Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Account settings are accessed by clicking the user name in the upper right of the page.
For standard users (non-admins), the drop-down menu will provide options to select Profile, Help Center, and Logout:
For admins, the drop-down menu will provide options to select Profile, Account Admin, Help Center, and Logout:
The Personal Settings page provides the ability to upload a profile image, change the user display name, view the email on file, select a theme mode (light or dark), update the user password, configure how dates are displayed, and set up and management of multi-factor authentication (MFA).
The personal settings page is reached by clicking the user name in the upper right and then clicking Profile.
The Personal Settings page has three tabs:
The Admin Dashboard is reached by clicking the user name in the upper right of the page and then clicking Account Admin.
The Admin Dashboard includes the following sections:
Users can change their password in the Personal Settings section by navigating to the Change Password tab. This feature empowers users to maintain the security and integrity of their accounts by periodically updating their passwords.
All of the listed requirements must be met to create an acceptable password.
a minimum of 12 characters
one lowercase character
one uppercase character
one number
one special character
Users can also access the password requirements within the platform by clicking on the "?" next to the "Enter New Password" label.
The Profile tab allows users to customize and manage their accounts by adjusting their user names and profile pictures. They can also tailor the date format to their personal preference or regional settings. Plus, there's an option for a dark mode interface that's easy on the eyes in low-light conditions.
Step 1: From the Profile tab of the Personal Settings page, click the avatar circle under "Profile Image" to bring up a dialog box.
Step 2: Drag an image to the dialog box or click the box to navigate to the file on the computer. Click Submit.
The new image is now shown in the Profile tab and next to the user name at the top right of the platform.
Step 1: From the Profile tab of the Personal Settings page, click the avatar circle under "Profile Image" to bring up a dialog box.
Step 2: Click Delete Profile Image. The modal will disappear, and PlexTrac will revert to the default grey avatar icon.
The modal will disappear, and PlexTrac will revert to the default grey avatar icon.
The name displayed for a user throughout PlexTrac is managed here. Users can update their information by entering the desired values in the "First Name" and "Last Name" fields.
After making the necessary changes, click Update Settings at the bottom of the page to save the updated information.
The new name value may not appear immediately without a browser refresh. To confirm the change, an email will be sent to the address on record.
To switch between Light and Dark Mode on PlexTrac, adjust the toggle button under "Theme Mode."
The date format can be configured to display in one of three options: YYYY-MM-DD, DD-MM-YYYY, or MM-DD-YYYY.
In Tenant Settings, admins can manage different aspects of their tenant effectively. They can change the tenant name, activate dark mode for a personalized feel, view and add licenses, set default finding status, configure sub-status options, manage notification and server settings, create email templates, and set up short codes.
Tenant Settings contains the following sections:
All changes to a user name must be confirmed by clicking Update Settings.
The Tags Settings button under "Tenant Settings" in the Admin Dashboard allows management of the tags. Tags are listed alphabetically in groups of 20.
Type the desired tag value in the "New tag name..." box and click Create Tag.
Omit hyphens in tags. Hyphens are not supported and will be removed and replaced with an underscore when a file that includes a hyphen is imported.
Insert the cursor in the "Type to search tags..." field and type the query. The list of tags will be filtered by the content in the search box.
Search for and identify the tag to delete and click Delete under the "Actions" column of the row for that tag.
No confirmation modal is provided, and action is immediately executed. This cannot be undone.
If more than 20 tags exist, click the Previous 20 and Next 20 buttons at the bottom of the page to navigate forward and backward and view tags on other pages.
Email settings are located under the "Tenant Settings" section in the Admin Dashboard, providing administrators options to manage and configure various aspects related to email setup and notifications. The Email Settings page displays three tabs, enabling admins to adjust and personalize the email settings based on their preferences. These tabs facilitate access and control over notification settings, email servers, and email templates.
The Notification Settings tab manages when email notifications are sent to users. Notifications can be configured by the report, finding, substatus, or assignment by clicking the toggle bar on or off.
When all email notifications are disabled, the only emails sent from the system are actions related to a user's profile (personal settings).
The notification of report status changes for assigned users is permanently disabled.
The Server Settings tab manages the configuration of a custom email server. PlexTrac defaults to its email service but supports SMTP (Simple Mail Transfer Protocol).
Step 1: From the Admin Dashboard, click Email Settings under "Tenant Settings."
Step 2: Click Configure Mail Server.
Step 3: A new modal appears. Enter the appropriate information in the provided fields.
Email Server: Refers to the domain or hostname of the server that handles incoming and outgoing emails for the email account or domain. The specific email server name can vary depending on the email service provider or the organization's email infrastructure.
Port: PlexTrac supports standard SMTP (Simple Mail Transfer Protocol) ports, and those options are provided in the pulldown menu for this field:
SMTP with SSL/TLS encryption (SMTPS): 465 (secure)
SMTP (unencrypted): 25 (not secure)
SMTP with STARTTLS encryption: 587 (not secure)
Username: The email address or username associated with the email account.
Password: The password for the email account.
Step 4: Click Verify Mail Configuration to validate settings.
A message will appear at the top of the page verifying the configuration.
Step 5: Click Save Mailer Config to exit the modal.
The current email server configuration can be removed and changed to the default PlexTrac email service anytime by clicking Remove Mail Configuration.
The E-mail Templates Manager tab manages the format, information, and structure of emails sent to users within a tenancy and allows for the configuration of email white labeling.
The application defaults to PlexTrac values for the "From Name" and "From Address." To change the name and email address, edit the fields under "EMAIL WHITE LABELING" and click Submit.
PlexTrac offers a collection of email templates automatically dispatched to users upon completing specific actions or tasks. These templates serve as predefined messages but can be modified and tailored to individual requirements.
Admins can customize the templates as needed, such as by incorporating their company logo, removing short codes, enhancing the HTML, or including specific messaging to align with their branding and communication style. This feature enables admins to create email communications matching their style and messaging preferences.
To edit an email template, click the green icon under the "Actions" column next to the email.
Short codes can be used in emails as wildcards to replace text. Available codes are listed at the bottom of the email template.
The General Settings button under "Tenant Settings" in the Admin Dashboard allows management of answer types, the default behavior of findings status for published reports, managing finding sub-status and enabling rapid templating.
Click Save at the bottom of the page after each configuration change in General Settings.
All users can select a custom data set when creating a question under an Assessment Questionnaire, but only Admins can define the custom data set. Once an assessment is submitted, all questions are transformed into findings, including custom fields. PlexTrac then assigns a status to each finding, using business rules corresponding to the answer type and values of the question.
PlexTrac-provided answer sets cannot be edited or deleted. The 14 default out-of-the-box answer sets are displayed in the following screenshot:
Step 1: Click the collapsed container under Answer Types.
Step 2: Click Create.
Step 3: Enter an answer type label, then click Add Answer.
To hide the answer type from users temporarily without deleting, toggle the "Visible" field to "Hidden."
Step 4: Enter an answer value and click Add Answer again (every answer type value must have at least two answers). When finished, click Save.
By default, the answer type appears at the bottom of the table.
If configured to be visible, the answer set can now be selected from the available Answer Types when building a question inside a Questionnaire.
To edit an answer type created by an admin, find the answer type from the list and click the green circle icon:
To delete an answer type created by an admin, find the answer type from the list and click the red trash can icon:
This configuration determines if findings are set to "Draft" or "Published" when added to a report that has already been published.
Toggle the button to the desired status.
If the findings default status is set to "Draft," all new findings are created in draft status and not viewable to analysts until published (individually or in bulk). If set to "Published," analysts will have access to all findings in published reports for clients they are authorized to view.
Regardless of the Default Finding Status, a report with "Draft" status is invisible to authorized analysts.
This allows an admin to add additional tags available for an additional level of detail to associate with a finding in the "Sub Status" field, which exists under the Findings Details tab of a finding.
The value(s) provided to a user in the pulldown menu are dictated by the value selected for the status of the finding, as the values have a child relationship to the parent value.
To add a sub-status value, place the cursor in the desired parent status field and enter the value. To delete a value, click the "x" of the value to remove it.
This feature determines the options available to a user when exporting a report. Toggle the button under "Rapid Templating" to the desired status.
When Rapid Templating is off, and a report is exported, the report will immediately download to the local environment in the format associated with the report.
When Rapid Templating is on, after the desired export format is selected from the pulldown menu, an additional modal will appear, allowing a specific template to be used.
Select the desired export template and click Export.
If more than 20 tags exist, only the first 20 will appear when assigning tags. To filter the list, type in the first few letters of the tag.
The Short Codes button under "Tenant Settings" in the Admin Dashboard provides the ability to replace predefined strings or variables in a report with new values, reducing the need to edit each report. Using short codes makes report creation more efficient and reduces maintenance, as it reduces the time to edit.
Short codes can pull data from a report custom field or a client custom field, depending if the short code applies to all reports for a client or one specific report.
PlexTrac provides six short codes that pull data from non-custom fields and are listed on the Default tab. These variables cannot be modified or deleted.
Step 1: From the Custom tab of the Short Codes page within the Admin Dashboard, click Create Short Code.
Step 2: Enter the appropriate values in the provided fields.
Short Code field: The string inserted in reusable rich text fields that will be replaced after activation. Short Codes must follow the following rules:
Be a single string with no spaces
Begin and end with two percent symbols
No special characters other than an underscore and the aforementioned percent symbols
Follow the standard of %%MY_SHORT_CODE%%
when “MY_SHORT_CODE” is the desired string
Source field: The value from which the short code is replaced and can originate from either a report or client custom field.
Custom Field Label field: The value associated with the short code that will be entered in a client or report custom field to generate the replacement value. Below is an example of a short code's Custom Field Label value ("Client Domain") used in a report.
Report Custom Fields can be pre-populated from Report templates.
Step 3: Click Save.
The new short code is inserted at the bottom of the list on the Custom tab.
Step 4: Use the short code at the client level for use in all reports for a client, or use the short code within a specific report.
Custom Short codes can be modified by clicking Edit in the "Actions" column of the applicable short code.
Custom short codes can be removed by clicking Delete in the "Actions" column of the applicable short code.
A modal will appear, confirming the action. Click Confirm Delete.
The Account Information button under "Tenant Settings" in the Admin Dashboard provides configuration of tenant information, including changing the tenant theme (light or dark), uploading a tenant logo and icon, and changing tenant name.
To change the mode of the tenancy from light to dark, click the desired mode. The change is immediate.
Any images loaded light mode will disappear. Images will need to be reloaded for dark mode.
The Tenant logo and icon need to be updated in both light and dark mode.
Dimensions of the tenant icon image file should have the same height and width.
Step 1: Click Upload Tenant Images.
Step 2: Click the box of the image to upload, and drag the file into the box or navigate to that image on the computer.
The dimensions of the tenant icon image should have the same height and width (i.e., 500px x 500px).
Step 3: Click Submit.
The logo will appear at the top of the left navigation bar.
Step 1: Click Edit Tenant Information.
Step 2: Enter the desired information and click Submit.
The new value appears on the Account Information page. After refreshing page, the new value appears as the Tenant Administration value.
Admins can personalize various aspects of the PlexTrac platform in the Customizations section to meet their needs. They can manage findings layouts, customize report templates, set dark mode, and configure theme colors. This allows admins to create a customized experience within the platform.
Customizations include the following sections:
The Service-Level Agreements (SLAs) button under "Tenant Settings" in the Admin Dashboard allows management of SLA settings, such as severity, days to close, notifications, and tags.
SLAs are designed to ensure that cybersecurity measures meet specific standards and expectations and are critical to managing and enhancing an organization's overall security posture.
The table view can be customized by clicking the column view icon to the right of the search bar.
