The Tags Settings button under "Tenant Settings" in the Admin Dashboard allows management of the tags. Tags are listed alphabetically in groups of 20.

Creating a Tag

Type the desired tag value in the "New tag name..." box and click Create Tag.

Finding a Tag

Insert the cursor in the "Type to search tags..." field and type the query. The list of tags will be filtered by the content in the search box.

Deleting a Tag

Search for and identify the tag to delete and click Delete under the "Actions" column of the row for that tag.

Viewing Tags

If more than 20 tags exist, click the Previous 20 and Next 20 buttons at the bottom of the page to navigate forward and backward and view tags on other pages.

The Account Information button under "Tenant Settings" in the Admin Dashboard provides configuration of tenant information, including changing the tenant theme (light or dark), uploading a tenant logo and icon, and changing tenant name.

Changing Tenant Light/Dark Mode

To change the mode of the tenancy from light to dark, click the desired mode. The change is immediate.

Any images loaded light mode will disappear. Images will need to be reloaded for dark mode.

Adding Tenant Images

Step 1: Click Upload Tenant Images.

Step 2: Click the box of the image to upload, and drag the file into the box or navigate to that image on the computer.

Step 3: Click Submit.

The logo will appear at the top of the left navigation bar.

Editing Tenant Name

Step 1: Click Edit Tenant Information.

Step 2: Enter the desired information and click Submit.

The new value appears on the Account Information page. After refreshing page, the new value appears as the Tenant Administration value.

The Admin Dashboard is reached by clicking the user name in the upper right of the page and then clicking Account Admin.

The Admin Dashboard includes the following sections:

In Tenant Settings, admins can manage different aspects of their tenant effectively. They can change the tenant name, activate dark mode for a personalized feel, view and add licenses, set default finding status, configure sub-status options, manage notification and server settings, create email templates, and set up short codes.

Tenant Settings contains the following sections:

Email settings are located under the "Tenant Settings" section in the Admin Dashboard. This section provides administrators with options to manage and configure various aspects related to email setup and notifications. The Email Settings page displays three tabs, enabling admins to adjust and personalize the email settings based on their preferences. These tabs facilitate access and control over notification settings, email servers, and email templates.

Notification Settings Tab

The Notification Settings tab is used to manage when email notifications are sent to users. Notifications can be configured by the report, finding, substatus, or assignment by clicking the toggle bar on or off.

Server Settings Tab

The Server Settings tab manages the configuration of a custom email server. PlexTrac defaults to its email service but supports SMTP (Simple Mail Transfer Protocol) and OAuth (Open Authorization).

Configuring Mail Server

Step 1: From the Admin Dashboard, click Email Settings under "Tenant Settings."

Step 2: Click Configure Mail Server.

Step 3: A modal appears. Enter the appropriate information in the required fields.

• Email Server URL: Refers to the domain or hostname of the server that handles incoming and outgoing emails for the email account or domain. The specific email server name can vary depending on the email service provider or the organization's email infrastructure.

• Port: PlexTrac supports standard SMTP (Simple Mail Transfer Protocol) ports, and those options are provided in the pulldown menu for this field:

  • SMTP with SSL/TLS encryption (SMTPS): 465 (secure)

  • SMTP (unencrypted): 25 (not secure)

  • SMTP with STARTTLS encryption: 587 (not secure)

Step 4: Select the mail server authentication type if different than the default value of "None."

• None: No authentication is used, and the email server allows open relay without requiring credentials. It is not secure or recommended, but it is sometimes used for internal and testing purposes.

• Basic: A simple username and password combination is enabled. Credentials are sent in plain text or base64 encoded. This method is less secure than OAuth2, especially if it is not used with encryption (TLS/SSL).

• OAuth2: This provides a more secure and flexible authentication method, as it does not require sending the actual username and password with each request. It supports short-lived access tokens and long-lived refresh tokens. It is more complex to set up but offers enhanced security. This page provides more information on obtaining the required information from Google to set up OAuth.

Step 5: Click Save.

If the connection is unsuccessful, a message will be displayed at the top of the page.

Validate the data entered, make necessary changes, and click Save again.

Removing Existing Configuration

Click Remove Mail Configuration to remove and change the current email server configuration to the default PlexTrac email service.

E-mail Templates Manager Tab

The E-mail Templates Manager tab manages the format, information, and structure of emails sent to users within a tenancy and allows for the configuration of email white labeling.

Email White Labeling

The application defaults to PlexTrac values for the "From Name" and "From Address." To change the name and email address, edit the fields under "EMAIL WHITE LABELING" and click Submit.

Email Templates

PlexTrac offers a collection of email templates that are automatically dispatched to users upon completing specific actions or tasks. These templates serve as predefined messages but can be modified and tailored to individual requirements.

Admins can customize the templates as needed by incorporating their company logo, removing short codes, enhancing the HTML, or including specific messaging to align with their branding and communication style. This feature enables admins to create email communications matching their style and messaging preferences.

To edit an email template, click the green icon under the "Actions" column next to the email.

Short codes can be used in emails as wildcards to replace text. Available codes are listed at the bottom of the email template.

The General Settings button under "Tenant Settings" in the Admin Dashboard allows management of answer types, the default behavior of findings status for published reports, managing finding sub-status and enabling rapid templating.

Answer Types

All users can select a custom data set when creating a question under an Assessment Questionnaire, but only Admins can define the custom data set. Once an assessment is submitted, all questions are transformed into findings, including custom fields. PlexTrac then assigns a status to each finding, using business rules corresponding to the answer type and values of the question.

PlexTrac-provided answer sets cannot be edited or deleted. The 14 default out-of-the-box answer sets are displayed in the following screenshot:

Creating Answer Types

Step 1: Click the collapsed container under Answer Types.

Step 2: Click Create.

Step 3: Enter an answer type label, then click Add Answer.

Step 4: Enter an answer value and click Add Answer again (every answer type value must have at least two answers). When finished, click Save.

By default, the answer type appears at the bottom of the table.

If configured to be visible, the answer set can now be selected from the available Answer Types when building a question inside a Questionnaire.

Managing Existing Answer Types

To edit an answer type created by an admin, find the answer type from the list and click the green circle icon:

To delete an answer type created by an admin, find the answer type from the list and click the red trash can icon:

Findings Default Published

This configuration determines if findings are set to "Draft" or "Published" when added to a report that has already been published.

Toggle the button to the desired status.

If the findings default status is set to "Draft," all new findings are created in draft status and not viewable to analysts until published (individually or in bulk). If set to "Published," analysts will have access to all findings in published reports for clients they are authorized to view.

Manage Finding Sub-Statuses

This allows an admin to add additional tags available for an additional level of detail to associate with a finding in the "Sub Status" field, which exists under the Findings Details tab of a finding.

The value(s) provided to a user in the pulldown menu are dictated by the value selected for the status of the finding, as the values have a child relationship to the parent value.

To add a sub-status value, place the cursor in the desired parent status field and enter the value. To delete a value, click the "x" of the value to remove it.

Rapid Templating

This feature determines the options available to a user when exporting a report. Toggle the button under "Rapid Templating" to the desired status.

When Rapid Templating is off, and a report is exported, the report will immediately download to the local environment in the format associated with the report.

When Rapid Templating is on, after the desired export format is selected from the pulldown menu, an additional modal will appear, allowing a specific template to be used.

