Pentera Integration

Transcript

Ellie used the Export to PlexTrac feature that they’ve developed on the Pinterest side. We’ve got our JSON file, and we’re going to jump into the PlexTrac platform for the rest of the stem now, but will assume I’ve already got a report in the platform started, and we’re going to navigate to findings to upload the file from Pinterest. Within the texture platform, we offer a lot of options to get findings into the platform. We’re all about aggregating all of the data you need to effectively communicate in your report. So for this, we’ll select from the ability to add findings here, we have several options, the ability to create them manually. We also offer a write up database that you can develop in full from. But for Pentera, we’re going to go ahead and select from files, and we’re going to identify that this is a Pinterest file, which is custom to this export we’ve developed in partnerships, and we’re going to upload our JSON file here.

Now, in that Track application, at this point, we kind of take a brief pause and give you the opportunity to identify a tagging that you want to associate with findings in this report. So this is going to associate any of the finding or asset tags you developed here with all of the data that you pull in from this file upload for this demo today, though, I want to call out that we have, in partnership with Pinterest, developed some auto tagging, which will be really helpful with the specific type of data coming from Pentera as a tool. So that auto tag will be either a tag for achievement or vulnerability, so that you can navigate between those two types of findings in this report, and tags can be leveraged throughout the entire platform as well. So, very beneficial steps. So we’re getting a notification that our file is uploading, and if for any reason our file were pretty large, you would just get a notification up here at the bell that it’s ready for you. Of course, in this example, that’s not a concern. So I just kind of want to orient you all to what you’re seeing here on the screen, where in our report we’ve got our findings.

We just uploaded our file. You can see how all of these findings have been populated, and I’m going to pull a finding up to show you a more detailed view. And I’m going to use the same example that Ellie referenced earlier. This long for shelves. So you can see in this integration, we’re automatically populating the finding detail with the description. The title here, of course, and then the other area we partnered very closely on is the custom severity scoring structure that Santera has. So, out of the box, as these findings come into PlexTrac, we’re making sure to set, for example, a ten immediately to a critical in PlexTrac, ellie also calls out the great customer mediation recommendations that come from Pinterest and those are being pulled into this finding detail here as well.

And this goes a long way towards the topic of our talk today, which is how do we communicate what needs to be done? So the pleasure platform does offer you the ability to enhance and expand upon this, but I think this is a really great start that we’re able to populate this here. You’ll also note that we have our tag I mentioned shown here, and we always show the source. And the reason for showing the source is that we offer the opportunity to pull in findings from multiple sources to help you enrich your report as much as possible. So all of these findings will be tagged with a source of Pinterest and our auto tags. And this is also where we would see any of the tags we chose to add. Whatever works best for you and your team.

One other feature I’m going to show off a little bit here in this finding detail is an optional feature in the Black Track platform, time to SLA. And I think this is really relevant to our talk today as well, because we’re focusing on how we get issues resolved and the time that it takes. You guys shared in your polls the variance in the time that it’s taking to find vulnerabilities in this example from Pentera and then get them results and communicate to the team that can do the work.

So, speaking of remediation, the first remediation tool that I’m going to call out in the PlexTrac platform is the status tracker. And what we support in our product is the ability to assign a binding to any user within the PlexTrac platform. So you can see I already have a very simplistic example of the timeline you’re able to create when you’re assigning and passing back and forth, maybe commentary about the status of a finding in the PlexTrac application. Now, when a user in PlexTrac is assigned to a finding, they’ll be alerted to this when they log into the application on their Dashboard. Or we also also optionally is what I’m trying to say have a feature you can choose to have some email notifications. So this status tracker does a great job of working for teams if the team is all working in PlexTrac. As we talked about today too, we mentioned communication silos.

I know for many of you, the teams that you’re working with to get the work done are not necessarily going to be working in PlexTrac and maybe working in tools like Jira or ServiceNow. And that’s why the PlexTrac platform offers integrations with both Jira and ServiceNow. So if you’re needing that ability to take this data, and in our example, we’re talking about data coming from HunterA into Plex Track, we can then push that data into a jeer ticket or service. Now issue, if that’s the way you need to communicate what needs to be done. So as either a user is identified and set the ticket to close, this finding will be marked as closed. Or if you push this to Jira or ServiceNow and that ticket or issue type is closed, that will come back into the system and through our API integration and update this given finding to be closed.

One other note that I want to call out is that for many of you at this point in the cycle, you’re going to need to export. So, as I mentioned, the Plex Track platform has a lot of great reporting tools to help you customize the way you communicate all of this data. So feel free to reach out to the Tech Track team if you want to learn more about our reporting output and how you can customize that and enrich that both from a narrative and informational perspective.

I’ve just shared with you guys quite a bit and I want to call out that if you’re wanting to get back into some more of this information, the details about the integration between Pentera and PlexTrac. We’ve partnered with the Pentera team on some really great documentation. So you can head over to Doc Flexrack.com to view this joint information and this details everything from the Pentera platform all the way into the Plex Track platform of how to leverage this. And you do not have to be a current customer of either Pinterest or Plex Tract to access this documentation.

We hope that will be helpful for you. So, with that, as we talked earlier today, aliy showed you guys a great visual of the cycle and getting to remediation. And I think, Ali, you are going to mention just briefly a little bit more about the idea of getting back into Pinterest at this point.

Yeah, exactly. So one of another cool feature in there is we can actually rerun a test. For example, let me know certain vulnerability finding was remediated. We can rerun a test. We can also schedule tests so they can be done continuously and periodically.

And then we can reevaluate reassess our security posture. So for example, here, in this example, an operator rerun the test and exported another result. JSON yeah, so what that could look like on the Plex Track side is again from Pinterest selecting to export to collect tract. Maybe you develop a follow up report and then having the opportunity to pop back in here and uploading that new file. And just to close this loop, I’ll do another quick demo and ideally at this point, we’re going to be able to load our findings. In this example, we’ll go back to our log for Shell that we started with and just showing right, that data isn’t in this report. We have completed that cycle from Pentera into PlexTrac, then into your Remediation tactic, revalidating in Pentera and then re uploading the PlexTrac to validate that we are watching our progress as we progress.

So this ends the live portion of our demo.