Once clicked, a modal appears that lists all fields. To remove a column, click X within the bar.
Fields that are required do not have an X available.
When fields are removed, an "Add Column" pulldown menu is added at the bottom left of the modal to store the field. Any removed fields can be added later by clicking Add Column and selecting the field to add.
This modal represents the sequence of fields provided in the table, meaning the bar on top will be the column on the table's far left.
The order of columns can be adjusted within this modal by clicking the six dots on the left of the bar for a field and dragging the bar to the desired sequence place.
Click Save when finished.
Step 1: Click New Service-Level Agreement.
Step 2: A modal will appear. Enter an SLA name, define how many days should exist to close the SLA and the finding severity that the SLA applies to. All other fields are optional.
SLA Name: This is a required field. Duplicate SLA names can exist.
Days to Closed: This is a required field. Enter a numeric value representing how many days are allowed to close a finding. For example, a value of "2" means that if a finding for the defined severity has not been closed within two days of being opened, it exceeds the SLA.
Finding Severity: This is a required field. Select the finding(s) severity to be tracked as part of the SLA. More than one severity can be selected.
Finding Tags: This allows an SLA to include findings with specific tags. Leave blank to include all tags. More than one value can be selected.
Asset Criticality: If a value is selected, the SLA will only track Assets with the selected criticality. More than one value can be chosen.
Daily summary email...: When checked, an email summary of findings nearing and exceeding SLA for the tenancy level that the user is assigned to or added as another recipient is sent daily.
Send reminder X hours before the SLA is exceeded: When checked, an email is sent. Findings included in this reminder will also be listed as “Nearing SLA” within Trends & SLA analytics.
Send notification when the SLA has been exceeded: When checked, a notification will be sent to recipients until remediated.
Other recipients: Additional recipients can be added via the pulldown menu. The users selected will have the same experience described in NOTIFICATIONS above, assuming they have permission to view any findings or SLAs.
Daily summary email of findings nearing and exceeding an SLA: When checked, a daily email is sent.
Send reminder X hours before the SLA is exceeded: When checked, a reminder is sent. Findings included in this reminder will also be listed as “Nearing SLA” within Trends & SLA analytics.
Send notification when an SLA has been exceeded: When checked, a notification is sent when an SLA has been exceeded.
Step 3: Click Save at the bottom of the modal.
The Templates button under "Customizations" in the Admin Dashboard provides the ability to create and configure report templates, export templates, and style guides.
The Layouts section under "Customizations” in the Admin Dashboard provides the ability to configure and customize the experience of creating a finding.
Multiple layouts allow admins to tailor the finding creation process according to their needs and requirements. Each layout can be designed to capture different findings or accommodate different workflows. For example, a tenant might have different layouts for web application vulnerabilities, network vulnerabilities, or compliance-related issues.
By customizing the layouts, admins can ensure that teams provide consistent and relevant information while creating findings. This can improve report creation by ensuring a standardized approach to documenting security issues.
Layouts only apply to findings created within PlexTrac and don't apply to imported findings.
Step 1: Click Layouts in the Admin Dashboard under "Customizations."
Step 2: Click New Findings Layout.
Step 3: Confirm if starting from the default layout or leveraging another. Select the layout from the pulldown menu if starting from a custom layout. Click Create.
Step 4: A new page appears with two tabs: Finding fields and Custom fields.
Enter a unique and descriptive name for the layout in the "Findings layout name" box, as this value will be provided to users when selecting the layout for a report.
Step 5: Arrange the fields to create the desired layout.
Click + in the left column to add any field to the layout. Click X in the right column to remove a field from the layout.
Fields without an X are required and cannot be removed or made optional.
Step 6: Make any optional fields required by toggling the button for that field to the right so the purple checkmark appears.
Step 7: Arrange the fields in the desired order by clicking the row with the cursor and dragging the box to the desired sequence of existing fields.
The title must be first and cannot be moved.
Step 8: If applicable, add custom fields by clicking the Custom fields tab, then clicking Add custom field.
Step 9: Enter desired values in the provided boxes.
Key: A required value used to reference this field. This must be a unique value.
Label: A required value used for the field title and visible elsewhere in the platform.
Value: An optional RTF to capture the field value and provide any additional content to help the user with context and data acquisition.
Step 10: Click Add custom field to repeat the process.
Step 11: Click Save layout when finished.
A message will appear confirming the layout was created. The new layout will appear in the list for future editing and is now available for assignment to a report.
After a layout is created, it must be assigned to a report to be leveraged. When creating a new report, this association is set by selecting the desired layout in the pulldown menu under the "Findings Layout" of the Create New Report modal.
Layouts can also be added to existing reports by going to the Details tab of the report, selecting the layout from the pulldown menu under "Findings Layout," and clicking Save.
Only one layout can be assigned to a report.
Legacy findings are not impacted when a layout is assigned to an existing report. The new layout will only apply to findings created after the layout was associated.
Any custom fields added to the layout are available to the user at the bottom of the Finding Details tab of the finding.
If a custom field was added to an assigned layout after a finding was added to a report, the additional custom field is available for data input within a finding by clicking Add Fields From Template.
Updates made to a layout will not be applied to any legacy reports associated with that layout.
Step 1: Click Layouts in the Admin Dashboard under "Customizations."
Step 2: Click Edit of the layout to revise.
Step 3: Make desired changes and click Save layout.
Step 1: Click Layouts in the Admin Dashboard under "Customizations."
Step 2: Click Delete of the layout to revise.
Step 3: A message will appear confirming the action. Click Delete Layout.
A notification message will appear confirming the deletion of the layout.
Short Code | Source |
---|---|
Asset Tags: This allows an SLA to include assets with specific tags. Leave blank to include all tags. More than one value can be selected.
: Defines the report layout that may include narrative sections and custom fields.
: Ability to store and import templates written in Jinja provided by PlexTrac.
: Defines the styles and presentation when exporting Jinja reports to Word.
%%CLIENT_NAME%%
The name of the client, as defined in the Create/Edit Client modal of the Clients module.
%%CLIENT_POC%%
The POC for the client, as defined in the Create/Edit Client modal of the Clients module.
%%CLIENT_POC_EMAIL%%
The client POC’s email address, as defined in the Create/Edit Client modal of the Clients module.
%%REPORT_NAME%%
The report's name is defined in the "Report Name" field of the Details tab in the Report module.
%%REPORT_START_DATE%%
The start date of the report, as defined in the "Start Date" field of the Details tab in the Report module.
%%REPORT_END_DATE%%
The end date of the report, as defined in the "End Date" field of the Details tab in the Report module.
A report template is a pre-defined structure and format for creating reports. It may include narrative sections and custom fields, as well as the ability to select an export template.
Report templates save time and ensure consistency in the formatting and presentation of reports within an organization. They save time by pre-populating report sections, such as the introduction, methodology, or threat model. Linking to a custom export template ensures an exported file is branded and structured in the desired reporting methodology.
Step 1: Click New report template.
Step 2: Enter a template name and select a default export template from the pulldown menu, if applicable (i.e., a Jinja template).
The default export template must be loaded first before starting this process.
Step 3: Add any custom fields or narrative sections by clicking the appropriate buttons and entering the required information.
Step 4: Click Create.
The template will appear in the list on the Report templates tab.
Report templates can be previewed by clicking Preview under the "Actions" column.
The preview will show any text entered in the narrative section when the template was created. It does not display template custom fields.
Report templates can be edited by clicking Edit under the "Actions" column.
This will launch a modal, allowing the entire template to be modified. Click Save when finished.
Report templates can be deleted by clicking Delete under the "Actions" column.
A box will appear confirming the action. Click Delete.
PlexTrac allows the uploading and usage of Jinja templates in Microsoft Word (.docx) for exporting reports in a custom format and style.
Jinja is a template engine that dynamically generates text-based documents by defining Word templates with placeholders for dynamic content. PlexTrac provides Jinja Word templates to match the branding and styling of an export organization. More information can be found at templating.plextrac.com.
If no template is available, a default style guide can be used. If no style guide is desired, select the value of "None" from the pulldown menu.
File names for export templates can only contain alphanumeric characters and these special characters:
()-_
Step 1: Click the Export templates tab.
Step 2: Click Create export template.
Step 3: Drag a .docx file to the box provided or click the box in the model to find the file to upload to the computer. Click Upload.
The new template appears in the table.
Export templates can be downloaded by clicking Download under the "Actions" column.
The file will download to your local system.
Export templates can be deleted by clicking Delete under the "Actions" column.
A dialog box will appear confirming the action. Click Delete to complete the task.
A style guide helps content creators and publishers maintain consistency in their content presentation. It provides guidelines on spelling, grammar, punctuation, capitalization, formatting, and other elements of written communication.
The purpose of the style guides is to provide the ability to overwrite the default PlexTrac formatting during the report export process. The style guides only apply to Jinja templates exported to Word (.doc). Style guides do not impact rich-text fields.
PlexTrac provides a default template that can be configured, leveraged, or cloned to create other style guides. There is no limit to the number of style guides.
The default style guide cannot be deleted.
The style guide consists of four tabs/sections:
Code blocks
Images
Tables
Hyperlinks
This tab defines the code block experience, including style, prefix, font, font size, font color, background color, border color, width, content alignment, and padding.
This tab defines the image experience, including caption font and prefix, border style, image width and alignment, and padding.
The options to add a border color and width only appear when a border style is selected. If the border style value is "None," color and width options are hidden.
Include any desired punctuation within the "Prefix" box when adding an image prefix label. For example, "Figure:".
This tab defines the table experience, including caption font and prefix, and the table justification within the content.
Include any desired punctuation within the "Prefix" box when adding a table prefix label. For example, "Table:".
This tab defines the font color of links.
Step 1: Click the box.
Step 2: Choose the desired color by clicking in the color box, dragging the circle to the desired color, or entering the hex color code in the provided box.
Step 3: Click X to remove the overlay.
Click Reset under the "Color Options" pulldown menu to revert to the previously selected color.
Step 1: From the Admin Dashboard, click Templates under "Customizations," then click the Style guides tab. Click Create style guide.
Step 2: Select if starting from the default style guide provided by PlexTrac or an existing style guide. Click Create.
If no other style guides exist, the only option in the pulldown menu will be the default style guide.
Step 3: Enter a name for the new style guide.
There is a 100-character limit to a style guide title.
Step 4: Configure the style guide to the desired experience by navigating between the four tabs. Click Create style guide when finished.
A style guide must be associated with an export template to be leveraged. The export template is then associated with a report template, which is then associated with a report. The instructions below assume all files (style guide, export template, report template, and report) exist.
Step 1: From the Admin Dashboard, click Templates under "Customizations," then click the Export templates tab and find the desired export template to associate with the style guide.
Step 2: Under the "Style Guide" column of the table of the export template, select the desired style guide from the pulldown menu.
Any report templates associated with this export template will now leverage the style guide. If no report templates are associated with this export template, continue with Step 3.
Step 3: Click the Report templates tab.
Step 4: Click Edit from the "Actions" column.
Step 5: From the pulldown menu under "Export template," select the export template from Step 1. Click Save.
Any reports associated with this report template will now leverage the style guide when exported. If no reports are associated with this report template, continue with Step 6.
Step 6: Click the Reports module from the left navigation bar. Click the row of the impacted report.
Step 7: Click the Details tab.
Step 8: Go to the "Report Template" field and select the report template in the pulldown menu from Step 4. Click Save.
The next time this report is exported (assuming it is a Jinja template), it will reflect the configuration of the associated style guide from Step 2.
The Theme button under "Customizations" in the Admin Dashboard provides configuration of the UI for a tenant.