Select the desired export template and click Export.

A report template is a pre-defined structure and format for creating reports. It may include narrative sections and custom fields, as well as the ability to select an export template.

Report templates save time and ensure consistency in the formatting and presentation of reports within an organization. They save time by pre-populating report sections, such as the introduction, methodology, or threat model. Linking to a custom export template ensures an exported file is branded and structured in the desired reporting methodology.

Creating a Report Template

Step 1: Click New report template.

Step 2: Enter a template name and select a default export template from the pulldown menu, if applicable (i.e., a Jinja template).

Step 3: Add any custom fields or narrative sections by clicking the appropriate buttons and entering the required information.

Step 4: Click Create.

The template will appear in the list on the Report templates tab.

Previewing a Report Template

Report templates can be previewed by clicking Preview under the "Actions" column.

The preview will show any text entered in the narrative section when the template was created. It does not display template custom fields.

Editing a Report Template

Report templates can be edited by clicking Edit under the "Actions" column.

This will launch a modal, allowing the entire template to be modified. Click Save when finished.

Deleting a Report Template

Report templates can be deleted by clicking Delete under the "Actions" column.

A box will appear confirming the action. Click Delete.

In Customizations, admins can personalize various aspects of the PlexTrac platform to meet their needs. They can manage finding layouts, customize report templates, set dark mode, and configure theme colors, allowing them to create a customized experience within the platform.

Customizations include the following sections:

The Service-Level Agreements (SLAs) button under "Tenant Settings" in the Admin Dashboard allows management of SLA settings, such as severity, days to close, notifications, and tags.

SLAs are designed to ensure that cybersecurity measures meet specific standards and expectations and are critical to managing and enhancing an organization's overall security posture.

Configuring Views

The table view can be customized by clicking the column view icon to the right of the search bar.

Once clicked, a modal appears that lists all fields. To remove a column, click X within the bar.

When fields are removed, an "Add Column" pulldown menu is added at the bottom left of the modal to store the field. Any removed fields can be added later by clicking Add Column and selecting the field to add.

This modal represents the sequence of fields provided in the table, meaning the bar on top will be the column on the table's far left.

The order of columns can be adjusted within this modal by clicking the six dots on the left of the bar for a field and dragging the bar to the desired sequence place.

Click Save when finished.

Creating a SLA

Step 1: Click New Service-Level Agreement.

Step 2: A modal will appear. Enter an SLA name, define how many days should exist to close the SLA and the finding severity that the SLA applies to. All other fields are optional.

1. SLA Name: This is a required field. Duplicate SLA names can exist.

2. Days to Closed: This is a required field. Enter a numeric value representing how many days are allowed to close a finding. For example, a value of "2" means that if a finding for the defined severity has not been closed within two days of being opened, it exceeds the SLA.

3. Finding Severity: This is a required field. Select the finding(s) severity to be tracked as part of the SLA. More than one severity can be selected.

4. Finding Tags: This allows an SLA to include findings with specific tags. Leave blank to include all tags. More than one value can be selected.

5. Asset Criticality: If a value is selected, the SLA will only track Assets with the selected criticality. More than one value can be chosen.

7. Daily summary email...: When checked, an email summary of findings nearing and exceeding SLA for the tenancy level that the user is assigned to or added as another recipient is sent daily.

8. Send reminder X hours before the SLA is exceeded: When checked, an email is sent. Findings included in this reminder will also be listed as “Nearing SLA” within Trends & SLA analytics.

9. Send notification when the SLA has been exceeded: When checked, a notification will be sent to recipients until remediated.

10. Other recipients: Additional recipients can be added via the pulldown menu. The users selected will have the same experience described in NOTIFICATIONS above, assuming they have permission to view any findings or SLAs.

11. Daily summary email of findings nearing and exceeding an SLA: When checked, a daily email is sent.

12. Send reminder X hours before the SLA is exceeded: When checked, a reminder is sent. Findings included in this reminder will also be listed as “Nearing SLA” within Trends & SLA analytics.

13. Send notification when an SLA has been exceeded: When checked, a notification is sent when an SLA has been exceeded.

Step 3: Click Save at the bottom of the modal.

The Layouts section under "Customizations” in the Admin Dashboard provides the ability to configure and customize the experience of creating a finding.

Multiple layouts allow admins to tailor the finding creation process according to their needs and requirements. Each layout can be designed to capture different findings or accommodate different workflows. For example, a tenant might have different layouts for web application vulnerabilities, network vulnerabilities, or compliance-related issues.

By customizing the layouts, admins can ensure that teams provide consistent and relevant information while creating findings. This can improve report creation by ensuring a standardized approach to documenting security issues.

Creating a Layout

Step 1: Click Layouts in the Admin Dashboard under "Customizations."

Step 2: Click New Findings Layout.

Step 3: Confirm if starting from the default layout or leveraging another. Select the layout from the pulldown menu if starting from a custom layout. Click Create.

Step 4: A new page appears with two tabs: Finding fields and Custom fields.

Enter a unique and descriptive name for the layout in the "Findings layout name" box, as this value will be provided to users when selecting the layout for a report.

Step 5: Arrange the fields to create the desired layout.

Click + in the left column to add any field to the layout. Click X in the right column to remove a field from the layout.

Step 6: Make any optional fields required by toggling the button for that field to the right so the purple checkmark appears.

Step 7: Arrange the fields in the desired order by clicking the row with the cursor and dragging the box to the desired sequence of existing fields.

Step 8: If applicable, add custom fields by clicking the Custom fields tab, then clicking Add custom field.

Step 9: Enter desired values in the provided boxes.

1. Key: A required value used to reference this field. This must be a unique value.

2. Label: A required value used for the field title and visible elsewhere in the platform.

3. Value: An optional RTF to capture the field value and provide any additional content to help the user with context and data acquisition.

Step 10: Click Add custom field to repeat the process.

Step 11: Click Save layout when finished.

A message will appear confirming the layout was created. The new layout will appear in the list for future editing and is now available for assignment to a report.

Assigning a Layout

After a layout is created, it must be assigned to a report to be leveraged. When creating a new report, this association is set by selecting the desired layout in the pulldown menu under the "Findings Layout" of the Create New Report modal.

Layouts can also be added to existing reports by going to the Details tab of the report, selecting the layout from the pulldown menu under "Findings Layout," and clicking Save.

Only one layout can be assigned to a report.

Custom Fields

Any custom fields added to the layout are available to the user at the bottom of the Finding Details tab of the finding.

If a custom field was added to an assigned layout after a finding was added to a report, the additional custom field is available for data input within a finding by clicking Add Fields From Template.

Editing a Layout

Step 1: Click Layouts in the Admin Dashboard under "Customizations."

Step 2: Click Edit of the layout to revise.

Step 3: Make desired changes and click Save layout.

Deleting a Layout

Step 1: Click Layouts in the Admin Dashboard under "Customizations."

Step 2: Click Delete of the layout to revise.

Step 3: A message will appear confirming the action. Click Delete Layout.

A notification message will appear confirming the deletion of the layout.

The Templates button under "Customizations" in the Admin Dashboard allows users to create and configure report templates, export templates, and create style guides.

• Report templates: Defines the report layout that may include narrative sections and custom fields.

• Export templates: Ability to manage templates for exporting reports from PlexTrac.

• Style guides: Defines the styles and presentation when exporting Jinja reports to Word.

