Skip to content

VIDEO

Parser Actions

Series: PlexTrac ProTips

Category: Integrations, Product Features

   BACK TO VIDEOS

Transcript

Hey there. I’m Nick Popovic, PlexTrac, Hacker in residence. Welcome to the PlexTrac Pro Tips, a video series of quick tips and tricks for maximizing how you use PlexTrac. Brought to you by me and my fellow PlexTrac super users to share cool features and uses that we we hope will make your work even more effective and efficient. Have a unique PlexTrac use case or tip of your own. Share in the comments. Now, let’s get to our Pro Tip track.

I wanted to show you how you can take findings that have been ingested from a security tool and map them to accustomed finding in your write up database. This is a Nessus scan, and it’s been added in via the PlexTrac Parser. What I want to do is I want to take these findings that are related to certificates, and upon Parsing, I want to map them to a custom finding. I created a custom finding earlier for demonstration purposes called Insecure Certificate Use. So let’s go to Parser actions and we’ve enabled it. We’ve chosen the Parser we want to work with. Here.

We could put in text related to finding the finding, ID, et cetera. In this case, I’m just going to sort by anything with the word certificate I can spell.

I’m going to select all of these certificate findings. I could change the severity. I could decide to ignore these findings. But what I want to do is I want to map them or I want to link them to this finding. And I’m going to go through and do this for all findings that have the word Certificate in their title. And now we’ve made the link. If we go back and create a new report, we notice there’s 108 findings.

I’m going to create a new report and I’m going to bring in the same Nessus file and let’s see what the difference is.

So I’m going to add findings. You can see that current security tool is supported. I’m going to add this Nessus file.

Now, the findings and assets that are within the Nessus file are being ingested by the platform.

What we notice is, if I sort by certificate, I now have only one finding, insecure Certificate Use. Drilling into the finding, we can see our custom content. We can also see the affected assets as well as the output from the tool if we want to include it. I hope you find this useful. Bye.