Skip to content

PlexTrac recognized in 2025 Gartner® Magic Quadrant for Exposure Assessment Platforms

Learn more >>

VIDEO

Pentest Reporting & Finding Delivery in PlexTrac (Mini Demo)

In this short demo, we walk through how security teams and consultants use PlexTrac to streamline pentest reporting, from generating polished, stakeholder-ready reports to automating finding delivery.
You’ll see how PlexTrac helps you:

  • Centralize and manage pentest findings
  • Standardize risk scoring and methodologies
  • Generate clear, actionable executive summaries
  • Automate the delivery of findings in real-time
  • Deliver consistent, high-quality reports without the manual effort

Whether you’re a pentester, security consultant, or part of an internal security team, this mini demo shows how PlexTrac simplifies reporting so you can focus on what matters most: improving security.

Request a demo today.

Series: PlexTrac Demos, PlexTrac MiniDemo Series

   BACK TO VIDEOS

Transcript

PlexTrac is a fantastic platform for helping you automate as much of the engagement life cycle as possible specifically around the reporting and test execution phases of your pentest or security assessments. There are multiple ways to get started within PlexTrac when writing a report and scheduling an engagement.

The first way is to actually schedule an engagement through the scheduler module within PlexTrac. How you do this is, customers can log in and they can actually see a button that will say request an engagement or you can schedule one on their behalf. If we want to go ahead and say that we want to schedule the annual pentest, we can select the client that we want to execute this on. We can fill in the relevant details and then we can proceed to schedule the engagement by adding any relevant files like source code, configurations, network diagrams. Then we can specify what we want to call the report what status it will be in. What type of template, PlexTrac offers a lot of different capabilities for templates. Who should be reviewers on the engagement and as well as tags. You can tag lots of things within PlexTrac to help organize and help with your analytics story down the road.

Then you can schedule the engagement. We will go ahead and schedule myself and we will we will select specific dates and then we will go ahead and schedule that engagement. And now you can see that that that engagement is scheduled and it’s already created a report. So as we start to execute the test, we can begin reporting as we go. You’ll also notice that I selected a template. The nice thing about PlexTrac is we have this content library that supports templating out as much of the report as possible. You have the narratives database which brings in all of these sections of a narrative. You can put these into a template so that they will always come in when you select that template. But you can also add your own narratives as you go as well. There are multiple ways to get findings into a report. You can create your own finding from scratch using the form editor capabilities. You can also select from our content library and our write-ups database.

Here we can search for different write-ups throughout the platform within the content library. And when we select, you know, one or more findings, we can add those directly into the report. And you can see that as this loads, we don’t have to copy and paste a lot of information for how we want to standardize our our write-ups and capabilities. So, you see here it brought in this finding with lots of information that’s that’s already pre-built. And then we can come in and edit it as we see fit. We can change the score, we can add screenshots, we can add videos, all the capabilities that you would want within an editor, we have within PlexTrac. But this helps really save time to avoid copying and pasting from previous reports and standardize how you write things up. Finally, we can add findings in from various tools both from an API integration and from a file import. When we bring data in from external parties and thirdparty sources, we can do lots of things. We can have separate rules called parser actions or workflow automation. And when that data comes in, you can have you can do various activities on it as it comes in through our parser actions or through our workflow automation. Things like you can remove all informationals, you can close specific findings out, you can change the the severity of specific findings. But you see here that that we were able to bring in lots of information related to this nessa scan. And from here we can now actually begin the process of either publishing these findings. Say that we have a really critical finding that we’ve found and we want to get it into the hands of someone right away. So let’s just show that example. We have we can create a critical finding. We can say hey this was you I’ll just go ahead and say very serious for now just to kind of highlight that we can immediately publish this to a customer. So, what I can do here is, I can actually say this is published. And so, when I come back to this report, a customer can actually log in and see this finding without necessarily seeing the rest of the findings while you’re editing those and still in draft status as well as the narrative sections, but they can then become they can come in and start to do their triage, right away. How you do the status tracking and remediation within PlexTrac is very straightforward and streamlined as well. Anytime you see a status, you can create a set status. We we support sub statuses for a variety of workflows and then we can immediately assign this to user to users and we’ll go ahead and assign this to myself and now you see you have a historical track record of the finding as it progresses through its triage and remediation phases. Additionally, we can also create Jira tickets or service now tickets and automatically link those tickets together so that there is a birectional sync within each finding. And you’ll notice that now that I’ve created that I’ve linked that ticket to a Jira ticket and all the status updates will birectionally sync between PlexTrac and the Jira ticket. This this supports a streamlined way to remediate findings and stay collaborative not only through the engagement process but also through the tracking remediation life cycle as well. Let’s say I’ve got the report and the findings ready to export out to maybe deliver to a third party auditor or use as an artifact for some other form of delivery. What we can do is we can export into myriad templates in many formats including PDF and word. And you can customize the export to look exactly how you want and feel through our templating process. So as we export this document, if your organization needs a specific look and feel, we can support that. And you’ll see here that this is what the final report export looks like. And this is just one example of a template. And finally, we have an a workflow automation engine that supports being able to conduct a lot of activities that you would normally be doing manually and keep you focused on the right things. So for example we highlighted that as a critical finding came in we want to automatically assign that to a user for immediate triage. So within our workflow automation engine, you can see that we can specify criteria of when something comes in and is critical or meets certain criteria. You can automatically change its status. You can assign it to different users. You can fire off web hooks and you can send emails or create jar tickets. So we provide a lot of flexibility within the workflow automation engine to allow you to focus on the right things. So within PlexTrac, we support the entire lifecycle from report creation to automatically assigning and triaging those those findings so that you have visibility into what their status is and have a full-fledged analytics platform to be able to answer key questions about your progress and your risk status over time.