The Short Codes button under "Tenant Settings" in the Admin Dashboard provides the ability to replace predefined strings or variables in a report with new values, reducing the need to edit each report. Using short codes makes report creation more efficient and reduces maintenance, as it reduces the time to edit.

Short codes can pull data from a report custom field or a client custom field, depending if the short code applies to all reports for a client or one specific report.

Default Short Codes

PlexTrac provides six short codes that pull data from non-custom fields and are listed on the Default tab. These variables cannot be modified or deleted.

Creating a Short Code

Step 1: From the Custom tab of the Short Codes page within the Admin Dashboard, click Create Short Code.

Step 2: Enter the appropriate values in the provided fields.

1. Short Code field: The string inserted in reusable rich text fields that will be replaced after activation. Short Codes must follow the following rules:

   • Be a single string with no spaces

   • Begin and end with two percent symbols

   • No special characters other than an underscore and the aforementioned percent symbols

   • Follow the standard of %%MY_SHORT_CODE%% when “MY_SHORT_CODE” is the desired string

2. Source field: The value from which the short code is replaced and can originate from either a report or client custom field.

3. Custom Field Label field: The value associated with the short code that will be entered in a client or report custom field to generate the replacement value. Below is an example of a short code's Custom Field Label value ("Client Domain") used in a report.

Step 3: Click Save.

The new short code is inserted at the bottom of the list on the Custom tab.

Step 4: Use the short code at the client level for use in all reports for a client, or use the short code within a specific report.

Editing Short Codes

Custom Short codes can be modified by clicking Edit in the "Actions" column of the applicable short code.

Deleting Short Codes

Custom short codes can be removed by clicking Delete in the "Actions" column of the applicable short code.

A modal will appear, confirming the action. Click Confirm Delete.

The Theme button under "Customizations" in the Admin Dashboard provides configuration of the UI for a tenant.

To change the colors used for the background, text, etc., click the color palette next to the topic to change, adjust the color accordingly with the color modal, click the "x" at the top right of the modal to close it, and click Update Theme.

Changes can be made for Light or Dark mode by using the toggle at the top to change modes before making a color change.

The Risk scoring section under "Automations” in the Admin Dashboard allows admins to create formulas for producing dynamic risk and likelihood scores for findings and priorities.

Terminology

Contextual Score: The value generated from a contextual scoring equation.

Contextual Scoring Equation: A collection of variables, operators, rules and logic to generate a contextual score.

Equation Variable: A component of the equation representing an individual or an aggregate of fields from PlexTrac, such as Asset count, Finding Severity, and CVE. Equation variables are the building blocks of an equation.

Multiplier: A constant value multiplied against an equation variable's value. It can rapidly increase the weight a variable has on an equation.

Operator: Mathematical symbols that can be used in a Contextual Scoring Equation. Currently, an operator can only perform a "+" addition function.

Variable Rule: The logic and conditions that help determine a variable's weight and value within the equation. A variable can have multiple rules.

Default Equations

PlexTrac provides a default equation for each disabled tab, which can be toggled on by clicking the toggle bar under the "Enabled" column. These equations can be used as a starting block for creating custom equations.

They are identified as "Default" under the "Type" column and cannot be deleted.

Findings Tab

This tab lists all priority risk score equations and provides options to create and manage new ones. A client can enable only one equation at a time.

Viewing the Score

The finding score can be viewed under the finding detail section of a finding.

If the cursor hovers under the question mark icon and contextual scoring is enabled, the equation being used is listed.

Priorities Tab

This tab lists all priority risk score equations and provides options to create and manage new ones.

Viewing the Score

The priority score can be viewed under the progress bar on the Details tab of a priority.

If the cursor hovers under the question mark icon and contextual scoring is enabled, the equation being used is listed.

Configuring Page View

The table view for each tab can be customized by clicking the column view icon to the right of the search bar.

Once clicked, a modal appears that lists all fields. To remove a column, click X within the bar.

When fields are removed, an "Add Column" pulldown menu is added at the bottom left of the modal to store the field. Any removed fields can be added later by clicking Add Column and selecting the field to add.

This modal represents the sequence of fields provided in the table, meaning the bar on top will be the column on the table's far left.

The order of columns can be adjusted within this modal by clicking the six dots on the left of the bar for a field and dragging the bar to the desired sequence place.

Click Save when finished.

PlexTrac allows the uploading of templates to provide flexibility in exporting reports in a custom format and style.

Template Types

PlexTrac allows export templates to be uploaded in .doc (for Word documents) or .j2 (for PDF documents) format.

Jinja is a template engine that dynamically generates text-based documents by defining Word templates with placeholders for dynamic content. PlexTrac provides Jinja Word templates to match the branding and styling of an export organization.

PlexTrac provides default templates for exporting to PDF and Word.

Creating an Export Template

Step 1: From the Admin Dashboard, click Templates under "Customizations."

Step 2: Click the Export templates tab.

Step 3: Click Create export template.

Step 4: Drag a .docx or .j2 file to the box provided or click the box in the model to find the file to upload to the computer.

Step 5: Select a style guide to associate with the export template if applicable.

Step 5: Click Upload.

The new template appears in the table.

Downloading an Export Template

Export templates can be downloaded by clicking Download under the "Actions" column.

The file will download to your local system.

Deleting an Export Template

Export templates can be deleted by clicking Delete under the "Actions" column.

A dialog box will appear confirming the action. Click Delete to complete the task.

In Automations, admins can configure a default or custom priority score equation for the Priorities module.

Automations include the following sections:

Admins can create an equation to produce a custom score. The process for creating an equation for a priority and findings is the same and consists of two steps:

1. Equation Properties: The tab in which the name, description, and (when applicable) what clients the equation applies to are entered.

2. Equation Builder: The tab where the user selects and configures the variables of the equation that determines the contextual score.

Part 1: Equation Properties Tab

Step 1: From the Admin Dashboard, click Risk scoring.

Step 2: Click Create Equation.

Step 3: Select whether to start from the tenant default or another equation. When finished, click Create.

Step 4: Enter an equation name and description on the "Edit basic information" tab.

Step 5: Identify whether the equation will apply to all clients in the tenancy who currently have no equation assigned or to a specific client.

Step 6: If client-specific, click Select clients and search, scroll, or use filter options to find the desired client.

Step 7: Click Select.

Step 8: Click Save at the bottom right of the page.

Step 9: Click Continue at the bottom right of the page.

The "Edit variables and equation" second tab appears as the equation builder tab.

Part 2: Equation Builder Tab

The equation builder tab consists of three sections/boxes:

Box 1 - Score Equation: This box displays the current equation and allows users to modify it by dragging variables on/off the box.

Box 2 - Available Equation Variables: This box lists the available variables to be leveraged to update the current equation in Box 1.

Box 3 - Variable Configuration: When a variable in Box 1 is clicked or selected from the pulldown menu at the top of Box 3, this box provides further details that can be used to define how the variable is utilized in the equation. These details include additional properties and business rules.

Equation Weight

The total equation weight must always equal 100%. The current allocation is listed above the equation.

Variable weights can be edited directly in the variable's box or in Box 3 on the right of the page in the "Variable weight" section.

To calculate the score for each variable in the equation, multiply the weight of the variable by the highest rule score and then divide the result by 100. For instance, if the weight of a variable is 50% and the highest rule score is 90, the score for that variable would be 50 * (90/100) = 45.

