As the kids are heading back to school and the dog days of summer wind down, we couldn’t wait to share all of the cool new features, functionality, and integrations our development team has been working on all summer long. Needless to say, we hope your summer was as productive as ours (and of course, we hope you took some time off to have fun, just like our team did!).
Sit back and grab a beverage, because we’ve made a LOT of improvements that we can’t wait to tell you about! The features we’re highlighting are already available, or will be coming very soon. As always, for more detailed information, check out the Release Notes page on our documentation site.
Coming soon, the new Asset Analytics functionality provides you with an at-a-glance overview of every asset in your (or your clients’) company, by level of criticality, to help you better understand where you’re most vulnerable.
Asset Analytics makes it easy to filter assets by up to 12 different data points, including client, tags, reports, location, and more. Additionally, you can see detailed findings associated with your assets, determine how many of your assets have vulnerabilities, and triage vulnerabilities from the asset perspective.
*NOTE* Asset Analytics functionality is only available with a paid Analytics subscription.
With PlexTrac’s integration with Tenable, you can import findings and assets tied to a Tenable tag directly into the Purple Teaming Platform. We integrate with both Tenable.IO and Tenable.SC, allowing you to import your scan data with a click of a button. Just point PlexTrac at your Tenable and we’ll do the rest.
*NOTE* To make use of the PlexTrac’s integration with Tenable, you must have an active Tenable license.
We are constantly adding security scanner tool parsers and imports so you can pull in the findings from wherever you get them. We have added the following app security scanners to our list of available imports:
PlexTrac will support IDP (Identity Provider) initiated SAML SSO soon. Admins will no longer be required to manually create users or import them from a .csv! This functionality allows your users to easily login to PlexTrac via your company’s IDP.
To configure Just-in-Time User Provisioning for your instance, simply select the “Create New SAML Provider” button from the Account Admin/Security section to allow new users to automatically be provisioned in PlexTrac. This allows you to add new users to your PlexTrac instance simply by assigning them to the PlexTrac application in your IDP.
PlexTrac’s new Attack Path Visualization feature will make it as easy as drag-and-drop to create a visual representation of the tactics, techniques, and procedures (TTPs) used in a simulated attack (coming soon!). Great for sharing within your organization or with your clients (if you’re a consultant or security provider), Attack Path Visualizations empower you to quickly collaborate with others to more efficiently resolve vulnerabilities.
Follow these steps to get started:
Short codes are a powerful new time-saver in PlexTrac that provides a simpler way for users to search and replace text at the report or client level. These short codes can be created and managed in the Account Administration Panel under Tenant Settings.
Once you select the “Create Short Code” button, define a new short code using the format of %%<string>%% (e.g. %%APPLICATIONNAME%%). This string must be continuous, with no special characters except for underscores.
These short codes work by defining a source for which the short code will fetch the replacement data. Short codes can be implemented on two levels: Client Custom Fields and Report Custom Fields. Once the data is fetched, provide a label that exists for the field you’re fetching.
Save your short code when complete. To put these codes to use in a report, navigate to Import Narratives from Report Templates or Writeups from the WriteupsDB in which you have pre-populated your short codes.
If your short code is referencing data from a Report or Client Custom Field, you must ensure that a value has been provided for that custom field — and the label must match the label provided when you defined the short code:
When ready to replace, select “Search and Replace” from the Report Findings or Report Overview page.
Click “Replace Short Codes” to force evaluation of all short codes in your report.
Some assets are more important than others — and with our new Report Assets view, PlexTrac allows you to instantly see all the findings associated with those assets most important to you. Tag-based filtering allows you to instantly drill down to guide the prioritization of your remediation efforts. Identify your crown jewels and then see a unified list of all known vulnerabilities. Each asset expands to provide a fully interactive experience with the associated Findings — review and edit them all within the context of your chosen asset.
Follow these steps to get started:
You will now see all of the Client Assets that are associated with any findings within this report.
From here you can use the drop down to view all of the Findings related to the selected asset.
If you’d like to view the Asset’s details or edit the Asset you can simply select the “Go to Asset” button on the far right of the screen.
This will take you to a view of all the Assets information and allow for you to edit the Asset if desired.
The following are some additional updates we made recently that you won’t want to miss:
If you are self-hosting your PlexTrac instance, gain access to all these enhancements by updating to the latest release using the procedures in our documentation. If we host your PlexTrac instance, you’ll receive the latest features according to your release schedule.
Have a question or need help? You can always drop us a line at firstname.lastname@example.org. Feel like your issue would be better addressed with a screen share? Self-schedule a Zoom support slot for some additional help. If you schedule time with us, please use the notes section of the meeting or shoot us an email and let us know what we can help you with during the session!
We hope you enjoy all of these new features. And, if you have an idea for how PlexTrac can better support your needs, we’d love to hear from you!
The PlexTrac Team