Add Findings from Vulnerability Scanners

Transcript

Hey there. I’m Nick Popovic, PlexTrac, Hacker in residence. Welcome to the PlexTrac Pro Tips, a video series of quick tips and tricks for maximizing how you use PlexTrac. Brought to you by me and my fellow PlexTrac super users to share cool features and uses that we we hope will make your work even more effective and efficient. Have a unique PlexTrac use case or tip of your own? Share in the comments. Now, let’s get to our pro tip. One of the great things about the PlexTrac application is the ability to import findings from multiple sources.

So I’m going to take you through that example today. So here on my screen, you can see we’re logged into PlexTrac. In this example, we’ve already created our client or identified an existing client in the platform to work with. A client can be an individual customer or it can also be a business unit. So keep that in mind. We’ve also started a new report, and this report is specific to either that client or business unit that we’re working with. And I’m going to go ahead and use the example of importing some findings from both Burp and Nessus.

So the first thing we’re going to do in our report is we’re going to navigate here in Findings. To add findings, we’re going to select from file imports. And as you can see, because Nest is a very popular tool, it comes up first. But from this list, you can also see that FlexRack offers a lot of different options for leveraging tools and getting that data into the platform and therefore into your reports and communicating to either that customer, that client, or the business unit that needs to know what’s going on. What’s most important for this example, that we’re going to start with Burp and we’re going to import our file here.

So we’ve selected our Burp file here and we’re going to click to continue.

Now, we have a quick pause here before the file is officially uploaded that allows you to determine if you want to associate tags with your findings or with your assets. Any of these tags that you would use, they’ll be applied to all of the findings in the file or all of the assets in the file, if that’s applicable. And these can be used to help you sort and filter through both this report, but are also leveraging throughout the PlexTrac platform.

So here we’re getting an indication that our file has been uploaded. And as you can see, our findings have all populated now in the report. So at this point, you can see each of these line items is an individual finding that’s been ingested from Burp. This is the finding detail that shows you all the details about the data that we’re ingesting as well as identifying the source. If we had associated any tags with these findings, they would be shown here as well. Now, keep in mind that the great value of PlexTrac is that these finding details can be modified. And we’ve got lots of tools in our write ups database to allow you to apply either your customer recommendations or just your own narrative to how these issues are communicated.

So back to our example. We’re talking about introducing findings from multiple sources. So far, we’ve introduced our findings from Burp, and we’ve got about ten pages of findings. We’re going to go back to Add Findings file imports, and we’re now going to import from Nests. We’ve got our Nests file here ready to go. Click to continue. And again, we can apply tags at the step if they’re appropriate.

I’m going to go ahead and add a Nessus tag. Not necessarily, but just going to show you this example here. We’re now creating our tags and uploading our Nessus file once all of these findings have been created. We do have this option to filter using your tags here, we’re filtering by the tag that I added for Nests, but this could really be any tag. And this is going to allow me to then filter my findings down to anything with this tag. Just to show this example here. Now that we’ve uploaded multiple files from multiple sources, you can see we’ve got 51 pages of findings.

And that’s where a lot of these quick action tools come into play. So just want to call out some of the bulk action tools we have in the PlexTrac platform. From here, you can assign an update tickets that you’ve selected, add additional tags if necessary, leverage our integrations with either Jira or service. Now you can change the reported date, set a published date, or choose those that need to be deleted. We’ve also got all of these filtering and searching tools to help you get down to the findings that need the most work before you export these findings into a report for your client or business unit. I hope this was helpful. Showcasing how the PlexTrac platform can help you ingest all of the findings that you have using any of the tools that help you find the most critical and most important important findings that need to be remediated and communicated.