To change the colors used for the background, text, etc., click the color palette next to the topic to change, adjust the color accordingly with the color modal, click the "x" at the top right of the modal to close it, and click Update Theme.
If Update Theme is not clicked, changes will not be saved.
Changes can be made for Light or Dark mode by using the toggle at the top to change modes before making a color change.
If all equations are disabled, priorities will be scored by the likelihood and impact values selected in the priority.
Contextual Score: The value generated from a contextual scoring equation.
Contextual Scoring Equation: A collection of variables, operators, rules and logic to generate a contextual score.
Equation Variable: A component of the equation representing an individual or an aggregate of fields from PlexTrac, such as Asset count, Finding Severity, and CVE. Equation variables are the building blocks of an equation.
Multiplier: A constant value multiplied against an equation variable's value. It can rapidly increase the weight a variable has on an equation.
Operator: Mathematical symbols that can be used in a Contextual Scoring Equation. Currently, an operator can only perform a "+" addition function.
Variable Rule: The logic and conditions that help determine a variable's weight and value within the equation. A variable can have multiple rules.
PlexTrac provides a default equation that is disabled but can be toggled on by clicking the toggle bar under the "Enabled" column.
The priority score can be viewed under the progress bar on the Details tab of a priority.
If the cursor hovers under the question mark icon and contextual scoring is enabled, the equation being used is listed.
The table view can be customized by clicking the column view icon to the right of the search bar.
Once clicked, a modal appears that lists all fields. To remove a column, click X within the bar.
Fields that are required do not have an X available.
When fields are removed, an "Add Column" pulldown menu is added at the bottom left of the modal to store the field. Any removed fields can be added later by clicking Add Column and selecting the field to add.
This modal represents the sequence of fields provided in the table, meaning the bar on top will be the column on the table's far left.
The order of columns can be adjusted within this modal by clicking the six dots on the left of the bar for a field and dragging the bar to the desired sequence place.
Click Save when finished.
The Contextual scoring section under "Automations” in the Admin Dashboard allows admins to create formulas for producing dynamic risk and likelihood scores for the module.
In the Automations section, admins can configure a default or custom priority score equation for the Priorities module.
The integrations home page provides the status of each API integration and the ability to connect new integrations (if licensed) or edit existing connections.
If an integration is available but not set up, the user will see a "Connect" button. A "License required" label will be displayed if an integration is not licensed.
Visit this page for a list of all third-party tools PlexTrac integrates with, including scanner files and CSV templates.
The following integrations are included with every PlexTrac instance:
The following integrations require an additional cost/license to access (one license covers all tools):
This page includes the business rules and instructions for enabling and disabling equations when multiple ones exist.
The impact of an equation on a priority depends on multiple variables, such as whether equations are set in General Settings to apply to all tenants or a client, if the default equation is enabled, if a custom equation is enabled, and if the custom equation applies the entire tenancy or specific clients.
Only one equation can be used at a time when priorities are enabled at the tenant level. When enabled, any equations created for specific clients are no longer accessible from the contextual scoring page. Any existing equations are not deleted but can no longer be viewed or modified from the page.
Tenant-level priorities have the following business rules for equations:
Only one tenant-level equation can be used at a time when priorities are enabled at the client level. However, custom equations for specific clients may be enabled and, when executed, take precedence. Any equations created for specific clients will be accessible from the contextual scoring page along with tenant-wide equations.
Whether the equation is client-specific or a tenant is identified under the "Associated with" column.
Client-level priorities have the following business rules for equations:
To enable an equation, toggle the button under the "Enable" column.
If the user's action impacts existing priorities and business rules, PlexTrac will display a message to inform of the consequence. If approved, the system will enable or disable other related equations accordingly.
Admins can create an equation that can be leveraged by a priority to produce a custom score. The process for creating an equation consists of two major steps:
Equation Properties: The tab in which the name, description, and (when applicable) what clients the equation applies to are entered.
Equation Builder: The tab where the user selects and configures the variables of the equation that determines the contextual score.
Step 1: From the Admin Dashboard, click Contextual scoring.
Step 2: Click Create Equation.
Step 3: Select if starting from the tenant default priority equation or another equation. When finished, click Create.
Step 4: On the "Edit basic information" tab, enter an equation name and description.
If priorities are configured for all tenants, client-specific configuration options will not appear and users will proceed to Step 9.
Step 5: Identify if the equation will apply to all clients in the tenancy that currently have no equation assigned or if this will apply to a specific client.
If this equation applies to all clients, skip to Step 9.
Step 6: If client-specific, click Select clients and search, scroll, or use filter options to find the desired client.
Step 7: Click Select.
Step 8: Click Save at the bottom right of the page.
Step 9: Click Continue at the bottom right of the page.
The "Edit variables and equation" second tab appears, which is the equation builder tab.
The equation builder tab consists of three sections/boxes:
Box 1 - Score Equation: This box displays the current equation and allows users to modify it by dragging variables on/off the box.
Box 2 - Available Equation Variables: This box lists the available variables that can be leveraged to update the current equation shown in Box 1.
Box 3 - Variable Configuration: When a variable in Box 1 is clicked or selected from the pulldown menu at the top of Box 3, this box provides further details that can be used to define how the variable is utilized in the equation. These details include additional properties and business rules.
The screenshot below captures all of the variables available to be used in a priority equation:
The list of possible variables is the same for all equations, although their location in Box 1 and Box 2 may differ by equation.
The equation displayed in Box 1 and the set of variables in Box 2 when creating an equation are dictated initially by the choice to build the equation from the default or an existing equation.
The total equation weight must always equal 100%. The current allocation is listed above the equation.
Variable weights can be edited either directly in the box of the variable are in Box 3 on the right of the page in the "Variable weight" section.
To calculate the score for each variable in the equation, multiply the weight of the variable by the highest rule score and then divide the result by 100. For instance, if the weight of a variable is 50% and the highest rule score is 90, the score for that variable would be 50 * (90/100) = 45
.
If the total allocation for variables does not equal 100%, the total equation weight value in Box 1 will turn red to indicate an error, and an error message will appear if attempting to save the equation.
Variables can be included with an assigned 0% weight, but these will be ignored in the equation and have the same result as not existing in the equation at all.
PlexTrac provides a default equation out of the box that cannot be deleted, although it can be edited. This equation becomes the tenant default that can be used as a template or starting point to create additional equations.
Any other equation can be reset to that default equation at any time by clicking the kebob menu in the box of the equation and clicking Reset to default PlexTrac equation.
Many variables and scenarios are possible with the equation builder. Below are a few examples that cover various aspects of the functionality that demonstrate the multiple ways equations can be leveraged to specific client or tenant needs.
When configuring an equation, any errors will not be visible until the user clicks Save. After that initial action, however, error messages are provided dynamically as the equation is worked on.
Step 1: Click the Asset type
variable in Box 2 (Available Equation Variables), drag it up to Box 1 directly above and place it in the equation.
Step 2: Click Save. An error notification appears both in the equation and as a message because an operator variable is needed between the variables Asset type
and Asset criticality
.
All field variables need to be separated by an operator.
Step 3: Click the operator variable in Box 2, drag it to Box 1, and place it where the error notification was displayed between the variables Asset type
and Asset criticality
.
The error is resolved, and the message disappears.
Step 4: The next step is to set the variable attribute with the correct value. Click the Asset type
variable or select it from the pulldown menu in Box 3.
Step 5: Select the "Sever" asset type value from the pulldown menu for Rule 1.
Step 6: The next step is to give Asset type
some weight to the equation, or else it will be ignored, as all added variables default to 0%. Change the "Variable weight" value to 10%. The variable in the equation will dynamically update.
Step 7: Identify how many points the variable will receive if the business rule is met by adding 75 to the "out of 100" box at the bottom of the rule.
Step 8: Since the total equation weight is now over 100% with the new variable being updated to 10%, another variable must be reduced to compensate. Note that the total equation weight is currently at 110% and in red, denoting an error. An error message is also provided.
Click Source data
and change its weight from 80% to 70% so that the total of all four variables equals 100%.
Step 9: The equation is now ready to be executed. Click Save.
Step 1: Click Finding score (CVSS 3.1)
in Box 1, drag it to Box 2, and unclick the mouse.
The equation no longer includes that variable, and CVSS 3.1 is now listed as available in Box 2.
Step 2: Because the total equation weight must equal 100% and 10% of that weight was removed in Step 1, the remaining variables must be adjusted to compensate. Click Source data
, and add 10% to the existing set weight so that it is increased from 70% to 80%.
Step 3: The next step is to remove an operator variable, as an equation cannot end with an empty operator.
Select the operator at the end of the formula, drag it to Box 2 and release. The error message disappears.
Step 4: Click Save.
Step 1: Click Source data
on the equation.
Step 2: All business rules and parameters for Source data
appear in Box 3 on the far right of the page. Currently, a business rule only exists for HackerOne. Click Add rule.
Step 3: Working now under Rule 2, select the source data value "is added from integrations" from the pulldown menu.
Step 3: Select "Snyk" as the integration source in the following pulldown menu.
Step 4: Give Rule 2 a weight of 45 out of 100 points.
Step 5: Click Save.
PlexTrac integrates with HackerOne, a platform that facilitates vulnerability coordination and bug bounty programs. It connects organizations that want to improve the security of their software and systems with a community of ethical hackers, also known as white-hat hackers, who are skilled in finding and reporting security vulnerabilities.
This is a licensed feature.
An integration with HackerOne and PlexTrac consists of three parts:
Enabling the feature via the license key.
Obtaining the HackerOne API Key Identifier and HackerOne API Key values.
Configuring PlexTrac to complete the setup.
If the license is needed within a tenant, the phrase “License Required” with a link to the Support Portal will display within the HackerOne card on the Integrations page of the Admin Dashboard.
When a license is obtained, insert the license key into PlexTrac via the Admin Dashboard>Licensing page.
When the integration is available, a “Connect” button will display within the HackerOne card on the Integrations page of the Admin Dashboard.
Once the feature has been enabled, the next step is to obtain the HackerOne API Key Identifier and HackerOne API Key values.
Step 1: Log in to HackerOne's API token page.
Step 2: Click Create API Token.
Step 3: Enter an identifier value into the provided box. Click Create.
Step 4: Copy the API key to a secure place (it will not be accessible after this point). Click I have stored the API Token.
Step 5: The API token just created appears at the top of the API page (an email will also be sent confirming the action). Click Manage groups in the row of the token.
Step 6: Check the desired boxes to define the user's permissions for this group. Click Apply changes.
Step 1: From the Admin Dashboard, click Integrations under "Tools & Integrations."
Step 2: Click Connect in the HackerOne card.
Step 3: A modal appears with three tabs. On the first tab, enter the following information:
Integration Name: This value is seen by users when selecting which tool to import findings from into a report, so pick a value that quickly identifies the integration.
Step 4: Click Save.
Step 5: In the "Mapping" tab, select which fields to import from HackerOne to PlexTrac.
HackerOne syncs data to PlexTrac, but updates in PlexTrac do not sync back to HackerOne.
Required fields are grayed out in the "Synch" column. The other fields are optional and can be removed from import by clicking the checkbox to remove the checkmark. Click Save.
Step 6: A message will validate that the synch was successful. Click Got It.
HackerOne now appears as "connected" on the Integrations page.
Findings from HackerOne can now be imported into a report.
The integration can be temporarily turned off and on via the toggle button under "Enabled."
Click Edit under the "Actions" column to adjust existing settings.
Step 1: Click Edit under the "Actions" column.
Step 2: Click the Sync Log tab.
Step 3: Click View of the desired log to read.
