is sometimes used for internal and testing purposes.
Basic: A simple username and password combination is enabled. Credentials are sent in plain text or base64 encoded. This method is less secure than OAuth2, especially if it is not used with encryption (TLS/SSL).
OAuth2: This provides a more secure and flexible authentication method, as it does not require sending the actual username and password with each request. It supports short-lived access tokens and long-lived refresh tokens. It is more complex to set up but offers enhanced security. This page provides more information on obtaining the required information from Google to set up OAuth.
Step 5: Click Save.
If the connection is unsuccessful, a message will be displayed at the top of the page.
Validate the data entered, make necessary changes, and click Save again.
Click Remove Mail Configuration to remove and change the current email server configuration to the default PlexTrac email service.
The E-mail Templates Manager tab manages the format, information, and structure of emails sent to users within a tenancy and allows for the configuration of email white labeling.
The application defaults to PlexTrac values for the "From Name" and "From Address." To change the name and email address, edit the fields under "EMAIL WHITE LABELING" and click Submit.
PlexTrac offers a collection of email templates that are automatically dispatched to users upon completing specific actions or tasks. These templates serve as predefined messages but can be modified and tailored to individual requirements.
Admins can customize the templates as needed by incorporating their company logo, removing short codes, enhancing the HTML, or including specific messaging to align with their branding and communication style. This feature enables admins to create email communications matching their style and messaging preferences.
To edit an email template, click the green icon under the "Actions" column next to the email.
Short codes can be used in emails as wildcards to replace text. Available codes are listed at the bottom of the email template.
The Service-Level Agreements (SLAs) button under "Tenant Settings" in the Admin Dashboard allows management of SLA settings, such as severity, days to close, notifications, and tags.
SLAs are designed to ensure that cybersecurity measures meet specific standards and expectations and are critical to managing and enhancing an organization's overall security posture.
The table view can be customized by clicking the column view icon to the right of the search bar.
Once clicked, a modal appears that lists all fields. To remove a column, click X within the bar.
Fields that are required do not have an X available.
When fields are removed, an "Add Column" pulldown menu is added at the bottom left of the modal to store the field. Any removed fields can be added later by clicking Add Column and selecting the field to add.
This modal represents the sequence of fields provided in the table, meaning the bar on top will be the column on the table's far left.
The order of columns can be adjusted within this modal by clicking the six dots on the left of the bar for a field and dragging the bar to the desired sequence place.
Click Save when finished.
Step 1: Click New Service-Level Agreement.
Step 2: A modal will appear. Enter an SLA name, define how many days should exist to close the SLA and the finding severity that the SLA applies to. All other fields are optional.
SLA Name: This is a required field. Duplicate SLA names can exist.
Days to Closed: This is a required field. Enter a numeric value representing how many days are allowed to close a finding. For example, a value of "2" means that if a finding for the defined severity has not been closed within two days of being opened, it exceeds the SLA.
Finding Severity: This is a required field. Select the finding(s) severity to be tracked as part of the SLA. More than one severity can be selected.
Finding Tags: This allows an SLA to include findings with specific tags. Leave blank to include all tags. More than one value can be selected.
Asset Criticality: If a value is selected, the SLA will only track Assets with the selected criticality. More than one value can be chosen.
Daily summary email...: When checked, an email summary of findings nearing and exceeding SLA for the tenancy level that the user is assigned to or added as another recipient is sent daily.
Send reminder X hours before the SLA is exceeded: When checked, an email is sent. Findings included in this reminder will also be listed as “Nearing SLA” within Trends & SLA analytics.
Send notification when the SLA has been exceeded: When checked, a notification will be sent to recipients until remediated.
Other recipients: Additional recipients can be added via the pulldown menu. The users selected will have the same experience described in NOTIFICATIONS above, assuming they have permission to view any findings or SLAs.
Daily summary email of findings nearing and exceeding an SLA: When checked, a daily email is sent.
Send reminder X hours before the SLA is exceeded: When checked, a reminder is sent. Findings included in this reminder will also be listed as “Nearing SLA” within Trends & SLA analytics.
Send notification when an SLA has been exceeded: When checked, a notification is sent when an SLA has been exceeded.
Step 3: Click Save at the bottom of the modal.
The Account Information button under "Tenant Settings" in the Admin Dashboard provides configuration of tenant information, including changing the tenant theme (light or dark), uploading a tenant logo and icon, and changing tenant name.
To change the mode of the tenancy from light to dark, click the desired mode. The change is immediate.
Any images loaded light mode will disappear. Images will need to be reloaded for dark mode.
The Tenant logo and icon need to be updated in both light and dark mode.
Dimensions of the tenant icon image file should have the same height and width.
Step 1: Click Upload Tenant Images.
Step 2: Click the box of the image to upload, and drag the file into the box or navigate to that image on the computer.
The dimensions of the tenant icon image should have the same height and width (i.e., 500px x 500px).
Step 3: Click Submit.
The logo will appear at the top of the left navigation bar.
Step 1: Click Edit Tenant Information.
Step 2: Enter the desired information and click Submit.
The new value appears on the Account Information page. After refreshing page, the new value appears as the Tenant Administration value.
The Tags Settings button under "Tenant Settings" in the Admin Dashboard allows management of the tags. Tags are listed alphabetically in groups of 20.
Type the desired tag value in the "New tag name..." box and click Create Tag.
Omit hyphens in tags. Hyphens are not supported and will be removed and replaced with an underscore when a file that includes a hyphen is imported.
Insert the cursor in the "Type to search tags..." field and type the query. The list of tags will be filtered by the content in the search box.
Search for and identify the tag to delete and click Delete under the "Actions" column of the row for that tag.
No confirmation modal is provided, and action is immediately executed. This cannot be undone.
If more than 20 tags exist, click the Previous 20 and Next 20 buttons at the bottom of the page to navigate forward and backward and view tags on other pages.
The Short Codes button under "Tenant Settings" in the Admin Dashboard provides the ability to replace predefined strings or variables in a report with new values, reducing the need to edit each report. Using short codes makes report creation more efficient and reduces maintenance, as it reduces the time to edit.
Short codes can pull data from a report custom field or a client custom field, depending if the short code applies to all reports for a client or one specific report.
PlexTrac provides six short codes that pull data from non-custom fields and are listed on the Default tab. These variables cannot be modified or deleted.
Step 1: From the Custom tab of the Short Codes page within the Admin Dashboard, click Create Short Code.
Step 2: Enter the appropriate values in the provided fields.
Short Code field: The string inserted in reusable rich text fields that will be replaced after activation. Short Codes must follow the following rules:
Be a single string with no spaces
Begin and end with two percent symbols
No special characters other than an underscore and the aforementioned percent symbols
Follow the standard of %%MY_SHORT_CODE%%
when “MY_SHORT_CODE” is the desired string
Source field: The value from which the short code is replaced and can originate from either a report or client custom field.
Custom Field Label field: The value associated with the short code that will be entered in a client or report custom field to generate the replacement value. Below is an example of a short code's Custom Field Label value ("Client Domain") used in a report.
Report Custom Fields can be pre-populated from Report templates.
Step 3: Click Save.
The new short code is inserted at the bottom of the list on the Custom tab.
Custom Short codes can be modified by clicking Edit in the "Actions" column of the applicable short code.
Custom short codes can be removed by clicking Delete in the "Actions" column of the applicable short code.
A modal will appear, confirming the action. Click Confirm Delete.
The Personal Settings page allows users to upload a profile image, change the user display name, view the email on file, select a theme mode (light or dark), update the user password, configure how dates are displayed, and set up and manage multi-factor authentication (MFA).
The personal settings page is reached by clicking the user name in the upper right and then clicking Profile.
The Personal Settings page has three tabs:
Asset Tags: This allows an SLA to include assets with specific tags. Leave blank to include all tags. More than one value can be selected.
If more than 20 tags exist, only the first 20 will appear when assigning tags. To filter the list, type in the first few letters of the tag.
Step 4: Use the for use in all reports for a client, or use the .
%%CLIENT_NAME%%
The name of the client, as defined in the Create/Edit Client modal of the Clients module.
%%CLIENT_POC%%
The POC for the client, as defined in the Create/Edit Client modal of the Clients module.
%%CLIENT_POC_EMAIL%%
The client POC’s email address, as defined in the Create/Edit Client modal of the Clients module.
%%REPORT_NAME%%
The report's name is defined in the "Report Name" field of the Details tab in the Report module.
%%REPORT_START_DATE%%
The start date of the report, as defined in the "Start Date" field of the Details tab in the Report module.
%%REPORT_END_DATE%%
The end date of the report, as defined in the "End Date" field of the Details tab in the Report module.
The Templates button under "Customizations" in the Admin Dashboard allows users to create and configure report templates, export templates, and create style guides.
Report templates: Defines the report layout that may include narrative sections and custom fields.
Export templates: Ability to manage templates for exporting reports from PlexTrac.
Style guides: Defines the styles and presentation when exporting Jinja reports to Word.
A report template is a pre-defined structure and format for creating reports. It may include narrative sections and custom fields, as well as the ability to select an export template.
Report templates save time and ensure consistency in the formatting and presentation of reports within an organization. They save time by pre-populating report sections, such as the introduction, methodology, or threat model. Linking to a custom export template ensures an exported file is branded and structured in the desired reporting methodology.
Step 1: Click New report template.
Step 2: Enter a template name and select a default export template from the pulldown menu, if applicable (i.e., a Jinja template).
The default export template must be loaded first before starting this process.
Step 3: Add any custom fields or narrative sections by clicking the appropriate buttons and entering the required information.
Step 4: Click Create.
The template will appear in the list on the Report templates tab.
Report templates can be previewed by clicking Preview under the "Actions" column.
The preview will show any text entered in the narrative section when the template was created. It does not display template custom fields.
Report templates can be edited by clicking Edit under the "Actions" column.
This will launch a modal, allowing the entire template to be modified. Click Save when finished.
Report templates can be deleted by clicking Delete under the "Actions" column.
A box will appear confirming the action. Click Delete.
The Layouts section under "Customizations” in the Admin Dashboard provides the ability to configure and customize the experience of creating a finding.
Multiple layouts allow admins to tailor the finding creation process according to their needs and requirements. Each layout can be designed to capture different findings or accommodate different workflows. For example, a tenant might have different layouts for web application vulnerabilities, network vulnerabilities, or compliance-related issues.
By customizing the layouts, admins can ensure that teams provide consistent and relevant information while creating findings. This can improve report creation by ensuring a standardized approach to documenting security issues.
Layouts only apply to findings created within PlexTrac and don't apply to imported findings.
Step 1: Click Layouts in the Admin Dashboard under "Customizations."
Step 2: Click New Findings Layout.
Step 3: Confirm if starting from the default layout or leveraging another. Select the layout from the pulldown menu if starting from a custom layout. Click Create.
Step 4: A new page appears with two tabs: Finding fields and Custom fields.
Enter a unique and descriptive name for the layout in the "Findings layout name" box, as this value will be provided to users when selecting the layout for a report.
Step 5: Arrange the fields to create the desired layout.
Click + in the left column to add any field to the layout. Click X in the right column to remove a field from the layout.
Fields without an X are required and cannot be removed or made optional.
Step 6: Make any optional fields required by toggling the button for that field to the right so the purple checkmark appears.
Step 7: Arrange the fields in the desired order by clicking the row with the cursor and dragging the box to the desired sequence of existing fields.
The title must be first and cannot be moved.
Step 8: If applicable, add custom fields by clicking the Custom fields tab, then clicking Add custom field.
Step 9: Enter desired values in the provided boxes.
Key: A required value used to reference this field. This must be a unique value.
Label: A required value used for the field title and visible elsewhere in the platform.
Value: An optional RTF to capture the field value and provide any additional content to help the user with context and data acquisition.
Step 10: Click Add custom field to repeat the process.
Step 11: Click Save layout when finished.
A message will appear confirming the layout was created. The new layout will appear in the list for future editing and is now available for assignment to a report.
After a layout is created, it must be assigned to a report to be leveraged. When creating a new report, this association is set by selecting the desired layout in the pulldown menu under the "Findings Layout" of the Create New Report modal.
Layouts can also be added to existing reports by going to the Details tab of the report, selecting the layout from the pulldown menu under "Findings Layout," and clicking Save.
Only one layout can be assigned to a report.
Legacy findings are not impacted when a layout is assigned to an existing report. The new layout will only apply to findings created after the layout was associated.
Any custom fields added to the layout are available to the user at the bottom of the Finding Details tab of the finding.
