Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
One key benefit of PlexTrac is the ability to connect with various security assessment tools, templates, and applications. These connection points allow for the import of findings, assets, and other vulnerability data from popular tools, eliminating manual data entry, reducing human error, and saving time.
Below is a list of third-party tools, templates, API integrations, instructions, and field mappings that users can leverage to import data into PlexTrac.
The Tools & Integrations section of the Admin Dashboard allows for the configuration and setup of parsers, third-party tools, and APIs.
An API (Application Programming Interface) is a set of rules, protocols, and tools that allow different software applications to communicate and interact. It provides a standardized way for developers to access and manipulate the functionalities and data of a particular system or service.
PlexTrac offers several integrations, some of which are available for immediate use and others that may require a license. These APIs enable seamless communication between PlexTrac and external systems or applications, facilitating data exchange, automation, and extended functionality.
Visit the PlexTrac API section for information about leveraging the PlexTrac API.
Additional information for each integration can be accessed by clicking the logo within a card.
PlexTrac allows users to import data from a wide range of security assessment tools and CSV templates, making it easier for teams to aggregate and centralize their assessment findings, test results, and vulnerability data within the platform.
PlexTrac's integration capabilities support data ingestion from over 25 tools commonly used in the security industry. These parsers are built into the platform and are readily available to users without additional licensing requirements. The parsers extract the relevant information from the imported data and convert it into a unified format within PlexTrac, allowing for consistent representation, analysis, and reporting.
Parser actions are configured at the admin level on the Admin Dashboard.
Applications that can be imported into PlexTrac are listed below. Clicking the card below will open additional information, such as field mappings and configuration instructions.
PlexTrac offers a variety of CSV (Comma-Separated Values) templates. These templates serve as predefined structures that allow users to organize and format their data so it can be imported into PlexTrac easily.
CSV files are widely used because they are lightweight, easy to generate and parse, and can be opened with a simple text editor. The structure of a CSV file is straightforward. Each line in the file represents a row of data and a delimiter, typically a comma, which separates the values within each row.
Finding Imports: Visit the CSV Findings page for more information and guidance on which CSV template to use when importing findings.
Additional information (field mappings and instructions) can be accessed by clicking the CSV icon within a card.
Applications that export data into PlexTrac are listed below. Additional information can be accessed by clicking the card below.
PlexTrac supports importing XML files from Acunetix. Acunetix is an automated tool for auditing web applications to identify security vulnerabilities. It scans for issues such as SQL injection, cross-site scripting, and other security threats. Additionally, Acunetix evaluates service misconfigurations, outdated protocols, and network vulnerabilities.
Below are the field mappings from Acunetix to PlexTrac, broken up by findings and assets. If a field is not listed, PlexTrac does not currently import it.
Tables include the following columns:
Acunetix Field: the field name that appears in Acunetix
PlexTrac Field: the field name that appears in PlexTrac
Direction: displays the direction in the flow of data occurring for the integration (a value of "x" means that the value is not imported)
Acunetix Field | Direction | PlexTrac Field |
---|---|---|
Acunetix Field | Direction | PlexTrac Field |
---|---|---|
Accunetix
-->
PlexTrac
Title
-->
Finding Title
Description
-->
Description
CVSS2
-->
CVSS Type
CVSS2
-->
Vector
CVSS2
-->
Score
CVSS3
-->
CVSS Type
CVSS3
-->
Vector
CVSS3
-->
Score
Recomendations
-->
Recomendations
Refrences
-->
Refrences
CWE
-->
CWE ID
Severity
-->
Severity
Host Name
-->
Parent Asset
Path
-->
Child Asset
Evidence
-->
Affected Asset Evidence
Request
-->
Affected Asset Evidence
PlexTrac supports importing HTML and XML files from Burp Suite Professional and Burp Suite Community product offerings. Burp Suite is a software tool for web application security testing that helps security professionals and developers identify and exploit security vulnerabilities.
Responses will be trimmed if HTML is used.
Below are the mappings of fields and any reference notes to provide context. If a field is not listed, PlexTrac does not currently import it.
If a field is not listed, PlexTrac does not currently import it.
PlexTrac supports importing XML files from Checkmarx. Checkmarx provides software security solutions for detecting and preventing security application vulnerabilities. The primary focus is static application security testing (SAST), which involves analyzing an application's source code to identify security vulnerabilities and coding errors before deployment.
Below are the mappings of fields and any reference notes to provide context. If a field is not listed, PlexTrac does not currently import it.
PlexTrac Field | Burp Path | Notes |
---|---|---|
PlexTrac Field | Burp Path |
---|---|
PlexTrac Field | Burp Path |
---|---|
PlexTrac Field | Checkmarx Path | Notes |
---|---|---|
PlexTrac Field | Checkmarx Path | Notes |
---|---|---|
Finding Title
issue/name
Severity
issue/severity
maps "Information" to "Informational"
References
issue/vulnerabilityClassifications
removes the chars
References
references
Finding Description
issue/issueBackground
Evidence
issue/issueDetail
Finding Status
"Open"
Recommendations
remediationBackground
CWE ID
vulnerabilityClassifications
Asset
issue/path
Hostname
issue/path
Known IP Addresses
issue/host@ip
Evidence
issue/requestresponse/request
issue/requestresponse/response
Asset
issue/host
Hostname
issue/path
Known IP Addresses
issue/host@ip
title
<Query Name=(attribute value for title)>
If the name
attribute within the query
element contains an underscore, PlexTrac replaces the underscore with a space
severity
<Query Severity=(attribute value for severity)>
references
<Query cweId=(attribute value for references)>
recommendations
<Result DeepLink=(attribute value for recommendations)>
PlexTrac joins all items in the DeepLink element in the Result element
description
Hard Coded w/ "This was identified via Checkmarx scanner, please view affected assets for more details."
tags
<Query categories=(attribute value for tags)> and <Query group=(attribute value for tags)>
To convert categories into a list using ";" as a delimiter, and to append the group attribute to categories to create comprehensive tags, follow these steps:
Separate each category with a semicolon (;).
