The Risk scoring section under "Automations” in the Admin Dashboard allows admins to create formulas for producing dynamic risk and likelihood scores for findings and priorities.
If all equations are disabled, priorities will be scored by the likelihood and impact values selected in the priority.
Contextual Score: The value generated from a contextual scoring equation.
Contextual Scoring Equation: A collection of variables, operators, rules and logic to generate a contextual score.
Equation Variable: A component of the equation representing an individual or an aggregate of fields from PlexTrac, such as Asset count, Finding Severity, and CVE. Equation variables are the building blocks of an equation.
Multiplier: A constant value multiplied against an equation variable's value. It can rapidly increase the weight a variable has on an equation.
Operator: Mathematical symbols that can be used in a Contextual Scoring Equation. Currently, an operator can only perform a "+" addition function.
Variable Rule: The logic and conditions that help determine a variable's weight and value within the equation. A variable can have multiple rules.
PlexTrac provides a default equation for each disabled tab, which can be toggled on by clicking the toggle bar under the "Enabled" column. These equations can be used as a starting block for creating custom equations.
They are identified as "Default" under the "Type" column and cannot be deleted.
This tab lists all priority risk score equations and provides options to create and manage new ones. A client can enable only one equation at a time.
The finding score can be viewed under the finding detail section of a finding.
If the cursor hovers under the question mark icon and contextual scoring is enabled, the equation being used is listed.
This tab lists all priority risk score equations and provides options to create and manage new ones.
The priority score can be viewed under the progress bar on the Details tab of a priority.
If the cursor hovers under the question mark icon and contextual scoring is enabled, the equation being used is listed.
The table view for each tab can be customized by clicking the column view icon to the right of the search bar.
Once clicked, a modal appears that lists all fields. To remove a column, click X within the bar.
Fields that are required do not have an X available.
When fields are removed, an "Add Column" pulldown menu is added at the bottom left of the modal to store the field. Any removed fields can be added later by clicking Add Column and selecting the field to add.
This modal represents the sequence of fields provided in the table, meaning the bar on top will be the column on the table's far left.
The order of columns can be adjusted within this modal by clicking the six dots on the left of the bar for a field and dragging the bar to the desired sequence place.
Click Save when finished.
This page includes the business rules and instructions for enabling and disabling priority equations when multiple ones exist.
The impact of an equation on a priority depends on multiple variables, such as whether equations are set in General Settings to apply to all tenants or a client, if the default equation is enabled, if a custom equation is enabled, and if the custom equation applies the entire tenancy or specific clients.
When priorities are enabled at the tenant level, only one equation can be used at a time. When enabled, equations created for specific clients are no longer accessible from the contextual scoring page. Existing equations are not deleted, but they can no longer be viewed or modified from the page.
Tenant-level priorities have the following business rules for equations:
When priorities are enabled at the client level, only one tenant-level equation can be used at a time. However, custom equations for specific clients may be enabled and, when executed, take precedence. Any equations created for specific clients will be accessible from the contextual scoring page along with tenant-wide equations.
Whether the equation is client-specific or a tenant is identified under the "Associated with" column.
Client-level priorities have the following business rules for equations:
To enable an equation, toggle the button under the "Enable" column.
If the user's action impacts existing priorities and business rules, PlexTrac will display a message to inform of the consequence. If approved, the system will enable or disable other related equations accordingly.
PlexTrac learns about scanner findings as files are imported. This learning can be done proactively by an admin through parser actions or when a user imports a scanner file when adding findings to a report. Either way, the learning begins after an admin imports a file via the parser actions page of the Admin Dashboard, and this process must occur for each tool that PlexTrac integrates with. Any files for a tool imported as findings to a report that have not been enabled by an admin on the parser actions page will have no impact on parser actions.
When importing a file, parser actions process the contents to extract relevant information and perform specific operations. The exact parser actions depend on the file format and business rules an admin configures.
The findings are matched to the parser action by plugin ID and include actions such as linking to a writeup, changing the finding severity, or ignoring the finding when parsed.
Currently, no other metadata of the finding, such as tags, can be mapped or manipulated by parser actions.
When new files are uploaded to parser actions, plugin IDs are only created for IDs not found and set to a "Default" action, meaning no changes will occur on import unless a parser action is created.