PlexTrac integrates with Edgescan, allowing users to import the findings from Edgescan's vulnerability detection into a PlexTrac report. This integration streamlines the process by leveraging Edgescan's automated vulnerability scanning capabilities and the reporting and management features of PlexTrac.
This is a licensed feature.
Below are the field mappings from Edgescan to PlexTrac, broken up by findings and assets.
Tables include the following columns:
Edgescan Field: the field name that appears in Edgescan
PlexTrac Field: the field name that appears in PlexTrac
Direction: displays the direction in the flow of data occurring for the integration (a value of "x" means that the value is not imported)
Required: denotes if a value is required in the field for the import to be successful
Notes: additional information
After a finding from Edgescan is imported into a report, metadata and content are presented within PlexTrac on the Finding Detail page, as shown below. The finding source value is "Edgescan," and any tags associated with the finding from Edgescan are provided along with any added within PlexTrac when imported.
If a duplicate finding title is found during import, the finding title in PlexTrac is appended with the Edgescan Vulnerability ID
in parenthesis at the end of the finding title.
Step 1: From the Admin Dashboard, click Integrations under the "Tools & Integrations" header.
Step 2: Click the Edgescan box.
Step 3: Click New connection.
Step 4: On the Configuration Details tab, enter a name for the integration, the Edgescan URL value, the Edgescan API key, and if closed vulnerabilities should be included.
Integration name: A name for this integration. When importing findings, this value will appear elsewhere in the platform along with other enabled integrations, so pick a unique but accurate name.
Edgescan URL: The Edgescan instance URL.
Edgescan API Key: The Edgescan instance API key. Visit Edgescan support for information on generating an API key.
Closed Vulnerabilities: Determines whether to include closed vulnerabilities and, if yes, the time of closure to consider for inclusion.
Step 5: On the Mapping tab, review the mappings and select the fields to import into PlexTrac by validating that the checkbox next to the field is selected. To ignore a field upon import, uncheck the box under the "Sync" column. Required fields (checkbox is greyed out) cannot be altered.
Step 6: Click Save.
Step 7: A message on the First Synch tab will confirm if the synch was successful. If successful, click Got It.
The connection is now listed.
Connections are edited by clicking Edit under the "Actions" column.
Connections can be disabled by clicking the toggle bar under the "Enabled" column.
Connections can be manually synchronized by clicking Sync under the "Actions" column.
Connections can be deleted by clicking the three dots under the "Actions" column and then Delete. A modal will appear, asking for confirmation of action.
Findings from Edgescan can now be imported into a report.
Step 1: Click Edit of the connection to review.
Step 2: Click the Synch Log tab.
A list of all synchronization records and status results is provided.
Step 3: Click View to obtain more information about a specific record.
Step 4: More details about remote URLs and JSON responses are available by clicking the headers below to expand the section.
Click Ok or Cancel to return to the previous modal.
PlexTrac offers an integration with ServiceNow's ITSM and GRC platform modules to allow red and blue teams to collaborate without switching between workflow tools.
ServiceNow GRC (Governance, Risk, and Compliance) is a module of the ServiceNow platform that helps organizations manage their governance, risk, and compliance processes. ServiceNow ITSM (IT Service Management) is a module of the ServiceNow platform that enables organizations to manage their IT services and operations.
Data flows from PlexTrac to ServiceNow when a finding is used to create a ticket but only from ServiceNow to PlexTrac after setup. The synchronization between PlexTrac and ServiceNow occurs every 30 minutes.
Only one ServiceNow integration can exist per PlexTrac instance.
Step 1: On the row of the finding used to create a ticket, click the three dots under the "Actions" column and click Link ServiceNow ticket.
Step 2: A modal appears. Select the ServiceNow module, the ticket type, and the priority.
Step 3: Click Save.
The finding now shows the ServiceNow ticket ID and a hyperlink to access the ticket on ServiceNow.
When a PlexTrac finding is used to create a ticket in ServiceNow, it defaults to a status of New
with the following information populated:
When the ticket is created, the priority and issue rating values are stored within ServiceNow.
After the ticket is created in ServiceNow, that ticket can only be modified from ServiceNow.
The following fields are then sent from ServiceNow to PlexTrac:
When a remediation ticket is created in ServiceNow, the finding status in PlexTrac remains "Open" or "In Progress" until closed.
Below are the mappings of status from ServiceNow to PlexTrac for the various scenarios:
If the status value in ServiceNow does not match one of the mapping rules above, the finding will not be updated in PlexTrac when data is synchronized.
Timestamps are captured in two scenarios for this integration:
When the issue type is created in ServiceNow
When a work note is created or updated in ServiceNow
The timestamp is derived from the time zone set for the ServiceNow instance. PlexTrac has no influence on this time zone.
Scenario: A user in PlexTrac links a finding with ServiceNow. An issue type is created in ServiceNow, and a time stamp is applied to the creation date based on how that ServiceNow instance was configured.
The timestamp is derived from when the integration sync last ran, not when the work note was created in ServiceNow. It is not a real-time integration timestamp.
Scenario: A user in SerivceNow adds a comment to an associated finding, which triggers an integration event with PlexTrac. When that happens, a note is created in PlexTrac with a timestamp of the synchronization event. That timestamp is stored within PlexTrac in UTC time and then presented to the user in their local time when viewed in PlexTrac.
Step 1: From the Admin Dashboard, click Integrations under "Tools & Integrations."
Step 2: Click Connect within the ServiceNow box.
Step 3: Click Configure ServiceNow Integration.
For information on setting up OAuth or generating an API key within ServiceNow, click the links above the button.
Step 4: Select the integration authentication method.
Step 5: Enter the information into the provided boxes and click Test Connection.
A message will appear to confirm if the connection was successful or not.
Step 6: View the available modules to identify which fields have read and write access. Click Confirm.
Cobalt is an integrated pentesting platform facilitating communication between development and security teams. Cobalt helps developers identify and mitigate security vulnerabilities in their code by specifying security policies and checking compliance. The tool can detect many vulnerabilities, including buffer overflows, integer overflows, and format string vulnerabilities.
Cobalt findings can be imported into a PlexTrac report.
This is a licensed feature.
Below are the field mappings from Cobalt to PlexTrac, broken up by findings and assets.
Tables include the following columns:
Cobalt Field: the field name that appears in Cobalt
PlexTrac Field: the field name that appears in PlexTrac
Direction: displays the direction in the flow of data occurring for the integration (a value of "x" means that the value is not imported)
Required: denotes if a value is required for the import to be successful
Notes: additional information
If a duplicate finding title is found during import, the finding title in PlexTrac is appended with the finding unique identifier value pulled from Cobalt in parenthesis at the end of the finding title.
Step 1: From the Admin Dashboard, click Integrations under "Tools & Integrations."
Step 2: Click Connect within the Cobalt box.
If the integration is not licensed and thus unavailable, the message "License required" will appear.
Step 3: If existing connections exist, they are listed on this page. To set up a new integration, click the New connection button.
Step 4: A modal appears with four tabs. Enter a name for the integration, the Cobalt URL, and the Cobalt API key. Click Continue.
Step 5: Select the Cobalt organization value from the pulldown menu. Click Continue.
The Cobalt Organization value is found within Cobalt. Visit Cobalt documentation on how to generate an API key.
Step 6: A list of the field mappings from Cobalt to PlexTrac is displayed. Click Save.
None of these fields can be edited and are displayed for visibility.
Step 7: A log of integration attempts is listed. Since an attempt to synchronize is attempted after entering configuration information on the first tab, at least one entry will be listed. Click Close.
Cobalt integrations can be edited by clicking Edit under the "Actions" column.
Cobalt integrations can be disabled by clicking the toggle bar under the "Enabled" column.
Cobalt integrations can be manually synchronized by clicking Sync under the "Actions" column.
Cobalt integrations can be deleted by clicking the three dots under the "Actions" column and then clicking Delete. A modal will appear, asking for confirmation of the action.
Tenable Vulnerability Management (VM) is a suite of cloud vulnerability management products that can export findings into PlexTrac via API.
Multiple integrations can be configured per instance or for specific clients.
This is a licensed feature.
Below are the field mappings from Tenable to PlexTrac, broken up by findings and assets.
Tables include the following columns:
Tenable VM Field: the field name in Tenable VM
Direction: displays the direction in the flow of data occurring for the integration
PlexTrac Field: the field name in PlexTrac
PlexTrac only imports vulnerabilities that Tenable has not archived.
If a field is not listed, then PlexTrac does not currently import.
If a field is not listed, then PlexTrac does not currently import.
PlexTrac will not import findings from Tenable that have the same combination of plugin ID
and severity
.
Step 1: From the Admin Dashboard, click Integrations under "Tools & Integrations."
Step 2: If licensed, the option to connect will appear (if not, the box will display a lock icon and "License required"). Click the Tenable box.
Step 3: Enter a connection name and select if this integration is across the tenancy or for a client (if specific to one client, select the client of the pulldown menu). Click Continue.
Step 4: Select "Connect to Tenable Vulnerability Management." Enter the Tenable URL, access key, and secret key. Click Continue.
If the keys are correct, a confirmation message will confirm successful synchronization.
Step 5: Edit the field mappings on the provided tabs for findings and assets, or continue using the defaults.
Information flows only from Tenable to PlexTrac. Fields required by PlexTrac are identified with a red asterisk.
Fields that can be deleted will have an "X" next to the PlexTrac field when hovering over with the cursor. A confirmation message will appear after clicking X.
Configurable fields can be adjusted by clicking the purple line and deleting the existing connection.
Click on the Tenable field and the desired PlexTrac field to map and create a new connection.
Click Continue when finished.
The integration appears in the table as a listed connection.
PlexTrac offers two synchronization options for Tenable integrations, allowing off-cycle syncs in addition to the regular hourly script.
Sync: This option allows an off-cycle synchronization off cycle and typically takes less than ten minutes.
Full Sync: This option looks at the complete Tenable database. It can be several hours, although it happens in the background and does not prevent using PlexTrac for other tasks.
To view sync history, click Synch history under the actions menu of the integration.
Any existing integration can be disabled temporarily or deleted if no longer needed.
To disable an integration, click the toggle button for the integration under the "Enabled" column. This action also disables the ability to synchronize the integration.
To delete an integration, click the three dots under the "Actions" column and then Delete.
Snyk provides tools and services to help developers find and fix security vulnerabilities in their software applications by identifying vulnerabilities in open-source libraries and containers, which developers commonly use to build their applications.
This is a licensed feature.
Snyk scanner files can be imported into PlexTrac via API for use in a PlexTrac report. PlexTrac integrates with the following Snyk products:
Snyk Code (SAST)
Snyk Open Source (SCA)
Snyk Container
Snyk Infrastructure as Code
When a file is imported in PlexTrac, the source of the scanner file is retained and tracked in the "Source" field on the findings details page.
Below are the field mappings from Snyk to PlexTrac, broken up by tool. The mappings are broken up in the tool sections by findings and assets.
Tables include the following columns:
Snyk Field: this is the field name that appears in Cobalt
PlexTrac Field: this is the field name that appears in PlexTrac
Direction: this displays the direction that the flow of data is occurring for the integration (a value of "x" means that the value is not imported)
Required: this denotes if a value is required for the import to be successful
Notes: additional information
An asterisk indicates the field is required.
Below are the mappings for the following Snyk products:
Snyk Open Source (SCA)
Snyk Container
Snyk Infrastructure as Code (IaC)
If a duplicate finding title is found during import, the finding title in PlexTrac is appended with the Snyk Organization ID
and Issue Id
in parenthesis at the end of the title value.
Below are the mappings for Snyk Code (SAST).
Step 1: From the Admin Dashboard, click Integrations under "Tools & Integrations."
Step 2: Click Connect within the Snyk box.