If a custom field was added to an assigned layout after a finding was added to a report, the additional custom field is available for data input within a finding by clicking Add Fields From Template.
Updates made to a layout will not be applied to any legacy reports associated with that layout.
Step 1: Click Layouts in the Admin Dashboard under "Customizations."
Step 2: Click Edit of the layout to revise.
Step 3: Make desired changes and click Save layout.
Step 1: Click Layouts in the Admin Dashboard under "Customizations."
Step 2: Click Delete of the layout to revise.
Step 3: A message will appear confirming the action. Click Delete Layout.
A notification message will appear confirming the deletion of the layout.
Admins can create an equation to produce a custom score. The process for creating an equation for a priority and findings is the same and consists of two steps:
Equation Properties: The tab in which the name, description, and (when applicable) what clients the equation applies to are entered.
Equation Builder: The tab where the user selects and configures the variables of the equation that determines the contextual score.
The example below is done within the Priorities tab, but the process is the same as the Findings tab.
Step 1: From the Admin Dashboard, click Risk scoring.
Step 2: Click Create Equation.
Step 3: Select whether to start from the tenant default or another equation. When finished, click Create.
Step 4: Enter an equation name and description on the "Edit basic information" tab.
If priorities are configured for all clients, client-specific configuration options for priorities equations will not appear, and users will proceed to Step 9.
Step 5: Identify whether the equation will apply to all clients in the tenancy who currently have no equation assigned or to a specific client.
If this equation applies to all clients, skip to Step 9.
Step 6: If client-specific, click Select clients and search, scroll, or use filter options to find the desired client.
Step 7: Click Select.
Step 8: Click Save at the bottom right of the page.
Step 9: Click Continue at the bottom right of the page.
The "Edit variables and equation" second tab appears as the equation builder tab.
The equation builder tab consists of three sections/boxes:
Box 1 - Score Equation: This box displays the current equation and allows users to modify it by dragging variables on/off the box.
Box 2 - Available Equation Variables: This box lists the available variables to be leveraged to update the current equation in Box 1.
Box 3 - Variable Configuration: When a variable in Box 1 is clicked or selected from the pulldown menu at the top of Box 3, this box provides further details that can be used to define how the variable is utilized in the equation. These details include additional properties and business rules.
The total equation weight must always equal 100%. The current allocation is listed above the equation.
Variable weights can be edited directly in the variable's box or in Box 3 on the right of the page in the "Variable weight" section.
To calculate the score for each variable in the equation, multiply the weight of the variable by the highest rule score and then divide the result by 100. For instance, if the weight of a variable is 50% and the highest rule score is 90, the score for that variable would be 50 * (90/100) = 45
.
If the total allocation for variables does not equal 100%, the total equation weight value in Box 1 will turn red to indicate an error, and an error message will appear if attempting to save the equation.
Variables can be included with an assigned 0% weight, but these will be ignored in the equation and have the same result as those that do not exist in the equation at all.
PlexTrac provides a default equation out of the box that cannot be deleted but can be edited. This equation becomes the tenant default that can be used as a template or starting point to create additional equations.
Any other equation can be reset to its default equation by clicking the kebob menu in the equation's box and clicking Reset to default PlexTrac equation.
The equation builder allows for many variables and scenarios. Below are a few examples that cover various aspects of the functionality and demonstrate the multiple ways equations can be leveraged to meet specific client or tenant needs.
When configuring an equation, errors will not be visible until the user clicks Save. After that initial action, however, error messages are provided dynamically as the equation is worked on.
Step 1: Click the Asset type
variable in Box 2 (Available Equation Variables), drag it up to Box 1 directly above and place it in the equation.
Step 2: Click Save. An error notification appears both in the equation and as a message because an operator variable is needed between the variables Asset type
and Asset criticality
.
All field variables need to be separated by an operator.
Step 3: Click the operator variable in Box 2, drag it to Box 1, and place it where the error notification was displayed between the variables Asset type
and Asset criticality
.
The error is resolved, and the message disappears.
Step 4: The next step is to set the variable attribute with the correct value. Click the Asset type
variable or select it from the pulldown menu in Box 3.
Step 5: Select the "Sever" asset type value from the pulldown menu for Rule 1.
Step 6: The next step is to give Asset type
some weight to the equation, or else it will be ignored, as all added variables default to 0%. Change the "Variable weight" value to 10%. The variable in the equation will dynamically update.
Step 7: Identify how many points the variable will receive if the business rule is met by adding 75 to the "out of 100" box at the bottom of the rule.
Step 8: Since the total equation weight is now over 100% with the new variable being updated to 10%, another variable must be reduced to compensate. Note that the total equation weight is currently 110% and in red, denoting an error. An error message is also provided.
Click Source data
and change its weight from 80% to 70% so that the total of all four variables equals 100%.
Step 9: The equation is now ready to be executed. Click Save and check "Enable equation after saving" to immediately enable (all existing equations assigned to the client will be disabled).
Step 1: Click Finding score (CVSS 3.1)
in Box 1, drag it to Box 2, and unclick the mouse.
The equation no longer includes that variable, and CVSS 3.1 is now listed as available in Box 2.
Step 2: Because the total equation weight must equal 100% and 10% of that weight was removed in Step 1, the remaining variables must be adjusted to compensate. Click Source data
and add 10% to the existing set weight to increase from 70% to 80%.
Step 3: The next step is to remove an operator variable, as an equation cannot end with an empty operator.
Select the operator at the end of the formula, drag it to Box 2 and release. The error message disappears.
Step 4: Click Save.
Step 1: Click Source data
on the equation.
Step 2: All business rules and parameters for Source data
appear in Box 3 on the far right of the page. Currently, a business rule only exists for HackerOne. Click Add rule.
Step 3: Working now under Rule 2, select the source data value "is added from integrations" from the pulldown menu.
Step 4: Select "Snyk" as the integration source in the following pulldown menu.
Step 5: Give Rule 2 a weight of 45 out of 100 points.
Step 6: Click Save.
The Theme button under "Customizations" in the Admin Dashboard provides configuration of the UI for a tenant.
To change the colors used for the background, text, etc., click the color palette next to the topic to change, adjust the color accordingly with the color modal, click the "x" at the top right of the modal to close it, and click Update Theme.
If Update Theme is not clicked, changes will not be saved.
Changes can be made for Light or Dark mode by using the toggle at the top to change modes before making a color change.
The Risk scoring section under "Automations” in the Admin Dashboard allows admins to create formulas for producing dynamic risk and likelihood scores for findings and priorities.
If all equations are disabled, priorities will be scored by the likelihood and impact values selected in the priority.
Contextual Score: The value generated from a contextual scoring equation.
Contextual Scoring Equation: A collection of variables, operators, rules and logic to generate a contextual score.
Equation Variable: A component of the equation representing an individual or an aggregate of fields from PlexTrac, such as Asset count, Finding Severity, and CVE. Equation variables are the building blocks of an equation.
Multiplier: A constant value multiplied against an equation variable's value. It can rapidly increase the weight a variable has on an equation.
Operator: Mathematical symbols that can be used in a Contextual Scoring Equation. Currently, an operator can only perform a "+" addition function.
Variable Rule: The logic and conditions that help determine a variable's weight and value within the equation. A variable can have multiple rules.
PlexTrac provides a default equation for each disabled tab, which can be toggled on by clicking the toggle bar under the "Enabled" column. These equations can be used as a starting block for creating custom equations.
They are identified as "Default" under the "Type" column and cannot be deleted.
This tab lists all priority risk score equations and provides options to create and manage new ones. A client can enable only one equation at a time.
The finding score can be viewed under the finding detail section of a finding.
If the cursor hovers under the question mark icon and contextual scoring is enabled, the equation being used is listed.
This tab lists all priority risk score equations and provides options to create and manage new ones.
The priority score can be viewed under the progress bar on the Details tab of a priority.
If the cursor hovers under the question mark icon and contextual scoring is enabled, the equation being used is listed.
The table view for each tab can be customized by clicking the column view icon to the right of the search bar.
Once clicked, a modal appears that lists all fields. To remove a column, click X within the bar.
Fields that are required do not have an X available.
When fields are removed, an "Add Column" pulldown menu is added at the bottom left of the modal to store the field. Any removed fields can be added later by clicking Add Column and selecting the field to add.
This modal represents the sequence of fields provided in the table, meaning the bar on top will be the column on the table's far left.
The order of columns can be adjusted within this modal by clicking the six dots on the left of the bar for a field and dragging the bar to the desired sequence place.
Click Save when finished.
PlexTrac allows the uploading of templates to provide flexibility in exporting reports in a custom format and style.
File names for export templates can be duplicated, but creating unique values is recommended for easier management.
Titles can only contain alphanumeric characters and these special characters:
()-_
PlexTrac allows export templates to be uploaded in .doc (for Word documents) or .j2 (for PDF documents) format.
Jinja is a template engine that dynamically generates text-based documents by defining Word templates with placeholders for dynamic content. PlexTrac provides Jinja Word templates to match the branding and styling of an export organization.
PlexTrac provides default templates for exporting to PDF and Word.
Step 1: From the Admin Dashboard, click Templates under "Customizations."
Step 2: Click the Export templates tab.
Step 3: Click Create export template.
Step 4: Drag a .docx or .j2 file to the box provided or click the box in the model to find the file to upload to the computer.
Step 5: Select a style guide to associate with the export template if applicable.
Step 5: Click Upload.
The new template appears in the table.
Export templates can be downloaded by clicking Download under the "Actions" column.
The file will download to your local system.
Export templates can be deleted by clicking Delete under the "Actions" column.
A dialog box will appear confirming the action. Click Delete to complete the task.
In Automations, admins can configure a default or custom priority score equation for the Priorities module.
Automations include the following sections:
In Integrations & Webhooks, admins can enable parser plugin actions and configure integrations with different platforms, enhancing its capabilities and facilitating seamless collaboration with other tools.
Visit the Integrations section for a list of supported parsers, APIs, and mappings.
Integrations & Webhooks includes the following sections:
The Profile tab allows users to customize and manage their accounts by adjusting their user names and profile pictures. They can also tailor the date format to their personal preference or regional settings. Plus, there's an option for a dark mode interface that's easy on the eyes in low-light conditions.
Step 1: From the Profile tab of the Personal Settings page, click the avatar circle under "Profile Image" to bring up a dialog box.
Step 2: Drag an image to the dialog box or click the box to navigate to the file on the computer. Click Submit.
The new image is now shown in the Profile tab and next to the user name at the top right of the page.
Step 1: From the Profile tab of the Personal Settings page, click the avatar circle under "Profile Image" to bring up a dialog box.
Step 2: Click Delete Profile Image. The modal will disappear, and PlexTrac will revert to the default grey avatar icon.
The modal will disappear, and PlexTrac will revert to the default grey avatar icon.
The name displayed for a user throughout PlexTrac is managed here. Users can update their information by entering the desired values in the "First Name" and "Last Name" fields.
After making the necessary changes, click Update Settings at the bottom of the page to save the updated information.
The new name value may not appear immediately without a browser refresh. To confirm the change, an email will be sent to the address on file.
To switch between Light and Dark Mode on PlexTrac, adjust the toggle button under "Theme Mode."
The date format can be configured to display in one of three options: YYYY-MM-DD, DD-MM-YYYY, or MM-DD-YYYY.
PlexTrac learns about scanner findings as files are imported. This learning can be done proactively by an admin through parser actions or when a user imports a scanner file when adding findings to a report. Either way, the learning begins after an admin imports a file via the parser actions page of the Admin Dashboard, and this process must occur for each tool that PlexTrac integrates with. Any files for a tool imported as findings to a report that have not been enabled by an admin on the parser actions page will have no impact on parser actions.
When importing a file, parser actions process the contents to extract relevant information and perform specific operations. The exact parser actions depend on the file format and business rules an admin configures.
The findings are matched to the parser action by plugin ID and include actions such as linking to a writeup, changing the finding severity, or ignoring the finding when parsed.
Currently, no other metadata of the finding, such as tags, can be mapped or manipulated by parser actions.
When new files are uploaded to parser actions, plugin IDs are only created for IDs not found and set to a "Default" action, meaning no changes will occur on import unless a parser action is created.
Parser action changes are applied to future imports and don't impact existing findings. For example, suppose a parser action for a finding severity value was created for a plugin, but moving forward. In that case, the source of truth for severity is the scanner tool, then change the parser action for that plugin to "Default." The next time that plugin is imported, the severity value from the source will be imported into the report.
Parser actions apply to all users.