Parser action changes are applied to future imports and don't impact existing findings. For example, suppose a parser action for a finding severity value was created for a plugin, but moving forward. In that case, the source of truth for severity is the scanner tool, then change the parser action for that plugin to "Default." The next time that plugin is imported, the severity value from the source will be imported into the report.
Parser actions apply to all users.
The description of a parser action can be obtained by placing the cursor over the parser action title in the table.
Step 1: Click Parser Actions in the "Tools & Integrations" section of the Admin Dashboard.
Step 2: Check the Enable Parser Plugin Actions box.
Enabling parser plugin actions will allow the ability to preset default actions, link writeups, and change the severity of scanner findings when imported into a report.
Once parser import rules are set, do not check the "Enable Parser Plugin Actions" box if wanting to import scan results natively without existing rules applied.
Step 3: Click Import.
Step 4: Select the source of the file to import from the "Import Source" pulldown menu, then drag the file into the drop area on the modal or click Browse to navigate to the file on the computer.
The box will display the supported files for the tool selected in the pulldown menu as the import source, along with the maximum file size.
Step 5: Click Upload.
A notification will confirm a successful import.
Step 6: The imported plugins are now available for configuration. Search or select the desired plugin and configure it using the pulldown menus and options to configure the preferred course of action.
Parser plug-in actions include four options:
DEFAULT: Passes the scanner result through with no action taken.
LINK: Replaces a scanner result finding with a custom writeup from WriteupsDB.
IGNORE: Ignores a scanner result when parsed by PlexTrac.
SEVERITY: Overrides a scanner result, finding severity value with a new value selected by the parser action.
Parser actions can take findings ingested from an external tool and map them to a custom finding in WriteupsDB. When the finding is imported, this action will override the description, title, references, custom fields, common identifiers, risk score, and recommendations. Multiple plugins with the same writeup will be mapped to a single finding with merged affected assets.
Step 1: Click Parser Actions in the "Tools & Integrations" section of the Admin Dashboard.
Step 2: Check the Enable Parser Plugin Actions box.
Step 3: Select the parser to work with from the "Filter Plugins" pulldown menu.
Step 4: Select the findings by clicking the checkbox of the finding row or selecting the box in the header column next to "Plugin Id."
Step 5: Select the writeup to link the findings by selecting the value from the "Link Writeup" pulldown menu.
The linked writeup is now displayed for each finding under the "Write Up" column.
If a new report is created, and the same parser file is imported, only one finding will be imported into the report.
Once a parser action is created, it cannot be deleted.
Step 1: Click Parser Actions in the "Tools & Integrations" section of the Admin Dashboard.
Step 2: Check the Enable Parser Plugin Actions box.
Step 3: Select the parser to work with from the "Filter Plugins" pulldown menu.
Step 4: Click Add Parser Action.
Step 5: Enter a Plugin ID, Title, and Plugin Description value.
All three fields must contain a value to continue.
Step 6: If the plugin action is "Default," continue to Step 8. Otherwise, select the desired plugin action from the pulldown menu.
Step 7: If "Ignore" was chosen, go to Step 8. Otherwise, select the value to associate with the action determined in the previous step.
Step 8: Click Create.
A message confirming creation will appear, and the new parser action will be displayed in the list.
Admins can create an equation to produce a custom score. The process for creating an equation for a priority and findings is the same and consists of two steps:
Equation Properties: The tab in which the name, description, and (when applicable) what clients the equation applies to are entered.
Equation Builder: The tab where the user selects and configures the variables of the equation that determines the contextual score.
The example below is done within the Priorities tab, but the process is the same as the Findings tab.
Step 1: From the Admin Dashboard, click Risk scoring.
Step 2: Click Create Equation.
Step 3: Select whether to start from the tenant default or another equation. When finished, click Create.
Step 4: Enter an equation name and description on the "Edit basic information" tab.
If priorities are configured for all clients, client-specific configuration options for priorities equations will not appear, and users will proceed to Step 9.
Step 5: Identify whether the equation will apply to all clients in the tenancy who currently have no equation assigned or to a specific client.
If this equation applies to all clients, skip to Step 9.
Step 6: If client-specific, click Select clients and search, scroll, or use filter options to find the desired client.
Step 7: Click Select.
Step 8: Click Save at the bottom right of the page.
Step 9: Click Continue at the bottom right of the page.
The "Edit variables and equation" second tab appears as the equation builder tab.
