In Tenant Settings, admins can manage different aspects of their tenant effectively. They can change the tenant name, activate dark mode for a personalized feel, view and add licenses, set default finding status, configure sub-status options, manage notification and server settings, create email templates, and set up short codes.

Tenant Settings contains the following sections:

The Service-Level Agreements (SLAs) button under "Tenant Settings" in the Admin Dashboard allows management of SLA settings, such as severity, days to close, notifications, and tags.

SLAs are designed to ensure that cybersecurity measures meet specific standards and expectations and are critical to managing and enhancing an organization's overall security posture.

Configuring Views

The table view can be customized by clicking the column view icon to the right of the search bar.

Once clicked, a modal appears that lists all fields. To remove a column, click X within the bar.

When fields are removed, an "Add Column" pulldown menu is added at the bottom left of the modal to store the field. Any removed fields can be added later by clicking Add Column and selecting the field to add.

This modal represents the sequence of fields provided in the table, meaning the bar on top will be the column on the table's far left.

The order of columns can be adjusted within this modal by clicking the six dots on the left of the bar for a field and dragging the bar to the desired sequence place.

Click Save when finished.

Creating a SLA

Step 1: Click New Service-Level Agreement.

Step 2: A modal will appear. Enter an SLA name, define how many days should exist to close the SLA and the finding severity that the SLA applies to. All other fields are optional.

1. SLA Name: This is a required field. Duplicate SLA names can exist.

2. Days to Closed: This is a required field. Enter a numeric value representing how many days are allowed to close a finding. For example, a value of "2" means that if a finding for the defined severity has not been closed within two days of being opened, it exceeds the SLA.

3. Finding Severity: This is a required field. Select the finding(s) severity to be tracked as part of the SLA. More than one severity can be selected.

4. Finding Tags: This allows an SLA to include findings with specific tags. Leave blank to include all tags. More than one value can be selected.

5. Asset Criticality: If a value is selected, the SLA will only track Assets with the selected criticality. More than one value can be chosen.

7. Daily summary email...: When checked, an email summary of findings nearing and exceeding SLA for the tenancy level that the user is assigned to or added as another recipient is sent daily.

8. Send reminder X hours before the SLA is exceeded: When checked, an email is sent. Findings included in this reminder will also be listed as “Nearing SLA” within Trends & SLA analytics.

9. Send notification when the SLA has been exceeded: When checked, a notification will be sent to recipients until remediated.

10. Other recipients: Additional recipients can be added via the pulldown menu. The users selected will have the same experience described in NOTIFICATIONS above, assuming they have permission to view any findings or SLAs.

11. Daily summary email of findings nearing and exceeding an SLA: When checked, a daily email is sent.

12. Send reminder X hours before the SLA is exceeded: When checked, a reminder is sent. Findings included in this reminder will also be listed as “Nearing SLA” within Trends & SLA analytics.

13. Send notification when an SLA has been exceeded: When checked, a notification is sent when an SLA has been exceeded.

Step 3: Click Save at the bottom of the modal.

The General Settings button under "Tenant Settings" in the Admin Dashboard allows management of answer types, the default behavior of findings status for published reports, managing finding sub-status and enabling rapid templating.

Answer Types

All users can select a custom data set when creating a question under an Assessment Questionnaire, but only Admins can define the custom data set. Once an assessment is submitted, all questions are transformed into findings, including custom fields. PlexTrac then assigns a status to each finding, using business rules corresponding to the answer type and values of the question.

PlexTrac-provided answer sets cannot be edited or deleted. The 14 default out-of-the-box answer sets are displayed in the following screenshot:

Creating Answer Types

Step 1: Click the collapsed container under Answer Types.

Step 2: Click Create.

Step 3: Enter an answer type label, then click Add Answer.

Step 4: Enter an answer value and click Add Answer again (every answer type value must have at least two answers). When finished, click Save.

By default, the answer type appears at the bottom of the table.