The description of a parser action can be obtained by placing the cursor over the parser action title in the table.
Step 1: Click Parser Actions in the "Tools & Integrations" section of the Admin Dashboard.
Step 2: Check the Enable Parser Plugin Actions box.
Enabling parser plugin actions will allow the ability to preset default actions, link writeups, and change the severity of scanner findings when imported into a report.
Once parser import rules are set, do not check the "Enable Parser Plugin Actions" box if wanting to import scan results natively without existing rules applied.
Step 3: Click Import.
Step 4: Select the source of the file to import from the "Import Source" pulldown menu, then drag the file into the drop area on the modal or click Browse to navigate to the file on the computer.
The box will display the supported files for the tool selected in the pulldown menu as the import source, along with the maximum file size.
Step 5: Click Upload.
A notification will confirm a successful import.
Step 6: The imported plugins are now available for configuration. Search or select the desired plugin and configure it using the pulldown menus and options to configure the preferred course of action.
Parser plug-in actions include four options:
DEFAULT: Passes the scanner result through with no action taken.
LINK: Replaces a scanner result finding with a custom writeup from WriteupsDB.
IGNORE: Ignores a scanner result when parsed by PlexTrac.
SEVERITY: Overrides a scanner result, finding severity value with a new value selected by the parser action.
Parser actions can take findings ingested from an external tool and map them to a custom finding in WriteupsDB. When the finding is imported, this action will override the description, title, references, custom fields, common identifiers, risk score, and recommendations. Multiple plugins with the same writeup will be mapped to a single finding with merged affected assets.
Step 1: Click Parser Actions in the "Tools & Integrations" section of the Admin Dashboard.
Step 2: Check the Enable Parser Plugin Actions box.
Step 3: Select the parser to work with from the "Filter Plugins" pulldown menu.
Step 4: Select the findings by clicking the checkbox of the finding row or selecting the box in the header column next to "Plugin Id."
Step 5: Select the writeup to link the findings by selecting the value from the "Link Writeup" pulldown menu.
The linked writeup is now displayed for each finding under the "Write Up" column.
If a new report is created, and the same parser file is imported, only one finding will be imported into the report.
Once a parser action is created, it cannot be deleted.
Step 1: Click Parser Actions in the "Tools & Integrations" section of the Admin Dashboard.
Step 2: Check the Enable Parser Plugin Actions box.
Step 3: Select the parser to work with from the "Filter Plugins" pulldown menu.
Step 4: Click Add Parser Action.
Step 5: Enter a Plugin ID, Title, and Plugin Description value.
All three fields must contain a value to continue.
Step 6: If the plugin action is "Default," continue to Step 8. Otherwise, select the desired plugin action from the pulldown menu.
Step 7: If "Ignore" was chosen, go to Step 8. Otherwise, select the value to associate with the action determined in the previous step.
Step 8: Click Create.
A message confirming creation will appear, and the new parser action will be displayed in the list.
This page includes the business rules and instructions for enabling and disabling priority equations when multiple ones exist.
The impact of an equation on a priority depends on multiple variables, such as whether equations are set in General Settings to apply to all tenants or a client, if the default equation is enabled, if a custom equation is enabled, and if the custom equation applies the entire tenancy or specific clients.
When priorities are enabled at the tenant level, only one equation can be used at a time. When enabled, equations created for specific clients are no longer accessible from the contextual scoring page. Existing equations are not deleted, but they can no longer be viewed or modified from the page.
Tenant-level priorities have the following business rules for equations:
When priorities are enabled at the client level, only one tenant-level equation can be used at a time. However, custom equations for specific clients may be enabled and, when executed, take precedence. Any equations created for specific clients will be accessible from the contextual scoring page along with tenant-wide equations.
Whether the equation is client-specific or a tenant is identified under the "Associated with" column.
Client-level priorities have the following business rules for equations:
To enable an equation, toggle the button under the "Enable" column.
If the user's action impacts existing priorities and business rules, PlexTrac will display a message to inform of the consequence. If approved, the system will enable or disable other related equations accordingly.
The integrations page provides the status of each API integration and the ability to connect new integrations (if licensed) or edit existing connections.
If an integration is available but not set up, the user will see a "Connect" button. A "License required" label will be displayed if an integration is not licensed.
Visit this page for a list of all third-party tools PlexTrac integrates with, including scanner files and CSV templates.
The following integrations are included with every PlexTrac instance:
The following integrations require an additional cost/license to access (one license covers all tools):
PlexTrac offers an integration with Jira Cloud and Jira Data Center to allow red and blue teams to collaborate without switching between tools.
PlexTrac provides the option to synchronize with Jira in the following ways:
Unidirectionally from PlexTrac to Jira
Unidirectionally from Jira to PlexTrac
Bidirectionally
One-time from PlexTrac to Jira
One-time from Jira to PlexTrac
The integration can be with one or more Jira projects, and each project can have mappings of fields and project issue types configured separately.
Only one Jira integration can exist per PlexTrac instance.
Step 1: From the Admin Dashboard, click Integrations under "Tools & webhooks".
Step 2: Click the Jira box.
Step 3: Click New connection.
Step 4: Enter a connection name in the provided box. Identify if this connection is across all clients or client specific.
Step 5: Click Continue at the bottom of the page.
Step 6: On the second tab, input the correct information in the provided fields. Instructions on finding the correct information for each field is provided within the application on the right.
If "Every day" is selected for the refresh frequency, the daily synch time will occur at 04:45 UTC (9:45 PM MTN).
Step 7: Click Save & continue at the bottom of the page.
If the connection is unsuccessful, an error message will be provided at the top of the page.
If a successful connection is made, the tool will progress to the next tab to continue.
Step 8: On the Select projects tab, choose the project(s) from Jira to integrate with by clicking the box next to the desired project. Only these projects will be available when creating tickets from findings. Click Continue with x projects when finished.
It may take some time to set up the connections, depending on the number of projects selected.
Step 9: On the Map fields & save tab, select a project to configure from the pulldown "Project name."
Step 10: Select the Jira project issue type to configure from the provided list.
Step 11: Review the default mappings and adjust as desired.
PlexTrac findings cannot be created from Jira issues. Syncing from Jira to PlexTrac will occur after the initial issue creation.
The direction and synch of information between fields are identified from the symbol displayed between the PlexTrac and Jira fields.
Required fields are identified with a red asterisk and cannot be deleted.
To modify the direction, click the icon, then select the desired direction from the options provided. The icon arrow points to the direction the information flows between the two fields.
Jira to PlexTrac (Continuous sync)
When a change occurs in a Jira issue, the connected PlexTrac finding will be updated. When changes occur in PlexTrac, the Jira issue will not be updated. PlexTrac findings cannot be created from Jira issues. Syncing from Jira to PlexTrac will occur after the initial issue creation.
Bidirectional (Continuous sync)
When a change occurs in a PlexTrac finding, the connected Jira issue will be updated. When changes occur in Jira, the PlexTrac finding will be updated.
PlexTrac to Jira (Continuous sync)
When a change occurs in a PlexTrac finding, the connected Jira issue will be updated. When changes occur in Jira, the PlexTrac finding will not be updated.
PlexTrac to Jira (One-time sync) Syncs data from PlexTrac to Jira upon ticket creation. A change in a PlexTrac finding will not be synced to the connected Jira issue.
If a bidirectional or Jira to PlexTrac direction is configured, be aware that a user in Jira could change findings values in PlexTrac despite not having access or permissions to do so within PlexTrac.
Step 12: Repeat this process for each project issue type.
The options available in the PlexTrac field pulldown menus are contextual to the values selected in the Jira column. To change the options provided for PlexTrac fields, change the field provided in the Jira column.
To add a new row for additional mappings not provided by default, click the plus icon at the bottom (after the last mapping).
Click within the pulldown menu of the previous row just added to select the new PlexTrac field.
Not all fields in PlexTrac are available for mapping to all fields in Jira. In those scenarios, fields will display a red icon when hovering over the field and a text description of "incompatible data type" when scrolling through the list of fields.
After selecting the field in Jira to map with, use the provided field values to configure the relationship between PlexTrac and Jira by clicking the plus sign on one box and clicking on the desired box in the other system to create a visible purple line denoting the relationship.
Existing lines can be deleted by hovering over the line and clicking the red x.
To delete any row, hover over it with the cursor and click the red trashcan icon.
Step 13: Click Save & Continue.
PlexTrac custom fields can be added for mapping to a Jira field, including fields with a dropdown menu.
Step 1: Click the plus icon at the bottom of the Map fields tab (after the last existing mapping).
Step 2: Click the pulldown menu on the Jira column of the row just added to see the available fields in Jira to map.
The Jira field must have a data type value of "String," "Option of strings," or "Non-Nullable String." The Jira data type is shown in the right column of the Jira fields when looking at the options provided in the Jira field pulldown menu.
Step 3: Click within the PlexTrac column pulldown menu of the row just added and select "Custom Field" from the list.
Step 4: Enter the custom field key name.
If the custom field key entered is different than what exists in PlexTrac, the mapping will not work, and a new custom field with that incorrectly entered value will be created in PlexTrac.
Step 5: Click Save.
Jira custom fields available for mapping can be viewed by clicking a field in the Jira column and scrolling to the bottom of the window under the label "CUSTOM."
Jira custom fields from a third-party plugin cannot be mapped.
The finding reported date can be mapped so that any future findings will automatically update this value in Jira.
Step 1: Click the plus icon at the bottom of the Map fields tab (after the last existing mapping).
Step 2: Click the pulldown menu on the Jira column of the row just added and select "Start Date."
Step 3: Click the pulldown menu on the PlexTrac column of the same row and select "Created Date."
Step 4: Click Save.
Any linked findings in PlexTrac will now be updated in Jira. If the mapping is configured for bidirectional, changes in this value in Jira will update in PlexTrac the next time data synchronization occurs.
Step 1: From the Admin Dashboard, click Integrations under "Integrations & webhooks".
Step 2: Click the Jira box that shows the status of "Connected."
Step 3: Click Edit under the "Actions" menu of the connection to modify.
This screen is also the location to disable or delete a Jira connection.
Step 4: Go to the desired tab to adjust as desired.
Connection availability and selected clients cannot be edited. To change availability or clients, create a new connection.
Two ways exist to disable a Jira integration:
Temporarily, by toggling the button under the "Enabled" column.
2. Permanently, by clicking Delete under the three dots in the "Actions" column.
PlexTrac integrates with HackerOne, a platform that facilitates vulnerability coordination and bug bounty programs. It connects organizations that want to improve the security of their software and systems with a community of ethical hackers, also known as white-hat hackers, who are skilled in finding and reporting security vulnerabilities.
This is a licensed feature.
An integration with HackerOne and PlexTrac consists of three parts:
Enabling the feature via the license key.
Obtaining the HackerOne API Key Identifier and HackerOne API Key values.
Configuring PlexTrac to complete the setup.
If the license is needed within a tenant, the phrase “License Required” with a link to the Support Portal will display within the HackerOne card on the Integrations page of the Admin Dashboard.
When a license is obtained, insert the license key into PlexTrac via the Admin Dashboard>Licensing page.
When the integration is available, a “Connect” button will display within the HackerOne card on the Integrations page of the Admin Dashboard.
Once the feature has been enabled, the next step is to obtain the HackerOne API Key Identifier and HackerOne API Key values.
Step 1: Log in to HackerOne's API token page.
Step 2: Click Create API Token.
Step 3: Enter an identifier value into the provided box. Click Create.
Step 4: Copy the API key to a secure place (it will not be accessible after this point). Click I have stored the API Token.
Step 5: The API token just created appears at the top of the API page (an email will also be sent confirming the action). Click Manage groups in the row of the token.
Step 6: Check the desired boxes to define the user's permissions for this group. Click Apply changes.
Step 1: From the Admin Dashboard, click Integrations under "Tools & Integrations."
Step 2: Click Connect in the HackerOne card.
Step 3: A modal appears with three tabs. On the first tab, enter the following information:
Integration Name: This value is seen by users when selecting which tool to import findings from into a report, so pick a value that quickly identifies the integration.
Step 4: Click Save.
Step 5: In the "Mapping" tab, select which fields to import from HackerOne to PlexTrac.
HackerOne syncs data to PlexTrac, but updates in PlexTrac do not sync back to HackerOne.
Required fields are grayed out in the "Synch" column. The other fields are optional and can be removed from import by clicking the checkbox to remove the checkmark. Click Save.
Step 6: A message will validate that the synch was successful. Click Got It.