If the total allocation for variables does not equal 100%, the total equation weight value in Box 1 will turn red to indicate an error, and an error message will appear if attempting to save the equation.

Resetting to Default

PlexTrac provides a default equation out of the box that cannot be deleted but can be edited. This equation becomes the tenant default that can be used as a template or starting point to create additional equations.

Any other equation can be reset to its default equation by clicking the kebob menu in the equation's box and clicking Reset to default PlexTrac equation.

Equation Use Cases

The equation builder allows for many variables and scenarios. Below are a few examples that cover various aspects of the functionality and demonstrate the multiple ways equations can be leveraged to meet specific client or tenant needs.

Adding a Variable

• Scenario: The user needs to add an asset type of "Server" to an existing equation.

Step 1: Click the Asset type variable in Box 2 (Available Equation Variables), drag it up to Box 1 directly above and place it in the equation.

Step 2: Click Save. An error notification appears both in the equation and as a message because an operator variable is needed between the variables Asset type and Asset criticality.

Step 3: Click the operator variable in Box 2, drag it to Box 1, and place it where the error notification was displayed between the variables Asset type and Asset criticality.

The error is resolved, and the message disappears.

Step 4: The next step is to set the variable attribute with the correct value. Click the Asset type variable or select it from the pulldown menu in Box 3.

Step 5: Select the "Sever" asset type value from the pulldown menu for Rule 1.

Step 6: The next step is to give Asset type some weight to the equation, or else it will be ignored, as all added variables default to 0%. Change the "Variable weight" value to 10%. The variable in the equation will dynamically update.

Step 7: Identify how many points the variable will receive if the business rule is met by adding 75 to the "out of 100" box at the bottom of the rule.

Step 8: Since the total equation weight is now over 100% with the new variable being updated to 10%, another variable must be reduced to compensate. Note that the total equation weight is currently 110% and in red, denoting an error. An error message is also provided.

Click Source data and change its weight from 80% to 70% so that the total of all four variables equals 100%.

Step 9: The equation is now ready to be executed. Click Save and check "Enable equation after saving" to immediately enable (all existing equations assigned to the client will be disabled).

Removing a Variable

• Scenario: The user must remove the CVSS 3.1 score from an existing equation.

Step 1: Click Finding score (CVSS 3.1)in Box 1, drag it to Box 2, and unclick the mouse.

The equation no longer includes that variable, and CVSS 3.1 is now listed as available in Box 2.

Step 2: Because the total equation weight must equal 100% and 10% of that weight was removed in Step 1, the remaining variables must be adjusted to compensate. Click Source dataand add 10% to the existing set weight to increase from 70% to 80%.

Step 3: The next step is to remove an operator variable, as an equation cannot end with an empty operator.

Select the operator at the end of the formula, drag it to Box 2 and release. The error message disappears.

Step 4: Click Save.

Editing a Business Rule

• Scenario: The user needs to add a business rule to account for files from Snyk.

Step 1: Click Source data on the equation.

Step 2: All business rules and parameters for Source data appear in Box 3 on the far right of the page. Currently, a business rule only exists for HackerOne. Click Add rule.

Step 3: Working now under Rule 2, select the source data value "is added from integrations" from the pulldown menu.

Step 4: Select "Snyk" as the integration source in the following pulldown menu.

Step 5: Give Rule 2 a weight of 45 out of 100 points.

Step 6: Click Save.

A style guide helps content creators and publishers maintain consistency in their content presentation. It provides guidelines on spelling, grammar, punctuation, capitalization, formatting, and other elements of written communication.

The purpose of the style guides is to provide the ability to overwrite the default PlexTrac formatting during the report export process. The style guides only apply to Jinja templates exported to Word (.doc). Style guides do not impact rich-text fields.

PlexTrac provides a default template that can be configured, leveraged, or cloned to create other style guides. There is no limit to the number of style guides.

Overview

The style guide consists of four tabs/sections:

• Code blocks

• Images

• Tables

• Hyperlinks

Code Blocks

This tab defines the code block experience, including style, prefix, font, font size, font color, background color, border color, width, content alignment, and padding.

Images

This tab defines the image experience, including caption font and prefix, border style, image width and alignment, and padding.

The options to add a border color and width only appear when a border style is selected. If the border style value is "None," color and width options are hidden.

Tables

This tab defines the table experience, including caption font and prefix, and the table justification within the content.

Hyperlinks

This tab defines the font color of links.

Step 1: Click the box.

Step 2: Choose the desired color by clicking in the color box, dragging the circle to the desired color, or entering the hex color code in the provided box.

Step 3: Click X to remove the overlay.

Creating a Style Guide

Step 1: From the Admin Dashboard, click Templates under "Customizations," then click the Style guides tab. Click Create style guide.

Step 2: Select if starting from the default style guide provided by PlexTrac or an existing style guide. Click Create.

Step 3: Enter a name for the new style guide.

Step 4: Configure the style guide to the desired experience by navigating between the four tabs. Click Create style guide when finished.

Associating the Style Guide

A style guide must be associated with an export template to be leveraged. The export template is then associated with a report template, which is then associated with a report. The instructions below assume all files (style guide, export template, report template, and report) exist.

Step 1: From the Admin Dashboard, click Templates under "Customizations," then click the Export templates tab and find the desired export template to associate with the style guide.

Step 2: Under the "Style Guide" column of the table of the export template, select the desired style guide from the pulldown menu.

Any report templates associated with this export template will now leverage the style guide. If no report templates are associated with this export template, continue with Step 3.

Step 3: Click the Report templates tab.

Step 4: Click Edit from the "Actions" column.

Step 5: From the pulldown menu under "Export template," select the export template from Step 1. Click Save.

Any reports associated with this report template will now leverage the style guide when exported. If no reports are associated with this report template, continue with Step 6.

Step 6: Click the Reports module from the left navigation bar. Click the row of the impacted report.

Step 7: Click the Details tab.

Step 8: Go to the "Report Template" field and select the report template in the pulldown menu from Step 4. Click Save.

The next time this report is exported (assuming it is a Jinja template), it will reflect the configuration of the associated style guide from Step 2.

This page includes the business rules and instructions for enabling and disabling priority equations when multiple ones exist.

Equation Business Rules

The impact of an equation on a priority depends on multiple variables, such as whether equations are set in General Settings to apply to all tenants or a client, if the default equation is enabled, if a custom equation is enabled, and if the custom equation applies the entire tenancy or specific clients.

Tenant Level Equations

When priorities are enabled at the tenant level, only one equation can be used at a time. When enabled, equations created for specific clients are no longer accessible from the contextual scoring page. Existing equations are not deleted, but they can no longer be viewed or modified from the page.

Tenant-level priorities have the following business rules for equations:

• Tenant-level priorities is selected under "General Settings" of the Admin Dashboard

• If all equations are disabled: All priorities will be calculated by multiplying the likelihood and impact manually entered on the priority.

• If the default equation is enabled: The default equation is enabled for all clients.

• If a custom equation is enabled: The custom equation applies to all clients.

Client Level Equations

When priorities are enabled at the client level, only one tenant-level equation can be used at a time. However, custom equations for specific clients may be enabled and, when executed, take precedence. Any equations created for specific clients will be accessible from the contextual scoring page along with tenant-wide equations.

Whether the equation is client-specific or a tenant is identified under the "Associated with" column.