Step 3: Click New Connection.
Step 4: On the Configuration Details tab, enter a name for the integration and the Snyk API key. Click Continue.
Step 5: On the Mapping tab, review the mappings and select the fields in Snyk to import by validating that the checkbox next to the field is set. To ignore a field on import, uncheck the box. Required fields (checkbox is greyed out) cannot be configured. Scroll to the bottom and click Save.
Step 6: A message on the First Synch tab will confirm if the synch was successful. If successful, click Got It.
The connection is now listed.
Connections are edited by clicking Edit under the "Actions" column.
Connections can be turned off by clicking the toggle bar under the "Enabled" column.
Connections can be manually synchronized by clicking Sync under the "Actions" column.
Connections can be deleted by clicking the three dots under the "Actions" column and then Delete. A modal will appear, asking for confirmation of the action.
PlexTrac learns about scanner findings as files are imported. This learning can be done proactively by an admin through parser actions or when a user imports a scanner file when adding findings to a report. Either way, the learning begins after an admin imports a file via the parser actions page of the Admin Dashboard, and this process must occur for each tool that PlexTrac integrates with. Any files for a tool imported as findings to a report that have not been enabled by an admin on the parser actions page will have no impact on parser actions.
When importing a file, parser actions process the contents to extract relevant information and perform specific operations. The exact parser actions depend on the file format, and business rules an admin configures.
The findings are matched to the parser action by plugin ID and include actions such as linking to a writeup, changing the finding severity, or ignoring the finding when parsed.
Currently, no other metadata of the finding, such as tags, can be mapped or manipulated by parser actions.
When new files are uploaded to parser actions, plugin IDs are only created for IDs not found and set to a "Default" action, meaning no changes will occur on import unless a parser action is created.
Parser action changes are applied to future imports and don't impact existing findings. For example, suppose a parser action for a finding severity value was created for a plugin, but moving forward. In that case, the source of truth for severity is the scanner tool, then change the parser action for that plugin to "Default." The next time that plugin is imported, the severity value from the source will be imported into the report.
Parser actions apply to all users.
The description of a parser action can be obtained by placing the cursor over the parser action title in the table.
Step 1: Click Parser Actions in the "Tools & Integrations" section of the Admin Dashboard.
Step 2: Check the Enable Parser Plugin Actions box.
Enabling parser plugin actions will allow the ability to preset default actions, link writeups, and change the severity of scanner findings when imported into a report.
Once parser import rules are set, do not check the "Enable Parser Plugin Actions" box if wanting to import scan results natively without existing rules applied.
Step 3: Click Import.
Step 4: Select the source of the file to import from the "Import Source" pulldown menu, then drag the file into the drop area on the modal or click Browse to navigate to the file on the computer.
Supported files for the tool selected in the pulldown menu as the import source will be displayed in the box, along with the maximum file size.
Step 5: Click Upload.
A notification will confirm a successful import.
Step 6: The imported plugins are now available for configuration. Search or select the desired plug-in and configure it using the pulldown menus and options to configure the preferred course of action.
Parser plug-in actions include four options:
DEFAULT: Passes the scanner result through with no action taken.
LINK: Replaces a scanner result finding with a custom writeup from WriteupsDB.
IGNORE: Ignores a scanner result when parsed by PlexTrac.
SEVERITY: Overrides a scanner result finding severity value with a new value selected by the parser action.
Parser actions can take findings ingested from an external tool and map them to a custom finding in WriteupsDB. This action will override the description, title, references and recommendations when the finding is imported. Multiple plugins with the same writeup will be mapped to a single finding with merged affected assets.
Step 1: Click Parser Actions in the "Tools & Integrations" section of the Admin Dashboard.
Step 2: Check the Enable Parser Plugin Actions box.
Step 3: Select the parser to work with from the "Filter Plugins" pulldown menu.
Step 4: Select the findings by clicking the checkbox of the finding row or selecting the box in the header column next to "Plugin Id."
Step 5: Select the writeup to link the findings by selecting the value from the "Link Writeup" pulldown menu.
The linked writeup is now displayed for each finding under the "Write Up" column.
If a new report is created, and the same parser file is imported, only one finding will be imported into the report.
Once a parser action is created, it cannot be deleted.
Step 1: Click Parser Actions in the "Tools & Integrations" section of the Admin Dashboard.
Step 2: Check the Enable Parser Plugin Actions box.
Step 3: Select the parser to work with from the "Filter Plugins" pulldown menu.
Step 4: Click Add Parser Action.
Step 5: Enter a Plugin ID, Title, and Plugin Description value.
All three fields must contain a value to continue.
Step 6: If the plugin action is "Default," continue to Step 8. Otherwise, select the desired plugin action from the pulldown menu.
Step 7: If "Ignore" was chosen, go to Step 8. Otherwise, select the value to associate with the action chosen in the previous step.
Step 8: Click Create.
A message confirming creation will appear, and the new parser action will be displayed in the list.
Tenable Security Center (Tenable.sc) is a vulnerability management solution that provides visibility into the security posture of IT infrastructure. It consolidates and evaluates vulnerability data, illustrates vulnerability trends over time, and assesses risk with actionable context for effective remediation prioritization, which then can be imported as findings into PlexTrac via API.
Multiple integrations can be configured per instance or for specific clients.
This is a licensed feature.
Below are the field mappings from Tenable to PlexTrac, broken up by findings and assets.
Tables include the following columns:
Tenable SC Field: the field name in Tenable SC
Direction: displays the direction in the flow of data occurring for the integration
PlexTrac Field: the field name in PlexTrac
PlexTrac only imports vulnerabilities that Tenable has not archived.
If a field is not listed, then PlexTrac does not currently import.
If a field is not listed, then PlexTrac does not currently import.
PlexTrac will not import findings from Tenable that have the same combination of plugin ID
and severity
.
Step 1: From the Admin Dashboard, click Integrations under "Tools & Integrations."
Step 2: If licensed, the option to connect will appear (if not, the box will display a lock icon and "License required"). Click the Tenable box.
Step 3: Enter a connection name and select if this integration is across the tenancy or for a client (if specific to one client, select the client of the pulldown menu). Click Continue.
Step 4: Select "Connect to Tenable Security Center." Enter the Tenable URL, access key, and secret key. Click Continue.
If the keys are correct, a confirmation message will confirm successful synchronization.
Step 5: Edit the field mappings on the provided tabs for findings and assets, or continue using the defaults.
Information flows only from Tenable to PlexTrac. Fields required by PlexTrac are identified with a red asterisk.
Fields that can be deleted will have an "X" next to the PlexTrac field when hovering over with the cursor. A confirmation message will appear after clicking X.
Configurable fields can be adjusted by clicking the purple line and deleting the existing connection.
Click on the Tenable field, then click on the desired PlexTrac field to map and create a new connection.
Click Continue when finished.
The integration appears in the table as a listed connection.
PlexTrac offers two synchronization options for Tenable integrations, allowing off-cycle syncs in addition to the regular hourly script.
Sync: This option allows an off-cycle synchronization off cycle and typically takes less than ten minutes.
Full Sync: This option looks at the complete Tenable database. It can be several hours, although it happens in the background and does not prevent using PlexTrac for other tasks.
To view sync history, click Synch history under the actions menu of the integration.
Any existing integration can be disabled temporarily or deleted if no longer needed.
To disable an integration, click the toggle button for the integration under the "Enabled" column. This action also disables the ability to synchronize the integration.
To delete an integration, click the three dots under the "Actions" column and then Delete.
HackerOne API Key identifier: This was the value entered when creating the API token within HackerOne.
API Key: This key was provided by HackerOne and saved for future use.
Edgescan Field | Direction | PlexTrac Field | Required? | Notes |
---|---|---|---|---|
Edgescan Field | Direction | PlexTrac Field | Required? | Notes |
---|---|---|---|---|
For the GRC module, an additional option exists to define the ticket issue rating.
PlexTrac | Direction | ServiceNow |
---|---|---|
ServiceNow | Direction | PlexTrac |
---|---|---|
ServiceNow Status | Direction | PlexTrac Status |
---|---|---|
ServiceNow Status | Direction | PlexTrac Status |
---|---|---|
ServiceNow Status | Direction | PlexTrac Status |
---|---|---|
Cobalt Field | Direction | PlexTrac Field | Required? | Notes |
---|---|---|---|---|
Cobalt Field | Direction | PlexTrac Field | Required? | Notes |
---|---|---|---|---|
Tenable VM Field | Direction | PlexTrac Field |
---|
Tenable VM Field | Direction | PlexTrac Field | Notes |
---|
Visit the for more information on generating API keys.
Snyk Field | Direction | PlexTrac Field | Notes |
---|
Snyk Field | Direction | PlexTrac Field | Notes |
---|
Snyk Field | Direction | PlexTrac Field | Notes |
---|
Snyk Field | Direction | PlexTrac Field | Notes |
---|
Visit for information on generating an API key.
Once set up, findings can be imported into a report, and .
Tenable SC Field | Direction | PlexTrac Field |
---|
Tenable SC Field | Direction | PlexTrac Field |
---|
Visit the for more information on generating API keys.
Vulnerability Name
-->
Finding Title
yes
Vulnerability Description
-->
Finding Description
yes
Vulnerability Date Opened
-->
Finding Created At
no
Vulnerability Date Closed
-->
Finding Closed At
no
Vulnerability Status
-->
Finding Status
yes
Status
Has multiple values, which are listed below in italics.
Open
-->
Finding ="OPEN"
no
Closed
-->
Finding = "CLOSED"
no
Risk Accepted
x
no
Vulnerability Remediation
-->
Finding Recommendations
no
Vulnerability CVSS Score
-->
Finding CVSS
no
Vulnerability CVSS Vector
-->
Finding Score Type
no
Vulnerability CVSS Vector
-->
Finding CVSS
no
Vulnerability Risk
-->
Finding Severity
no
Severity
Has multiple values, listed below in italics.
Minimal
-->
Informational
no
Low
-->
Low
no
Medium
-->
Medium
no
High
-->
High
no
Critical
-->
Critical
no
Vulnerability Custom Details Data
-->
Finding Custom Field "Edgescan Details"
yes
Vulnerability Asset Tags
-->
Finding Tags
no
Vulnerability ID
-->
Finding Tags
no
Organization
-->
Findings Tag
no
Vulnerability Asset
-->
Affected Assets
no
Asset/Location
-->
Affected Assets
no
Asset Name (Including Numeric ID)
-->
Asset Parent
no
Locations
-->
Child Asset
no
Asset Url(s)
-->
Asset Host FQDN
no
Asset Host Name
-->
Asset Host Name
no
Asset Ip(s)
-->
Asset Known Ip Address(s)
no
Request
-->
Asset Evidence- Scan Output
no
Response
-->
Asset Evidence- Scan Output
no
Asset Type
Asset Type has multiple values, listed below in blue.
Network
-->
Network Device
no
Web Application
-->
Application
no
Container
x
no
Description
-->
Description
Recommendations
-->
Description
References
-->
Description
Affected Assets
-->
Description
Work Notes
-->
Status Tracker
Status
-->
Status
Closed Complete
-->
Closed
Closed Incomplete
-->
Closed
Closed Skipped
-->
Closed
Resolved
-->
Closed
Closed
-->
Closed
Canceled
-->
Closed
Closed Complete
-->
Closed
Closed Incomplete
-->
Closed
Finding Title
-->
Finding Title
yes
Finding Suggested Fix
-->
Recommendations
yes
Finding Descriptions, Type Category
-->
Finding Description
yes
Finding State
-->
Finding Status
yes
Status
Has multiple values, listed below in italics.