HackerOne now appears as "connected" on the Integrations page.
Findings from HackerOne can now be imported into a report.
The integration can be temporarily turned off and on via the toggle button under "Enabled."
Click Edit under the "Actions" column to adjust existing settings.
Step 1: Click Edit under the "Actions" column.
Step 2: Click the Sync Log tab.
Step 3: Click View of the desired log to read.
Cobalt is an integrated pentesting platform facilitating communication between development and security teams. Cobalt helps developers identify and mitigate security vulnerabilities in their code by specifying security policies and checking compliance. The tool can detect many vulnerabilities, including buffer overflows, integer overflows, and format string vulnerabilities.
Cobalt findings can be imported into a PlexTrac report.
This is a licensed feature.
Below are the field mappings from Cobalt to PlexTrac, broken up by findings and assets.
Tables include the following columns:
Cobalt Field: the field name that appears in Cobalt
PlexTrac Field: the field name that appears in PlexTrac
Direction: displays the direction in the flow of data occurring for the integration (a value of "x" means that the value is not imported)
Required: denotes if a value is required for the import to be successful
Notes: additional information
Finding Title
-->
Finding Title
yes
Finding Suggested Fix
-->
Recommendations
yes
Finding Descriptions, Type Category
-->
Finding Description
yes
Finding State
-->
Finding Status
yes
Status
Has multiple values, listed below in italics.
Triaging
-->
Finding="OPEN"
no
Pending Fix
-->
Finding="OPEN"
no
Ready for Retest
-->
Finding="OPEN"
no
Resolved
-->
Finding="OPEN"
no
Vulnerability Remediation
-->
Finding Recommendations
yes
Log [Created]
-->
Created At
yes
Finding Severity
-->
Finding Severity
yes
Severity
Has multiple values, listed below in italics.
Informational
-->
Informational
no
Low
-->
Low
no
Medium
-->
Medium
no
High
-->
High
no
Critical
-->
Critical
no
Pentest Name
-->
Finding Custom Field "Cobalt Pentest Report Name"
yes
Cobalt Proof of Concept
-->
Finding Custom Field "Cobalt Proof of Concept"
no
Any images or html in this field will be imported (images as Base64).
Finding Affected Targets
-->
Affected Assets
yes
IP or Hostname
If a duplicate finding title is found during import, the finding title in PlexTrac is appended with the finding unique identifier value pulled from Cobalt in parenthesis at the end of the finding title.
Step 1: From the Admin Dashboard, click Integrations under "Tools & Integrations."
Step 2: Click Connect within the Cobalt box.
If the integration is not licensed and thus unavailable, the message "License required" will appear.
Step 3: If existing connections exist, they are listed on this page. To set up a new integration, click the New connection button.
Step 4: A modal appears with four tabs. Enter a name for the integration, the Cobalt URL, and the Cobalt API key. Click Continue.
Step 5: Select the Cobalt organization value from the pulldown menu. Click Continue.
The Cobalt Organization value is found within Cobalt. Visit Cobalt documentation on how to generate an API key.
Step 6: A list of the field mappings from Cobalt to PlexTrac is displayed. Click Save.
None of these fields can be edited and are displayed for visibility.
Step 7: A log of integration attempts is listed. Since an attempt to synchronize is attempted after entering configuration information on the first tab, at least one entry will be listed. Click Close.
Cobalt integrations can be edited by clicking Edit under the "Actions" column.
Cobalt integrations can be disabled by clicking the toggle bar under the "Enabled" column.
Cobalt integrations can be manually synchronized by clicking Sync under the "Actions" column.
Cobalt integrations can be deleted by clicking the three dots under the "Actions" column and then clicking Delete. A modal will appear, asking for confirmation of the action.
PlexTrac offers an integration with ServiceNow's ITSM and GRC platform modules to allow red and blue teams to collaborate without switching between workflow tools.
ServiceNow GRC (Governance, Risk, and Compliance) is a module of the ServiceNow platform that helps organizations manage their governance, risk, and compliance processes. ServiceNow ITSM (IT Service Management) is a module of the ServiceNow platform that enables organizations to manage their IT services and operations.
Data flows from PlexTrac to ServiceNow when a finding is used to create a ticket but only from ServiceNow to PlexTrac after setup. The synchronization between PlexTrac and ServiceNow occurs every 30 minutes.
Only one ServiceNow integration can exist per PlexTrac instance.
Step 1: On the row of the finding used to create a ticket, click the three dots under the "Actions" column and click Link ServiceNow ticket.
Step 2: A modal appears. Select the ServiceNow module, the ticket type, and the priority.
Step 3: Click Save.
The finding now shows the ServiceNow ticket ID and a hyperlink to access the ticket on ServiceNow.
When a PlexTrac finding is used to create a ticket in ServiceNow, it defaults to a status of New
with the following information populated:
Description
-->
Description
Recommendations
-->
Description
References
-->
Description
Affected Assets
-->
Description
When the ticket is created, the priority and issue rating values are stored within ServiceNow.
After the ticket is created in ServiceNow, that ticket can only be modified from ServiceNow.
The following fields are then sent from ServiceNow to PlexTrac:
Work Notes
-->
Status Tracker
Status
-->
Status
When a remediation ticket is created in ServiceNow, the finding status in PlexTrac remains "Open" or "In Progress" until closed.
Below are the mappings of status from ServiceNow to PlexTrac for the various scenarios:
Closed Complete
-->
Closed
Closed Incomplete
-->
Closed
Closed Skipped
-->
Closed
Resolved
-->
Closed
Closed
-->
Closed
Canceled
-->
Closed
Closed Complete
-->
Closed
Closed Incomplete
-->
Closed
If the status value in ServiceNow does not match one of the mapping rules above, the finding will not be updated in PlexTrac when data is synchronized.
Timestamps are captured in two scenarios for this integration:
When the issue type is created in ServiceNow
When a work note is created or updated in ServiceNow
The timestamp is derived from the time zone set for the ServiceNow instance. PlexTrac has no influence on this time zone.
Scenario: A user in PlexTrac links a finding with ServiceNow. An issue type is created in ServiceNow, and a time stamp is applied to the creation date based on how that ServiceNow instance was configured.
The timestamp is derived from when the integration sync last ran, not when the work note was created in ServiceNow. It is not a real-time integration timestamp.
Scenario: A user in SerivceNow adds a comment to an associated finding, which triggers an integration event with PlexTrac. When that happens, a note is created in PlexTrac with a timestamp of the synchronization event. That timestamp is stored within PlexTrac in UTC time and then presented to the user in their local time when viewed in PlexTrac.
Step 1: From the Admin Dashboard, click Integrations under "Tools & Integrations."
Step 2: Click Connect within the ServiceNow box.
Step 3: Click Configure ServiceNow Integration.
For information on setting up OAuth or generating an API key within ServiceNow, click the links above the button.
Step 4: Select the integration authentication method.
Step 5: Enter the information into the provided boxes and click Test Connection.
A message will appear to confirm if the connection was successful or not.
Step 6: View the available modules to identify which fields have read and write access. Click Confirm.
Tenable Security Center (Tenable.sc) is a vulnerability management solution that provides visibility into the security posture of IT infrastructure. It consolidates and evaluates vulnerability data, illustrates vulnerability trends over time, and assesses risk with actionable context for effective remediation prioritization, which then can be imported as findings into PlexTrac via API.
Multiple integrations can be configured per instance or for specific clients.
This is a licensed feature.
Below are the field mappings from Tenable to PlexTrac, broken up by findings and assets.
Tables include the following columns:
Tenable SC Field: the field name in Tenable SC
Direction: displays the direction in the flow of data occurring for the integration
PlexTrac Field: the field name in PlexTrac
PlexTrac only imports vulnerabilities that Tenable has not archived.
If a field is not listed, then PlexTrac does not currently import.
If a field is not listed, then PlexTrac does not currently import.
PlexTrac will not import findings from Tenable that have the same combination of plugin ID
and severity
.
Step 1: From the Admin Dashboard, click Integrations under "Tools & Integrations."
Step 2: If licensed, the option to connect will appear (if not, the box will display a lock icon and "License required"). Click the Tenable box.
Step 3: Enter a connection name and select if this integration is across the tenancy or for a client (if specific to one client, select the client of the pulldown menu). Click Continue.
Step 4: Select "Connect to Tenable Security Center." Enter the Tenable URL, access key, and secret key. Click Continue.
If the keys are correct, a confirmation message will confirm successful synchronization.
Step 5: Edit the field mappings on the provided tabs for findings and assets, or continue using the defaults.
Information flows only from Tenable to PlexTrac. Fields required by PlexTrac are identified with a red asterisk.
Fields that can be deleted will have an "X" next to the PlexTrac field when hovering over with the cursor. A confirmation message will appear after clicking X.
Configurable fields can be adjusted by clicking the purple line and deleting the existing connection.
Click on the Tenable field, then click on the desired PlexTrac field to map and create a new connection.
Click Continue when finished.
The integration appears in the table as a listed connection.
PlexTrac offers two synchronization options for Tenable integrations, allowing off-cycle syncs in addition to the regular hourly script.
Sync: This option allows an off-cycle synchronization off cycle and typically takes less than ten minutes.
Full Sync: This option looks at the complete Tenable database. It can be several hours, although it happens in the background and does not prevent using PlexTrac for other tasks.
To view sync history, click Synch history under the actions menu of the integration.
Any existing integration can be disabled temporarily or deleted if no longer needed.
To disable an integration, click the toggle button for the integration under the "Enabled" column. This action also disables the ability to synchronize the integration.
To delete an integration, click the three dots under the "Actions" column and then Delete.
Tenable Vulnerability Management (VM) is a suite of cloud vulnerability management products that can export findings into PlexTrac via API.
Multiple integrations can be configured per instance or for specific clients.
This is a licensed feature.
Below are the field mappings from Tenable to PlexTrac, broken up by findings and assets.
Tables include the following columns:
Tenable VM Field: the field name in Tenable VM
Direction: displays the direction in the flow of data occurring for the integration
PlexTrac Field: the field name in PlexTrac
PlexTrac only imports vulnerabilities that Tenable has not archived.
If a field is not listed, then PlexTrac does not currently import.
If a field is not listed, then PlexTrac does not currently import.
PlexTrac will not import findings from Tenable that have the same combination of plugin ID
and severity
.
Step 1: From the Admin Dashboard, click Integrations under "Tools & Integrations."
Step 2: If licensed, the option to connect will appear (if not, the box will display a lock icon and "License required"). Click the Tenable box.
Step 3: Enter a connection name and select if this integration is across the tenancy or for a client (if specific to one client, select the client of the pulldown menu). Click Continue.
Step 4: Select "Connect to Tenable Vulnerability Management." Enter the Tenable URL, access key, and secret key. Click Continue.
If the keys are correct, a confirmation message will confirm successful synchronization.
Step 5: Edit the field mappings on the provided tabs for findings and assets, or continue using the defaults.
Information flows only from Tenable to PlexTrac. Fields required by PlexTrac are identified with a red asterisk.
Fields that can be deleted will have an "X" next to the PlexTrac field when hovering over with the cursor. A confirmation message will appear after clicking X.
Configurable fields can be adjusted by clicking the purple line and deleting the existing connection.
Click on the Tenable field and the desired PlexTrac field to map and create a new connection.
Click Continue when finished.
The integration appears in the table as a listed connection.
PlexTrac offers two synchronization options for Tenable integrations, allowing off-cycle syncs in addition to the regular hourly script.
Sync: This option allows an off-cycle synchronization off cycle and typically takes less than ten minutes.
Full Sync: This option looks at the complete Tenable database. It can be several hours, although it happens in the background and does not prevent using PlexTrac for other tasks.
To view sync history, click Synch history under the actions menu of the integration.
Any existing integration can be disabled temporarily or deleted if no longer needed.
To disable an integration, click the toggle button for the integration under the "Enabled" column. This action also disables the ability to synchronize the integration.
To delete an integration, click the three dots under the "Actions" column and then Delete.
Webhooks are a real-time, event-driven communication method that allows PlexTrac to send data automatically when a specific event occurs. Using HTTP POST requests, webhooks enable immediate data transfer without constant polling, making them efficient and lightweight. By providing a unique URL for event notifications, webhooks facilitate automation and real-time updates between applications while ensuring security through authentication methods and encryption.
Developers and technical users seeking to automate webhook management or integrate PlexTrac with other systems should refer to the . This page provides detailed instructions on programmatically creating, updating, and testing webhooks, making it suitable for those who require greater flexibility and control over their integrations.