Client-level priorities have the following business rules for equations:

• Client-level priorities is selected under "General Settings" of the Admin Dashboard

• If all equations are disabled: All priorities will be calculated by multiplying the likelihood and impact manually entered on the priority.

• If only the default equation is enabled: The default equation is used for any new priorities, but any existing clients with an associated custom equation will take precedence.

• If the default equation is enabled, along with a custom client equation: The default equation is used, except for clients with an associated custom equation.

• If the default equation is disabled but a custom client equation is enabled: Client priorities will be scored by likelihood and impact, except for clients with an associated custom equation.

• If the default equation is disabled but another tenant-level equation is enabled: The enabled custom equation will apply to all clients.

• If the default equation is disabled but another tenant-level equation is enabled, along with a custom client equation: Any clients with an associated custom equation will take precedence, while the rest of the tenancy will leverage the custom tenant-level equation.

Enabling an Equation

To enable an equation, toggle the button under the "Enable" column.

If the user's action impacts existing priorities and business rules, PlexTrac will display a message to inform of the consequence. If approved, the system will enable or disable other related equations accordingly.

In Integrations & Webhooks, admins can enable parser plugin actions and configure integrations with different platforms, enhancing its capabilities and facilitating seamless collaboration with other tools.

Integrations & Webhooks includes the following sections:

The integrations page provides the status of each API integration and the ability to connect new integrations (if licensed) or edit existing connections.

If an integration is available but not set up, the user will see a "Connect" button. A "License required" label will be displayed if an integration is not licensed.

Included API Integrations

The following integrations are included with every PlexTrac instance:

Licensed API Integrations

The following integrations require an additional cost/license to access (one license covers all tools):

PlexTrac learns about scanner findings as files are imported. This learning can be done proactively by an admin through parser actions or when a user imports a scanner file when adding findings to a report. Either way, the learning begins after an admin imports a file via the parser actions page of the Admin Dashboard, and this process must occur for each tool that PlexTrac integrates with. Any files for a tool imported as findings to a report that have not been enabled by an admin on the parser actions page will have no impact on parser actions.

When importing a file, parser actions process the contents to extract relevant information and perform specific operations. The exact parser actions depend on the file format and business rules an admin configures.

The findings are matched to the parser action by plugin ID and include actions such as linking to a writeup, changing the finding severity, or ignoring the finding when parsed.

Overview

When new files are uploaded to parser actions, plugin IDs are only created for IDs not found and set to a "Default" action, meaning no changes will occur on import unless a parser action is created.

Parser action changes are applied to future imports and don't impact existing findings. For example, suppose a parser action for a finding severity value was created for a plugin, but moving forward. In that case, the source of truth for severity is the scanner tool, then change the parser action for that plugin to "Default." The next time that plugin is imported, the severity value from the source will be imported into the report.

Parser actions apply to all users.

Descriptions

The description of a parser action can be obtained by placing the cursor over the parser action title in the table.

Configuring a Parser

Step 1: Click Parser Actions in the "Tools & Integrations" section of the Admin Dashboard.

Step 2: Check the Enable Parser Plugin Actions box.

Enabling parser plugin actions will allow the ability to preset default actions, link writeups, and change the severity of scanner findings when imported into a report.

Step 3: Click Import.

Step 4: Select the source of the file to import from the "Import Source" pulldown menu, then drag the file into the drop area on the modal or click Browse to navigate to the file on the computer.

Step 5: Click Upload.

A notification will confirm a successful import.

Step 6: The imported plugins are now available for configuration. Search or select the desired plugin and configure it using the pulldown menus and options to configure the preferred course of action.

Parser plug-in actions include four options:

1. DEFAULT: Passes the scanner result through with no action taken.

2. LINK: Replaces a scanner result finding with a custom writeup from WriteupsDB.

3. IGNORE: Ignores a scanner result when parsed by PlexTrac.

4. SEVERITY: Overrides a scanner result, finding severity value with a new value selected by the parser action.

Linking to a Writeup

Parser actions can take findings ingested from an external tool and map them to a custom finding in WriteupsDB. When the finding is imported, this action will override the description, title, references, custom fields, common identifiers, risk score, and recommendations. Multiple plugins with the same writeup will be mapped to a single finding with merged affected assets.

Step 1: Click Parser Actions in the "Tools & Integrations" section of the Admin Dashboard.

Step 2: Check the Enable Parser Plugin Actions box.

Step 3: Select the parser to work with from the "Filter Plugins" pulldown menu.

Step 4: Select the findings by clicking the checkbox of the finding row or selecting the box in the header column next to "Plugin Id."

Step 5: Select the writeup to link the findings by selecting the value from the "Link Writeup" pulldown menu.

The linked writeup is now displayed for each finding under the "Write Up" column.

If a new report is created, and the same parser file is imported, only one finding will be imported into the report.

Adding a Parser Action

Step 1: Click Parser Actions in the "Tools & Integrations" section of the Admin Dashboard.

Step 2: Check the Enable Parser Plugin Actions box.

Step 3: Select the parser to work with from the "Filter Plugins" pulldown menu.

Step 4: Click Add Parser Action.

Step 5: Enter a Plugin ID, Title, and Plugin Description value.

Step 6: If the plugin action is "Default," continue to Step 8. Otherwise, select the desired plugin action from the pulldown menu.

Step 7: If "Ignore" was chosen, go to Step 8. Otherwise, select the value to associate with the action determined in the previous step.

Step 8: Click Create.

A message confirming creation will appear, and the new parser action will be displayed in the list.

Cobalt is an integrated pentesting platform facilitating communication between development and security teams. Cobalt helps developers identify and mitigate security vulnerabilities in their code by specifying security policies and checking compliance. The tool can detect many vulnerabilities, including buffer overflows, integer overflows, and format string vulnerabilities.

Cobalt findings can be imported into a PlexTrac report.

Field Mappings

Below are the field mappings from Cobalt to PlexTrac, broken up by findings and assets.

Tables include the following columns:

• Cobalt Field: the field name that appears in Cobalt

• PlexTrac Field: the field name that appears in PlexTrac

• Direction: displays the direction in the flow of data occurring for the integration (a value of "x" means that the value is not imported)

• Required: denotes if a value is required for the import to be successful

• Notes: additional information

Findings Field Mappings

Asset Field Mappings

Deduplication Logic

If a duplicate finding title is found during import, the finding title in PlexTrac is appended with the finding unique identifier value pulled from Cobalt in parenthesis at the end of the finding title.

Integrating with Cobalt

Step 1: From the Admin Dashboard, click Integrations under "Tools & Integrations."

Step 2: Click Connect within the Cobalt box.

Step 3: If existing connections exist, they are listed on this page. To set up a new integration, click the New connection button.

Step 4: A modal appears with four tabs. Enter a name for the integration, the Cobalt URL, and the Cobalt API key. Click Continue.

Step 5: Select the Cobalt organization value from the pulldown menu. Click Continue.

Step 6: A list of the field mappings from Cobalt to PlexTrac is displayed. Click Save.

Step 7: A log of integration attempts is listed. Since an attempt to synchronize is attempted after entering configuration information on the first tab, at least one entry will be listed. Click Close.

Editing Existing Connections

Cobalt integrations can be edited by clicking Edit under the "Actions" column.

Cobalt integrations can be disabled by clicking the toggle bar under the "Enabled" column.

