Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
In the Tools & Integrations section, admins can enable parser plugin actions and configure integrations with different platforms, enhancing its capabilities and facilitating seamless collaboration with other tools.
Tools & Integrations includes the following sections:
Visit the Integrations section for a list of supported parsers, APIs, and mappings.
The integrations home page provides the status of each API integration and the ability to connect new integrations (if licensed) or edit existing connections.
If an integration is available but not set up, the user will see a "Connect" button. A "License required" label will be displayed if an integration is not licensed.
Visit this page for a list of all third-party tools PlexTrac integrates with, including scanner files and CSV templates.
The following integrations are included with every PlexTrac instance:
The following integrations require an additional cost/license to access (one license covers all tools):
Cobalt is an integrated pentesting platform facilitating communication between development and security teams. Cobalt helps developers identify and mitigate security vulnerabilities in their code by specifying security policies and checking compliance. The tool can detect many vulnerabilities, including buffer overflows, integer overflows, and format string vulnerabilities.
Cobalt findings can be imported into a PlexTrac report.
This is a licensed feature.
Below are the field mappings from Cobalt to PlexTrac, broken up by findings and assets.
Tables include the following columns:
Cobalt Field: the field name that appears in Cobalt
PlexTrac Field: the field name that appears in PlexTrac
Direction: displays the direction in the flow of data occurring for the integration (a value of "x" means that the value is not imported)
Required: denotes if a value is required for the import to be successful
Notes: additional information
If a duplicate finding title is found during import, the finding title in PlexTrac is appended with the finding unique identifier value pulled from Cobalt in parenthesis at the end of the finding title.
Step 1: From the Admin Dashboard, click Integrations under "Tools & Integrations."
Step 2: Click Connect within the Cobalt box.
If the integration is not licensed and thus unavailable, the message "License required" will appear.
Step 3: If existing connections exist, they are listed on this page. To set up a new integration, click the New connection button.
Step 4: A modal appears with four tabs. Enter a name for the integration, the Cobalt URL, and the Cobalt API key. Click Continue.
Step 5: Select the Cobalt organization value from the pulldown menu. Click Continue.
The Cobalt Organization value is found within Cobalt. Visit Cobalt documentation on how to generate an API key.
Step 6: A list of the field mappings from Cobalt to PlexTrac is displayed. Click Save.
None of these fields can be edited and are displayed for visibility.
Step 7: A log of integration attempts is listed. Since an attempt to synchronize is attempted after entering configuration information on the first tab, at least one entry will be listed. Click Close.
Cobalt integrations can be edited by clicking Edit under the "Actions" column.
Cobalt integrations can be disabled by clicking the toggle bar under the "Enabled" column.
Cobalt integrations can be manually synchronized by clicking Sync under the "Actions" column.
Cobalt integrations can be deleted by clicking the three dots under the "Actions" column and then clicking Delete. A modal will appear, asking for confirmation of the action.
Cobalt Field | Direction | PlexTrac Field | Required? | Notes |
---|---|---|---|---|
Cobalt Field | Direction | PlexTrac Field | Required? | Notes |
---|---|---|---|---|
Finding Title
-->
Finding Title
yes
Finding Suggested Fix
-->
Recommendations
yes
Finding Descriptions, Type Category
-->
Finding Description
yes
Finding State
-->
Finding Status
yes
Status
Has multiple values, listed below in italics.
Triaging
-->
Finding="OPEN"
no
Pending Fix
-->
Finding="OPEN"
no
Ready for Retest
-->
Finding="OPEN"
no
Resolved
-->
Finding="OPEN"
no
Vulnerability Remediation
-->
Finding Recommendations
yes
Log [Created]
-->
Created At
yes
Finding Severity
-->
Finding Severity
yes
Severity
Has multiple values, listed below in italics.
Informational
-->
Informational
no
Low
-->
Low
no
Medium
-->
Medium
no
High
-->
High
no
Critical
-->
Critical
no
Pentest Name
-->
Finding Custom Field "Cobalt Pentest Report Name"
yes
Cobalt Proof of Concept
-->
Finding Custom Field "Cobalt Proof of Concept"
no
Any images or html in this field will be imported (images as Base64).
Finding Affected Targets
-->
Affected Assets
yes
IP or Hostname
PlexTrac integrates with HackerOne, a platform that facilitates vulnerability coordination and bug bounty programs. It connects organizations that want to improve the security of their software and systems with a community of ethical hackers, also known as white-hat hackers, who are skilled in finding and reporting security vulnerabilities.
This is a licensed feature.
An integration with HackerOne and PlexTrac consists of three parts:
Enabling the feature via the license key.
Obtaining the HackerOne API Key Identifier and HackerOne API Key values.
Configuring PlexTrac to complete the setup.
If the license is needed within a tenant, the phrase “License Required” with a link to the Support Portal will display within the HackerOne card on the Integrations page of the Admin Dashboard.
When a license is obtained, insert the license key into PlexTrac via the Admin Dashboard>Licensing page.
When the integration is available, a “Connect” button will display within the HackerOne card on the Integrations page of the Admin Dashboard.