Triaging
-->
Finding="OPEN"
no
Pending Fix
-->
Finding="OPEN"
no
Ready for Retest
-->
Finding="OPEN"
no
Resolved
-->
Finding="OPEN"
no
Vulnerability Remediation
-->
Finding Recommendations
yes
Log [Created]
-->
Created At
yes
Finding Severity
-->
Finding Severity
yes
Severity
Has multiple values, listed below in italics.
Informational
-->
Informational
no
Low
-->
Low
no
Medium
-->
Medium
no
High
-->
High
no
Critical
-->
Critical
no
Pentest Name
-->
Finding Custom Field "Cobalt Pentest Report Name"
yes
Cobalt Proof of Concept
-->
Finding Custom Field "Cobalt Proof of Concept"
no
Any images or html in this field will be imported (images as Base64).
Finding Affected Targets
-->
Affected Assets
yes
IP or Hostname
Vulnerability Name | --> | Finding Name |
Description | --> | Description |
Solution | --> | Recommendations |
See Also | --> | References |
Status |
Active | --> | Finding="OPEN" |
New | --> | Finding="OPEN" |
Severity |
Info | --> | Informational |
Low | --> | Low |
Medium | --> | Medium |
High | --> | High |
Critical | --> | Critical |
CVE | --> | CVE |
CVSS3 | --> | Score Type |
CVSS3 | --> | Score Vector |
CVSS3 | --> | CVSS Score |
Vulnerability Tags | --> | Finding Tags |
Plugin ID | --> | Custom Field "Tenable Plugin ID" |
Scan ID | --> | Custom Field " Tenable Scan ID" |
VPR | --> | Custom Field "Tenable VPR" |
Exploit Available | --> | Custom Field "Tenable Exploit Available" |
Vulnerability Synopsis | --> | Custom Field "Tenable Synopsis" |
Threat Intensity | --> | Custom Field "Tenable Threat Intensity" |
Exploit Code Maturity | --> | Custom Field "Tenable Exploit Code Maturity" |
Age Of Vuln | --> | Custom Field "Tenable Age Of Vuln" |
Product Coverage | --> | Custom Field "Tenable Product Coverage" |
CVSS Impact Score | --> | Custom Field "CVSS Impact Score |
Plugin Family | --> | Custom Field " Tenable Plugin Family" |
Plugin Type | --> | Custom Field "Tenable Plugin Type" |
Scan Completed At | --> | Custom Field "Tenable Scan Complete Date" |
THREAT SOURCES | --> | Custom Field "Tenable Threat Sources" |
Plugin Output | --> | Affected Asset "Evidence" |
Asset Name | --> | Asset Name | PlexTrac searches for the first known value in the following order: |
IP | --> | Know IP Address |
Hostname | --> | Host Name |
Operating System | --> | Operating System |
Fully Qualified Domain Name | --> | FQDN |
MAC Address | --> | MAC Address |
Tags | --> | Asset Tags |
Port | --> | Affected Ports-Port |
Protocol | --> | Affected Ports -Protocol |
Issue Title | --> | Finding Title* | required |
Issue Description | --> | Finding Description* | required |
Issue Description | --> | References |
Issue Description | --> | Recommendations |
Disclosure Time | --> | Created at |
Publication Time | x | (not ingested) |
CVE Identifier | --> | CVE Identifier |
CWE Identifier | --> | CWE Identifier |
Severity Score Value | --> | Score Value |
Severity Score Calculation | --> | Severity Score Calculation |
Severity Score Type | --> | Score Type |
(no equivalent field in Snyk) | --> | Finding Status* | required; assigned a value of "Open" |
Issue Severity | --> | Finding Severity* | required; the five severity value mappings are listed below in italics |
| --> |
|
| --> |
|
| --> |
|
| --> |
|
| --> |
|
Nearest Fixed In Version | --> | Custom Field "Nearest Fixed In Version |
Fix Info | --> | Custom Field "Fix Info" |
Organization Name | --> | Custom Field "Organization Name" |
Organization ID | --> | Custom Field "Categorical Id" |
Package Name | --> | Custom Field "Package Name" |
Issue Type | --> | Custom Field "Issue Type" |
Violated Policy Public Id | --> | Custom Field "Violated Policy Public Id" |
Exploit Maturity | --> | Custom Field "Exploit Maturity" |
Patches | --> | Custom Field "Patches" |
Issue URL | --> | References |
Project Name | --> | Affected Asset Name |
Aggregate Title | --> | Finding Title* | required |
Detail Title | --> | Finding Description* | required |
Product | --> | Tags |
Product | --> | Source |
Priority Score | --> | Score Type General |
CVE | --> | CVE |
CWE ID | --> | CWE |
Issue URL | --> | References |
Severity Mapping | required; the five severity value mappings are listed below in italics |
| --> |
|
| --> |
|
| --> |
|
| --> |
|
| --> |
|
Primary Region | --> | Custom Field: "Source Location" |
Priority Score Factors | --> | Custom Field: "Snyk Priority Score Factors" |
Project Name | --> | Parent Asset* | required |
Primary File Path | --> | Child Asset* | required |
Primary File Path | --> | Affected Asset(s)* | required |
Vulnerability Name | --> | Finding Name |
Description | --> | Description |
Solution | --> | Recommendations |
See Also | --> | References |
Status |
Active | --> | Finding="OPEN" |
New | --> | Finding="OPEN" |
Severity |
Info | --> | Informational |
Low | --> | Low |
Medium | --> | Medium |
High | --> | High |
Critical | --> | Critical |
CVE | --> | CVE |
CVSS3 | --> | Score Type |
CVSS3 | --> | Score Vector |
CVSS3 | --> | CVSS Score |
Vulnerability Age | --> | Custom Field "Tenable Vulnerability Age" |
CVSS V3 Impact Score | --> | Custom Field "Tenable CVSS V3 Impact Score" |
Exploit Code Maturity | --> | Custom Field: "Tenable Exploit Code Maturity" |
Product Coverage | --> | Custom Field: "Tenable Product Coverage" |
Threat Intensity | --> | Custom Field: " Tenable Threat Intensity" |
Threat Recency | --> | Custom Field: " Tenable Threat Recency" |
Threat Sources | --> | Custom Field: " Tenable Threat Sources" |
Patch Published | --> | Custom Field: "Tenable Patch Published" |
Exploit Available | --> | Custom Field: " Tenable Exploit Available" |
Exploitability Ease | --> | Custom Field: " Tenable Exploitability Ease" |
Plugin Id | --> | Custom Field: " Tenable Plugin Id" |
Plugin Output | --> | Scan Output |
Asset Name | --> | Asset Name |
IP | --> | Know IP Address |
--> | Host Name |
Operating System | --> | Operating System |
MAC Address | --> | MAC Address |
Port | --> | Port |
Protocol | --> | Protocol |
The Authentication section under "Security" in the Admin Dashboard has two subsections: Authentication Methods and General Authentication Settings. This section enables admins to configure OAuth/OpenID and SAML providers.
The Authentication Methods page integrates PlexTrac with a third-party tool like Duo or Azure to authenticate and authorize access to PlexTrac.
Visit the Authentication Methods section for detailed instructions on configuration and setup.
The General Authentication Settings page is used to turn on or off the settings that require Multi-factor Authentication for all users.
The Security & User Management section allows admins to manage authentication, multi-factor prompts, user groups, access permissions, report access, and user account settings.
Security & User Management contains the following sections:
The Authorization button under "Security" in the Admin Dashboard allows user group membership and roles to be managed.
This page lists all users (first and last name), email/username, role, classification level, and if they belong to the default group.
Users in the list can be found via search, filtered by client, or sorted by first name, last name, or email/username.
The Default Group is the collection of users granted access to all clients by default. Adding users to this group automatically grants them access to all existing and new clients as they are created.
Removing a user from the Default Group does not remove previously granted client access and only removes the automatic assignment to new clients.
Step 1: From the Authorization page in the Admin Dashboard, select a client from the pulldown menu.
Step 2: A new button for adding users appears. Click Add/Authorize User.
Step 3: Select the user from the "User" pulldown menu or begin typing to filter the provided list.
Step 4: Assign the appropriate role from the "Role" pulldown menu, and, if applicable, assign a classification level.
Repeat as needed by clicking Add User.
Step 4: Click Save.
Roles can also be managed directly from the Authorization page.
Step 1: From the Authorization page in the Admin Dashboard, select a client from the pulldown menu.
Step 2: Click the pulldown menu under the "Role" column for the user to be changed and select the new role.
If not enabled, the column will not appear.
Administrators can tailor roles and permissions according to their specific requirements within the PlexTrac platform. This customization allows them to manage user access and privileges efficiently, ensuring a secure and organized environment.
If custom roles are required, create these before adding users. Otherwise, new users will need an assignment to an existing role, and adding the custom role later will be an additional step.
When creating custom roles, PlexTrac provides the following recommendations:
Create a role without any permissions to assign unused or intermittent access users. By implementing this practice, administrators can prevent unnecessary access to sensitive information or critical functionalities, mitigating potential risks of granting unnecessary permissions.
Use the Principle of Least Privilege when assessing role permissions. This principle advocates granting users the minimum access required to perform their designated tasks effectively. By adhering to this principle, administrators can significantly reduce the attack surface and the potential impact of security breaches, enhancing the overall security posture of the system.
Conduct periodic user and role audits for an accurate user access posture. Regular user and role audits are essential to maintaining a consistently secure user access environment. Periodic audits allow administrators to review and verify the permissions assigned to each user, ensuring that access rights align with individuals' current roles and responsibilities. This process helps identify deviations or discrepancies, ensuring the user access posture remains accurate and up-to-date.
When assigning roles to a user, it is essential to give each role a unique name. Although PlexTrac generates a unique ID for each role in the backend, the user interface may display seemingly identical values, leading to confusion, as shown below.
Step 1: From the Role Based Access page under "Security" in the Admin Dashboard, click Create Role.
Step 2: Enter the fields provided on the page. Role Name and Role Description are required.
Templates as Baseline: Select the desired baseline template from the drop-down menu when creating a new role.
Role Name: This required field is the role's name and will appear on the Role Based Access page.
Enabled: This feature displays if the role is activated and provides a simple way to disable access temporarily.
Description: A brief description of the role (required).
Users Assigned: Place the cursor in the box and type a user to find and associate users to this role. If a user already belongs to another role, additional screens will appear to disable the previous role or inherit an additional role to existing permissions.
User List: Assigned users will appear in a list under the User Assigned box. They can be deleted by hovering over the name with the cursor and clicking the red trash can icon.
All users MUST be assigned to at least one role, and the platform will provide an error message if an attempt is made to disable a role that contains a user with no other assigned roles.
Step 3: Scroll down the page to select/deselect permissions for the role by clicking the provided tasks to define permissions. A purple button means permission has been given for the role, while a grey button means no permission has been enabled. Clicking a purple button again greys it out and disables authorization.
In this example, all permissions except the ability to manage style guides and access to the admin dashboard where the style guides are managed were removed.
Step 4: Click Save.
A summary page appears to review the list of users and permissions. Click Edit if necessary to adjust.
The new role is listed with the number of users assigned and permissions.
Every role will have at least five permissions displayed on this page, even if no tasks are enabled due to permissions that cannot be configured. For example, if two task buttons were enabled, a number of "7" will show as the total enabled permissions.
The Role Based Access (RBAC) button under "Security" in the Admin Dashboard gives administrators granular control over permissions within PlexTrac, such as actions allowed for a specific user, permissions for customers, access to client data, and report access that restricts viewing sensitive data.
PlexTrac applies roles considering the tenant (instance) and client. This enables teams to grant users the privileges required to accomplish tasks for specific clients.
