Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Color codes are applied to table headings and text to provide clear and immediate insights. Table headings can be color-coded to aid readers in prioritizing information. Severity levels are emphasized through text color codes, where "High" may appear in red, "Medium" in orange, and "Low" in blue. These color cues enable efficient data interpretation and decision-making in security-related contexts.
Step 1: Open the multi-scope template.
Step 2: Go to the "COLOR CODES" section of the setup code.
Step 3: Insert the new desired hexadecimal color code into the highlighted area of the value to change and save the document.
Do not include the hash symbol.
The legacy highlighted colors used for visual context will not match the new color code entered in Step 3 unless updated manually in the Word document.
A multi-scope template is a report export template that can be used across multiple assessments as needed. Unlike other templates, it does not contain specific language for a single assessment but can be adapted for use in various security assessment reports.
Security professionals may find it beneficial to present security assessments in a comprehensive and uniform manner. This can make the reports easier to read, manage, and compare, ultimately leading to more effective security measures.
Multi-scope templates are helpful for the following security reports:
Vulnerability Assessment Results: The report lists identified vulnerabilities across the organization's network, systems, and applications.
Penetration Testing Findings: Clients often use this template for the following penetration tests: Internal, External, Web Application, Mobile Application, Wireless, Social, and Physical Security.
Incident Response Analysis: The report evaluates the effectiveness of the incident response plan and offers suggestions for improving incident detection.
Network Traffic Analysis: Suspicious network activity is identified, and recommendations are made for bolstering network monitoring and intrusion detection.
This template has options to configure the presentation of several topics. Click the link below for instructions on each topic.
Visit the Using Export Templates page for an overview of implementing the template when ready to export a report.
The following guide outlines the steps to quickly onboard new users to production.
Before downloading and using a template, reading the Using Templates Overview page for orientation is highly recommended.
Step 1: Download the multi-scope template below:
Step 2: Upload the downloaded multi-scope Template into PlexTrac.
Reference the Using Templates Overview page for instructions on associating the export template correctly.
Step 3: Attach the multi-scope template to a report.
Within the report, navigate to the Details tab. In the "Report Template" field, select the template created in Step 2 and Click Save.
Step 4: Add the custom fields leveraged by the export template. Predefined custom fields are included in single-scope templates.
On the Details tab of the report, click Add Custom Field at the bottom of the page and create the following 'Report Custom Field' labels:
Author
Author Title
Author Email
Company Name
Company Address
Once completed, Click Save.
Step 4 can also be completed when creating the Report Template.
Reference the 'Using Templates Overview' page for more information.
Step 5: Add and tag findings with their associated scope.
Step 6: When exporting the report, select the desired scope(s) to be included. These scope tags are available for use:
If tagging the report with mobile
or webapp
, see Step 7. Otherwise, skip to Step 8.
Step 7: If the Report is tagged with mobile
or webapp
, add mobile
or webapp
tags for findings, AND add the appropriate related tags below.
The exported report can display the OWASP risks using these tags:
The exported report can display the OWASP risks using these tags:
Please note these findings tags are specific to mobile and web apps. Mobile OWASP tags will only function with mobile findings, and web app OWASP tags will only work with Web App Findings.
Step 8: Export the report.
Any narratives, findings, and affected assets expected in the report must be added before export.
To access additional pre-built customization options, please proceed to the following pages.
tag | description |
---|---|
tag | description and link to more information |
---|---|
tag | description and link to more information |
---|---|
internal
Internal Penetration Report
external
External Penetration Report
wireless
Wireless Penetration Report
mobile
Mobile Application Report (OWASP Top 10)
webapp
Web Application Report (OWASP Top 10)
social
Social Engineering Report
physical
Physical Penetration Test Report
m01
m02
m03
m04
m05
m06
m07
m08
m09
m10
a01
a02
a03
a04
a05
a06
a07
a08
a09
a10
The Cover Page option defines the format for the cover page. Users can replace cover art and branding with any option and include additional static content, such as a disclosure statement.
References for additional Report Custom Fields beyond what is presented in the default options can be added.
Don't forget to replace the placeholder text with the organization’s name and address.
Step 1: Open the multi-scope template.
Step 2: Go to the "OPTION TOGGLES" section of the setup code.
Step 3: Go to the nn.cover_page_option
line. The number listed represents the option that will be leveraged. Modify the value to match the desired option (information on the different options is listed below).
Click each expandable section for more information.
The Strict Narratives option allows users to choose between utilizing predetermined narratives within the report or selecting any custom narrative they prefer.
Step 1: Open the multi-scope template.
Step 2: Go to the "OPTION TOGGLES" section of the setup code.
Step 3: Go to the bb.strict_narratives
line. The value listed determines the presentation of narratives within the report. The default value is "true." Modify the value as desired.
If bb.strict_narratives
is set to true
, the report will expect the narratives to be present and populated:
Introduction
Methodology
Scope
Summary of Findings
These narratives will be displayed in the order above.
If bb.strict_narratives
is set to false
, the report will display any narrative in the report in the order entered.
The only narrative it won't show in order is a narrative with "Appendix" in the title. In that scenario, the narrative will appear at the bottom of the report.