If a category has an associated group attribute, append this attribute to the category.
Ensure all tags are accurately represented.
source
Hard Coded "Checkmarx"
asset
<Result name=(attribute to be used in asset name)> and Path>
Ensure that both the attribute name and the element filename are present and identical.
PlexTrac supports importing XML files from HCL AppScan. HCL AppScan is a security testing tool used to identify and address security vulnerabilities in web applications before deployment. It uses a combination of dynamic application security testing (DAST) and static application security testing (SAST) techniques to identify vulnerabilities.
PlexTrac does not support the export format for older versions of HCL AppScan (export version <2.5).
Below are the mappings of fields and any reference notes to provide context. If a field is not listed, PlexTrac does not currently import it.
Vulnerabilities of any Core Impact workspace can be exported to an XML-compatible format for import into PlexTrac as findings. Core Impact is penetration testing software developed by Fortra’s Core Security. It is used by security professionals and ethical hackers to uncover and exploit security weaknesses. It is designed to enable security teams to conduct advanced penetration tests and safely test environments using the same techniques as adversaries.
Step 1: From a Core Impact Workspace, open the Modules view, go to 11 - Reporting>Third Party, and launch the module Export IMPACT Workspace to XML file.
Step 2: Select the location to export the file and click OK.
The workspace vulnerabilities are downloaded in an XML format compatible with PlexTrac.
Each export file from Core Impact contains the following:
The list of assets tested by Core Impact within the scope of the particular workspace.
The list of vulnerabilities discovered during the test and the assets affected by each vulnerability. All the vulnerabilities discovered by Core Impact have demonstrated exploitability.
Below are the mappings of fields and any reference notes to provide context. If a field is not listed, PlexTrac does not currently import it.
The simulation outcomes are sent to PlexTrac, empowering users to scrutinize and administer their cybersecurity operations efficiently. This enables users to enjoy the benefits of "purple teaming" and better understand their security posture, track engagement progress, and make informed decisions to improve their cybersecurity defenses.
Currently, PlexTrac does not send data back to BlindSPOT.
Plextrac Field | HCL Path |
---|---|
PlexTrac Field | HCL Path |
---|---|
PlexTrac Field | Core Impact Path | Notes |
---|
PlexTrac Field | Core Impact Path | Notes |
---|
is an automated breach and attack simulation (BAS) solution that helps organizations simulate cyber-attack activity, identify security blind spots, and remove security risks. It offers simulation services to test security controls and create stakeholder graphics and reports.
BlindSPOT integrates with PlexTrac via API to create or update runbooks within PlexTrac's . This integration allows security professionals to align tasks with the MITRE ATT&CK framework by automatically populating the runbooks with relevant details from BlindSPOT simulations.
title
Get the issue types: issue-group/item/advisory/ref
Get the data being imported: advisory-group/item/advisory/name
severity
issue-group/item/severity
references
Get the issue types: issue-group/item/advisory/ref
Get the data being imported: advisory-group/item/advisory/references
recommendations
Get the issue types: issue-group/item/remediation/ref
Get the data being imported: remediation-group/item/name
description
Get the issue types: issue-group/item/advisory/ref
Get the actual data being imported. All items are a concatenation of mulitple fields: advisory-group/item/advisory/testDescription plus advisory-group/item/advisory/testTechnicalDescription/text
evidence
issue-group/item/variant-group/item/issue-information/testReportChunk
field: <cwe>
label: cwe
value
issue-group/item/cwe
scores: <cvss>
label: cvss
value
issue-group/item/cvss-score
calculation
issue-group/item/cvss-vector/base-vector
asset
Get the entity id: issue-group/item/entity/ref
Get the data being imported: entity-group/item id=(match from above)/name
title | <entity class="host"><property key="Vulnerabilities"><property key=(value)> or <entity class="host"><property key="Vulnerabilities"><property key="Modules><property key=(value)> | PlexTrac obtains the finding title from the property elements attribute "key" inside the vulnerability element.
If <entity class="host"><property key="Vulnerabilities"><property key=(value)> does not exist, then the tool looks at the Module element <entity class="host"><property key="Vulnerabilities"><property key="Modules"><property key=(value)>.