If configured to be visible, the answer set can now be selected from the available Answer Types when building a question inside a Questionnaire.

Managing Existing Answer Types

To edit an answer type created by an admin, find the answer type from the list and click the green circle icon:

To delete an answer type created by an admin, find the answer type from the list and click the red trash can icon:

Findings Default Published

This configuration determines if findings are set to "Draft" or "Published" when added to a report that has already been published.

Toggle the button to the desired status.

If the findings default status is set to "Draft," all new findings are created in draft status and not viewable to analysts until published (individually or in bulk). If set to "Published," analysts will have access to all findings in published reports for clients they are authorized to view.

Manage Finding Sub-Statuses

This allows an admin to add additional tags available for an additional level of detail to associate with a finding in the "Sub Status" field, which exists under the Findings Details tab of a finding.

The value(s) provided to a user in the pulldown menu are dictated by the value selected for the status of the finding, as the values have a child relationship to the parent value.

To add a sub-status value, place the cursor in the desired parent status field and enter the value. To delete a value, click the "x" of the value to remove it.

Rapid Templating

This feature determines the options available to a user when exporting a report. Toggle the button under "Rapid Templating" to the desired status.

When Rapid Templating is off, and a report is exported, the report will immediately download to the local environment in the format associated with the report.

When Rapid Templating is on, after the desired export format is selected from the pulldown menu, an additional modal will appear, allowing a specific template to be used.

Select the desired export template and click Export.

The Tags Settings button under "Tenant Settings" in the Admin Dashboard allows management of the tags. Tags are listed alphabetically in groups of 20.

Creating a Tag

Type the desired tag value in the "New tag name..." box and click Create Tag.

Finding a Tag

Insert the cursor in the "Type to search tags..." field and type the query. The list of tags will be filtered by the content in the search box.

Deleting a Tag

Search for and identify the tag to delete and click Delete under the "Actions" column of the row for that tag.

Viewing Tags

If more than 20 tags exist, click the Previous 20 and Next 20 buttons at the bottom of the page to navigate forward and backward and view tags on other pages.

The Short Codes button under "Tenant Settings" in the Admin Dashboard provides the ability to replace predefined strings or variables in a report with new values, reducing the need to edit each report. Using short codes makes report creation more efficient and reduces maintenance, as it reduces the time to edit.

Short codes can pull data from a report custom field or a client custom field, depending if the short code applies to all reports for a client or one specific report.

Default Short Codes

PlexTrac provides six short codes that pull data from non-custom fields and are listed on the Default tab. These variables cannot be modified or deleted.

Creating a Short Code

Step 1: From the Custom tab of the Short Codes page within the Admin Dashboard, click Create Short Code.

Step 2: Enter the appropriate values in the provided fields.

1. Short Code field: The string inserted in reusable rich text fields that will be replaced after activation. Short Codes must follow the following rules:

   • Be a single string with no spaces

   • Begin and end with two percent symbols

   • No special characters other than an underscore and the aforementioned percent symbols

   • Follow the standard of %%MY_SHORT_CODE%% when “MY_SHORT_CODE” is the desired string

2. Source field: The value from which the short code is replaced and can originate from either a report or client custom field.

3. Custom Field Label field: The value associated with the short code that will be entered in a client or report custom field to generate the replacement value. Below is an example of a short code's Custom Field Label value ("Client Domain") used in a report.

Step 3: Click Save.

The new short code is inserted at the bottom of the list on the Custom tab.

Editing Short Codes

Custom Short codes can be modified by clicking Edit in the "Actions" column of the applicable short code.

Deleting Short Codes

Custom short codes can be removed by clicking Delete in the "Actions" column of the applicable short code.

A modal will appear, confirming the action. Click Confirm Delete.

Email settings are located under the "Tenant Settings" section in the Admin Dashboard. This section provides administrators with options to manage and configure various aspects related to email setup and notifications. The Email Settings page displays three tabs, enabling admins to adjust and personalize the email settings based on their preferences. These tabs facilitate access and control over notification settings, email servers, and email templates.