Once the feature has been enabled, the next step is to obtain the HackerOne API Key Identifier and HackerOne API Key values.
Step 1: Log in to HackerOne's API token page.
Step 2: Click Create API Token.
Step 3: Enter an identifier value into the provided box. Click Create.
Step 4: Copy the API key to a secure place (it will not be accessible after this point). Click I have stored the API Token.
Step 5: The API token just created appears at the top of the API page (an email will also be sent confirming the action). Click Manage groups in the row of the token.
Step 6: Check the desired boxes to define the user's permissions for this group. Click Apply changes.
Step 1: From the Admin Dashboard, click Integrations under "Tools & Integrations."
Step 2: Click Connect in the HackerOne card.
Step 3: A modal appears with three tabs. On the first tab, enter the following information:
Integration Name: This value is seen by users when selecting which tool to import findings from into a report, so pick a value that quickly identifies the integration.
Step 4: Click Save.
Step 5: In the "Mapping" tab, select which fields to import from HackerOne to PlexTrac.
HackerOne syncs data to PlexTrac, but updates in PlexTrac do not sync back to HackerOne.
Required fields are grayed out in the "Synch" column. The other fields are optional and can be removed from import by clicking the checkbox to remove the checkmark. Click Save.
Step 6: A message will validate that the synch was successful. Click Got It.
HackerOne now appears as "connected" on the Integrations page.
Findings from HackerOne can now be imported into a report.
The integration can be temporarily turned off and on via the toggle button under "Enabled."
Click Edit under the "Actions" column to adjust existing settings.
Step 1: Click Edit under the "Actions" column.
Step 2: Click the Sync Log tab.
Step 3: Click View of the desired log to read.
PlexTrac offers an integration with Jira Cloud and Jira Data Center to allow red and blue teams to collaborate without switching between tools.
PlexTrac will support the JIRA Data Center in place of the JIRA Server solution beginning on February 15th, 2024.
PlexTrac provides the option to synchronize with Jira in the following ways:
Unidirectionally from PlexTrac to Jira
Unidirectionally from Jira to PlexTrac
Bidirectionally
One-time from PlexTrac to Jira
One-time from Jira to PlexTrac
The integration can be with one or more Jira projects, and each project can have mappings of fields and project issue types configured separately.
Only one Jira integration can exist per PlexTrac instance.
Step 1: From the Admin Dashboard, click Integrations under "Tools & Integrations".
Step 2: Click the Jira box.
Step 3: Select if the integration is with Jira Cloud or Jira Server.
Step 4: Input the correct information in the provided fields.
Step 5: Click Save & Continue.
If a successful connection is found, the tool will progress to the next tab to continue. If the connection is unsuccessful, a warning message will appear at the top of the page, and progression will only be possible once the error is resolved.
Step 6: On the Select projects tab, choose the project(s) from Jira to integrate with by clicking the box next to the desired project. Only these projects will be available when creating tickets from findings. Click Continue with all projects when finished.
Step 7: On the Map fields tab, select a project to configure from the pulldown menu "Project name."
Step 8: Select the Jira project issue type to configure from the provided list.
Step 9: Review the default mappings and adjust as desired.
PlexTrac findings cannot be created from Jira issues. Syncing from Jira to PlexTrac will occur after the initial issue creation.
The direction and synch of information between fields are identified from the symbol displayed between the PlexTrac and Jira fields.
Required fields are identified with a red asterisk and cannot be deleted.
To modify the direction, click the icon, then select the desired direction from the options provided. The icon arrow points to the direction the information flows between the two fields.
Jira to PlexTrac (Continuous sync)
When a change occurs in a Jira issue, the connected PlexTrac finding will be updated. When changes occur in PlexTrac, the Jira issue will not be updated. PlexTrac findings cannot be created from Jira issues. Syncing from Jira to PlexTrac will occur after the initial issue creation.
Bidirectional (Continuous sync)
When a change occurs in a PlexTrac finding, the connected Jira issue will be updated. When changes occur in Jira, the PlexTrac finding will be updated.
PlexTrac to Jira (Continuous sync)
When a change occurs in a PlexTrac finding, the connected Jira issue will be updated. When changes occur in Jira, the PlexTrac finding will not be updated.
PlexTrac to Jira (One-time sync) Syncs data from PlexTrac to Jira upon ticket creation. A change in a PlexTrac finding will not be synced to the connected Jira issue.
If a bidirectional or Jira to PlexTrac direction is configured, be aware that a user in Jira could change findings values in PlexTrac despite not having access or permissions to do so within PlexTrac.
Step 10: Repeat this process for each project issue type.
The options available in the PlexTrac field pulldown menus are contextual to the values selected in the Jira column. To change the options provided for PlexTrac fields, change the field provided in the Jira column.
To add a new row for additional mappings not provided by default, click the plus icon at the bottom (after the last mapping).
Click within the pulldown menu of the previous row just added to select the new PlexTrac field.
Not all fields in PlexTrac are available for mapping to all fields in Jira. In those scenarios, fields will display a red icon when hovering over the field and a text description of "incompatible data type" when scrolling through the list of fields.
After selecting the field in Jira to map with, use the provided field values to configure the relationship between PlexTrac and Jira by clicking the plus sign on one box and clicking on the desired box in the other system to create a visible purple line denoting the relationship.
Existing lines can be deleted by hovering over the line and clicking the red x.
To delete any row, hover over it with the cursor and click the red trashcan icon.
Step 11: Click Save & Continue.
Step 12: Set how often data from Jira refreshes in PlexTrac on Select settings & save tab using pulldown menu.
If "Every day" is selected for the refresh frequency, the daily synch time will occur at 04:45 UTC (9:45 PM MTN).
Click Save & Continue when finished.
A modal will briefly appear, confirming the success of integration.
PlexTrac custom fields can be added for mapping to a Jira field.
Step 1: Click the plus icon at the bottom of the Map fields tab (after the last existing mapping).
Step 2: Click the pulldown menu on the Jira column of the row just added to see the available fields in Jira to map.
The Jira field must have a data type value of "String" or "Non-Nullable String." The Jira data type is shown in the right column of the Jira fields when looking at the options provided in the Jira field pulldown menu.
Step 3: Click within the PlexTrac column pulldown menu of the row just added and select "Custom Field" from the list.
Step 4: Enter the custom field key name.
If the custom field key entered is different than what exists in PlexTrac, the mapping will not work, and a new custom field with that incorrectly entered value will be created in PlexTrac.
Step 5: Click Save.
Jira custom fields available for mapping can be viewed by clicking a field in the Jira column and scrolling to the bottom of the window under the label "CUSTOM."
The finding reported date can be mapped so that any future findings will automatically update this value in Jira.
Step 1: Click the plus icon at the bottom of the Map fields tab (after the last existing mapping).
Step 2: Click the pulldown menu on the Jira column of the row just added and select "Start Date."
Step 3: Click the pulldown menu on the PlexTrac column of the same row and select "Created Date."
Step 4: Click Save.
Any linked findings in PlexTrac will now be updated in Jira. If the mapping is configured for bidirectional, changes in this value in Jira will update in PlexTrac the next time data synchronization occurs.
Step 1: From the Admin Dashboard, click Integrations under "Tools & Integrations".
Step 2: Click the Jira box that shows the status of "Connected."
Step 3: Click Edit under the "Actions" menu of the connection to modify.
This screen is also the location to disable or delete a Jira connection.
Step 4: Go to the desired tab to adjust as desired.
Two ways exist to disable a Jira integration:
Temporarily, by toggling the button under the "Enabled" column.
2. Permanently, by clicking Delete under the "Actions" column.
PlexTrac offers an integration with ServiceNow's ITSM and GRC platform modules to allow red and blue teams to collaborate without switching between workflow tools.
ServiceNow GRC (Governance, Risk, and Compliance) is a module of the ServiceNow platform that helps organizations manage their governance, risk, and compliance processes. ServiceNow ITSM (IT Service Management) is a module of the ServiceNow platform that enables organizations to manage their IT services and operations.
Data flows from PlexTrac to ServiceNow when a finding is used to create a ticket but only from ServiceNow to PlexTrac after setup. The synchronization between PlexTrac and ServiceNow occurs every 30 minutes.
Only one ServiceNow integration can exist per PlexTrac instance.
Step 1: On the row of the finding used to create a ticket, click the three dots under the "Actions" column and click Link ServiceNow ticket.
Step 2: A modal appears. Select the ServiceNow module, the ticket type, and the priority.
Step 3: Click Save.
The finding now shows the ServiceNow ticket ID and a hyperlink to access the ticket on ServiceNow.
When a PlexTrac finding is used to create a ticket in ServiceNow, it defaults to a status of New
with the following information populated:
When the ticket is created, the priority and issue rating values are stored within ServiceNow.
After the ticket is created in ServiceNow, that ticket can only be modified from ServiceNow.
The following fields are then sent from ServiceNow to PlexTrac:
When a remediation ticket is created in ServiceNow, the finding status in PlexTrac remains "Open" or "In Progress" until closed.
Below are the mappings of status from ServiceNow to PlexTrac for the various scenarios:
If the status value in ServiceNow does not match one of the mapping rules above, the finding will not be updated in PlexTrac when data is synchronized.
Timestamps are captured in two scenarios for this integration:
When the issue type is created in ServiceNow
When a work note is created or updated in ServiceNow
The timestamp is derived from the time zone set for the ServiceNow instance. PlexTrac has no influence on this time zone.
Scenario: A user in PlexTrac links a finding with ServiceNow. An issue type is created in ServiceNow, and a time stamp is applied to the creation date based on how that ServiceNow instance was configured.
The timestamp is derived from when the integration sync last ran, not when the work note was created in ServiceNow. It is not a real-time integration timestamp.
Scenario: A user in SerivceNow adds a comment to an associated finding, which triggers an integration event with PlexTrac. When that happens, a note is created in PlexTrac with a timestamp of the synchronization event. That timestamp is stored within PlexTrac in UTC time and then presented to the user in their local time when viewed in PlexTrac.
Step 1: From the Admin Dashboard, click Integrations under "Tools & Integrations."
Step 2: Click Connect within the ServiceNow box.
Step 3: Click Configure ServiceNow Integration.
For information on setting up OAuth or generating an API key within ServiceNow, click the links above the button.
Step 4: Select the integration authentication method.
Step 5: Enter the information into the provided boxes and click Test Connection.
A message will appear to confirm if the connection was successful or not.
Step 6: View the available modules to identify which fields have read and write access. Click Confirm.
PlexTrac integrates with Edgescan, allowing users to import the findings from Edgescan's vulnerability detection into a PlexTrac report. This integration streamlines the process by leveraging Edgescan's automated vulnerability scanning capabilities and the reporting and management features of PlexTrac.
This is a licensed feature.
Below are the field mappings from Edgescan to PlexTrac, broken up by findings and assets.
Tables include the following columns:
Edgescan Field: the field name that appears in Edgescan
PlexTrac Field: the field name that appears in PlexTrac
Direction: displays the direction in the flow of data occurring for the integration (a value of "x" means that the value is not imported)
Required: denotes if a value is required in the field for the import to be successful
Notes: additional information
After a finding from Edgescan is imported into a report, metadata and content are presented within PlexTrac on the Finding Detail page, as shown below. The finding source value is "Edgescan," and any tags associated with the finding from Edgescan are provided along with any added within PlexTrac when imported.
If a duplicate finding title is found during import, the finding title in PlexTrac is appended with the Edgescan Vulnerability ID
in parenthesis at the end of the finding title.
Step 1: From the Admin Dashboard, click Integrations under the "Tools & Integrations" header.
Step 2: Click the Edgescan box.
Step 3: Click New connection.
Step 4: On the Configuration Details tab, enter a name for the integration, the Edgescan URL value, the Edgescan API key, and if closed vulnerabilities should be included.
Integration name: A name for this integration. When importing findings, this value will appear elsewhere in the platform along with other enabled integrations, so pick a unique but accurate name.
Edgescan URL: The Edgescan instance URL.
Edgescan API Key: The Edgescan instance API key. Visit Edgescan support for information on generating an API key.
Closed Vulnerabilities: Determines whether to include closed vulnerabilities and, if yes, the time of closure to consider for inclusion.
Step 5: On the Mapping tab, review the mappings and select the fields to import into PlexTrac by validating that the checkbox next to the field is selected. To ignore a field upon import, uncheck the box under the "Sync" column. Required fields (checkbox is greyed out) cannot be altered.
Step 6: Click Save.
Step 7: A message on the First Synch tab will confirm if the synch was successful. If successful, click Got It.
The connection is now listed.
Connections are edited by clicking Edit under the "Actions" column.
Connections can be disabled by clicking the toggle bar under the "Enabled" column.
Connections can be manually synchronized by clicking Sync under the "Actions" column.
Connections can be deleted by clicking the three dots under the "Actions" column and then Delete. A modal will appear, asking for confirmation of action.
Findings from Edgescan can now be imported into a report.
Step 1: Click Edit of the connection to review.
Step 2: Click the Synch Log tab.
A list of all synchronization records and status results is provided.
Step 3: Click View to obtain more information about a specific record.
Step 4: More details about remote URLs and JSON responses are available by clicking the headers below to expand the section.
Click Ok or Cancel to return to the previous modal.
Snyk provides tools and services to help developers find and fix security vulnerabilities in their software applications by identifying vulnerabilities in open-source libraries and containers, which developers commonly use to build their applications.
This is a licensed feature.
Snyk scanner files can be imported into PlexTrac via API for use in a PlexTrac report. PlexTrac integrates with the following Snyk products:
Snyk Code (SAST)
Snyk Open Source (SCA)
Snyk Container
Snyk Infrastructure as Code
When a file is imported in PlexTrac, the source of the scanner file is retained and tracked in the "Source" field on the findings details page.
Below are the field mappings from Snyk to PlexTrac, broken up by tool. The mappings are broken up in the tool sections by findings and assets.
Tables include the following columns:
Snyk Field: this is the field name that appears in Cobalt
PlexTrac Field: this is the field name that appears in PlexTrac
Direction: this displays the direction that the flow of data is occurring for the integration (a value of "x" means that the value is not imported)
Required: this denotes if a value is required for the import to be successful
Notes: additional information
An asterisk indicates the field is required.
Below are the mappings for the following Snyk products:
Snyk Open Source (SCA)
Snyk Container
Snyk Infrastructure as Code (IaC)
If a duplicate finding title is found during import, the finding title in PlexTrac is appended with the Snyk Organization ID
and Issue Id
in parenthesis at the end of the title value.
Below are the mappings for Snyk Code (SAST).
Step 1: From the Admin Dashboard, click Integrations under "Tools & Integrations."
Step 2: Click Connect within the Snyk box.
Step 3: Click New Connection.
Step 4: On the Configuration Details tab, enter a name for the integration and the Snyk API key. Click Continue.
Step 5: On the Mapping tab, review the mappings and select the fields in Snyk to import by validating that the checkbox next to the field is set. To ignore a field on import, uncheck the box. Required fields (checkbox is greyed out) cannot be configured. Scroll to the bottom and click Save.
Step 6: A message on the First Synch tab will confirm if the synch was successful. If successful, click Got It.
The connection is now listed.
Connections are edited by clicking Edit under the "Actions" column.
Connections can be turned off by clicking the toggle bar under the "Enabled" column.
Connections can be manually synchronized by clicking Sync under the "Actions" column.
Connections can be deleted by clicking the three dots under the "Actions" column and then Delete. A modal will appear, asking for confirmation of the action.
PlexTrac learns about scanner findings as files are imported. This learning can be done proactively by an admin through parser actions or when a user imports a scanner file when adding findings to a report. Either way, the learning begins after an admin imports a file via the parser actions page of the Admin Dashboard, and this process must occur for each tool that PlexTrac integrates with. Any files for a tool imported as findings to a report that have not been enabled by an admin on the parser actions page will have no impact on parser actions.
When importing a file, parser actions process the contents to extract relevant information and perform specific operations. The exact parser actions depend on the file format, and business rules an admin configures.
The findings are matched to the parser action by plugin ID and include actions such as linking to a writeup, changing the finding severity, or ignoring the finding when parsed.
Currently, no other metadata of the finding, such as tags, can be mapped or manipulated by parser actions.
When new files are uploaded to parser actions, plugin IDs are only created for IDs not found and set to a "Default" action, meaning no changes will occur on import unless a parser action is created.
Parser action changes are applied to future imports and don't impact existing findings. For example, suppose a parser action for a finding severity value was created for a plugin, but moving forward. In that case, the source of truth for severity is the scanner tool, then change the parser action for that plugin to "Default." The next time that plugin is imported, the severity value from the source will be imported into the report.
Parser actions apply to all users.
The description of a parser action can be obtained by placing the cursor over the parser action title in the table.
Step 1: Click Parser Actions in the "Tools & Integrations" section of the Admin Dashboard.
Step 2: Check the Enable Parser Plugin Actions box.
Enabling parser plugin actions will allow the ability to preset default actions, link writeups, and change the severity of scanner findings when imported into a report.
Once parser import rules are set, do not check the "Enable Parser Plugin Actions" box if wanting to import scan results natively without existing rules applied.
Step 3: Click Import.
Step 4: Select the source of the file to import from the "Import Source" pulldown menu, then drag the file into the drop area on the modal or click Browse to navigate to the file on the computer.
Supported files for the tool selected in the pulldown menu as the import source will be displayed in the box, along with the maximum file size.
Step 5: Click Upload.
A notification will confirm a successful import.
Step 6: The imported plugins are now available for configuration. Search or select the desired plug-in and configure it using the pulldown menus and options to configure the preferred course of action.
Parser plug-in actions include four options:
DEFAULT: Passes the scanner result through with no action taken.
LINK: Replaces a scanner result finding with a custom writeup from WriteupsDB.
IGNORE: Ignores a scanner result when parsed by PlexTrac.
SEVERITY: Overrides a scanner result finding severity value with a new value selected by the parser action.
Parser actions can take findings ingested from an external tool and map them to a custom finding in WriteupsDB. This action will override the description, title, references and recommendations when the finding is imported. Multiple plugins with the same writeup will be mapped to a single finding with merged affected assets.
Step 1: Click Parser Actions in the "Tools & Integrations" section of the Admin Dashboard.
Step 2: Check the Enable Parser Plugin Actions box.
Step 3: Select the parser to work with from the "Filter Plugins" pulldown menu.
Step 4: Select the findings by clicking the checkbox of the finding row or selecting the box in the header column next to "Plugin Id."
Step 5: Select the writeup to link the findings by selecting the value from the "Link Writeup" pulldown menu.
The linked writeup is now displayed for each finding under the "Write Up" column.
If a new report is created, and the same parser file is imported, only one finding will be imported into the report.
Once a parser action is created, it cannot be deleted.
Step 1: Click Parser Actions in the "Tools & Integrations" section of the Admin Dashboard.
Step 2: Check the Enable Parser Plugin Actions box.
Step 3: Select the parser to work with from the "Filter Plugins" pulldown menu.
Step 4: Click Add Parser Action.
Step 5: Enter a Plugin ID, Title, and Plugin Description value.
All three fields must contain a value to continue.
Step 6: If the plugin action is "Default," continue to Step 8. Otherwise, select the desired plugin action from the pulldown menu.
Step 7: If "Ignore" was chosen, go to Step 8. Otherwise, select the value to associate with the action chosen in the previous step.
Step 8: Click Create.
A message confirming creation will appear, and the new parser action will be displayed in the list.
Tenable Security Center (Tenable.sc) is a vulnerability management solution that provides visibility into the security posture of IT infrastructure. It consolidates and evaluates vulnerability data, illustrates vulnerability trends over time, and assesses risk with actionable context for effective remediation prioritization, which then can be imported as findings into PlexTrac via API.
Multiple integrations can be configured per instance or for specific clients.
This is a licensed feature.
Below are the field mappings from Tenable to PlexTrac, broken up by findings and assets.
Tables include the following columns:
Tenable SC Field: the field name in Tenable SC
Direction: displays the direction in the flow of data occurring for the integration
PlexTrac Field: the field name in PlexTrac
PlexTrac only imports vulnerabilities that Tenable has not archived.
If a field is not listed, then PlexTrac does not currently import.
If a field is not listed, then PlexTrac does not currently import.
PlexTrac will not import findings from Tenable that have the same combination of plugin ID
and severity
.
Step 1: From the Admin Dashboard, click Integrations under "Tools & Integrations."
Step 2: If licensed, the option to connect will appear (if not, the box will display a lock icon and "License required"). Click the Tenable box.
Step 3: Enter a connection name and select if this integration is across the tenancy or for a client (if specific to one client, select the client of the pulldown menu). Click Continue.
Step 4: Select "Connect to Tenable Security Center." Enter the Tenable URL, access key, and secret key. Click Continue.
If the keys are correct, a confirmation message will confirm successful synchronization.
Step 5: Edit the field mappings on the provided tabs for findings and assets, or continue using the defaults.
Information flows only from Tenable to PlexTrac. Fields required by PlexTrac are identified with a red asterisk.
Fields that can be deleted will have an "X" next to the PlexTrac field when hovering over with the cursor. A confirmation message will appear after clicking X.
Configurable fields can be adjusted by clicking the purple line and deleting the existing connection.
Click on the Tenable field, then click on the desired PlexTrac field to map and create a new connection.
Click Continue when finished.
The integration appears in the table as a listed connection.
PlexTrac offers two synchronization options for Tenable integrations, allowing off-cycle syncs in addition to the regular hourly script.
Sync: This option allows an off-cycle synchronization off cycle and typically takes less than ten minutes.
Full Sync: This option looks at the complete Tenable database. It can be several hours, although it happens in the background and does not prevent using PlexTrac for other tasks.
To view sync history, click Synch history under the actions menu of the integration.
Any existing integration can be disabled temporarily or deleted if no longer needed.
To disable an integration, click the toggle button for the integration under the "Enabled" column. This action also disables the ability to synchronize the integration.
To delete an integration, click the three dots under the "Actions" column and then Delete.
Tenable Vulnerability Management (VM) is a suite of cloud vulnerability management products that can export findings into PlexTrac via API.
Multiple integrations can be configured per instance or for specific clients.
This is a licensed feature.
Below are the field mappings from Tenable to PlexTrac, broken up by findings and assets.
Tables include the following columns:
Tenable VM Field: the field name in Tenable VM
Direction: displays the direction in the flow of data occurring for the integration
PlexTrac Field: the field name in PlexTrac
PlexTrac only imports vulnerabilities that Tenable has not archived.
If a field is not listed, then PlexTrac does not currently import.
If a field is not listed, then PlexTrac does not currently import.
PlexTrac will not import findings from Tenable that have the same combination of plugin ID
and severity
.
Step 1: From the Admin Dashboard, click Integrations under "Tools & Integrations."
Step 2: If licensed, the option to connect will appear (if not, the box will display a lock icon and "License required"). Click the Tenable box.
Step 3: Enter a connection name and select if this integration is across the tenancy or for a client (if specific to one client, select the client of the pulldown menu). Click Continue.
Step 4: Select "Connect to Tenable Vulnerability Management." Enter the Tenable URL, access key, and secret key. Click Continue.
If the keys are correct, a confirmation message will confirm successful synchronization.
Step 5: Edit the field mappings on the provided tabs for findings and assets, or continue using the defaults.
Information flows only from Tenable to PlexTrac. Fields required by PlexTrac are identified with a red asterisk.
Fields that can be deleted will have an "X" next to the PlexTrac field when hovering over with the cursor. A confirmation message will appear after clicking X.
Configurable fields can be adjusted by clicking the purple line and deleting the existing connection.
Click on the Tenable field and the desired PlexTrac field to map and create a new connection.
Click Continue when finished.
The integration appears in the table as a listed connection.
PlexTrac offers two synchronization options for Tenable integrations, allowing off-cycle syncs in addition to the regular hourly script.
Sync: This option allows an off-cycle synchronization off cycle and typically takes less than ten minutes.
Full Sync: This option looks at the complete Tenable database. It can be several hours, although it happens in the background and does not prevent using PlexTrac for other tasks.
To view sync history, click Synch history under the actions menu of the integration.
Any existing integration can be disabled temporarily or deleted if no longer needed.
To disable an integration, click the toggle button for the integration under the "Enabled" column. This action also disables the ability to synchronize the integration.
To delete an integration, click the three dots under the "Actions" column and then Delete.
HackerOne API Key identifier: This was the value entered when creating the API token within HackerOne.
API Key: This key was provided by HackerOne and saved for future use.
A data type value of "any" is displayed when PlexTrac does not know the data type due to how the field was added to Jira through a plug-in. Mappings with a data type value of "any" may not work as intended.
The custom field key is located on the Custom Fields tab of a finding that is found via the Reports module.
For the GRC module, an additional option exists to define the ticket issue rating.
PlexTrac | Direction | ServiceNow |
---|---|---|
ServiceNow | Direction | PlexTrac |
---|---|---|
ServiceNow Status | Direction | PlexTrac Status |
---|---|---|
ServiceNow Status | Direction | PlexTrac Status |
---|---|---|
ServiceNow Status | Direction | PlexTrac Status |
---|---|---|
Edgescan Field | Direction | PlexTrac Field | Required? | Notes |
---|---|---|---|---|
Edgescan Field | Direction | PlexTrac Field | Required? | Notes |
---|---|---|---|---|
Snyk Field | Direction | PlexTrac Field | Notes |
---|
Snyk Field | Direction | PlexTrac Field | Notes |
---|
Snyk Field | Direction | PlexTrac Field | Notes |
---|
Snyk Field | Direction | PlexTrac Field | Notes |
---|
Visit for information on generating an API key.
Once set up, findings can be imported into a report, and .
Tenable SC Field | Direction | PlexTrac Field |
---|
Tenable SC Field | Direction | PlexTrac Field |
---|
Visit the for more information on generating API keys.
Tenable VM Field | Direction | PlexTrac Field |
---|
Tenable VM Field | Direction | PlexTrac Field | Notes |
---|
Visit the for more information on generating API keys.
Description
-->
Description
Recommendations
-->
Description
References
-->
Description
Affected Assets
-->
Description
Work Notes
-->
Status Tracker
Status
-->
Status
Closed Complete
-->
Closed
Closed Incomplete
-->
Closed
Closed Skipped
-->
Closed
Resolved
-->
Closed
Closed
-->
Closed
Canceled
-->
Closed
Closed Complete
-->
Closed
Closed Incomplete
-->
Closed
Vulnerability Name
-->
Finding Title
yes
Vulnerability Description
-->
Finding Description
yes
Vulnerability Date Opened
-->
Finding Created At
no
Vulnerability Date Closed
-->
Finding Closed At
no
Vulnerability Status
-->
Finding Status
yes
Status
Has multiple values, which are listed below in italics.
Open
-->
Finding ="OPEN"
no
Closed
-->
Finding = "CLOSED"
no
Risk Accepted
x
no
Vulnerability Remediation
-->
Finding Recommendations
no
Vulnerability CVSS Score
-->
Finding CVSS
no
Vulnerability CVSS Vector
-->
Finding Score Type
no
Vulnerability CVSS Vector
-->
Finding CVSS
no
Vulnerability Risk
-->
Finding Severity
no
Severity
Has multiple values, listed below in italics.
Minimal
-->
Informational
no
Low
-->
Low
no
Medium
-->
Medium
no
High
-->
High
no
Critical
-->
Critical
no
Vulnerability Custom Details Data
-->
Finding Custom Field "Edgescan Details"
yes
Vulnerability Asset Tags
-->
Finding Tags
no
Vulnerability ID
-->
Finding Tags
no
Organization
-->
Findings Tag
no
Vulnerability Asset
-->
Affected Assets
no
Asset/Location
-->
Affected Assets
no
Asset Name (Including Numeric ID)
-->
Asset Parent
no
Locations
-->
Child Asset
no
Asset Url(s)
-->
Asset Host FQDN
no
Asset Host Name
-->
Asset Host Name
no
Asset Ip(s)
-->
Asset Known Ip Address(s)
no
Request
-->
Asset Evidence- Scan Output
no
Response
-->
Asset Evidence- Scan Output
no
Asset Type
Asset Type has multiple values, listed below in blue.
Network
-->
Network Device
no
Web Application
-->
Application
no
Container
x
no
Integrations
Configure an integration with PlexTrac, such as HackerOne, Jira or Snyk
Parser Actions
Enable parser plugin actions that will allow preset default actions, linking writeups, and changing severity of scanner findings when imported into a report
Issue Title | --> | Finding Title* | required |
Issue Description | --> | Finding Description* | required |
Issue Description | --> | References |
Issue Description | --> | Recommendations |
Disclosure Time | --> | Created at |
Publication Time | x | (not ingested) |
CVE Identifier | --> | CVE Identifier |
CWE Identifier | --> | CWE Identifier |
Severity Score Value | --> | Score Value |
Severity Score Calculation | --> | Severity Score Calculation |
Severity Score Type | --> | Score Type |
(no equivalent field in Snyk) | --> | Finding Status* | required; assigned a value of "Open" |
Issue Severity | --> | Finding Severity* | required; the five severity value mappings are listed below in italics |
| --> |
|
| --> |
|
| --> |
|
| --> |
|
| --> |
|
Nearest Fixed In Version | --> | Custom Field "Nearest Fixed In Version |
Fix Info | --> | Custom Field "Fix Info" |
Organization Name | --> | Custom Field "Organization Name" |
Organization ID | --> | Custom Field "Categorical Id" |
Package Name | --> | Custom Field "Package Name" |
Issue Type | --> | Custom Field "Issue Type" |
Violated Policy Public Id | --> | Custom Field "Violated Policy Public Id" |
Exploit Maturity | --> | Custom Field "Exploit Maturity" |
Patches | --> | Custom Field "Patches" |
Issue URL | --> | References |
Project Name | --> | Affected Asset Name |
Aggregate Title | --> | Finding Title* | required |
Detail Title | --> | Finding Description* | required |
Product | --> | Tags |
Product | --> | Source |
Priority Score | --> | Score Type General |
CVE | --> | CVE |
CWE ID | --> | CWE |
Issue URL | --> | References |
Severity Mapping | required; the five severity value mappings are listed below in italics |
| --> |
|
| --> |
|
| --> |
|
| --> |
|
| --> |
|
Primary Region | --> | Custom Field: "Source Location" |
Priority Score Factors | --> | Custom Field: "Snyk Priority Score Factors" |
Project Name | --> | Parent Asset* | required |
Primary File Path | --> | Child Asset* | required |
Primary File Path | --> | Affected Asset(s)* | required |
Vulnerability Name | --> | Finding Name |
Description | --> | Description |
Solution | --> | Recommendations |
See Also | --> | References |
Status |
Active | --> | Finding="OPEN" |
New | --> | Finding="OPEN" |
Severity |
Info | --> | Informational |
Low | --> | Low |
Medium | --> | Medium |
High | --> | High |
Critical | --> | Critical |
CVE | --> | CVE |
CVSS3 | --> | Score Type |
CVSS3 | --> | Score Vector |
CVSS3 | --> | CVSS Score |
Vulnerability Age | --> | Custom Field "Tenable Vulnerability Age" |
CVSS V3 Impact Score | --> | Custom Field "Tenable CVSS V3 Impact Score" |
Exploit Code Maturity | --> | Custom Field: "Tenable Exploit Code Maturity" |
Product Coverage | --> | Custom Field: "Tenable Product Coverage" |
Threat Intensity | --> | Custom Field: " Tenable Threat Intensity" |
Threat Recency | --> | Custom Field: " Tenable Threat Recency" |
Threat Sources | --> | Custom Field: " Tenable Threat Sources" |
Patch Published | --> | Custom Field: "Tenable Patch Published" |
Exploit Available | --> | Custom Field: " Tenable Exploit Available" |
Exploitability Ease | --> | Custom Field: " Tenable Exploitability Ease" |
Plugin Id | --> | Custom Field: " Tenable Plugin Id" |
Plugin Output | --> | Scan Output |
Asset Name | --> | Asset Name |
IP | --> | Know IP Address |
--> | Host Name |
Operating System | --> | Operating System |
MAC Address | --> | MAC Address |
Port | --> | Port |
Protocol | --> | Protocol |
Vulnerability Name | --> | Finding Name |
Description | --> | Description |
Solution | --> | Recommendations |
See Also | --> | References |
Status |
Active | --> | Finding="OPEN" |
New | --> | Finding="OPEN" |
Severity |
Info | --> | Informational |
Low | --> | Low |
Medium | --> | Medium |
High | --> | High |
Critical | --> | Critical |
CVE | --> | CVE |
CVSS3 | --> | Score Type |
CVSS3 | --> | Score Vector |
CVSS3 | --> | CVSS Score |
Vulnerability Tags | --> | Finding Tags |
Plugin ID | --> | Custom Field "Tenable Plugin ID" |
Scan ID | --> | Custom Field " Tenable Scan ID" |
VPR | --> | Custom Field "Tenable VPR" |
Exploit Available | --> | Custom Field "Tenable Exploit Available" |
Vulnerability Synopsis | --> | Custom Field "Tenable Synopsis" |
Threat Intensity | --> | Custom Field "Tenable Threat Intensity" |
Exploit Code Maturity | --> | Custom Field "Tenable Exploit Code Maturity" |
Age Of Vuln | --> | Custom Field "Tenable Age Of Vuln" |
Product Coverage | --> | Custom Field "Tenable Product Coverage" |
CVSS Impact Score | --> | Custom Field "CVSS Impact Score |
Plugin Family | --> | Custom Field " Tenable Plugin Family" |
Plugin Type | --> | Custom Field "Tenable Plugin Type" |
Scan Completed At | --> | Custom Field "Tenable Scan Complete Date" |
THREAT SOURCES | --> | Custom Field "Tenable Threat Sources" |
Plugin Output | --> | Affected Asset "Evidence" |
Asset Name | --> | Asset Name | PlexTrac searches for the first known value in the following order: |
IP | --> | Know IP Address |
Hostname | --> | Host Name |
Operating System | --> | Operating System |
Fully Qualified Domain Name | --> | FQDN |
MAC Address | --> | MAC Address |
Tags | --> | Asset Tags |
Port | --> | Affected Ports-Port |
Protocol | --> | Affected Ports -Protocol |
Remediation
Remediation
Findings/Reports
Findings/Reports
Findings/Reports
Findings/Reports
Findings/Reports
Findings/Reports