APIs use a pull model where clients request data from servers, while webhooks employ a push model, automatically sending data to clients when specific events occur. APIs often require polling for updates, which can introduce latency and consume resources, whereas webhooks provide real-time notifications, making them more efficient for immediate actions. While APIs are suited for complex data manipulation and retrieval, webhooks excel in automating workflows with simple event-driven notifications. Additionally, APIs necessitate client-initiated requests, while webhooks require clients to set up a URL endpoint to receive data.
Webhook events offered at this time:
Report Publish Status
New Assessment Submission
New Engagement request from the Schedule module
Step 1: From the Admin Dashboard, click the Webhooks button under "Integrations & webhooks."
Step 2: Click New webhook.
Step 3: Provide a webhook name and confirm if this applies to all clients or a specific one(s). Click Continue.
Step 4: Insert the url of the application receiving the webhook data, select the event this webhook will be tracking from the pulldown menu, and enter the secret to validate authentication of the connection (if applicable).
Step 5: Click Test connection to validate the configuration of an endpoint.
When activated, this test initiates a series of checks to ensure everything functions correctly. First, the button verifies that the provided URL is valid and accessible and no redirect occurred. It checks that the domain resolves correctly and that the endpoint responds with a 200 OK
status code, indicating that it is operational. In addition to these validations, the endpoint must respond within five seconds, although the response time should be under one second for optimal efficiency.
For security purposes, if a secret is used, the button generates an HMAC-256 signature and includes it in the X-Authorization-HMAC-256
header of the POST request. This ensures that any communication with the endpoint remains secure.
Step 6: Click Save.
The webhook is enabled by default but can be turned off by toggling the bar under the "Enabled" column.
Existing configurations can be modified by clicking Edit under the "Actions" menu of the webhook.
Webhooks can be deleted, or event logs can be viewed by clicking the three dots under the "Actions" menu of the webhook.
An audit log records events or activities within PlexTrac. Its primary purpose is to provide a chronological and detailed account of actions taken by users and processes, along with relevant information such as timestamps, user IDs, and specific event details.
The audit log is found under the Audit log button of the Admin Dashboard under "Security & User Management."
The following key actions are recorded in the audit log:
Logins (successful, failed, lockouts, etc.)
Password changes
User creation/deletion/updates
RBAC changes (e.g., a user is assigned to a client)
The audit log displays events for 120 days, updating on the first day of each month.
The page defaults to the most recent events and lists the user, event, and time of the action. Use the filters above to narrow the dates of the events or search for a specific event.
For example, to find users who changed their password in the past month, click the box for "Start date" and select the past 30 days, then type "password" into the search box.
The list of events presented on the page dynamically updates.
In Security & User Management, admins manage authentication, multi-factor prompts, user groups, access permissions, report access, and user account settings.
Security & User Management contains the following sections:
In Security, admins can manage authentication methods, configure MFA, authorize users for specific roles, and create classification tiers to enforce additional layers of access to reports.
The Security section contains the following sections:
PlexTrac integrates with Edgescan, allowing users to import the findings from Edgescan's vulnerability detection into a PlexTrac report. This integration streamlines the process by leveraging Edgescan's automated vulnerability scanning capabilities and the reporting and management features of PlexTrac.
This is a licensed feature.
Below are the field mappings from Edgescan to PlexTrac, broken up by findings and assets.
Tables include the following columns:
Edgescan Field: the field name that appears in Edgescan
PlexTrac Field: the field name that appears in PlexTrac
Direction: displays the direction in the flow of data occurring for the integration (a value of "x" means that the value is not imported)
Required: denotes if a value is required in the field for the import to be successful
Notes: additional information
If a duplicate finding title is found during import, the finding title in PlexTrac is appended with the Edgescan Vulnerability ID
in parenthesis at the end of the finding title.
Step 1: From the Admin Dashboard, click Integrations under the "Tools & Integrations" header.
Step 2: Click the Edgescan box.
Step 3: Click New connection.
Step 4: On the Configuration Details tab, enter a name for the integration, the Edgescan URL value, the Edgescan API key, and if closed vulnerabilities should be included.
Integration name: A name for this integration. When importing findings, this value will appear elsewhere in the platform along with other enabled integrations, so pick a unique but accurate name.
Edgescan URL: The Edgescan instance URL.
Closed Vulnerabilities: Determines whether to include closed vulnerabilities and, if yes, the time of closure to consider for inclusion.
Step 5: On the Mapping tab, review the mappings and select the fields to import into PlexTrac by validating that the checkbox next to the field is selected. To ignore a field upon import, uncheck the box under the "Sync" column. Required fields (checkbox is greyed out) cannot be altered.
Step 6: Click Save.
Step 7: A message on the First Synch tab will confirm if the synch was successful. If successful, click Got It.
The connection is now listed.
Connections are edited by clicking Edit under the "Actions" column.
Connections can be disabled by clicking the toggle bar under the "Enabled" column.
Connections can be manually synchronized by clicking Sync under the "Actions" column.
Connections can be deleted by clicking the three dots under the "Actions" column and then Delete. A modal will appear, asking for confirmation of action.
Step 1: Click Edit of the connection to review.
Step 2: Click the Synch Log tab.
A list of all synchronization records and status results is provided.
Step 3: Click View to obtain more information about a specific record.
Step 4: More details about remote URLs and JSON responses are available by clicking the headers below to expand the section.
Click Ok or Cancel to return to the previous modal.
A style guide helps content creators and publishers maintain consistency in their content presentation. It provides guidelines on spelling, grammar, punctuation, capitalization, formatting, and other elements of written communication.
The purpose of the style guides is to provide the ability to overwrite the default PlexTrac formatting during the report export process. The style guides only apply to Jinja templates exported to Word (.doc). Style guides do not impact rich-text fields.
PlexTrac provides a default template that can be configured, leveraged, or cloned to create other style guides. There is no limit to the number of style guides.
The default style guide cannot be deleted.
The style guide consists of four tabs/sections:
Code blocks
Images
Tables
Hyperlinks
This tab defines the code block experience, including style, prefix, font, font size, font color, background color, border color, width, content alignment, and padding.
This tab defines the image experience, including caption font and prefix, border style, image width and alignment, and padding.
The options to add a border color and width only appear when a border style is selected. If the border style value is "None," color and width options are hidden.
Include any desired punctuation within the "Prefix" box when adding an image prefix label. For example, "Figure:".
This tab defines the table experience, including caption font and prefix, and the table justification within the content.
Include any desired punctuation within the "Prefix" box when adding a table prefix label. For example, "Table:".
This tab defines the font color of links.
Step 1: Click the box.
Step 2: Choose the desired color by clicking in the color box, dragging the circle to the desired color, or entering the hex color code in the provided box.
Step 3: Click X to remove the overlay.
Click Reset under the "Color Options" pulldown menu to revert to the previously selected color.
Step 1: From the Admin Dashboard, click Templates under "Customizations," then click the Style guides tab. Click Create style guide.
Step 2: Select if starting from the default style guide provided by PlexTrac or an existing style guide. Click Create.
If no other style guides exist, the only option in the pulldown menu will be the default style guide.
Step 3: Enter a name for the new style guide.
There is a 100-character limit to a style guide title.
Step 4: Configure the style guide to the desired experience by navigating between the four tabs. Click Create style guide when finished.
A style guide must be associated with an export template to be leveraged. The export template is then associated with a report template, which is then associated with a report. The instructions below assume all files (style guide, export template, report template, and report) exist.
Step 1: From the Admin Dashboard, click Templates under "Customizations," then click the Export templates tab and find the desired export template to associate with the style guide.
Step 2: Under the "Style Guide" column of the table of the export template, select the desired style guide from the pulldown menu.
Any report templates associated with this export template will now leverage the style guide. If no report templates are associated with this export template, continue with Step 3.
Step 3: Click the Report templates tab.
Step 4: Click Edit from the "Actions" column.
Step 5: From the pulldown menu under "Export template," select the export template from Step 1. Click Save.
Any reports associated with this report template will now leverage the style guide when exported. If no reports are associated with this report template, continue with Step 6.
Step 6: Click the Reports module from the left navigation bar. Click the row of the impacted report.
Step 7: Click the Details tab.
Step 8: Go to the "Report Template" field and select the report template in the pulldown menu from Step 4. Click Save.
The next time this report is exported (assuming it is a Jinja template), it will reflect the configuration of the associated style guide from Step 2.
All changes to a user name must be confirmed by clicking Update Settings.
A data type value of "any" is displayed when PlexTrac does not know the data type due to how the field was added to Jira through a plug-in. Mappings with a data type value of "any" may not work as intended.
The custom field key is located on the Custom Fields tab of a finding that is found via the Reports module.
HackerOne API Key identifier: This was the value entered when creating the API token within HackerOne.
API Key: This key was provided by HackerOne and saved for future use.
For the GRC module, an additional option exists to define the ticket issue rating.
Visit the for more information on generating API keys.
Visit the for more information on generating API keys.
After a , metadata and content are presented within PlexTrac on the Finding Detail page, as shown below. The finding source value is "Edgescan," and any tags associated with the finding from Edgescan are provided along with any added within PlexTrac when imported.
Edgescan API Key: The Edgescan instance API key. Visit for information on generating an API key.
Findings from Edgescan can now be.
Vulnerability Name
-->
Finding Name
Description
-->
Description
Solution
-->
Recommendations
See Also
-->
References
Status
Active
-->
Finding="OPEN"
New
-->
Finding="OPEN"
Severity
Info
-->
Informational
Low
-->
Low
Medium
-->
Medium
High
-->
High
Critical
-->
Critical
CVE
-->
CVE
CVSS3
-->
Score Type
CVSS3
-->
Score Vector
CVSS3
-->
CVSS Score
Vulnerability Age
-->
Custom Field "Tenable Vulnerability Age"
CVSS V3 Impact Score
-->
Custom Field "Tenable CVSS V3 Impact Score"
Exploit Code Maturity
-->
Custom Field: "Tenable Exploit Code Maturity"
Product Coverage
-->
Custom Field: "Tenable Product Coverage"
Threat Intensity
-->
Custom Field: " Tenable Threat Intensity"
Threat Recency
-->
Custom Field: " Tenable Threat Recency"
Threat Sources
-->
Custom Field: " Tenable Threat Sources"
Patch Published
-->
Custom Field: "Tenable Patch Published"
Exploit Available
-->
Custom Field: " Tenable Exploit Available"
Exploitability Ease
-->
Custom Field: " Tenable Exploitability Ease"
Plugin Id
-->
Custom Field: " Tenable Plugin Id"
Plugin Output
-->
Scan Output
Asset Name
-->
Asset Name
IP
-->
Know IP Address
-->
Host Name
Operating System
-->
Operating System
MAC Address
-->
MAC Address
Port
-->
Port
Protocol
-->
Protocol
Vulnerability Name
-->
Finding Name
Description
-->
Description
Solution
-->
Recommendations
See Also
-->
References
Status
Active
-->
Finding="OPEN"
New
-->
Finding="OPEN"
Severity
Info
-->
Informational
Low
-->
Low
Medium
-->
Medium
High
-->
High
Critical
-->
Critical
CVE
-->
CVE
CVSS3
-->
Score Type
CVSS3
-->
Score Vector
CVSS3
-->
CVSS Score
Vulnerability Tags
-->
Finding Tags
Plugin ID
-->
Custom Field "Tenable Plugin ID"
Scan ID
-->
Custom Field " Tenable Scan ID"
VPR
-->
Custom Field "Tenable VPR"
Exploit Available
-->
Custom Field "Tenable Exploit Available"
Vulnerability Synopsis
-->
Custom Field "Tenable Synopsis"
Threat Intensity
-->
Custom Field "Tenable Threat Intensity"
Exploit Code Maturity
-->
Custom Field "Tenable Exploit Code Maturity"
Age Of Vuln
-->
Custom Field "Tenable Age Of Vuln"
Product Coverage
-->
Custom Field "Tenable Product Coverage"
CVSS Impact Score
-->
Custom Field "CVSS Impact Score
Plugin Family
-->
Custom Field " Tenable Plugin Family"
Plugin Type
-->
Custom Field "Tenable Plugin Type"
Scan Completed At
-->
Custom Field "Tenable Scan Complete Date"
THREAT SOURCES
-->
Custom Field "Tenable Threat Sources"
Plugin Output
-->
Affected Asset "Evidence"
Asset Name
-->
Asset Name
PlexTrac searches for the first known value in the following order: FQDN
> Hostname
> ipv4
> ipv6
> asset_uuid
IP
-->
Know IP Address
Hostname
-->
Host Name
Operating System
-->
Operating System
Fully Qualified Domain Name
-->
FQDN
MAC Address
-->
MAC Address
Tags
-->
Asset Tags
Port
-->
Affected Ports-Port
Protocol
-->
Affected Ports -Protocol
Vulnerability Name
-->
Finding Title
yes
Vulnerability Description
-->
Finding Description
yes
Vulnerability Date Opened
-->
Finding Created At
no
Vulnerability Date Closed
-->
Finding Closed At
no
Vulnerability Status
-->
Finding Status
yes
Status
Has multiple values, which are listed below in italics.