Cobalt integrations can be manually synchronized by clicking Sync under the "Actions" column.

Cobalt integrations can be deleted by clicking the three dots under the "Actions" column and then clicking Delete. A modal will appear, asking for confirmation of the action.

PlexTrac integrates with Edgescan, allowing users to import the findings from Edgescan's vulnerability detection into a PlexTrac report. This integration streamlines the process by leveraging Edgescan's automated vulnerability scanning capabilities and the reporting and management features of PlexTrac.

Field Mappings

Below are the field mappings from Edgescan to PlexTrac, broken up by findings and assets.

Tables include the following columns:

• Edgescan Field: the field name that appears in Edgescan

• PlexTrac Field: the field name that appears in PlexTrac

• Direction: displays the direction in the flow of data occurring for the integration (a value of "x" means that the value is not imported)

• Required: denotes if a value is required in the field for the import to be successful

• Notes: additional information

Findings Field Mappings

Asset Field Mappings

After a finding from Edgescan is imported into a report, metadata and content are presented within PlexTrac on the Finding Detail page, as shown below. The finding source value is "Edgescan," and any tags associated with the finding from Edgescan are provided along with any added within PlexTrac when imported.

Deduplication Logic

If a duplicate finding title is found during import, the finding title in PlexTrac is appended with the Edgescan Vulnerability ID in parenthesis at the end of the finding title.

Integrating with Edgescan

Step 1: From the Admin Dashboard, click Integrations under the "Tools & Integrations" header.

Step 2: Click the Edgescan box.

Step 3: Click New connection.

Step 4: On the Configuration Details tab, enter a name for the integration, the Edgescan URL value, the Edgescan API key, and if closed vulnerabilities should be included.

• Integration name: A name for this integration. When importing findings, this value will appear elsewhere in the platform along with other enabled integrations, so pick a unique but accurate name.

• Edgescan URL: The Edgescan instance URL.

• Edgescan API Key: The Edgescan instance API key. Visit Edgescan support for information on generating an API key.

• Closed Vulnerabilities: Determines whether to include closed vulnerabilities and, if yes, the time of closure to consider for inclusion.

Step 5: On the Mapping tab, review the mappings and select the fields to import into PlexTrac by validating that the checkbox next to the field is selected. To ignore a field upon import, uncheck the box under the "Sync" column. Required fields (checkbox is greyed out) cannot be altered.

Step 6: Click Save.

Step 7: A message on the First Synch tab will confirm if the synch was successful. If successful, click Got It.

The connection is now listed.

Editing Existing Connections

Connections are edited by clicking Edit under the "Actions" column.

Connections can be disabled by clicking the toggle bar under the "Enabled" column.

Connections can be manually synchronized by clicking Sync under the "Actions" column.

Connections can be deleted by clicking the three dots under the "Actions" column and then Delete. A modal will appear, asking for confirmation of action.

Findings from Edgescan can now be imported into a report.

Viewing Logs

Step 1: Click Edit of the connection to review.

Step 2: Click the Synch Log tab.

A list of all synchronization records and status results is provided.

Step 3: Click View to obtain more information about a specific record.

Step 4: More details about remote URLs and JSON responses are available by clicking the headers below to expand the section.

Click Ok or Cancel to return to the previous modal.

PlexTrac offers an integration with ServiceNow's ITSM and GRC platform modules to allow red and blue teams to collaborate without switching between workflow tools.

ServiceNow GRC (Governance, Risk, and Compliance) is a module of the ServiceNow platform that helps organizations manage their governance, risk, and compliance processes. ServiceNow ITSM (IT Service Management) is a module of the ServiceNow platform that enables organizations to manage their IT services and operations.

Overview

Data flows from PlexTrac to ServiceNow when a finding is used to create a ticket but only from ServiceNow to PlexTrac after setup. The synchronization between PlexTrac and ServiceNow occurs every 30 minutes.

Creating a Ticket

Step 1: On the row of the finding used to create a ticket, click the three dots under the "Actions" column and click Link ServiceNow ticket.

Step 2: A modal appears. Select the ServiceNow module, the ticket type, and the priority.

Step 3: Click Save.

The finding now shows the ServiceNow ticket ID and a hyperlink to access the ticket on ServiceNow.

Field Mappings

When a PlexTrac finding is used to create a ticket in ServiceNow, it defaults to a status of New with the following information populated:

When the ticket is created, the priority and issue rating values are stored within ServiceNow.

Existing Ticket Updates

After the ticket is created in ServiceNow, that ticket can only be modified from ServiceNow.

The following fields are then sent from ServiceNow to PlexTrac:

Status Mappings

Below are the mappings of status from ServiceNow to PlexTrac for the various scenarios:

For a task and ticket:

For an incident:

For an sn_grc_issue:

Timestamp Logic

Timestamps are captured in two scenarios for this integration:

• When the issue type is created in ServiceNow

• When a work note is created or updated in ServiceNow

Issue Type Timestamps

The timestamp is derived from the time zone set for the ServiceNow instance. PlexTrac has no influence on this time zone.

Scenario: A user in PlexTrac links a finding with ServiceNow. An issue type is created in ServiceNow, and a time stamp is applied to the creation date based on how that ServiceNow instance was configured.

Work Note Timestamps

The timestamp is derived from when the integration sync last ran, not when the work note was created in ServiceNow. It is not a real-time integration timestamp.

Scenario: A user in SerivceNow adds a comment to an associated finding, which triggers an integration event with PlexTrac. When that happens, a note is created in PlexTrac with a timestamp of the synchronization event. That timestamp is stored within PlexTrac in UTC time and then presented to the user in their local time when viewed in PlexTrac.

Configuring an Integration

Step 1: From the Admin Dashboard, click Integrations under "Tools & Integrations."

Step 2: Click Connect within the ServiceNow box.

Step 3: Click Configure ServiceNow Integration.

Step 4: Select the integration authentication method.

Step 5: Enter the information into the provided boxes and click Test Connection.

A message will appear to confirm if the connection was successful or not.

Step 6: View the available modules to identify which fields have read and write access. Click Confirm.

Webhooks are a real-time, event-driven communication method that allows PlexTrac to send data automatically when a specific event occurs. Using HTTP POST requests, webhooks enable immediate data transfer without constant polling, making them efficient and lightweight. By providing a unique URL for event notifications, webhooks facilitate automation and real-time updates between applications while ensuring security through authentication methods and encryption.

Webhooks vs. APIs

APIs use a pull model where clients request data from servers, while webhooks employ a push model, automatically sending data to clients when specific events occur. APIs often require polling for updates, which can introduce latency and consume resources, whereas webhooks provide real-time notifications, making them more efficient for immediate actions. While APIs are suited for complex data manipulation and retrieval, webhooks excel in automating workflows with simple event-driven notifications. Additionally, APIs necessitate client-initiated requests, while webhooks require clients to set up a URL endpoint to receive data.

List of Webhooks

Webhook events offered at this time:

• Report Publish Status

• New Assessment Submission

• New Engagement request from the Schedule module

Creating a Webhook

Step 1: From the Admin Dashboard, click the Webhooks button under "Integrations & webhooks."

Step 2: Click New webhook.

Step 3: Provide a webhook name and confirm if this applies to all clients or a specific one(s). Click Continue.

Step 4: Insert the url of the application receiving the webhook data, select the event this webhook will be tracking from the pulldown menu, and enter the secret to validate authentication of the connection (if applicable).