NOTE: PlexTrac only creates a finding if a |
severity | This value is hard-coded "Informational" by PlexTrac upon import, as it is a required value for PlexTrac but not provided by Core Impact. |
references | <entity class="host"><property key="Vulnerabilities"><property key=(value)> | If no references exist, then the string is left empty: "" |
recommendations | This value is hard-coded "Provide recommendations for resolution here." by PlexTrac upon import, as a value is not provided by Core Impact. |
description | <entity class="host"><property key="Vulnerabilities"><property><property key="description>(value)</property> |
common identifiers | <entity class="host"><property key="Vulnerabilities"><property key=(value)> |
asset | <entity class="host" name=(value)> | PlexTrac receives an entity element that has a class of "host" and strips the leading '/' from the name attribute to use that as the asset name value. |
PlexTrac supports importing XML files from Invicti. Invicti is a web application security scanner and scanner management platform that includes web vulnerability scanning and dynamic application security testing (DAST).
Below are the mappings of fields and any reference notes to provide context. If a field is not listed, then PlexTrac does not currently import.
Plextrac Field | Invicti Path |
---|
PlexTrac Field | Invicti Path |
---|
title | invicti-enterprise/vulnerabilities/vulnerability/name || invicti-enterprise/vulnerabilities/vulnerability/type |
severity | invicti-enterprise/vulnerabilities/vulnerability/severity |
references | invicti-enterprise/vulnerabilities/vulnerability/external-references, invicti-enterprise/vulnerabilities/vulnerability/remedy-references |
recommendations | invicti-enterprise/vulnerabilities/vulnerability/remedial-procedure, invicti-enterprise/vulnerabilities/vulnerability/remedial-actions |
description | invicti-enterprise/vulnerabilities/vulnerability/description, invicti-enterprise/vulnerabilities/vulnerability/impact, invicti-enterprise/vulnerabilities/vulnerability/exploitation-skills |
evidence | invicti-enterprise/vulnerabilities/vulnerability/http-request/content , invicti-enterprise/vulnerabilities/vulnerability/http-response/content |
field: http_request | "HTTP Request" |
label | invicti-enterprise/vulnerabilities/vulnerability/http-request/content |
value | issue-group/item/cwe |
field: http_response |
label | "HTTP Response" |
value | invicti-enterprise/vulnerabilities/vulnerability/http-response/content |
field: extra_information |
label | "Additional Information" |
value | invicti-enterprise/vulnerabilities/vulnerability/extra-information/info[name], invicti-enterprise/vulnerabilities/vulnerability/extra-information/info[value] |
field: scores: cvss3 |
label | "CVSSv3 Base Score" |
value | invicti-enterprise/vulnerabilities/vulnerability/classification/score/value |
calculation | invicti-enterprise/vulnerabilities/vulnerability/classification/vector |
asset | invicti-enterprise/vulnerabilities/vulnerability/url |
knownlps | invicti-enterprise/target/url |
PlexTrac supports importing XML files from Nipper. Nipper is a network security auditing tool used to assess the security of network devices and configurations. It scans network devices, such as routers, switches, and firewalls, and generates detailed reports on their vulnerabilities and compliance with various security standards.
The Nipper tool outputs its scan results in XML format. Users can then import these XML files into PlexTrac to review security findings, generate reports, and perform further analysis using various tools or custom scripts.
The security audit section from the Nipper export is optional for import.
PlexTrac supports importing files from Nexpose in XML Export 2.0 format. Nexpose is a vulnerability management software developed by Rapid7. It monitors exposures in real-time, adapts to new threats with fresh data, and provides features such as adaptive security, integrated policy scanning, and intuitive remediation reports.
If a field is not listed, PlexTrac does not currently import it. All data flows from Nexpose to PlexTrac.
Nexpose Field | Direction | PlexTrac Field | Notes |
---|---|---|---|
Nexpose Field | Direction | PlexTrac Field |
---|---|---|
Title
->
Finding Title
Description
->
Description
Solution
->
Recommendation
Numerical Severity Sore Mapping
Finding Severity
10 or 9
->
Critical
8 or 7
->
High
6 or 5
->
Medium
4 or 3
->
Low
2 or 1
->
Informational
CVSS Score
->
Score Type
CVSS Score
->
Label
CVSS Score
->
Score Value
CVSS Vector
->
Calculation
CVE ID
->
CVE
Reference Source
->
References
Any hyperlinked URLs will be retained.
Exploit ID
->
Custom Field: Nexpose Exploit Available
PCI Severity
->
Custom Field: Nexpose PCI Compliance Status
Risk Score
->
Custom FIeld: Nexpose Risk Score
Vulnerability Id
->
Custom Field: Nexpose Vulnerability Id
Node Address
->
Asset Name
Device-Type
->
Asset Type
Family
->
Operating System
PCI Severity
->
PCI Compliance
Node Address
->
Known Ip Addresses
Endpoint Port
->
Port
Endpoint Service
->
Service
Endpoint Protocol
->
Protocol
Unordered list under "test id"
->
Evidence
PlexTrac supports importing asset information into the Clients module from Nmap in XML. Nmap, short for "Network Mapper," is an open-source network scanning tool that allows network administrators and security professionals to discover devices on a network, identify open ports and services, gather information about those services, perform OS fingerprinting, and automate tasks using custom scripts.
All <host/>
elements with a child <status/>
containing the state="up"
property will be parsed as an asset.
If a field is not listed, then PlexTrac does not currently import.
Hostname: Derived from the inner <hostname name="host"/>
element’s name property.
<hostnames> <hostname name="<hostname>"/> </hostnames>
If no hostname is found from the elements above, the hostname is derived from the IP Address address addr
element’s value.
IP Address (for hostname): <address addr="<hostname>"/>
. This is also added to the Known IPs field on the asset.
Description: Defaults to "This asset was originally discovered via Nmap import."
All Ports data comes from the following element:
<ports> <port protocol="${port protocol}" portid="${port number}"> <state="open"/> </port> </ports>
If a <port/>
element does not have a <state="open"/>
child element, it will not get imported with the rest of the asset’s ports.
Port number: <port portid="PORT NUMBER" .../>
Port protocol: <port protocol="PORT PROTOCOL" .../>
Port service: The service information for a Port can be found inside the parent <ports/>
element
<service name="" product="" version="" extrainfo="" />
The Port service name and Port version derive from a combination of product
, version and extrainfo
from the <service/>
element.
Vulnerable parameters are similar to ports and derived from the parent <ports/>
element within the <script/>
element.
Each <table/>
element inside another <table/>
element will be parsed as a vulnerable parameter.
For each of these vulnerable parameters, there will be multiple <elem />
elements containing the details for each parameter.
If the <elem .../>
has the property key="id"
, this value will be added to the CVE information of the corresponding finding.
If the <elem .../>
has the property key="cvss"
, this value will be added to the CVSS information of the corresponding finding and used to help set the severity.
PlexTrac supports importing JSON files from Nodeware. Nodeware helps identify and address vulnerabilities in IT infrastructure, including servers, workstations, network devices, and IoT devices. It scans for vulnerabilities such as outdated software versions, weak passwords, and misconfigurations and provides reports on these findings.
Below are the mappings of fields and any reference notes to provide context. If a field is not listed, PlexTrac does not currently import it.
PlexTrac supports importing files from Nessus in XML Export 2.0 or Nessus file formats. Nessus scans vulnerabilities on various assets, including servers, network devices, virtual machines, and endpoints. It identifies vulnerabilities and configuration issues that attackers could exploit and provides detailed reports on these findings.
Below are the field mappings from Nessus to PlexTrac, broken up by findings and assets.
Tables include the following columns:
Nessus Field: the field name in Nessus
Direction: displays the direction in the flow of data occurring for the integration
PlexTrac Field: the field name in PlexTrac
Notes: Additional information on the business rules
Below are the mappings of fields. If a field is not listed, PlexTrac does not currently import it.
Below are the mappings of fields and any notes to provide context. If a field is not listed, PlexTrac does not currently import it.
PlexTrac supports importing the weaknesses.csv from NodeZero. NodeZero includes a wide range of penetration testing and security auditing tools, such as network scanners, vulnerability scanners, password cracking tools, and exploit frameworks.
Below are the mappings of fields and any reference notes to provide context. If a field is not listed, then PlexTrac does not currently import.
PlexTrac Field | Nodeware Path |
---|---|
PlexTrac Field | Nodeware Path |
---|---|
Nessus Field | Direction | PlexTrac Field |
---|---|---|
Nessus Field | Direction | PlexTrac Field | Notes |
---|---|---|---|
PlexTrac Field | NodeZero Path | Notes |
---|
PlexTrac Field | NodeZero Path | Notes |
---|
ID
(added on import)
Title
title
Severity
severity
Status
open
Description
description
Start Date
(added on import)
Recommendation
recommendation
References
urls
Code Samples
test_results
CVSSv3
severity
CVSS
-
Custom Fields (Synopsis)
isummary
Customer Field (Solution)
Solution
Name (finding asset)
hostname if present; if not ip_addr
MAC Address
mac_addr
OS
os
Plugin Id Name
--->
Finding Title
Plugin Id Description
--->
Finding Description
CVSS2
--->
CVSS Type
CVSS2 Base Score
--->
CVSS Score
CVSS2
--->
CVSS Vector
CVSS3
--->
CVSS Type
CVSS3 Base Score
--->
CVSS Score
CVSS3
--->
CVSS Vector
Synopsis
--->
Custom Field "Synopsis"
See Also
--->
Refrences
Solution
--->
Recomendations
Known IP or FQDN
--->
Asset Name
If a FQDN value exists in Nessus, this populates both the asset
and host_fqdn
fields in PlexTrac.
If there is no FQDN value, the IP address from Nessus populates the asset
and knownips
fields.
If FQDN and IP address values exist in Nessus, the FQDN value populates both the asset
and host_fqdn
fields, and the IP address populates the knownips
field.
Plugin Output
--->
Asset Evidence
Known Ip Addresses
--->
Known IP Addresses
NetBIOS Name
--->
NetBIOS Name
Operating System
--->
Operating System
Host RDNS
--->
Host RDNS
Total CVEs
--->
Total CVEs
Host FQDN
--->
Host FQDN
MAC Address
--->
MAC Address
Ports
--->
Affected Ports
Service
--->
Affected Ports
Protocol
--->
Affected Ports
title | Name |
severity | Severity |
description | Name |
tags | RootCause + Tags | combines the RootCause and Tags together and is comma separated |
assetConnection | Each row is split into a finding and an asset |
field: confirmed |
label | "Confirmed" |
value | Confirmed |
field: context_score |
label | "Context Score" |
value | ContextScore |
field: custom_field_1 | the numbers for the custom fields increment |
label | custom field 1| <label name> | the label is the portion of the col name that follows the |
value | custom field 1| <label name> | the row value for the column |
field: root_cause |
label | "Root Cause" |
value | RootCause |
score: cvss |
label | "CVSS" |
value | score::cvss |
score: cvss3 |
label | score::cvss3:: | col value is the value + "::" + calculation |
calculation | ::score::cvss3 | col value is the value + "::" + calculation |
score: general |
label | score:: | col name is "score::" + the label name |
value | score:::: | col value is the value + "::" + calculation |
calculation | ::score:: | col value is the value + "::" + calculation |
asset | IP |
hostname | Hostname |
knownIps | [IP] | an array of the IP |
operating_system | OS |
findingConnection | each row is split into a finding and an asset |
number | Port |
protocol | Protocal |
service | Service |
version | ServiceType |
PlexTrac supports importing XML files from OpenVAS. OpenVAS (Open Vulnerability Assessment System) is a network security scanner and vulnerability management solution designed to identify and assess vulnerabilities in network infrastructure and web applications. It performs scans of networks and hosts to identify open ports, running services, and potential vulnerabilities.
Below are the mappings of fields and any reference notes to provide context. If a field is not listed, PlexTrac does not currently import it.
PlexTrac supports importing JSON files from Pentera, but only JSON files exported specifically for PlexTrac will be accepted. Pentera is an automated security validation platform designed to identify and remediate security vulnerabilities continuously.
Findings of any Pentera task can be exported to a JSON-compatible format to be imported into PlexTrac.
Step 1: Click Testing History from the left menu.
Step 2: Select a test from the list to open.
Choose a test that has finished and is no longer in progress.
Step 3: Click the Export icon.
Step 4: From the modal under "Export to other tools," click PlexTrac.
The test findings are downloaded in a JSON format compatible with PlexTrac.
Each export file from Pentera contains the following:
The list of assets tested by Pentera within the scope of the particular test.
The list of vulnerabilities discovered during the test and the assets affected by each vulnerability. Discovery time is included in the dataset.
The list of Pentera achievements during the test and the assets affected by each achievement. Discovery time is included in the dataset. In Pentera, an achievement is Pentera’s ethical exploitation of a vulnerability or exposure intended to demonstrate its exploitability.
Pentera identifies two main types of findings:
Achievement: In the context of Pentera, a positive outcome that demonstrates ethical exploitation of a vulnerability or exposure. This means that Pentera has successfully taken advantage of vulnerability or security exposure in a controlled and ethical manner. The purpose of achieving such exploits is to showcase the exploitability of a security issue without causing harm or damage to the system. Achievements illustrate the potential impact of a vulnerability when exploited by malicious actors.
Vulnerability: In the context of Pentera, a vulnerability finding represents a specific security issue or weakness that has been identified during the testing or scanning process. These findings are typically undesirable because they indicate a potential risk to the system's security.
Only JSON files exported from Pentera specifically for PlexTrac are accepted.
Pentera uses a numerical range of 1 to 10 to capture a finding severity, while PlexTrac uses five qualitative values: Informational
, Low
, Medium
, High
, and Critical
.
PlexTrac Field | OpenVAS Path | Notes |
---|---|---|
PlexTrac Field | OpenVAS Path |
---|---|
PlexTrac record | PlexTrac field | Pentera file | Pentera field | Comments |
---|
PlexTrac record | PlexTrac field | Pentera file | Pentera field | Comments |
---|
PlexTrac | Pentera |
---|
title
<result><nvt><name>
severity
<result><threat>
references
<result><nvt><xref> <result><nvt><certs><cert_ref id=(parse out this id) type=(parse out this type)> <result><nvt><cve> <result><nvt><bid>
A combination of: <xref>: we ignore "NOXREF" if populated in the <xref> element and <cert_ref>: we take the id and type from all cert_ref tags in the <certs> element and
<cve>: we ignore "NOCVE" if populated in the <cve> element and
<bid>: we ignore "NOBID" if populated in the <bid> element
recommendations
<result><nvt><tags>
PlexTrac parses the element into separate items based on the | delimiter that creates an array of key value pairs. Then we evaluate the array to compose description. Description is composed of the following values, if the key exists:
summary
impact
insight
affected
vuldetect
description
<result><nvt><tags>
PlexTrac parses the <tags> element into separate items based on the | delimiter that is used to create an array of key value pairs. Then we evaluate the array and compose recommendations from the following values, if the key exists:
solution
solution_type
If solution is not in the array, we populate the solution with the phrase: "A solution was not provided by the scan source"
score: <cvss>
label: cvss
value
<result><nvt><cvss_base>
calculation
<result><nvt><tags>
PlexTrac parses the element into separate items based on the | delimiter that creates an array of key value pairs. Then we evaluate the array and compose cvss calculation: Calculation is composed of the following values, if the key exists:
cvss_base_vector
asset
<result><host>
Finding | ID | Achievements | ID |
Finding | Title | Achievements | Name |
Finding | Severity | Achievements | Severity |
Finding | Status | Default Value | Default Value | set to value 'Open', so customer can manage in PlexTrac |
Finding | Description | Achievements | Insight |
Finding | Start Date | Achievements | Creation Time | set when achievement is created |
Finding | Custom Fields (Severity Score) | Achievements | Severity | captures original Pentera score |
Affected Assets | Name | Achievements | target: target ID |
Affected Assets | Ports | Achievements | results: Port |
Affected Assets | Protocol | Achievements | results: Protocol |
Affected Assets | Scan Evidence - Title | set to value 'Results' |
Affected Assets | Scan Evidence - Description | Achievements | results - all data |
Affected Assets | Scan Evidence - Title | set to value 'Parameters' |
Affected Assets | Scan Evidence - Description | Achievements | parameters - all data | captures data in parameters as a section piece of scanner evidence PlexTrac auto-populates based on affected asset data |
Asset | Ports | Calculated Value | Calculated Value | PlexTrac auto-populates based on affected asset data |
Asset | Service | Calculated Value | Calculated Value | PlexTrac auto-populates based on affected asset data |
Asset | Protocol | Calculated Value | Calculated Value | PlexTrac auto-populates based on affected asset data |
Asset | Parent Asset | n/a | n/a |
Asset | Known IPs | Achievements | results:"Hosts" |
Asset | Evidence | Calculated Value | Calculated Value | PlexTrac auto-populates based on affected asset data |
Asset | First Found | Achievements | n/a |
Finding | ID | Vulnerabilities | ID |
Finding | Title | Vulnerabilities | Name |
Finding | Severity | Vulnerabilities | Severity |
Finding | Status | Default Value | Default Value | Set status to 'Open' |
Finding | Description | Vulnerabilities | Insight |
Finding | Start Date | Vulnerabilities | Creation Time |
Finding | Recommendation | Vulnerabilities | Remediation |
Finding | Custom Fields (Severity Score) | Vulnerabilities | Severity |
Finding | Custom Fields (Priority) | Vulnerabilities | Priority |
Affected Asset | Name | Vulnerabilities | target: target_id |
Affected Asset | Ports | Vulnerabilities | port |
Affected Asset | Protocol | Vulnerabilities | protocol |
Asset | Name | Vulnerabilities | target: target_id |
Asset | Ports | Calculated Value | Calculated Value | PlexTrac auto-populates based on affected asset data |
Asset | Protocol | Calculated Value | Calculated Value | PlexTrac auto-populates based on affected asset data |
Asset | Known IPs | Calculated Value | Calculated Value | PlexTrac auto-populates based on affected asset data |
Asset | Evidence | Calculated Value | Calculated Value | PlexTrac auto-populates based on affected asset data |
Informational | 0 |
Low | 0.01 to 2.49 |
Medium | 2.5 to 4.99 |
High | 5 to 7.49 |
Critical | 7.5 to 10 |
PlexTrac supports importing XML files from Qualys. Qualys VM Parser is a tool developed by Qualys to help customers import vulnerability data from various sources. The Qualys VM Parser can read and import scan data in multiple formats.
Below are the mappings of fields and any reference notes to provide context. If a field is not listed, then PlexTrac does not currently import.
PlexTrac supports importing XML files from Qualys. The Qualys web parser is a component of the Qualys WAS solution responsible for crawling the web application, collecting data, and identifying potential vulnerabilities. The web parser can be customized to scan specific web applications and detect vulnerabilities in various web applications, including static and dynamic web applications.
Below are the mappings of fields and any reference notes to provide context. If a field is not listed, PlexTrac does not currently import it.
PlexTrac supports importing XSLT files from RapidFire. RapidFire Tools offers solutions that help MSPs identify and remediate security vulnerabilities, assess IT compliance, and monitor network performance.
For the spreadsheet to successfully import, the worksheet name must be "Scan Details."
Below are the mappings of fields and any reference notes to provide context. If a field is not listed, PlexTrac does not currently import it.
PlexTrac supports importing XML files from Veracode. Veracode is an application security company offering various security analysis technologies on a single platform, such as static, dynamic, and software composition analysis.
Below are the field mappings from Veracode to PlexTrac, broken up by findings and assets. If a field is not listed, PlexTrac does not currently import it.
Tables include the following columns:
Veracode Field: the field name that appears in Veracode
PlexTrac Field: the field name that appears in PlexTrac
Direction: displays the direction in the flow of data occurring for the integration (a value of "x" means that the value is not imported)
When importing a file from Qualys, whether for the VM parser or Web parser, select "Qualys" from the import pulldown menu, and PlexTrac will decide which mapping to use based on the fields in the imported file.
PlexTrac Field | Qualys Path | Notes |
---|---|---|
PlexTrac Field | Qualys Path | Notes |
---|---|---|
When importing a file from Qualys, whether for the VM parser or Web parser, select "Qualys" from the import pulldown menu, and PlexTrac will decide which mapping to use based on the fields provided in the import file.
PlexTrac Field | Qualys Path | Notes |
---|---|---|
PlexTrac Field | Qualys Path | Notes |
---|---|---|
PlexTrac Field | Worksheet Name | RapidFire Field | Notes |
---|---|---|---|
PlexTrac Field | Worksheet Name | RapidFire Field |
---|---|---|
Veracode Field | Direction | PlexTrac Field |
---|
Veracode Field | Direction | PlexTrac Field |
---|
asset
<HOST_LIST><HOST><DNS> or <HOST_LIST><HOST><IP>
If DNS is NOT present, then it falls back to the IP element.
asset
<WAS_SCAN_REPORT><RESULTS><VULNERABILITY_LIST><VULNERABILITY><URL>
There is some logic here for parent/child relationship.
title
Scan Details
NVT Description
severity
Scan Details
High | Medium | Low
Hierarchy logic: If High column > 0 return High, Else if Medium column > 0 return Medium, Else if Low column > 0 return Low, else don't return anything
references
Scan Details
References
recommendations
Scan Details
Solution
description
Scan Details
Summary + Vulnerability Detection Insight + Vulnerability Detection Method
asset
Scan Details
Host
Vulnerability Name | --> | Finding Title |
Description | --> | Description |
Background | --> | Description |
Delivery Consultant | --> | Custom Field |
Exploitation Difficulty | --> | Custom Field |
Remediation Effort | --> | Custom Field |
Recommendations | --> | Recommendations |
References | --> | References |
CWE ID | --> | CWE ID |
Flaw Severity | --> | Severity |
Remediation Effort | --> | Finding Tag |
Category | --> | Finding Tag |
Exploit Difficulty | --> | Finding Tag |
Finding Status | --> | Finding Tag |
File Path | --> | Asset Name |
Application | --> | Parent Asset |
Instance Details | --> | Asset Name |
Line Number | --> | Asset Evidence |
Function Prototype | --> | Asset Evidence |
First Occurence | --> | Asset Evidence |
Remediation Status | --> | Asset Evidence |
Migration Status | --> | Asset Evidence |
title
<GLOSSARY><VULN_DETAILS_LIST><VULN_DETAILS><TITLE>
Any data surrounded by <![CDATA[some stuff]]> tag is removed before storing the data.
severity
<GLOSSARY><VULN_DETAILS_LIST><VULN_DETAILS><SEVERITY>
We are passed a number, which gets evaluated as following: "0": "Informational", "1": "Informational", "2": "Low", "3": "Medium", "4": "High", "5": "Critical",
references
Any data surrounded by <![CDATA[some stuff]]> tag is removed before storing the data. All the data from the tags are stored into a list that is saved as reference links.
recommendations
<GLOSSARY><VULN_DETAILS_LIST><VULN_DETAILS><SOLUTION>
Any data surrounded by <![CDATA[some stuff]]> tag is removed before storing the data.
description
Any data surrounded by <![CDATA[some stuff]]> tag is removed before storing the data. Data is combined.
risk_score
tags
<GLOSSARY><VULN_DETAILS_LIST><VULN_DETAILS><SEVERITY>
If severity is 1, then we give it a tag of "minimal".
common_identifiers
evidence
<HOST_LIST><HOST><VULN_INFO_LIST><VULN_INFO><RESULT>
Any data surrounded by <![CDATA[some stuff]]> tag is removed before storing the data.
field: ["scores"]["cvss"]
label
Hardcoded "CVSS Base Score"
value
<GLOSSARY><VULN_DETAILS_LIST><VULN_DETAILS><CVSS_SCORE><CVSS_BASE>
field: ["cvss_temporal"]
label
Hardcoded "CVSS Temporal Score"
value
<GLOSSARY><VULN_DETAILS_LIST><VULN_DETAILS><CVSS_SCORE><CVSS_TEMPORAL>
field: ["scores"]["cvss3"]
label
Hardcoded "CVSSv3 Base Score"
value
<GLOSSARY><VULN_DETAILS_LIST><VULN_DETAILS><CVSS3_SCORE><CVSS3_BASE>
field: ["cvss3_temporal"]
label
Hardcoded "CVSSv3 Temporal Score"
value
<GLOSSARY><VULN_DETAILS_LIST><VULN_DETAILS><CVSS3_SCORE><CVSS3_TEMPORAL>
field: ["scores"]["pci_flag"]
label
Hardcoded "PCI_FLAG"
value
<GLOSSARY><VULN_DETAILS_LIST><VULN_DETAILS><PCI_FLAG>
field: ["cwe"]
label
Hardcoded "CWE"
value
<GLOSSARY><VULN_DETAILS_LIST><VULN_DETAILS><CWE>
field: ["wasc"]
label
Hardcoded "WASC"
value
<GLOSSARY><VULN_DETAILS_LIST><VULN_DETAILS><WASC>
field: ["category"]
label
Hardcoded "Category"
value
<GLOSSARY><VULN_DETAILS_LIST><VULN_DETAILS><CATEGORY>
field: ["owasp"]
label
Hardcoded "OWASP"
value
<GLOSSARY><VULN_DETAILS_LIST><VULN_DETAILS><OWASP>
title
<WAS_SCAN_REPORT><GLOSSARY><QID_LIST><QID><TITLE>
severity
<WAS_SCAN_REPORT><GLOSSARY><QID_LIST><QID><SEVERITY>
We are passed a number, which gets evaluated as following: "0": "Informational", "1": "Informational", "2": "Low", "3": "Medium", "4": "High", "5": "Critical",
references
Any data surrounded by <![CDATA[some stuff]]> tag is removed before storing the data. All the data from the tags are stored into a list that is saved as reference links.
recommendations
<WAS_SCAN_REPORT><GLOSSARY><QID_LIST><QID><SOLUTION>
description
Any data surrounded by <![CDATA[some stuff]]> tag is removed before storing the data. Data is combined.
evidence
risk_score
tags
<WAS_SCAN_REPORT><GLOSSARY><QID_LIST><QID><SEVERITY>
If severity is 1, then we give it a tag of "minimal".