Open
-->
Finding ="OPEN"
no
Closed
-->
Finding = "CLOSED"
no
Risk Accepted
x
no
Vulnerability Remediation
-->
Finding Recommendations
no
Vulnerability CVSS Score
-->
Finding CVSS
no
Vulnerability CVSS Vector
-->
Finding Score Type
no
Vulnerability CVSS Vector
-->
Finding CVSS
no
Vulnerability Risk
-->
Finding Severity
no
Severity
Has multiple values, listed below in italics.
Minimal
-->
Informational
no
Low
-->
Low
no
Medium
-->
Medium
no
High
-->
High
no
Critical
-->
Critical
no
Vulnerability Custom Details Data
-->
Finding Custom Field "Edgescan Details"
yes
Vulnerability Asset Tags
-->
Finding Tags
no
Vulnerability ID
-->
Finding Tags
no
Organization
-->
Findings Tag
no
Vulnerability Asset
-->
Affected Assets
no
Asset/Location
-->
Affected Assets
no
Asset Name (Including Numeric ID)
-->
Asset Parent
no
Locations
-->
Child Asset
no
Asset Url(s)
-->
Asset Host FQDN
no
Asset Host Name
-->
Asset Host Name
no
Asset Ip(s)
-->
Asset Known Ip Address(s)
no
Request
-->
Asset Evidence- Scan Output
no
Response
-->
Asset Evidence- Scan Output
no
Asset Type
Asset Type has multiple values, listed below in blue.
Network
-->
Network Device
no
Web Application
-->
Application
no
Container
x
no
OAuth and SAML are protocols in identity and access management. OAuth is used for authorization, allowing third-party apps to access user resources securely. SAML is designed for authentication and single sign-on, facilitating user identity data exchange. OAuth is common in consumer and enterprise apps, while SAML is often used in government and enterprise environments. Both protocols can be used together for a comprehensive authentication and authorization solution.
PlexTrac supports multiple authentication methods for single-sign-on (SSO):
OAuth: OAuth is an open standard for authorization that grants access via access tokens. OAuth authorizes an application to access your data without giving it access to your credentials.
OpenID: OpenID Connect provides an authentication layer on top of OAuth 2.0. It addresses the lack of an authentication mechanism in OAuth and is thus a more secure solution.
SAML: Security Assertion Markup Language (SAML) is an open standard that attempts to bridge the divide between authentication and authorization.
OAuth is used in access authorization, while SAML and OpenID Connect are used in user authentication.
To set up multi-factor authentication (MFA) or reset the token, go to Profile (Personal Settings) and click the Two-Factor Authentication tab.
Users need an account with PlexTrac before being authorized to use an alternative sign-on method. The users' email in PlexTrac must be identical to the email address used to authenticate through the third-party tool.
Microsoft Entra ID (formerly Azure AD) is a cloud-based identity and access management service that enables employees to access external resources.
OAuth operates through a token-based authentication system, allowing users to authorize access to Microsoft Entra ID resources without sharing credentials. The user logs in to their Microsoft Entra ID account and grants permission to a third-party application to access specific resources using an access token. Subsequently, the application utilizes this token to access the authorized resources on behalf of the user, eliminating the need for the user to re-enter their login credentials.
Step 1: Log in at https://portal.azure.com/#home.
Step 2: Click Microsoft Entra ID under the "Azure services" section.
If the Microsoft Entra ID option is not visible from the default menu, click the arrow icon labeled "More services" and search for the service.
Step 3: From the Overview tab, copy the Tenant ID value and save it for later.
Step 4: Click App registrations under "Manage" on the left menu bar.
Step 5: Click New Registration.
Step 6: Provide the following information:
Name: The user-facing display name for this application (this can be changed later)
Supported account type: "Accounts in this organizational directory only" is the most restrictive
Redirect URI: Choose "Web" from the pulldown menu, then enter the value composed of domain name + "/api/v2/authenticate/azure"
Step 7: Click Register at the bottom of the page.
Step 8: Copy the value for the Application (client) ID and save it for use later.
Step 9: Click Certificates and Secrets under "Manage" on the left menu bar.
Step 10: Click New client secret.
Step 11: Enter a value for Description and select the desired expiration date. Click Add.
Step 12: A new secret appears on the page under the Client Secrets tab. Copy the value for use later.
Client secret values cannot be viewed except immediately after creation. Be sure to save the secret when created before leaving the page.
Step 13: Click Token Configuration from the left menu bar.
Step 14: Click Add optional claim.
Step 15: Choose "ID" for the Token type, then select "email" from the list of options that appears after clicking "ID." Click Add.
Step 16: Navigate back to the Microsoft Entra ID home page (see Step 2) and click Users from the left nav bar.
Step 17: Validate that the desired users exist in the list. Add new users as needed.
Users, not members of the organization, can be invited by clicking New user from the toolbar. They must have a Microsoft account to accept.
Step 18: Log in to PlexTrac as an admin.
Step 19: Navigate to the Admin Dashboard. Click Security under "Security & User Management."
Step 20: Click Authentication Methods under "Authentication."
Step 21: From the OAuth Providers tab, select "Azure" from the dropdown menu "Authentication Providers."
Step 22: Enter the appropriate values for the following fields:
Provider URL: Enter "https://login.microsoftonline.com."
Provider Tenant ID: Enter the "Directory (tenant) ID" value copied in Step 3.
Identifier: Enter the "Application (client) ID" value copied in Step 8.
Secret: Enter the secret value copied in Step 14.
Step 23: Toggle on the Enabled button. Click Save.
Step 24: Return to "Security & User Management" and click Users.
Step 25: Under the column header "Authentication Provider," select the desired user and change the value to "Azure."
Each user has to be configured individually.
OpenID is a decentralized authentication protocol allowing users to authenticate with multiple websites using a single login credentials. It enables users to create a single digital identity that can be used across different websites and services without creating a new account or remembering multiple usernames and passwords.
OpenID provides users with an OpenID URL, a unique identifier for their digital identity. When users log in, they are redirected to their OpenID provider's website to authenticate themselves. Once established, the OpenID provider sends a token back to the website, verifying the user's identity and allowing them to access the site.
OpenID is an open standard. It is supported by many websites and services and designed to be interoperable with other authentication protocols like OAuth.
Step 1: Log in to PlexTrac as an admin.
Step 2: Navigate to the Account Admin page. Click Security under "Security & User Management."
Step 3: Click Authentication Methods under "Authentication."
Step 4: From the OAuth Providers tab, select "OpenID Connect" from the dropdown menu under "Authentication Providers."
Step 5: Enter values for the following:
.well-known Configuration: The URL to the provider's .well-known configuration. The ".well-known" directory is a standardized way for web applications and services to expose metadata about themselves. One of the most commonly used files in the .well-known directory is the "openid-configuration" file, which provides metadata about the OpenID Connect provider used by the web application. The file specifies the authorization and token endpoints, the supported scopes and claims, and the public keys used to sign and verify ID tokens.
Identifier: The identifier provided by the IDP.
Secret: The secret value provided by the IDP.
PlexTrac requests to the provided .well-known Configuration’s authorization endpoint with the following query string parameters:
client_id
redirect_uri
response_type=code
scope=openid email
state
Validate that the authorization endpoint supports the “code” response type, as well as the “openid” and “email” scopes.
Step 6: Toggle on the Enabled button. Click Save.
Step 7: Return to "Security & User Management" and click Users.
Step 8: Under the column header "Authentication Provider," select the desired user and change the value to "OpenID Connect."
Each user has to be configured individually.
Google OAuth (Open Authorization) is a secure authorization protocol that allows users to grant third-party applications access to their Google accounts without sharing their usernames and passwords. It is a standard authentication mechanism used by Google to provide secure, delegated access to resources on its platform, including Google Drive, Gmail, Google Calendar, and other services.
OAuth provides a token-based authentication system where users can grant access to their account data without disclosing their credentials to that service. The user first logs in to their Google account and then permits the third-party application to access specific resources using an access token. The application then uses this token to access the authorized resources on the user's behalf without needing the user to provide their login credentials again.
Step 1: Log into the APIs & Services page on the Google Cloud platform: https://console.developers.google.com/apis/credentials
Step 2: Click the project pulldown menu.
Step 3: Click NEW PROJECT.
Step 4: Enter a project name and click Create.
Step 5: Click the OAuth consent screen in the left nav bar.
Step 6: Validate that the user type is "internal" and click EDIT APP.
Step 7: Enter a value for the App name, select a value for the User Support email from the pulldown menu, and enter an email address for the Developer contact information. Click SAVE AND CONTINUE.
Step 8: Click ADD OR REMOVE SCOPES.
Step 9: Add the following scopes: email, profile, and openid. Click Update.
Step 10: Click Credentials from the left main menu.
Step 11: Click CREATE CREDENTIALS and then select OAuth client ID.
Step 12: Select Web application as the Application Type.
Step 13: Click ADD URI under the "Authorized JavaScript origins" header and enter the PlexTrac UI URL (i.e., http://app.plextrac.com).
Step 14: Click ADD URI from "Authorized redirect URIs," insert the PlexTrac URL, and add "/api/v2/authenticate/google
" at the end of the url used in Step 10. Click CREATE.
Step 15: Copy the values provided for Your Client ID and Your Client Secret. Click Ok.
Step 16: Log in to PlexTrac as an admin.
Step 17: Navigate to the Account Admin page. Click Security under "Security & User Management."
Step 18: Click Authentication Methods under "Authentication."
Step 19: From the OAuth Providers tab, select "Google" from the dropdown menu under "Authentication Providers.
Step 20: For the Provider URL, enter https://accounts.google.com. Enter the Client ID value into the "Identifier" field and the Client Secret value obtained earlier from previous steps into the "Secret" field. Toggle on the Enabled button. Click Save.
Step 21: Return to "Security & User Management" and click Users.
Step 22: Under the column header "Authentication Provider," select the desired user and change the value to "Google."
Each user has to be configured individually.
OAuth (Open Authorization) is a standard token-based authorization framework. OAuth enables account information to be used by a third party without exposing the user's account credentials to the third party.
It provides the third-party service with an access token that authorizes the sharing of specific account information.
OpenID Connect is an identity layer built on the OAuth 2.0 protocol that permits a third-party application to obtain a user's identity information managed by a service. This functionality makes it easier for developers to authenticate users.
Clicking the card below will open further documentation for integrating PlexTrac with the following OAuth/OpenID solutions.
Okta OAuth is a secure authorization protocol that Okta, a cloud-based identity and access management service, allows users to grant third-party applications access to their Okta resources without sharing their username and password.
OAuth provides a token-based authentication system where users can grant access to their Okta resources without disclosing their credentials to that service. The user first logs in to their Okta account and then permits the third-party application to access specific resources using an access token. The application then uses this token to access the authorized resources on the user's behalf without needing the user to provide their login credentials again.
PlexTrac only supports IDP-initiated integration through SAML. If using IDP Okta outside of a SAML-based authentication, PlexTrac does not support but recommends SP-initiated SSO.
Step 1: Log in to Okta.
Step 2: Click Applications in the admin panel.
Step 3: Click Add Application.
Step 4: Click Create New App and fill out the form. For Platform, choose "Web." For the Sign-on method, select "OpenID Connect." Click Create.
Step 5: Enter a value for the Application name and add {{ your_domain }}/api/v2/authenticate/okta
to Login redirect URIs. Click Save.
Step 6: On the next page, copy values for Client ID and Client secret for later use.
Step 7: Click the Sign On tab, copy the value for Issuer, and save for later. This will be later used in PlexTrac as the Provider URL.
Step 8: Log in to PlexTrac as an admin.
Step 9: Navigate to the Account Admin page. Click Security under "Security & User Management."
Step 10: Click Authentication Methods under "Authentication."
Step 11: From the OAuth Providers tab, elect "Okta" from the dropdown menu under "Authentication Providers."