Step 5: Click Test connection to validate the configuration of an endpoint.

When activated, this test initiates a series of checks to ensure everything functions correctly. First, the button verifies that the provided URL is valid and accessible and no redirect occurred. It checks that the domain resolves correctly and that the endpoint responds with a 200 OK status code, indicating that it is operational. In addition to these validations, the endpoint must respond within five seconds, although the response time should be under one second for optimal efficiency.

For security purposes, if a secret is used, the button generates an HMAC-256 signature and includes it in the X-Authorization-HMAC-256 header of the POST request. This ensures that any communication with the endpoint remains secure.

Step 6: Click Save.

The webhook is enabled by default but can be turned off by toggling the bar under the "Enabled" column.

Managing Webhooks

Existing configurations can be modified by clicking Edit under the "Actions" menu of the webhook.

Webhooks can be deleted, or event logs can be viewed by clicking the three dots under the "Actions" menu of the webhook.

Tenable Vulnerability Management (VM) is a suite of cloud vulnerability management products that can export findings into PlexTrac via API.

Multiple integrations can be configured per instance or for specific clients.

Field Mappings

Below are the field mappings from Tenable to PlexTrac, broken up by findings and assets.

Tables include the following columns:

• Tenable VM Field: the field name in Tenable VM

• Direction: displays the direction in the flow of data occurring for the integration

• PlexTrac Field: the field name in PlexTrac

Findings Field Mappings

If a field is not listed, then PlexTrac does not currently import.

Assets Field Mappings

If a field is not listed, then PlexTrac does not currently import.

Deduplication Logic

PlexTrac will not import findings from Tenable that have the same combination of plugin ID and severity.

Integrating Tenable

Step 1: From the Admin Dashboard, click Integrations under "Tools & Integrations."

Step 2: If licensed, the option to connect will appear (if not, the box will display a lock icon and "License required"). Click the Tenable box.

Step 3: Enter a connection name and select if this integration is across the tenancy or for a client (if specific to one client, select the client of the pulldown menu). Click Continue.

Step 4: Select "Connect to Tenable Vulnerability Management." Enter the Tenable URL, access key, and secret key. Click Continue.

If the keys are correct, a confirmation message will confirm successful synchronization.

Step 5: Edit the field mappings on the provided tabs for findings and assets, or continue using the defaults.

Information flows only from Tenable to PlexTrac. Fields required by PlexTrac are identified with a red asterisk.

Fields that can be deleted will have an "X" next to the PlexTrac field when hovering over with the cursor. A confirmation message will appear after clicking X.

Configurable fields can be adjusted by clicking the purple line and deleting the existing connection.

Click on the Tenable field and the desired PlexTrac field to map and create a new connection.

Click Continue when finished.

The integration appears in the table as a listed connection.

Synchronizing

PlexTrac offers two synchronization options for Tenable integrations, allowing off-cycle syncs in addition to the regular hourly script.

1. Sync: This option allows an off-cycle synchronization off cycle and typically takes less than ten minutes.

2. Full Sync: This option looks at the complete Tenable database. It can be several hours, although it happens in the background and does not prevent using PlexTrac for other tasks.

Synchronization History

To view sync history, click Synch history under the actions menu of the integration.

Managing Integrations

Any existing integration can be disabled temporarily or deleted if no longer needed.

Disabling an Integration

To disable an integration, click the toggle button for the integration under the "Enabled" column. This action also disables the ability to synchronize the integration.

Deleting an Integration

To delete an integration, click the three dots under the "Actions" column and then Delete.

In Security & User Management, admins manage authentication, multi-factor prompts, user groups, access permissions, report access, and user account settings.

Security & User Management contains the following sections:

PlexTrac integrates with HackerOne, a platform that facilitates vulnerability coordination and bug bounty programs. It connects organizations that want to improve the security of their software and systems with a community of ethical hackers, also known as white-hat hackers, who are skilled in finding and reporting security vulnerabilities.

Integration Overview

An integration with HackerOne and PlexTrac consists of three parts:

1. Enabling the feature via the license key.

2. Obtaining the HackerOne API Key Identifier and HackerOne API Key values.

3. Configuring PlexTrac to complete the setup.

Enabling HackerOne

When a license is obtained, insert the license key into PlexTrac via the Admin Dashboard>Licensing page.

Creating an API Token

Once the feature has been enabled, the next step is to obtain the HackerOne API Key Identifier and HackerOne API Key values.

Step 2: Click Create API Token.

Step 3: Enter an identifier value into the provided box. Click Create.

Step 4: Copy the API key to a secure place (it will not be accessible after this point). Click I have stored the API Token.

Step 5: The API token just created appears at the top of the API page (an email will also be sent confirming the action). Click Manage groups in the row of the token.

Step 6: Check the desired boxes to define the user's permissions for this group. Click Apply changes.

Configuring PlexTrac

Step 1: From the Admin Dashboard, click Integrations under "Tools & Integrations."

Step 2: Click Connect in the HackerOne card.

Step 3: A modal appears with three tabs. On the first tab, enter the following information:

1. Integration Name: This value is seen by users when selecting which tool to import findings from into a report, so pick a value that quickly identifies the integration.

Step 4: Click Save.

Step 5: In the "Mapping" tab, select which fields to import from HackerOne to PlexTrac.

Required fields are grayed out in the "Synch" column. The other fields are optional and can be removed from import by clicking the checkbox to remove the checkmark. Click Save.

Step 6: A message will validate that the synch was successful. Click Got It.

HackerOne now appears as "connected" on the Integrations page.

Disabling Integration

The integration can be temporarily turned off and on via the toggle button under "Enabled."

Editing Integration

Click Edit under the "Actions" column to adjust existing settings.

Viewing Logs

Step 1: Click Edit under the "Actions" column.

Step 2: Click the Sync Log tab.

Step 3: Click View of the desired log to read.

Tenable Security Center (Tenable.sc) is a vulnerability management solution that provides visibility into the security posture of IT infrastructure. It consolidates and evaluates vulnerability data, illustrates vulnerability trends over time, and assesses risk with actionable context for effective remediation prioritization, which then can be imported as findings into PlexTrac via API.

Multiple integrations can be configured per instance or for specific clients.

Field Mappings

Below are the field mappings from Tenable to PlexTrac, broken up by findings and assets.

Tables include the following columns:

• Tenable SC Field: the field name in Tenable SC

• Direction: displays the direction in the flow of data occurring for the integration

• PlexTrac Field: the field name in PlexTrac

Findings Field Mappings

If a field is not listed, then PlexTrac does not currently import.

Assets Field Mappings

If a field is not listed, then PlexTrac does not currently import.

Deduplication Logic

PlexTrac will not import findings from Tenable that have the same combination of plugin ID and severity.

Integrating Security Center

Step 1: From the Admin Dashboard, click Integrations under "Tools & Integrations."

Step 2: If licensed, the option to connect will appear (if not, the box will display a lock icon and "License required"). Click the Tenable box.

Step 3: Enter a connection name and select if this integration is across the tenancy or for a client (if specific to one client, select the client of the pulldown menu). Click Continue.

Step 4: Select "Connect to Tenable Security Center." Enter the Tenable URL, access key, and secret key. Click Continue.

If the keys are correct, a confirmation message will confirm successful synchronization.