A user’s tenant role governs what portions of the platform they can access, including the modules, tools, and UI elements presented for use. A user’s permissions can be further scoped in the context of individual clients. Users must have a role in the context of each client.
PlexTrac has three default roles: Administrator, Standard User, and Analyst.
The Security: Role Based Access page includes permission settings on the following topics, which themselves may have additional subtopics allowing for further refinement:
Administration Permissions
Administration Access
Account Information
Custom Templates
Email Settings
General Settings
Integration Settings
Parser Actions
License Management
Security
Style Guides
Tags Management
Analytics Permissions
Analytics Access
Assessments Permissions
Assessment Questionnaires Management
Assessments Access
Assessment Reviewers
Client Permissions
Client Access
Client Asset Management
Client Management
Reports Permissions
Report Access
Report Artifacts
Report Findings
Report Procedures
Runbooks Permissions
Runbooks Access
Runbooks Methodologies
Runbooks Procedures
Runbooks Tactics
Runbooks Techniques
Runbooks Engagements
Runbooks Testplans
Customizations
Customizations Access
Content Library Permissions
NarrativesDB
WriteupsDB
RunbooksDB
Priorities Permissions
Priorities
An icon within the RBAC list identifies permissions that require a license.
For a tenancy, a license can be in different states:
A valid key: In this scenario, no banner message will appear.
An invalid license key: In this scenario, a banner appears (when adding users or viewing a role within the Admin Dashboard), and the admin needs to contact licensing@plextrac.com.
More licenses needed: This scenario applies to situations where the number of licenses remaining is three or fewer, and the admin should contact licensing@plextrac.com. A banner appears when adding users or viewing a role within the Admin Dashboard.
No license key: This scenario could apply to a new instance, and the admin needs to contact licensing@plextrac.com. No banner message is provided.
Platform-wide permissions include access to specific modules (WriteupsDB, Assessments, etc.), the Account Admin section, platform settings, and user management. These permissions are specific to platform access and assigned in the Role Based Access area of the Admin Dashboard.
Users may be assigned to more than one role. Tenant permissions are additive. Adding users to a less-privileged role does not remove other roles or restrict permissions.
Within a tenancy, the following business rules apply:
Administrator: A tenant administrator can access all tools, modules, and UI elements on the platform (all aspects of the Admin Dashboard).
Standard User: A standard user can access all modules and UI elements outside the Admin Dashboard.
Analyst: An analyst user cannot access the Content Library or Runbooks modules. Additionally, most UI elements that provide create or edit capabilities are unavailable.
Admin user permissions can be viewed by clicking the Administrator box on the Security: Role Based Access page.
An administrator is PlexTrac's highest permission role, and admins have complete control and access over every part of the application.
Click the Standard User box on the Security: Role Based Access page to view standard user permissions.
The differences between Standard User and Administrator roles:
No access to Administration Access
No access to Account information
No access to Custom Templates
No access to Email Settings
No access to General Settings
No access to Integration Settings
No access to Parser Actions
No access to License Management
No access to Security
No access to Style Guides
No access to Tags Management
View only permissions for client users (cannot create or delete client users)
View only permissions on Customizations (cannot credit, edit, or remove)
Cannot manage repositories in the Content Library
View only ability on Priorities (cannot create, delete or edit)
View only ability on priority scoring equations (cannot create, delete, or edit)
Analyst user permissions can be viewed by clicking the Analyst box on the Security: Role Based Access page.
Analysts have the same restrictions as Standard Users, plus the following:
View only permissions for assessment questionnaires
Cannot delete assessments
Cannot add or remove reviewers from assessments
Cannot create or delete clients
Can only view client assets (cannot create, import, delete or edit assets)
Cannot manage client users
Can only view or export reports
Can only update or view report findings
Cannot access report procedures
Can only view runbook engagements (no access to other sections of runbooks)
Cannot access Content Library
The role assigned to a user at the client level sets the client, reports, and findings permissions for that client.
In the context of a client, the following business rules apply:
Administrator: A client administrator can edit any data associated with the client, such as the client record, assets, and reports, and manage access of client users.
Standard User: A standard user can edit any data associated with the client, such as the client record, assets and reports.
Analyst: An analyst user can view client assets and related data, reports in published status, upload and delete artifacts in reports, and change the remediation status of findings.
This task is for existing users. This is not the process for adding users to PlexTrac. directly from the Clients module.
When classification tiers have been enabled (configured in Admin Dashboard>Security>), a column will appear on the Authorization page, allowing further security restriction configuration for each user by the client.
Client-based permissions are specific to using and accessing Clients, Reports, and Findings. These permissions are assigned on a client level, and more information can be found by visiting .
An audit log records events or activities within PlexTrac. Its primary purpose is to provide a chronological and detailed account of actions taken by users and processes, along with relevant information such as timestamps, user IDs, and specific event details.
The audit log is found under the Audit log button of the Admin Dashboard under "Security & User Management."
The following key actions are recorded in the audit log:
Logins (successful, failed, lockouts, etc.)
Password changes
User creation/deletion/updates
Unauthorized access attempts (e.g., someone tried to view a report that they were not allowed to see)
RBAC changes (e.g., a user is assigned to a client)
The page defaults to the most recent events and lists the user, event, and time of the action. Use the filters above to narrow the dates of the events or search for a specific event.
For example, to find users who changed their password in the past month, click the box for "Start date" and select the past 30 days, then type "password" into the search box.
The list of events presented on the page dynamically updates.
The Classification Tiers button under "Security" in the Admin Dashboard is where the functionality for classification tiers is turned on or off.
Classification tiers functionality is turned off by default.
Classification tiers enable control for specific users to view and modify particular reports for a specific client. For example, most users may have access to a client and most reports, but a few users may require a higher classification tier to work on a report with more sensitive data.
Once turned on, PlexTrac provides three tiers by default (Tier 1, Tier 2, and Tier 3). The higher the classification level, the more restrictive it is (i.e., Tier 1 is the lowest). For example, everyone in Tier 2 has access to Tier 1, but Tier 2 users do not have access to Tier 3 reports.
Once enabled by toggling on, the default classification tier values and descriptions can be edited, and new ones can be created and managed.
Step 1: After enabling classification tiers, click Create Classification.
Step 2: Enter a classification tier name and description in the provided boxes. If ready to implement, toggle on the "Enabled" button.
Step 3: Click Save.
A message will appear briefly confirming the addition of the new tier, and it will appear on the list at the top of the list by default as the most restrictive.
Step 4: If the new value's default placement at the top is inaccurate and needs adjustment, select and move the value's bar on the page to reflect its appropriate classification level in the existing tier structure.
Once a row is moved, the tiers dynamically reorder and display their new classification level (the bottom of the list will always be the least restrictive Level 1).
Step 5: Exit this page by clicking the breadcrumb Admin Dashboard.
Step 6: Click Security under "Security & User Management."
Step 7: Click Authorization.
Step 8: Select the desired client from the "Client" pulldown menu.
Step 9: Identify the user to configure, click the pulldown menu of the column "Classification Level," and select the appropriate value.
Step 10: Click the Reports module, select a report, and click the Details tab.
Step 11: Click the pulldown menu of "Report Classification" and select the appropriate tier value. Click Save.
Step 1: From the Classification Tiers page, click the value to edit.
Step 2: Make any edits and click Update Classification.
Classification tiers cannot be deleted. This is to protect against existing protected reports being unintentionally exposed. If a specific tier is no longer needed, however, it can be disabled (if to be used again in the future) or edited to reflect a new tier classification.
If classification tiers are disabled at the feature level, any previously classified reports will be exposed, as tier protection will no longer apply.
To disable the value from appearing as an option elsewhere in PlexTrac, toggle off the "Enabled" button and click Update Classification.
If disabling a classification tier, it may be necessary to refresh the browser for the value to disappear.
The Users button under "Security & User Management" in the Admin Dashboard allows an admin to view user information and last login date, add users, change passwords, manage authentication providers, lock users, manage MFA per user, disable users, and delete users.
First Name: The user's first name.
Last Name: The user's last name.
Email: The user's email and used to send notifications and account-related emails.
Uses License: Identifies if the person is considered a licensed user.
Tenant ID: The ID of the tenant that the user belongs to.
User ID: The unique ID of the user.
Last Login: The date stamp that the user last logged in.
Authentication Provider: The provider used to authenticate the user.
Change Password: Clicking this will send a password reset email to the email address provided. A warning message will appear to confirm the action.
Account Locked: PlexTrac will lock a user out after multiple failed attempts to protect against brute force attacks. When a user is locked out, this field is not greyed out and will toggle on to identify the user is locked out. The toggle is then actionable for an admin to unlock the user.
MFA Enabled: When enabled by an admin, either at the global level or by a user individually, an admin can disable MFA if a user loses a token and needs to reset MFA.
User Disabled: This prevents a user from logging in when access needs to be temporarily restricted.
Delete: This removes a user from PlexTrac and is used when access needs to be permanent.
Each user added to a licensed role is considered a paid user. When a role is licensed, an icon will appear at the end of the role title (regardless of the number of licenses available).
Roles that use a license are also identified on the RBAC page.
Visit the RBAC page for information on the various messaging related to licensed users and their relationship to permissions.
If a user is added to a role that requires a license but no more seats exist, an error message appears.
Disabled paid users count towards the total user license. To remove a user from the count, a user must be disabled and removed from any assigned paid roles.
Users can be added via the platform or a CSV file template.
If custom roles are required, create these before adding users. Otherwise, new users will need an assignment to an existing role, and adding the custom role later will be an additional step.
Step 1: From the Users page of the Admin Dashboard, under "Security & User Management," click Add Users.
Step 2: Enter the user's email, first name, last name, role, and classification level (if applicable), as well as identify whether the user should belong to the Default Group.
The Default Group is a collection of users who, by default, have access to all clients in PlexTrac. When a user is added to the Default Group, they are granted access to all existing clients, and when a new one is created, they are automatically assigned access.
Removing a user from the Default Group does not remove previously granted client access but only removes the automatic assignment to new clients.
Step 3: Click Add User to repeat the process and add more users. When finished, click Create user.
A message will appear confirming the addition, and the new user will appear on the Users page.
Users also can be created in bulk using a CSV template.
To download the template with four sample values, click the file here:
The CSV file has five fields to collect user information to be imported:
Step 1: Download the PlexTrac Users CSV Template.csv file, delete the sample values, and enter the user information to import.
If any custom roles exist in the CSV file not currently in PlexTrac, add them now before continuing to reduce rework.
Step 2: From the Users page of the Admin Dashboard, under "Security & User Management," click Add Users.
Step 3: A modal appears. Click Import users from CSV.
Step 4: A window opens to select the CSV file from the computer. Select the file to import.
Step 5: The information in the CSV file is imported into the "Add New Users" window for review.
Step 6 (optional): If standard roles were used, no changes are needed. If a custom role was assigned to an imported user, manually select it by clicking the "Role" pulldown menu for the impacted user and selecting the desired custom role value.
Step 7: The tool may retain a blank row at the top that must be removed before importing. Click Delete for that row.
Step 8: Click Create X users.
A message will appear confirming users were added (the time required depends on the number of users). The users will appear on the page.
Password reset emails can be sent to users by clicking the green circle icon under the "Change Password" column for the desired user.
A dialog box will appear asking for confirmation. Click Send Password Email.
The Licensing section allows admins to manage software licenses and product keys to activate and authenticate PlexTrac modules and integrations. Admins can also configure priority settings at the tenant or client level.
This allows an admin to enter a license key by entering a key into the provided box and clicking Add License.
The version for a tenancy can be obtained at the bottom of any page in the Admin Dashboard.
The list of licenses for a tenancy can be obtained at the bottom of any page in the Admin Dashboard by clicking Licenses.