Step 12: Enter values for the fields Provider URL, Identifier, and Secret obtained from earlier steps.
Step 13: Toggle on the Enabled button. Click Save.
Step 14: Return to "Security & User Management" and click Users.
Step 15: Under the column header "Authentication Provider," select the desired user and change the value to "Okta."
Each user has to be set individually.
SAML stands for Security Assertion Markup Language. It is an XML-based standard for exchanging authentication and authorization data between parties, particularly between an identity provider (IdP) and a service provider (SP).
SAML enables single sign-on (SSO) by allowing users to authenticate themselves once and access multiple services without the need to log in again for each one. SAML achieves this by exchanging digitally signed XML documents, called SAML assertions, between the IdP and SP.
When a user tries to access a resource on a service provider, the SP redirects the user to the identity provider for authentication. The IdP then verifies the user's identity and generates a SAML assertion that includes information about the user's identity and attributes. The IdP signs the assertion using its private key to ensure its authenticity and sends it back to the SP. The SP then verifies the signature using the IdP's public key and grants access to the requested resource.
Plextrac allows any SAML Identity Provider to log into the application. Multiple providers can be configured for each tenant and managed per user. For example, one user could log in with Google while another uses Okta.
This authentication method is only valid for the UI and not for authenticating with the PlexTrac API.
SAML requires the following environment variables to be set in the PlexTrac Docker:
PROVIDER_CODE_KEY: A secure signing key set by default in the latest version.
CLIENT_DOMAIN_NAME: The hosting domain name, such as app.plextrac.com
. Do not include HTTP(s)://
.
PROVIDER_CODE_KEY
is an environment variable that acts as a secure signing key. It is used in the SAML configuration within PlexTrac to facilitate secure communication between the identity provider (IdP) and PlexTrac. This key ensures that the SAML assertions exchanged during the authentication process are signed and can be trusted.
When setting up SAML for PlexTrac, the PROVIDER_CODE_KEY
must be set to a secure value in the Docker compose file for the PlexTrac instance.
Users need an account with PlexTrac before being authorized to use an alternative sign-on method.
The user's email in PlexTrac needs to be the same as the email the user will use to authenticate through the third-party tool.
The name ID
value (or similar field) found in the SAML provider must be the user's email address.
Step 1: From the Admin Dashboard, click Security and then Authentication Methods.
Step 2: Click the SAML Providers tab.
Step 3: Click Create New SAML Provider.
Step 4: Enter the information obtained through the provider setup in the appropriate fields.
Provider Name: Identifies the service provider used, such as Okta. This entity acts as an identity or service provider within the SAML authentication and authorization framework.
Allow IDP Initiated SSO: Identifies if a user can initiate SSO with the provider first without visiting PlexTrac. This is an authentication process in which the user's interaction begins with the identity provider rather than the service provider.
Identity Provider Single Sign-On URL: Identifies the specific endpoint provided by the IdP to initiate the SAML authentication process during SSO. When users attempt to access a service provider application, they are redirected to the IdP SSO URL to authenticate themselves.
Provider Issuer URL: Identifies the provider. The IdP uses the service provider's Issuer URL/entity ID to determine which metadata and configurations to use when processing authentication requests.
The Issuer URL is typically a URL or a URN (Uniform Resource Name) that uniquely identifies the SAML entity, such as:
https://karbo.okta.com/example
http://www.okta.com/example
urn:amazon:webservices
urn:federation:MicrosoftOnline
X.509 Certificate: The location to paste the certificate. An X.509 certificate is a digital document adhering to the X.509 standard, which governs the structure of public key certificates. X.509 certificates validate identities, ensuring secure communication via encryption.
Enabled: A toggle to turn the SAML configuration on or off.
Step 5: Click Create when finished.
The new setup is listed on the SAML Providers tab.
When choosing not to utilize IDP Initiated SSO with activated JIT, deactivate JIT User Provisioning before disabling IDP Initiated SSO.
Step 1: Toggle “Allow IDP Initiated SSO.”
Step 2: Enter the identity provider origin URL.
Step 3: Toggle on “JIT User Provisioning.”
Step 4: Select the desired default role for newly created users, the default classification level (if applicable), and if any users provisioned via this SAML Provider are assigned to the Default Group.
Step 5: Click Save (if updating an existing configuration) or Create when finished.
The General Authentication Settings page is used to turn on or off the settings that require Multi-factor Authentication for all users.
Administrators can tailor roles and permissions within the PlexTrac platform according to their specific requirements. This customization allows for efficient management of user access and privileges, ensuring a secure and organized environment.
If custom roles are required, create them before adding users. Otherwise, new users will need to be assigned to an existing role, and adding the custom role later will be an additional step.
When creating custom roles, PlexTrac provides the following recommendations:
Create a role without any permissions to assign unused or intermittent access users. By implementing this practice, administrators can prevent unnecessary access to sensitive information or critical functionalities, mitigating potential risks of granting unnecessary permissions.
Use the Principle of Least Privilege when assessing role permissions. This principle advocates granting users the minimum access required to perform their designated tasks effectively. By adhering to this principle, administrators can significantly reduce the attack surface and the potential impact of security breaches, enhancing the overall security posture of the system.
Conduct periodic user and role audits for an accurate user access posture. Regular user and role audits are essential to maintaining a secure user access environment. Periodic audits allow administrators to review and verify the permissions assigned to each user, ensuring that access rights align with individuals' current roles and responsibilities. This process helps identify deviations or discrepancies, providing the user access posture remains accurate and up-to-date.
When assigning roles to a user, giving each role a unique name is essential. Although PlexTrac generates a unique ID for each role in the backend, the user interface may display seemingly identical values, leading to confusion, as shown below.
Step 1: From the Role Based Access page under "Security" in the Admin Dashboard, click Create Role.
Step 2: Enter the fields provided on the page. Role Name and Role Description are required.
Templates as Baseline: Select the desired baseline template from the drop-down menu when creating a new role.
Role Name: This required field is the role's name and will appear on the Role Based Access page.
Enabled: This feature displays if the role is activated and provides a simple way to disable access temporarily.
Description: A brief description of the role (required).
Users Assigned: Place the cursor in the box and type a user to find and associate users to this role. If a user already belongs to another role, additional screens will appear to disable the previous role or inherit an additional role to existing permissions.
User List: Assigned users will appear in a list under the User Assigned box. They can be deleted by hovering over the name with the cursor and clicking the red trash can icon.
All users MUST be assigned to at least one role, and the platform will provide an error message if an attempt is made to disable a role that contains a user with no other assigned roles.
Step 3: Scroll down the page to select/deselect permissions for the role by clicking the provided tasks to define permissions. A purple button means permission has been given for the role, while a grey button means no permission has been enabled. Clicking a purple button again greys it out and disables authorization.
In this example, all permissions except the ability to manage style guides and access to the admin dashboard where the style guides are managed were removed.
Step 4: Click Save.
A summary page appears to review the list of users and permissions. Click Edit to adjust.
The new role is listed, along with the number of users assigned and configured permissions.
Every role will have at least five permissions displayed on this page, even if no tasks are enabled due to permissions that cannot be configured. For example, if two task buttons were enabled, a number of "7" will show as the total enabled permissions.
The Classification Tiers button under "Security" in the Admin Dashboard is where the functionality for classification tiers is turned on or off.
Classification tiers functionality is turned off by default.
Classification tiers enable control for specific users to view and modify particular reports for a specific client. For example, most users may have access to a client and most reports, but a few users may require a higher classification tier to work on a report with more sensitive data.
Once turned on, PlexTrac provides three tiers by default (Tier 1, Tier 2, and Tier 3). The higher the classification level, the more restrictive it is (i.e., Tier 1 is the lowest). For example, everyone in Tier 2 has access to Tier 1, but Tier 2 users do not have access to Tier 3 reports.
Once enabled by toggling on, the default classification tier values and descriptions can be edited, and new ones can be created and managed.
Step 1: After enabling classification tiers, click Create Classification.
Step 2: Enter a classification tier name and description in the provided boxes. If ready to implement, toggle on the "Enabled" button.
Step 3: Click Save.
A message will appear briefly confirming the addition of the new tier, and it will appear on the list at the top of the list by default as the most restrictive.
Step 4: If the new value's default placement at the top is inaccurate and needs adjustment, select and move the value's bar on the page to reflect its appropriate classification level in the existing tier structure.
Once a row is moved, the tiers dynamically reorder and display their new classification level (the bottom of the list will always be the least restrictive Level 1).
Step 5: Exit this page by clicking the breadcrumb Admin Dashboard.
Step 6: Click Security under "Security & User Management."
Step 7: Click Authorization.
Step 8: Select the desired client from the "Client" pulldown menu.
Step 9: Identify the user to configure, click the pulldown menu of the column "Classification Level," and select the appropriate value.
Step 10: Click the Reports module, select a report, and click the Details tab.
Step 11: Click the pulldown menu of "Report Classification" and select the appropriate tier value. Click Save.
Step 1: From the Classification Tiers page, click the value to edit.
Step 2: Make any edits and click Update Classification.
Classification tiers cannot be deleted. This is to protect against existing protected reports being unintentionally exposed. If a specific tier is no longer needed, however, it can be disabled (if to be used again in the future) or edited to reflect a new tier classification.
If classification tiers are disabled at the feature level, any previously classified reports will be exposed, as tier protection will no longer apply.
To disable the value from appearing as an option elsewhere in PlexTrac, toggle off the "Enabled" button and click Update Classification.
If disabling a classification tier, it may be necessary to refresh the browser for the value to disappear.
The Users button under "Security & User Management" in the Admin Dashboard allows an admin to view, edit, add, or delete users.
PlexTrac's user management page provides a range of features to streamline user administration. Administrators can add users, assign roles, select authentication providers and classification tiers, reset passwords, enable or disable accounts, and permanently delete users. Additionally, there is functionality to authorize users by client.
The functionality for managing users is contextual, depending on their status. For example, if no users are locked, no option is provided to unlock them.
Users are either enabled, disabled, or locked. This status can be filtered through the pulldown menu at the top of the table or sorted by clicking the flag next to the name field in the table header column.
PlexTrac will lock a user out after multiple failed attempts to protect against brute force attacks. Locked users are identified with a lock icon next to their name, a highlighted row background, and the words "User locked" listed under their email address.
Disabled users are identified with an icon next to their name, a row with a grey background, and the words "User disabled" under their email address.
Each user added to a licensed role is considered a paid user. When a role is licensed, an icon will appear at the end of the role title (regardless of the number of licenses available).
Roles that use a license are also identified on the RBAC page.
Visit the RBAC page for information on the various messaging related to licensed users and their relationship to permissions.
Click the "All Roles" pulldown menu to filter users by role. Standard roles are at the top of the list.
If a user is added to a role that requires a license but no more seats exist, an error message appears.
Disabled paid users count towards the total user license. To remove a user from the count, a user must be disabled and removed from any assigned paid roles.
The table view can be customized by clicking the column view icon to the right of the search bar.
Once clicked, a modal appears that lists all fields. To remove a column, click X within the bar.
Fields that are required do not have an X available.
When fields are removed, an "Add Column" pulldown menu is added at the bottom left of the modal to store the field. Any removed fields can be added later by clicking Add Column and selecting the field to add.
This modal represents the sequence of fields provided in the table, meaning the bar on top will be the column on the table's far left. The order of columns can be adjusted within this modal by clicking the six dots on the left of the bar for a field and dragging the bar to the desired sequence place.
Licensing allows admins to manage software licenses and product keys to activate and authenticate PlexTrac modules and integrations. Admins can also configure priority and Plex AI settings at the tenant or client level.
Licensing contains the following sections:
Existing users can be managed via bulk action or by editing individually.
Step 1: From the Users page of the Admin Dashboard, under "Security & User Management," click Edit under the "Actions" menu of the user to manage or click the row of the user within the table.
Step 2: On the Details tab, you can edit your first and last name and the authentication provider. Additional options exist to reset the password and disable or delete the user. Depending on the user's status, additional options are provided.
Click Save if editing the user name. All other changes are done dynamically.
Step 2: Client access can be modified on the Authorization tab. Use the filters to narrow the list of clients displayed.
Additional options to manage a user within the table can be found by clicking the three dots under the "Actions" menu in the user's row to edit. Some options may not appear if the use case does not apply to the user.
Bulk action options appear after one or more findings are selected by clicking the checkbox to the far left of the finding row or by clicking the box next to the column header. Some options may not appear if the use case does not apply to a current user status.
The Licensing section allows an admin to enter a license key by entering a key into the provided box and clicking Add License.