The equation builder tab consists of three sections/boxes:
Box 1 - Score Equation: This box displays the current equation and allows users to modify it by dragging variables on/off the box.
Box 2 - Available Equation Variables: This box lists the available variables to be leveraged to update the current equation in Box 1.
Box 3 - Variable Configuration: When a variable in Box 1 is clicked or selected from the pulldown menu at the top of Box 3, this box provides further details that can be used to define how the variable is utilized in the equation. These details include additional properties and business rules.
The total equation weight must always equal 100%. The current allocation is listed above the equation.
Variable weights can be edited directly in the variable's box or in Box 3 on the right of the page in the "Variable weight" section.
To calculate the score for each variable in the equation, multiply the weight of the variable by the highest rule score and then divide the result by 100. For instance, if the weight of a variable is 50% and the highest rule score is 90, the score for that variable would be 50 * (90/100) = 45.
If the total allocation for variables does not equal 100%, the total equation weight value in Box 1 will turn red to indicate an error, and an error message will appear if attempting to save the equation.
Variables can be included with an assigned 0% weight, but these will be ignored in the equation and have the same result as those that do not exist in the equation at all.
PlexTrac provides a default equation out of the box that cannot be deleted but can be edited. This equation becomes the tenant default that can be used as a template or starting point to create additional equations.
Any other equation can be reset to its default equation by clicking the kebob menu in the equation's box and clicking Reset to default PlexTrac equation.
The equation builder allows for many variables and scenarios. Below are a few examples that cover various aspects of the functionality and demonstrate the multiple ways equations can be leveraged to meet specific client or tenant needs.
When configuring an equation, errors will not be visible until the user clicks Save. After that initial action, however, error messages are provided dynamically as the equation is worked on.
Step 1: Click the Asset type variable in Box 2 (Available Equation Variables), drag it up to Box 1 directly above and place it in the equation.
Step 2: Click Save. An error notification appears both in the equation and as a message because an operator variable is needed between the variables Asset type and Asset criticality.
All field variables need to be separated by an operator.
Step 3: Click the operator variable in Box 2, drag it to Box 1, and place it where the error notification was displayed between the variables Asset type and Asset criticality.
The error is resolved, and the message disappears.
Step 4: The next step is to set the variable attribute with the correct value. Click the Asset type variable or select it from the pulldown menu in Box 3.
Step 5: Select the "Sever" asset type value from the pulldown menu for Rule 1.
Step 6: The next step is to give Asset type some weight to the equation, or else it will be ignored, as all added variables default to 0%. Change the "Variable weight" value to 10%. The variable in the equation will dynamically update.
Step 7: Identify how many points the variable will receive if the business rule is met by adding 75 to the "out of 100" box at the bottom of the rule.
Step 8: Since the total equation weight is now over 100% with the new variable being updated to 10%, another variable must be reduced to compensate. Note that the total equation weight is currently 110% and in red, denoting an error. An error message is also provided.
Click Source data and change its weight from 80% to 70% so that the total of all four variables equals 100%.
Step 9: The equation is now ready to be executed. Click Save and check "Enable equation after saving" to immediately enable (all existing equations assigned to the client will be disabled).
Step 1: Click Finding score (CVSS 3.1)in Box 1, drag it to Box 2, and unclick the mouse.
The equation no longer includes that variable, and CVSS 3.1 is now listed as available in Box 2.
Step 2: Because the total equation weight must equal 100% and 10% of that weight was removed in Step 1, the remaining variables must be adjusted to compensate. Click Source dataand add 10% to the existing set weight to increase from 70% to 80%.
Step 3: The next step is to remove an operator variable, as an equation cannot end with an empty operator.
Select the operator at the end of the formula, drag it to Box 2 and release. The error message disappears.
Step 4: Click Save.
Step 1: Click Source data on the equation.
Step 2: All business rules and parameters for Source data appear in Box 3 on the far right of the page. Currently, a business rule only exists for HackerOne. Click Add rule.
Step 3: Working now under Rule 2, select the source data value "is added from integrations" from the pulldown menu.
Step 4: Select "Snyk" as the integration source in the following pulldown menu.
Step 5: Give Rule 2 a weight of 45 out of 100 points.
Step 6: Click Save.
In Automations, admins can configure a default or custom priority score equation for the Priorities module.
Automations include the following sections:
