Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
The following guide outlines the steps to quickly onboard new users to production.
Before downloading and using a template, it is highly recommended to read the Using Templates Overview page for orientation.
Step 1: Download the single-scope template below that matches the desired report use case:
The Single Scope (Generic) Template
Pentera Integration Template
Internal Penetration Report Template
External Penetration Report Template
Step 2: Upload the downloaded single-scope Template into PlexTrac.
Reference the Using Templates Overview page for instructions on associating the export template correctly.
Step 3: Attach the single-scope template to a report.
Within the report, navigate to the Details tab. In the "Report Template" field, select the template created in Step 2 and Click Save.
Step 4: Add the custom fields leveraged by the export template. Predefined custom fields are included in single-scope templates.
On the Details tab of the report, click Add Custom Field at the bottom of the page and create the following 'Report Custom Field' labels:
Author
Author Title
Author Email
Company Name
Company Address
Once completed, Click Save.
Step 4 can also be completed when creating the Report Template.
Reference the 'Using Templates Overview' page for more information.
Step 5: Export the report.
Any narratives, findings, and affected assets expected in the report must be added before export.
To access additional pre-built customization options, please proceed to the following pages.
The Cover Page option defines the format for the cover page. Users can replace cover art and branding with any option and include additional static content, such as a disclosure statement.
References for additional Report Custom Fields beyond what is presented in the default options can be added.
Don't forget to replace the placeholder text with the organization’s name and address.
Step 1: Open the single-scope template.
Step 2: Go to the "OPTION TOGGLES" section of the setup code.
Step 3: Go to the nn.cover_page_option
line. The number listed represents the option that will be leveraged. Modify the value to match the desired option (information on the different options is listed below).
Click each expandable section for more information.
The Strict Narratives option allows users to choose between utilizing predetermined narratives within the report or selecting any custom narrative they prefer.
Step 1: Open the single-scope template.
Step 2: Go to the "OPTION TOGGLES" section of the setup code.
Step 3: Go to the bb.strict_narratives
line. The value listed determines the presentation of narratives within the report. The default value is "true." Modify the value as desired.
If bb.strict_narratives
is set to true
, the report will expect the narratives to be present and populated:
Introduction
Methodology
Scope
Summary of Findings
These narratives will be displayed in the order above.
If bb.strict_narratives
is set to false
, the report will display any narrative in the report in the order entered.
The only narrative it won't show in order is a narrative with "Appendix" in the title. In that scenario, the narrative will appear at the bottom of the report.
If bb.strict_narratives
is set to "true," but the fields above are not in the report, the following error message will appear in the export report:
The Summary Table option allows users to choose between multiple table presentations of findings.
Step 1: Open the single-scope template.
Step 2: Go to the "OPTION TOGGLES" section of the setup code.
Step 3: Go to the nn.summary_table_option
line. The number listed represents the option that will be leveraged. Modify the value as desired.
Click each expandable section for more information.
Color codes are applied to table headings and text to provide clear and immediate insights. Table headings can be color-coded to aid readers in prioritizing information. Severity levels are emphasized through text color codes, where "High" may appear in red, "Medium" in orange, and "Low" in blue. These color cues enable efficient data interpretation and decision-making in security-related contexts.
Step 1: Open the single-scope template.
Step 2: Go to the "COLOR CODES" section of the setup code.
Step 3: Insert the new desired hexadecimal color code into the highlighted value area to change and save the document.
Do not include the hash symbol.
The legacy highlighted colors used for visual context will not match the new color code entered in Step 3 unless updated manually in the Word document.
The Finding Details option allows users to choose between multiple presentations of finding details information.
Step 1: Open the single-scope template.
Step 2: Go to the "OPTION TOGGLES" section of the setup code.
Step 3: Go to the nn.detailed_findings_option
line. The number listed represents the option that will be leveraged. Modify the value as desired.
Click each expandable section for more information.
This option allows for adding a prefix to findings in the report. The default value is " ", which means no prefix is added.
Step 1: Open the single-scope template.
Step 2: Go to the "OPTION TOGGLES" section of the setup code.
Step 3: Go to the ss.scope_prefix
line. The value listed determines if the prefix will be displayed or not. Insert a variable to add a prefix to the automatically generated finding numbers.