Step 5: Edit the field mappings on the provided tabs for findings and assets, or continue using the defaults.

Information flows only from Tenable to PlexTrac. Fields required by PlexTrac are identified with a red asterisk.

Fields that can be deleted will have an "X" next to the PlexTrac field when hovering over with the cursor. A confirmation message will appear after clicking X.

Configurable fields can be adjusted by clicking the purple line and deleting the existing connection.

Click on the Tenable field, then click on the desired PlexTrac field to map and create a new connection.

Click Continue when finished.

The integration appears in the table as a listed connection.

Synchronizing

PlexTrac offers two synchronization options for Tenable integrations, allowing off-cycle syncs in addition to the regular hourly script.

1. Sync: This option allows an off-cycle synchronization off cycle and typically takes less than ten minutes.

2. Full Sync: This option looks at the complete Tenable database. It can be several hours, although it happens in the background and does not prevent using PlexTrac for other tasks.

Synchronization History

To view sync history, click Synch history under the actions menu of the integration.

Managing Integrations

Any existing integration can be disabled temporarily or deleted if no longer needed.

Disabling an Integration

To disable an integration, click the toggle button for the integration under the "Enabled" column. This action also disables the ability to synchronize the integration.

Deleting an Integration

To delete an integration, click the three dots under the "Actions" column and then Delete.

In Security, admins can manage authentication methods, configure MFA, authorize users for specific roles, and create classification tiers to enforce additional layers of access to reports.

The Security section contains the following sections:

An audit log records events or activities within PlexTrac. Its primary purpose is to provide a chronological and detailed account of actions taken by users and processes, along with relevant information such as timestamps, user IDs, and specific event details.

The audit log is found under the Audit log button of the Admin Dashboard under "Security & User Management."

Actions Recorded

The following key actions are recorded in the audit log:

• Logins (successful, failed, lockouts, etc.)

• Password changes

• User creation/deletion/updates

• RBAC changes (e.g., a user is assigned to a client)

The audit log displays events for 120 days, updating on the first day of each month.

Using the Audit Log

The page defaults to the most recent events and lists the user, event, and time of the action. Use the filters above to narrow the dates of the events or search for a specific event.

For example, to find users who changed their password in the past month, click the box for "Start date" and select the past 30 days, then type "password" into the search box.

The list of events presented on the page dynamically updates.

PlexTrac offers an integration with Jira Cloud and Jira Data Center to allow red and blue teams to collaborate without switching between tools.

PlexTrac provides the option to synchronize with Jira in the following ways:

• Unidirectionally from PlexTrac to Jira

• Unidirectionally from Jira to PlexTrac

• Bidirectionally

• One-time from PlexTrac to Jira

• One-time from Jira to PlexTrac

The integration can be with one or more Jira projects, and each project can have mappings of fields and project issue types configured separately.

Setting up a Jira Integration

Step 1: From the Admin Dashboard, click Integrations under "Tools & Integrations".

Step 2: Click the Jira box.

Step 3: Select if the integration is with Jira Cloud or Jira Server.

Step 4: Input the correct information in the provided fields.

Step 5: Click Save & Continue.

If a successful connection is found, the tool will progress to the next tab to continue. If the connection is unsuccessful, a warning message will appear at the top of the page, and progression will only be possible once the error is resolved.

Step 6: On the Select projects tab, choose the project(s) from Jira to integrate with by clicking the box next to the desired project. Only these projects will be available when creating tickets from findings. Click Continue with all projects when finished.

Step 7: On the Map fields tab, select a project to configure from the pulldown menu "Project name."

Step 8: Select the Jira project issue type to configure from the provided list.

Step 9: Review the default mappings and adjust as desired.

The direction and synch of information between fields are identified from the symbol displayed between the PlexTrac and Jira fields.

To modify the direction, click the icon, then select the desired direction from the options provided. The icon arrow points to the direction the information flows between the two fields.

1. Jira to PlexTrac (Continuous sync)

   When a change occurs in a Jira issue, the connected PlexTrac finding will be updated. When changes occur in PlexTrac, the Jira issue will not be updated. PlexTrac findings cannot be created from Jira issues. Syncing from Jira to PlexTrac will occur after the initial issue creation.

2. Bidirectional (Continuous sync)

   When a change occurs in a PlexTrac finding, the connected Jira issue will be updated. When changes occur in Jira, the PlexTrac finding will be updated.

3. PlexTrac to Jira (Continuous sync)

   When a change occurs in a PlexTrac finding, the connected Jira issue will be updated. When changes occur in Jira, the PlexTrac finding will not be updated.

4. PlexTrac to Jira (One-time sync) Syncs data from PlexTrac to Jira upon ticket creation. A change in a PlexTrac finding will not be synced to the connected Jira issue.

Step 10: Repeat this process for each project issue type.

To add a new row for additional mappings not provided by default, click the plus icon at the bottom (after the last mapping).

Click within the pulldown menu of the previous row just added to select the new PlexTrac field.

After selecting the field in Jira to map with, use the provided field values to configure the relationship between PlexTrac and Jira by clicking the plus sign on one box and clicking on the desired box in the other system to create a visible purple line denoting the relationship.

Existing lines can be deleted by hovering over the line and clicking the red x.

To delete any row, hover over it with the cursor and click the red trashcan icon.

Step 11: Click Save & Continue.

Step 12: Set how often data from Jira refreshes in PlexTrac on Select settings & save tab using the pulldown menu.

Click Save & Continue when finished.

A modal will briefly appear, confirming the success of integration.

Mapping PlexTrac Custom Fields

PlexTrac custom fields can be added for mapping to a Jira field, including fields with a dropdown menu.

Step 1: Click the plus icon at the bottom of the Map fields tab (after the last existing mapping).

Step 2: Click the pulldown menu on the Jira column of the row just added to see the available fields in Jira to map.

The Jira field must have a data type value of "String," "Option of strings," or "Non-Nullable String." The Jira data type is shown in the right column of the Jira fields when looking at the options provided in the Jira field pulldown menu.

Step 3: Click within the PlexTrac column pulldown menu of the row just added and select "Custom Field" from the list.

Step 4: Enter the custom field key name.

Step 5: Click Save.

Mapping Jira Custom Fields

Jira custom fields available for mapping can be viewed by clicking a field in the Jira column and scrolling to the bottom of the window under the label "CUSTOM."

Mapping Finding Reported Date

The finding reported date can be mapped so that any future findings will automatically update this value in Jira.

Step 1: Click the plus icon at the bottom of the Map fields tab (after the last existing mapping).

Step 2: Click the pulldown menu on the Jira column of the row just added and select "Start Date."

Step 3: Click the pulldown menu on the PlexTrac column of the same row and select "Created Date."

Step 4: Click Save.

Any linked findings in PlexTrac will now be updated in Jira. If the mapping is configured for bidirectional, changes in this value in Jira will update in PlexTrac the next time data synchronization occurs.

Editing a Jira Integration

Step 1: From the Admin Dashboard, click Integrations under "Tools & Integrations".

Step 2: Click the Jira box that shows the status of "Connected."

Step 3: Click Edit under the "Actions" menu of the connection to modify.

Step 4: Go to the desired tab to adjust as desired.

Disabling a Jira Integration

Two ways exist to disable a Jira integration:

1. Temporarily, by toggling the button under the "Enabled" column.

2. Permanently, by clicking Delete under the "Actions" column.