This option allows users to choose between multiple presentations of a table that displays the overall findings count by severity.
Step 1: Open the multi-scope template.
Step 2: Go to the "OPTION TOGGLES" section of the setup code.
Step 3: Go to the nn.display_findings_count
line. The number listed represents the option that will be leveraged. Modify the value as desired.
Click each expandable section for more information.
The Finding Status option lets users display each finding's status in the Finding Details section.
Step 1: Open the multi-scope template.
Step 2: Go to the "OPTION TOGGLES" section of the setup code.
Step 3: Go to the nn.display_finding_status
line. The default value is true
, which will display a finding's status in the Finding Details section. Modify the value as desired.
The Summary Table option allows users to choose between multiple table presentations of findings.
Step 1: Open the multi-scope template.
Step 2: Go to the "OPTION TOGGLES" section of the setup code.
Step 3: Go to the nn.summary_table_option
line. The number listed represents the option that will be leveraged. Modify the value as desired.
Click each expandable section for more information.
The Finding Details option allows users to choose between multiple presentations of finding details information.
Step 1: Open the multi-scope template.
Step 2: Go to the "OPTION TOGGLES" section of the setup code.
Step 3: Go to the nn.detailed_findings_option
line. The number listed represents the option that will be leveraged. Modify the value as desired.
Click each expandable section for more information.
If bb.strict_narratives
is set to "true," but the fields above are not in the report, the following error message will appear in the export report:
This custom field must be added to a layout template to ensure it is being populated. Visit the for information on setting up and associating a finding layout template.
This option allows for omitting any findings with a severity rating of "Informational." The default value is "true."
Step 1: Open the multi-scope template.
Step 2: Go to the "OPTION TOGGLES" section of the setup code.
Step 3: Go to the bb.display_informationals
line. The value listed determines if the findings will be displayed or not. Modify as desired.
If set to true
, all findings with a severity rating of "Informational" will appear in the report.
If set to false
, all findings with a severity rating of "Informational" will be omitted from display throughout the exported document, not tabulated in the count of findings table (called with display_findings_count)
and omitted from display in the Finding Summary Tables and Detailed Findings.
This option inserts a page break between each finding presented in the Detailed Findings section of the report. The default value is false.
Step 1: Open the multi-scope template.
Step 2: Go to the "OPTION TOGGLES" section of the setup code.
Step 3: Go to the bb.page_break_between_findings
line. The value listed determines if the prefix will be displayed or not. Change the value to "true" to have page breaks inserted.
This option allows for omitting any raw evidence in the report. The default value is "false."
Step 1: Open the multi-scope template.
Step 2: Go to the "OPTION TOGGLES" section of the setup code.
Step 3: Go to the bb.include_raw_evidence
line. The value listed determines if the evidence will be displayed or not. Modify as desired.
Step 4: For raw evidence to appear in the report, it must be enabled both in the report settings and within the template. Navigate to the Details tab of the report, scroll to the bottom of the page, and toggle on "Include Raw Evidence on Export."
Enabling bb.include_raw_evidence
will significantly increase the export time and length of the report.
This option determines the number of lines inserted between each finding in the Detailed Findings Section of a report. The default value is 3.
This option is enabled only if bb.page_break_between_findings is set to "false."
Step 1: Open the multi-scope template.
Step 2: Go to the "OPTION TOGGLES" section of the setup code.
Step 3: Go to the nn.newlines_between_findings
line. Change the value to increase or decrease the lines inserted between each finding in the Detailed Findings Section.
The paragraph spacing is determined by the settings applied to the "Normal" style in Microsoft Word. Standard options for line spacing include single spacing (1.0), 1.5-line spacing (1.5), and double spacing (2.0). These settings can be adjusted in the "Paragraph" section of Word.
This option determines if the report displays the associated port number, protocol, service and version data for affected assets. The default value is "false."
Step 1: Open the multi-scope template.
Step 2: Go to the "OPTION TOGGLES" section of the setup code.
Step 3: Go to the bb.dispay_port_data
line. Change the value to "true" to display any associated port number, protocol, service and version data if available for affected assets.
If bb.dispay_port_data
is set to true
, the report displays any associated port number, protocol, service and version data for affected assets.
If bb.dispay_port_data
is set to false
, only the name of the affected asset(s) will be displayed in a comma-delimited list.
These are the included pre-built macros for the multi-scope report export template. Click each expandable section for more information.
The Multi-Scope Report Export template has incorporated definitions related to findings, scopes, and prefixes. These organize and reference findings within different areas or scopes. This arrangement can simplify generating consistent and well-organized reports or documents.
This template has the following scope tags and prefixes set by default for the reference numbers assigned to findings in each scope.
Step 1: Open the multi-scope template.
Step 2: Go to the "SCOPE DEFINITIONS" section of the setup code.
Step 3: Go to the desired line and change the value inside the quotations as needed. Each scope has two lines: one for the tag value and one for the prefix value.
Scope | Scope Tag Value | Scope Prefix Value |
---|---|---|
Internal
internal
INT
External
external
EXT
Wireless
wireless
WLN
Mobile Application
mobile
MBL
Web Application
webapp
APP
Social Engineering
social
SOC
Physical
physical
PHY