The prefix will be applied to numbering in the Finding Summary and Detailed Findings sections.
This option allows for omitting any raw evidence in the report. The default value is "false."
Step 1: Open the single-scope template.
Step 2: Go to the "OPTION TOGGLES" section of the setup code.
Step 3: Go to the bb.include_raw_evidence
line. The value listed determines if the evidence will be displayed or not. Modify as desired.
Step 4: For raw evidence to appear in the report, it must be enabled both in the report settings and within the template. Navigate to the Details tab of the report, scroll to the bottom of the page, and toggle on "Include Raw Evidence on Export."
Enabling bb.include_raw_evidence
will significantly increase the export time and length of the report.
This option allows for omitting any findings with a severity rating of "Informational." The default value is "true."
Step 1: Open the single-scope template.
Step 2: Go to the "OPTION TOGGLES" section of the setup code.
Step 3: Go to the bb.display_informationals
line. The value listed determines if the findings will be displayed or not. Modify as desired.
If set to true
, all findings with a severity rating of "Informational" will appear in the report.
If set to false
, all findings with a severity rating of "Informational" will be omitted from display throughout the exported document, not tabulated in the count of findings table (called with display_findings_count)
and omitted from display in the Finding Summary Tables and Detailed Findings.
This option determines the number of lines inserted between each finding in the Detailed Findings Section of a report. The default value is 3.
This option is enabled only if bb.page_break_between_findings is set to "false."
Step 1: Open the single-scope template.
Step 2: Go to the "OPTION TOGGLES" section of the setup code.
Step 3: Go to the nn.newlines_between_findings
line. Change the value to increase or decrease the lines inserted between each finding in the Detailed Findings Section.
The paragraph spacing is determined by the settings applied to the "Normal" style in Microsoft Word. Standard options for line spacing include single spacing (1.0), 1.5-line spacing (1.5), and double spacing (2.0). These settings can be adjusted in the "Paragraph" section of Word.
This option determines if the report displays the associated port number, protocol, service and version data for affected assets. The default value is "false."
Step 1: Open the single-scope template.
Step 2: Go to the "OPTION TOGGLES" section of the setup code.
Step 3: Go to the bb.dispay_port_data
line. Change the value to "true" to display any associated port number, protocol, service and version data if available for affected assets.
If bb.dispay_port_data
is set to true
, the report displays any associated port number, protocol, service and version data for affected assets.
If bb.dispay_port_data
is set to false
, only the name of the affected asset(s) will be displayed in a comma-delimited list.
This option inserts a page break between each finding presented in the Detailed Findings section of the report. The default value is false.
Step 1: Open the single-scope template.
Step 2: Go to the "OPTION TOGGLES" section of the setup code.
Step 3: Go to the bb.page_break_between_findings
line. The value listed determines if the prefix will be displayed or not. Change the value to "true" to have page breaks inserted.
These are the included pre-built macros for the single-scope report export template. Click each expandable section for more information.
The Finding Status option lets users display each finding's status in the Finding Details section.
Step 1: Open the multi-scope template.
Step 2: Go to the "OPTION TOGGLES" section of the setup code.
Step 3: Go to the nn.display_finding_status
line. The default value is true
, which will display a finding's status in the Finding Details section. Modify the value as desired.
A single-scope template is a pre-built report export template best suited for documenting and addressing a single, tightly defined scope or area of concentration within a project or assessment. This innovative approach offers several advantages, making it an invaluable tool in various domains, especially cybersecurity and risk management.
Single-scope templates are helpful for the following security reports:
Vulnerability Assessment Reports: These reports identify and document vulnerabilities within a specific system, network, or application.
Penetration Testing Reports: These reports describe the methods used, vulnerabilities exploited, potential risks, and recommendations for improving security.
Compliance Assessment Reports: These templates help evaluate compliance, providing an overview of status and areas that require attention.
Incident Response Plans: Single-scope templates create incident response plans that address specific cybersecurity incidents.
Security Risk Assessments: These assessments help organizations understand potential threats and vulnerabilities within the assessed scope.
Security Incident Reports: These are used to generate incident reports that detail the incident's impact, root causes, and recommendations to prevent future incidents.
This template has options to configure the presentation of several topics. Click the link below for instructions on each topic.
Visit the Using Export Templates page for an overview of implementing the template when ready to export a report.