common_identifiers
field: ["scores"]["cvss"]
label
Hardcoded "CVSS Base Score"
value
<WAS_SCAN_REPORT><GLOSSARY><QID_LIST><QID><CVSS_SCORE><CVSS_BASE>
field: ["cvss_temporal"]
label
Hardcoded "CVSS Temporal Score"
value
<WAS_SCAN_REPORT><GLOSSARY><QID_LIST><QID><CVSS_SCORE><CVSS_TEMPORAL>
field: ["scores"]["cvss3"]
label
Hardcoded "CVSSv3 Base Score"
value
<WAS_SCAN_REPORT><GLOSSARY><QID_LIST><QID><CVSS3_SCORE><CVSS3_BASE>
field: ["cvss3_temporal"]
label
Hardcoded "CVSSv3 Temporal Score"
value
<WAS_SCAN_REPORT><GLOSSARY><QID_LIST><QID><CVSS3_SCORE><CVSS3_TEMPORAL>
field: ["scores"]["pci_flag"]
label
Hardcoded "PCI_FLAG"
value
<WAS_SCAN_REPORT><GLOSSARY><QID_LIST><QID><PCI_FLAG>
field: ["cwe"]
label
Hardcoded "CWE"
value
<GLOSSARY><QID_LIST><QID><CWE>
field: ["wasc"]
label
Hardcoded "WASC"
value
<GLOSSARY><QID_LIST><QID><WASC>
field: ["category"]
label
Hardcoded "Category"
value
<GLOSSARY><QID_LIST><QID><CATEGORY>
field: ["owasp"]
label
Hardcoded "OWASP"
value
<GLOSSARY><QID_LIST><QID><OWASP>
Nmap Scripting Engine (NSE) enables users to write and execute custom scripts to perform specific tasks during network scanning. NSE scripts are classified into predefined categories. Nmap vulners files use a database to detect potential vulnerabilities in services and systems found during a network scan.
It's important to note that vulners scripts are distinct from vulscan and vuln scripts. The main difference is the vulnerability database used.
PlexTrac supports importing XML from Nmap. Nmap, short for "Network Mapper," is an open-source network scanning tool that allows network administrators and security professionals to discover devices on a network, identify open ports and services, gather information about those services, perform OS fingerprinting, and automate tasks using custom scripts.
Reports
Reports
Reports
Remediation
Remediation
Reports
Reports
Reports
Mitre Engenuity
Runbooks
YAML
Netsparker (Desktop)
Reports
XML
OWASP ZAP
Reports
XML
Scythe (Procedures)
Runbooks
CSV, JSON
Scythe Threat Thursday
Runbooks
CSV, JSON
Acunetix
Reports
XML
Burp Suite
Reports
HTML, XML
Checkmarx
Reports
XML
Core Impact
Reports
XML
HCL AppScan
Reports
XML
Invicti
Reports
XML
Nessus
Reports
NESSUS, XML (Export 2.0)
Nexpose
Reports
XML
Nipper
Reports
XML
Nmap (Assets)
Client Assets
XML
Nmap Vulners NSE
Reports
XML
Nodeware
Reports
JSON
NodeZero
Reports
CSV
OpenVAS
Reports
XML
Pentera
Reports
JSON
Qualys (VM Parser)
Reports
XML
Qualys (Web App Scanner)
Reports
XML
RapidFire Network Detective
Reports
XSLT
Scythe (Report Findings)
Reports
CSV, JSON
Veracode Platform
Reports
XML
Assets Template
assets to a client
CSV
Findings Template
findings into reports
CSV
Writeups Template
writeups into WriteupsDB
CSV
Users Template
user names, role and email addresses
CSV
Python General Template
findings, assets, report and client information
CSV
BlindSpot
API
Runbooks
PlexTrac supports importing CSV or JSON files from Scythe. Scythe is a cybersecurity company that provides a platform for simulating and testing cyber attacks against an organization's infrastructure, applications, and people. Scythe's platform allows security teams to create and run custom attack simulations, including phishing attacks, ransomware, and other types of malware.
Below are the mappings of fields and any reference notes to provide context. If a field is not listed, PlexTrac does not currently import it.
PlexTrac Field | Scythe Field or Path |
---|---|
finding.affected_assets.asset.hostname
Endpoint
finding.affected_assets.asset.asset
Endpoint
finding.affected_assets.asset.status
if Status == "True" then "Open" else "Closed"
finding.title
if Request is " " then use Module else use (Module + " " + Request)
finding.tags
Tags + Campaign Name
finding.status
if Status == "True" then "Open" else "Closed"
finding.severity
hard coded to "Medium"
finding.description
if a known scythe module then module.title + module.description. If not a known module then "They following Scythe module was conducted: + Module
finding.recommendations
if the module is not a known Scythe module then "You should review the security policies associated with this activity."
finding.references
hard coded to ""
finding.exhibit.exhibitID
if Module == "printscr" then data is concidered a finding.exhibit otherwise is a finding.code_sample
finding.exhibit.caption
"Timestamp: " + Timestamp
finding.exhibit.PID
Process ID
finding.exhibit.User
User
finding.exhibit.Module
Module
finding.exhibit.Request
Request
finding.exhibit.encoded
Response
finding.exhibit.type
hard coded to"image/png"
finding.code_sample.caption
hard coded to "Activity Data"
finding.code_sample.code
hard coded to ""
finding.code_sample.timestamp
Timestamp
finding.code_sample.PID
Process ID
finding.code_sample.User
User
finding.code_sample.Module
Module
finding.code_sample.Request
Request
finding.code_sample.Result
Response