PlexTrac supports importing the weaknesses.csv from NodeZero. NodeZero includes a wide range of penetration testing and security auditing tools, such as network scanners, vulnerability scanners, password cracking tools, and exploit frameworks.
Below are the mappings of fields and any reference notes to provide context. All data flows from NodeZero to PlexTrac. If a field is not listed, PlexTrac does not currently import it.
NodeZero
-->
Finding Source
Title
-->
Finding Title
Description
-->
Finding Description
Score
Finding Severity
1 - 3.9
-->
Low
4 - 6.9
-->
Medium
7 - 8.9
-->
High
9 - 10
-->
Critical
Finding Status
-->
Open
ProvenEntityEid
-->
Finding Tags
Root Cause
-->
Finding Tags
Confirmed/Unconfirmed
Custom Field
Potential
-->
Custom Field Value
Confirmed
-->
Custom Field Value
Root Cause or Type
Custom Field: "Root Cause"
Security Misconfiguration
-->
Custom Field Value
Vulnerability
-->
Custom Field Value
Context Score
Custom Field: "Context Score"
Context Score Number
-->
Custom Field Value Numeric
Below are the mappings of fields and any reference notes to provide context. All data flows from NodeZero to PlexTrac. If a field is not listed, PlexTrac does not currently import it.
IP or Host Name
->
Child Asset Name
IP or Host Name
->
Affected Asset - Child Asset Name
Hostname
->
Hostname
IP
->
Known Ips (Array)
OS
->
Operating System (Common Delimited)
Port
->
Number
Protocol
->
Protocol
Service
->
Service
Service Type
->
Version
First Seen
->
First Found