Notification Settings Tab

The Notification Settings tab is used to manage when email notifications are sent to users. Notifications can be configured by the report, finding, substatus, or assignment by clicking the toggle bar on or off.

Server Settings Tab

The Server Settings tab manages the configuration of a custom email server. PlexTrac defaults to its email service but supports SMTP (Simple Mail Transfer Protocol) and OAuth (Open Authorization).

Configuring Mail Server

Step 1: From the Admin Dashboard, click Email Settings under "Tenant Settings."

Step 2: Click Configure Mail Server.

Step 3: A modal appears. Enter the appropriate information in the required fields.

• Email Server URL: Refers to the domain or hostname of the server that handles incoming and outgoing emails for the email account or domain. The specific email server name can vary depending on the email service provider or the organization's email infrastructure.

• Port: PlexTrac supports standard SMTP (Simple Mail Transfer Protocol) ports, and those options are provided in the pulldown menu for this field:

  • SMTP with SSL/TLS encryption (SMTPS): 465 (secure)

  • SMTP (unencrypted): 25 (not secure)

  • SMTP with STARTTLS encryption: 587 (not secure)

Step 4: Select the mail server authentication type if different than the default value of "None."

• None: No authentication is used, and the email server allows open relay without requiring credentials. It is not secure or recommended, but it is sometimes used for internal and testing purposes.

• Basic: A simple username and password combination is enabled. Credentials are sent in plain text or base64 encoded. This method is less secure than OAuth2, especially if it is not used with encryption (TLS/SSL).

• OAuth2: This provides a more secure and flexible authentication method, as it does not require sending the actual username and password with each request. It supports short-lived access tokens and long-lived refresh tokens. It is more complex to set up but offers enhanced security. This page provides more information on obtaining the required information from Google to set up OAuth.

Step 5: Click Save.

If the connection is unsuccessful, a message will be displayed at the top of the page.

Validate the data entered, make necessary changes, and click Save again.

Removing Existing Configuration

Click Remove Mail Configuration to remove and change the current email server configuration to the default PlexTrac email service.

E-mail Templates Manager Tab

The E-mail Templates Manager tab manages the format, information, and structure of emails sent to users within a tenancy and allows for the configuration of email white labeling.

Email White Labeling

The application defaults to PlexTrac values for the "From Name" and "From Address." To change the name and email address, edit the fields under "EMAIL WHITE LABELING" and click Submit.

Email Templates

PlexTrac offers a collection of email templates that are automatically dispatched to users upon completing specific actions or tasks. These templates serve as predefined messages but can be modified and tailored to individual requirements.

Admins can customize the templates as needed by incorporating their company logo, removing short codes, enhancing the HTML, or including specific messaging to align with their branding and communication style. This feature enables admins to create email communications matching their style and messaging preferences.

To edit an email template, click the green icon under the "Actions" column next to the email.

Short codes can be used in emails as wildcards to replace text. Available codes are listed at the bottom of the email template.

The Account Information button under "Tenant Settings" in the Admin Dashboard provides configuration of tenant information, including changing the tenant theme (light or dark), uploading a tenant logo and icon, and changing tenant name.

Changing Tenant Light/Dark Mode

To change the mode of the tenancy from light to dark, click the desired mode. The change is immediate.

Any images loaded light mode will disappear. Images will need to be reloaded for dark mode.

Adding Tenant Images

Step 1: Click Upload Tenant Images.

Step 2: Click the box of the image to upload, and drag the file into the box or navigate to that image on the computer.

Step 3: Click Submit.

The logo will appear at the top of the left navigation bar.

Editing Tenant Name

Step 1: Click Edit Tenant Information.

Step 2: Enter the desired information and click Submit.

The new value appears on the Account Information page. After refreshing page, the new value appears as the Tenant Administration value.