The version for a tenancy can be obtained at the bottom of any page in the Admin Dashboard.
The list of licenses for a tenancy can be obtained at the bottom of any page in the Admin Dashboard by clicking Licenses.
Users can be added using PlexTrac or by uploading .
If custom roles are required, create these before adding users. Otherwise, new users will need an assignment to an existing role, and adding the custom role later will be an additional step.
Step 1: From the Users page of the Admin Dashboard, under "Security & User Management," click Add Users.
Step 2: Enter the user's email, first name, last name, role, authentication provider, and classification tier (if applicable).
Step 3: Click the check box to identify if the user should belong to the Default Group.
The Default Group is a collection of users who, by default, have access to all clients in PlexTrac. When a user is added to the Default Group, they are granted access to all existing clients, and when a new one is created, they are automatically assigned access.
Removing a user from the Default Group does not remove previously granted client access but only removes the automatic assignment to new clients.
Step 4: Click New user to repeat the process and add more users.
Step 5: When finished, validate whether an email link should be sent to all newly created users to set their password (the default option is to send the email).
Step 6: Click Save.
A message will appear confirming the addition, and the new user will appear on the Users page.
Users can be created in bulk using a CSV template, which can be found on the Add New Users page after clicking Add Users.
The CSV file has five fields to collect user information to be imported:
Step 1: Download the file, delete the sample values, and enter the user information to import.
If any custom roles exist in the CSV file that are not currently in PlexTrac, add them now before continuing to reduce rework.
Step 2: From the Users page of the Admin Dashboard, under "Security & User Management," click Add Users.
Step 3: Click Import from CSV.
Step 4: A window opens to select the CSV file from the computer. Select the file to import.
Step 5: The information in the CSV file is imported for review.
Step 6 (optional): No changes are needed if standard roles were used. If a custom role was assigned to an imported user, manually select it by clicking the "Role" pulldown menu for the impacted user and selecting the desired custom role value.
Step 7: Click Save.
A message will appear confirming users were added.
The Role Based Access (RBAC) button under "Security" in the Admin Dashboard gives administrators granular control over permissions within PlexTrac, such as actions allowed for a specific user, permissions for customers, access to client data, and report access that restricts viewing sensitive data.
PlexTrac applies roles that consider the tenant (instance) and client. This enables teams to grant users the privileges required to accomplish tasks for specific clients.
A user’s tenant role governs what portions of the platform they can access, including the modules, tools, and UI elements presented for use. A user’s permissions can be further scoped in the context of individual clients. Users must have a role in the context of each client.
PlexTrac has three default roles: Administrator, Standard User, and Analyst.
An icon within the RBAC list identifies permissions that require a license.
For a tenancy, a license can be in different states:
A valid key: In this scenario, no banner message will appear.
An invalid license key: In this scenario, a banner appears (when adding users or viewing a role within the Admin Dashboard), and the admin needs to contact licensing@plextrac.com.
More licenses needed: This scenario applies to situations where the number of licenses remaining is three or fewer, and the admin should contact licensing@plextrac.com. A banner appears when adding users or viewing a role within the Admin Dashboard.
No license key: This scenario could apply to a new instance, and the admin needs to contact licensing@plextrac.com. No banner message is provided.
Platform-wide permissions include access to specific modules (WriteupsDB, Assessments, etc.), the Account Admin section, platform settings, and user management. These permissions are specific to platform access and assigned in the Role Based Access area of the Admin Dashboard.
Users may be assigned to more than one role. Tenant permissions are additive. Adding users to a less-privileged role does not remove other roles or restrict permissions.
Within a tenancy, the following business rules apply:
Administrator: A tenant administrator can access all tools, modules, and UI elements on the platform (all aspects of the Admin Dashboard).
Standard User: A standard user can access all modules and UI elements outside the Admin Dashboard.
Analyst: An analyst user cannot access the Content Library or Runbooks modules. Additionally, most UI elements that provide create or edit capabilities are unavailable.
Admin user permissions can be viewed by clicking the Administrator box on the Security: Role Based Access page.
An administrator is PlexTrac's highest permission role, and admins have complete control and access over every application part.
Click the Standard User box on the Security: Role Based Access page to view standard user permissions.
Analyst user permissions can be viewed by clicking the Analyst box on the Security: Role Based Access page.
The role assigned to a user at the client level sets the client, reports, and findings permissions for that client.
In the context of a client, the following business rules apply:
Administrator: A client administrator can edit any data associated with the client, such as the client record, assets, and reports, and manage access of client users.
Standard User: A standard user can edit any data associated with the client, such as the client record, assets and reports.
Analyst: An analyst user can view client assets and related data, reports in published status, upload and delete artifacts in reports, and change the remediation status of findings.
The Authorization button under "Security" in the Admin Dashboard allows user group membership and roles to be managed.
This page lists all users (first and last name), email/username, role, classification level, and if they belong to the default group.
Users in the list can be found via search, filtered by client, or sorted by first name, last name, or email/username.
The Default Group is the collection of users granted access to all clients by default. Adding users to this group automatically grants them access to all existing and new clients as they are created.
Removing a user from the Default Group does not remove previously granted client access and only removes the automatic assignment to new clients.
Step 1: From the Authorization page in the Admin Dashboard, select a client from the pulldown menu.
Step 2: A new button for adding users appears. Click Add/Authorize User.
Step 3: Select the user from the "User" pulldown menu or begin typing to filter the provided list.
Step 4: Assign the appropriate role from the "Role" pulldown menu, and, if applicable, assign a classification level.
Repeat as needed by clicking Add User.
Step 4: Click Save.
Roles can also be managed directly from the Authorization page.
Step 1: From the Authorization page in the Admin Dashboard, select a client from the pulldown menu.
Step 2: Click the pulldown menu under the "Role" column for the user to be changed and select the new role.
If not enabled, the column will not appear.
Plex AI streamlines finding development and authoring, reducing the time spent on manual proactive security report development while ensuring data integrity and quality.
All interactions among system components, including AI, are secured through encrypted channels utilizing TLS 1.2. Within a PlexTrac instance, all AI components utilize PlexTrac’s RBA system to guarantee appropriate access controls. This ensures that client, reports, and classification requests adhere to configured access controls, maintaining security and integrity when utilizing generative components. No customer data is used to train the AI model.
For more information, view the .
Content Generation: AI intelligently generates content specific to the finding being edited. To learn more, click the info icon within the side drawer that appears when content is generated.
Dynamic Content Selection: Once the AI generates content, users can replace the existing text with the newly generated content if it meets their standards. Should the initial output not suffice, content can be regenerated.
Historical Navigation: Users are not limited to accepting the first piece of generated content. Through simple "previous" and "next" navigation, they can browse different versions of the generated text, ensuring the selection of the most fitting content for their report.
Efficiency and Flexibility: The process is designed to accommodate both situations where users start with an empty field or wish to update current content, granting flexibility and efficiency in enhancing report quality.
Areas of the platform using AI are identified with a "Use AI" button at the bottom right of a text box, such as the description and recommendations fields of a finding on the Finding Details tab or the Narrative tab of a report.
It is important to ensure that all relevant fields contain content to generate the most effective output. AI draws on values from other fields to produce high-quality output. For instance, when generating a recommendation for a finding, AI uses information from the finding name and any existing content in the recommendations field.
Step 1: Where available, click Use AI.
Step 2: A side drawer will open with the suggested text provided by AI. Click Insert & Replace to use the generated text and override the existing text.
Any content currently in the field, including tables or images, will be replaced.
Or click Regenerate to see a different response.
Step 3: The content is inserted into the text field. Make further edits as needed.
Although PlexTrac has taken great care to ensure the accuracy and quality of the text generated, AI systems can occasionally produce content that includes hallucinations, inaccuracies, or unreliable statements. AI-generated text cannot replace professional advice, information, or services. It is recommended that users exercise their judgment, conduct additional research, and verify any critical details before relying on or acting upon the information presented.
This section allows admins to configure Plex AI access for both the user and the client.
On this tab, admins can configure if added clients will get AI by default across the tenancy or manage existing client AI access.
On this tab, admins can configure if added users will get AI by default across the tenancy or manage existing user AI access.
If two roles are created with the same name, they cannot be differentiated in the pulldown menu, which is why it is best practice to use unique role names.
Client-based permissions are specific to using and accessing Clients, Reports, and Findings. These permissions are assigned on a client level, and more information can be found by visiting the .
This task is for existing users. This is not the process for adding users to PlexTrac. directly from the Clients module.
When classification tiers have been enabled (configured in Admin Dashboard>Security>), a column will appear on the Authorization page, allowing further security restriction configuration for each user by the client.
Stored responses by AI can be accessed by clicking Previous and Next until new content is added or the side drawer is closed.
first name
yes
last name
yes
yes
A vid email format is required.
role
no (will default to a value of "Standard User" if left blank or a custom role is used)
Accepted values are the default PlexTrac roles: admin
, standard user
, and analyst
. The values are not case-sensitive.
NOTE: The backend value of STD_USER
for the role of "standard user" is also valid.
Custom role names can be used and will not break import, but at this time, any values in the CSV beyond the standard values listed above will map to "Standard User" by default when the import is first loaded and require manual intervention to update before completing the import task (see instructions below).
classification tier
no
authentication provider
yes
default group
no
Accepted values are TRUE
(user belongs to default value) and FALSE
(user does not belong to default group).
This option determines if a priority applies to a tenant or is specific to a client and whether it appears to end users after creation. The default value is Tenant-level priorities
.
Modifying this option after users have created priorities can change the priorities displayed on the Priorities module home page. Priorities assigned to specific clients will not be shown if the tenant is set to "Tenant-level priorities.
"
If Tenant-level priorities
is selected, a user can set up a priority across all clients in the tenancy with access to all findings and assets in the platform.
This will be identified to users in the Priorities module home page under the "Client" column as All clients
.
If Client-level priorities
If selected, a user must choose a client when creating a priority and can only link assets and findings from that client.
This will be identified to users in the Priorities module home page under the "Client" column by listing the client's name.
The Support Portal is reached by clicking the user name in the upper right and then clicking Help Center.
A new browser window/tab will open outside of the platform, containing the home page of the Support Portal.
In White Labeling, admins can manage brand identity, provide a consistent user experience, and reinforce their unique business context throughout the platform.
White labeling allows both Managed Security Service Providers (MSSPs) with multiple clients and Enterprise customers managing various internal business units or groups to customize the labels that appear throughout the platform. This customization lets administrators personalize and align the platform with their business needs and branding.
An administrator can substitute the generic term "clients" with the company's name, resulting in a more personalized and professional user experience.
Likewise, an Enterprise customer using PlexTrac to manage different internal business units or groups can customize the labels to match the specific terminologies used within their organization. This ensures the platform integrates seamlessly with existing processes and naming conventions, making it more user-friendly for their teams.
PlexTrac breaks white labeling into two categories: Core and Menu.
Modifications to "core" values apply to all instances of the term used in the platform EXCEPT for the names of the main menu and module pages. These changes include column headings, button labels, and table values.
In the following example, using the Clients module home page, the core values "client" and "clients" have been replaced with "Karbo Securities." While the updated company name can be seen throughout the page, the main menu item and module name remained the same.
Modifications to "menu" values apply only to the main menu in the left nav bar and page names that specifically reference that module.
In the following example, using the same Clients module home page as before, the menu value and module name of "Clients" was changed to "Karbo Securities" while the core values stayed with the default.
Step 1: From the White Labeling page of the Admin Dashboard, enter a new value in the desired field.
Values can only be entered in lowercase, but when updated, the first letter of each word will be capitalized.
Step 2: Click Update Labels.
The new value(s) will immediately be updated within the platform for users.
Clicking Logout will end the existing session and log the user out of PlexTrac, providing an easy and secure way to end their session and prevent unauthorized access to the account.
Individual session tokens last 15 minutes when accessing PlexTrac through an API. However, when accessing PlexTrac via the platform, the authentication token is automatically renewed before expiration. This automatic renewal ensures the user's session remains active without requiring manual re-authentication.
In Customizations, admins can personalize various aspects of the PlexTrac platform to meet their needs. They can manage finding layouts, customize report templates, set dark mode, and configure theme colors, allowing them to create a customized experience within the platform.
Customizations include the following sections:
When white labeling values for clients with changes to the menu or core values, the table count label does not change.
In addition, a change to the plural core value OR the menu value will be reflected in the value next to the people icon at the top of the Clients module home page. However, just a change to the singular form of the core value will not result in a change.