This option determines if a priority created in the Priorities module can apply to a tenant or must be specific to a client and whether it appears to end users after creation. The default value is Tenant-level priorities
.
Modifying this option after users have created priorities can change the priorities displayed on the Priorities module home page. Priorities assigned to specific clients will not be shown if the tenant is set to "Tenant-level priorities.
"
If Tenant-level priorities
is selected, a user can set up a priority across all clients in the tenancy with access to all findings and assets in the platform.
This will be identified to users in the Priorities module home page under the "Client" column as All clients
.
If Client-level priorities
If selected, a user must choose a client when creating a priority and can only link assets and findings from that client.
This will be identified to users in the Priorities module home page under the "Client" column by listing the client's name.
CSV header | required field? | Notes |
---|---|---|
If two roles are created with the same name, they cannot be differentiated in the pulldown menu, which is why it is best practice to use unique role names.
yes
A vid email format is required.
first name
yes
last name
yes
role
no (will default to a value of "Standard User" if left blank or a custom role is used)
Accepted values are the default PlexTrac roles: admin
, standard user
, and analyst
. The values are not case-sensitive.
NOTE: The backend value of STD_USER
for the role of "standard user" is also valid.
Custom role names can be used and will not break import, but at this time, any values in the CSV beyond the standard values listed above will map to "Standard User" by default when the import is first loaded and require manual intervention to update before completing the import task (see instructions below).
default group
no
Accepted values are TRUE
(user belongs to default value) and FALSE
(user does not belong to default group).
The Support Portal is reached by clicking the user name in the upper right and then clicking Help Center.
A new browser window/tab will open outside of the platform, containing the home page of the Support Portal.
The White Labeling section of the Admin Dashboard allows organizations to maintain their brand identity, provide a consistent user experience, and reinforce their unique business context throughout the platform.
White labeling allows both Managed Security Service Providers (MSSPs) with multiple clients and Enterprise customers managing various internal business units or groups to customize the labels that appear throughout the platform. This customization lets administrators personalize and align the platform with their business needs and branding.
An administrator can substitute the generic term "clients" with the company's name, resulting in a more personalized and professional user experience.
Likewise, an Enterprise customer using PlexTrac to manage different internal business units or groups can customize the labels to match the specific terminologies used within their organization. This ensures the platform integrates seamlessly with existing processes and naming conventions, making it more user-friendly for their teams.
PlexTrac breaks white labeling into two categories: Core and Menu.
Modifications to "core" values apply to all instances of the term used in the platform EXCEPT for the names of the main menu and module pages. These changes include column headings, button labels, and table values.
In the following example, using the Clients module home page, the core values "client" and "clients" have been replaced with "Karbo Securities." While the updated company name can be seen throughout the page, the main menu item and module name remained the same.
Modifications to "menu" values apply only to the main menu in the left nav bar and page names that reference the module specifically.
In the following example, using the same Clients module home page as before, the menu value and module name of "Clients" was changed to "Karbo Securities" while the core values stayed with the default.
Step 1: From the White Labeling page of the Admin Dashboard, enter a new value in the desired field.
Values can only be entered in lowercase, but when updated, the first letter of each word will be capitalized.
Step 2: Click Update Labels.
The new value(s) will immediately be updated within the platform for users.
When white labeling values for clients with changes to the menu or core values, the table count label does not change.
In addition, a change to the plural core value OR the menu value will be reflected in the value next to the people icon at the top of the Clients module home page. However, just a change to the singular form of the core value will not result in a change.
Clicking Logout will end the existing session and log the user out of PlexTrac, providing an easy and secure way to end their session and prevent unauthorized access to the account.
Individual session tokens last 15 minutes when accessing PlexTrac through an API. However, when accessing PlexTrac via the platform, the authentication token is automatically renewed before expiration. This automatic renewal ensures the user's session remains active without requiring manual re-authentication.
PlexTrac offers an integration with Jira Cloud and Jira Data Center to allow red and blue teams to collaborate without switching between tools.
PlexTrac will support the JIRA Data Center in place of the JIRA Server solution beginning on February 15th, 2024.
PlexTrac provides the option to synchronize with Jira in the following ways:
Unidirectionally from PlexTrac to Jira
Unidirectionally from Jira to PlexTrac
Bidirectionally
One-time from PlexTrac to Jira
One-time from Jira to PlexTrac
The integration can be with one or more Jira projects, and each project can have mappings of fields and project issue types configured separately.
Only one Jira integration can exist per PlexTrac instance.
Step 1: From the Admin Dashboard, click Integrations under "Tools & Integrations".
Step 2: Click the Jira box.
Step 3: Select if the integration is with Jira Cloud or Jira Server.
Step 4: Input the correct information in the provided fields.
Step 5: Click Save & Continue.
If a successful connection is found, the tool will progress to the next tab to continue. If the connection is unsuccessful, a warning message will appear at the top of the page, and progression will only be possible once the error is resolved.
Step 6: On the Select projects tab, choose the project(s) from Jira to integrate with by clicking the box next to the desired project. Only these projects will be available when creating tickets from findings. Click Continue with all projects when finished.
Step 7: On the Map fields tab, select a project to configure from the pulldown menu "Project name."
Step 8: Select the Jira project issue type to configure from the provided list.
Step 9: Review the default mappings and adjust as desired.
PlexTrac findings cannot be created from Jira issues. Syncing from Jira to PlexTrac will occur after the initial issue creation.
The direction and synch of information between fields are identified from the symbol displayed between the PlexTrac and Jira fields.
Required fields are identified with a red asterisk and cannot be deleted.
To modify the direction, click the icon, then select the desired direction from the options provided. The icon arrow points to the direction the information flows between the two fields.
Jira to PlexTrac (Continuous sync)
When a change occurs in a Jira issue, the connected PlexTrac finding will be updated. When changes occur in PlexTrac, the Jira issue will not be updated. PlexTrac findings cannot be created from Jira issues. Syncing from Jira to PlexTrac will occur after the initial issue creation.
Bidirectional (Continuous sync)
When a change occurs in a PlexTrac finding, the connected Jira issue will be updated. When changes occur in Jira, the PlexTrac finding will be updated.
PlexTrac to Jira (Continuous sync)
When a change occurs in a PlexTrac finding, the connected Jira issue will be updated. When changes occur in Jira, the PlexTrac finding will not be updated.
PlexTrac to Jira (One-time sync) Syncs data from PlexTrac to Jira upon ticket creation. A change in a PlexTrac finding will not be synced to the connected Jira issue.
If a bidirectional or Jira to PlexTrac direction is configured, be aware that a user in Jira could change findings values in PlexTrac despite not having access or permissions to do so within PlexTrac.
Step 10: Repeat this process for each project issue type.
The options available in the PlexTrac field pulldown menus are contextual to the values selected in the Jira column. To change the options provided for PlexTrac fields, change the field provided in the Jira column.
To add a new row for additional mappings not provided by default, click the plus icon at the bottom (after the last mapping).
Click within the pulldown menu of the previous row just added to select the new PlexTrac field.
Not all fields in PlexTrac are available for mapping to all fields in Jira. In those scenarios, fields will display a red icon when hovering over the field and a text description of "incompatible data type" when scrolling through the list of fields.
After selecting the field in Jira to map with, use the provided field values to configure the relationship between PlexTrac and Jira by clicking the plus sign on one box and clicking on the desired box in the other system to create a visible purple line denoting the relationship.
Existing lines can be deleted by hovering over the line and clicking the red x.
To delete any row, hover over it with the cursor and click the red trashcan icon.
Step 11: Click Save & Continue.
Step 12: Set how often data from Jira refreshes in PlexTrac on Select settings & save tab using pulldown menu.
If "Every day" is selected for the refresh frequency, the daily synch time will occur at 04:45 UTC (9:45 PM MTN).
Click Save & Continue when finished.
A modal will briefly appear, confirming the success of integration.
PlexTrac custom fields can be added for mapping to a Jira field.
Step 1: Click the plus icon at the bottom of the Map fields tab (after the last existing mapping).
Step 2: Click the pulldown menu on the Jira column of the row just added to see the available fields in Jira to map.
The Jira field must have a data type value of "String" or "Non-Nullable String." The Jira data type is shown in the right column of the Jira fields when looking at the options provided in the Jira field pulldown menu.
Step 3: Click within the PlexTrac column pulldown menu of the row just added and select "Custom Field" from the list.
Step 4: Enter the custom field key name.
If the custom field key entered is different than what exists in PlexTrac, the mapping will not work, and a new custom field with that incorrectly entered value will be created in PlexTrac.
Step 5: Click Save.
Jira custom fields available for mapping can be viewed by clicking a field in the Jira column and scrolling to the bottom of the window under the label "CUSTOM."
The finding reported date can be mapped so that any future findings will automatically update this value in Jira.
Step 1: Click the plus icon at the bottom of the Map fields tab (after the last existing mapping).
Step 2: Click the pulldown menu on the Jira column of the row just added and select "Start Date."
Step 3: Click the pulldown menu on the PlexTrac column of the same row and select "Created Date."
Step 4: Click Save.
Any linked findings in PlexTrac will now be updated in Jira. If the mapping is configured for bidirectional, changes in this value in Jira will update in PlexTrac the next time data synchronization occurs.
Step 1: From the Admin Dashboard, click Integrations under "Tools & Integrations".
Step 2: Click the Jira box that shows the status of "Connected."
Step 3: Click Edit under the "Actions" menu of the connection to modify.
This screen is also the location to disable or delete a Jira connection.
Step 4: Go to the desired tab to adjust as desired.
Two ways exist to disable a Jira integration:
Temporarily, by toggling the button under the "Enabled" column.
2. Permanently, by clicking Delete under the "Actions" column.
A data type value of "any" is displayed when PlexTrac does not know the data type due to how the field was added to Jira through a plug-in. Mappings with a data type value of "any" may not work as intended.
The custom field key is located on the Custom Fields tab of a finding that is found via the Reports module.
In the Tools & Integrations section, admins can enable parser plugin actions and configure integrations with different platforms, enhancing its capabilities and facilitating seamless collaboration with other tools.
Tools & Integrations includes the following sections:
Visit the Integrations section for a list of supported parsers, APIs, and mappings.
PlexTrac enables two-factor authentication at the account level and is managed on the Two-Factor Authentication tab of the Personal Settings page. Two-factor authentication is a security measure that requires users to provide two forms of identification to access an account or system.
Two-factor authentication (2FA) is a security measure that significantly protects against unauthorized access to sensitive information and accounts. It works by adding an extra layer of verification to the traditional password or PIN login process. When a user attempts to log in, they are required to provide not only their regular credentials, such as a username and password, but also a second form of authentication.
The second authentication factor can take various forms, such as a unique code sent to the user's mobile device via SMS or generated by an authentication app, a fingerprint or facial recognition scan, a hardware token, or even a one-time password sent to an email address. The significance of 2FA lies in its ability to counteract the vulnerabilities of using passwords alone.
Step 1: Click the Two-Factor Authentication tab on the Personal Settings page.
Step 2: Click Set up Two-Factor Authentication.
Step 3: Scan the QR code with the phone and input the token provided on the device.
Step 4: Click Confirm. The modal will disappear, and a message will confirm that Two-factor Authentication is enabled.
Step 1: Click the Two-Factor Authentication tab on the Personal Settings page.
Step 2: Click Reset Token.
Step 3: A confirmation modal appears. Click Reset.
Step 4: Scan the QR code and click Confirm.
Step 1: Click the Two-Factor Authentication tab on the Personal Settings page.
Step 2: Click Disable Two-Factor Authentication.
Step 3: A confirmation appears. Click Disable.