Skip to content
NOW AVAILABLE Feature Release! Learn About Our Enhanced Capabilities for Prioritizing Remediation CTEM Prioritization >>

VIDEO

How PlexTrac Automates Pentest Findings Delivery – Real-Time Workflows & Remediation

Transform the way you deliver penetration testing results. In this video, PlexTrac founder Dan DeCloss shows how PlexTrac automates pentest findings delivery—replacing static PDFs and manual routing with real-time workflows and continuous collaboration.
See how PlexTrac centralizes all findings, unifies scanner outputs, and applies rules-based automation to speed remediation and reduce operational friction.

Key capabilities covered:

  • Real-time routing and automated ticket creation
  • Instant alerts for critical findings
  • Auto-assignment and streamlined validation/retest loops
  • Consolidation of manual and scanner findings in one platform

PlexTrac creates a closed-loop vulnerability management workflow that helps teams move faster, stay aligned, and reduce mean time to remediation.

👉 Book a Demo: https://plextrac.com/demo

Series: PlexTrac MiniDemo Series

Category: Assessments, Asset Management, Content Library, Integrations, Pentesting, Product Features, Purple Teaming, Red Teaming, Reports, Risk Quantification, Runbooks, Service Provider / MSSP, Thought Leadership

   BACK TO VIDEOS

Transcript

Hey everyone, I am Dan DeCloss, founder and Chief Customer and Brand Officer here at PlexTrac. I am excited to be talking to you today about the overall workflow of how we deliver pentest findings in an automated fashion. I’ve been a pentester for many years.

I’ve been in the security space my entire career and one thing that’s not talked a lot about is once a pentest report is delivered, what are you supposed to do with that report and what are you supposed to do with that those findings? The document is great as an artifact of the engagement and shows the point in time at which that report was created, but somebody still has to take those findings and copy and paste them out into other into other spreadsheets, other tracking systems and what have you.

The value of PlexTrac is that we can actually help automate that delivery and tracking and remediation lifecycle helping you stay in that continuous assessment loop and be able to have real-time visibility into the actual status of those findings. So let’s go ahead and show you how we do that in PlexTrac.

We have an amazing workflow automation tool that supports the ability to automate a lot of the lifecycle around findings.

So one thing that is handy in PlexTrac is to be able to assign findings automatically when certain conditions are met. So here we have a workflow automation that says I want to assign this finding to specific people once it’s published. But I only want to make sure that this person receives the critical findings. So here we have a workflow automation that says, “Hey, when this report finding has been published and it’s critical, we want to go ahead and change its current status to open and needs immediate triage”, meaning we want to jump on this right away. And these sub statuses are all customizable within PlexTrac. And so once this trigger is met, it’s going to change that status to show that it’s open and needs immediate triage. It’s automatically going to assign this finding to Pam and send her an email. And then it’s also going to fire a web hook notification into Slack into an escalation channel within Slack. And it’s also going to send an email to Pam. So this way we cover our bases in terms of making sure Pam is notified that this finding has been published and is assigned to her. So that’s one extremely handy thing within PlexTrac, is that it can automate as soon as certain criteria are met.

We also can go ahead and assign findings based on different criteria as well. So let’s jump into what happens when you can also add another workflow around the critical finding being published. You can change its status. You can assign it to somebody else. You can send the email and all that. But you can also create a Jira ticket and put it on the escalation board within Jira or ServiceNow or some of our other, through webhooks, a lot of the other ITSM systems as well. So this is another example of a workflow where you can publish findings and immediately assign them out to Jira tickets and create that automation loop.

We can also do certain activities when when findings are closed. So let’s say we want to notify our executive team and our system owners when a critical finding has actually been closed out. So that someone changes the status to closed when that happens, here’s the trigger. We can go ahead and say, hey when finding status is closed. Now when that’s closed, these folks here on the executive team and the system owners are going to get this email so that they can either validate or just make sure that, that finding actually was supposed to be closed.

Another handy thing in PlexTrac is as data comes in there are certain things that you want to actually be able to do with it or you maybe just want to close out all the informational findings or consolidate findings into different types of writeups. We have two ways to actually support that today. We can close all the informational findings using workflow automation. So let’s say you know we don’t want informational findings to mess with our analytics but we still want them there in order to be able to see what they were for for documentation purposes. We can set up a workflow automation that supports the ability to automatically close informational findings as soon as they come in. Whether they’re published or not, you can you can specify that criteria and you could also send an email to somebody based on when that trigger is met.

The other the other handy portion of PlexTrac that can be used to configure findings and things like that is our parser actions where as files are imported into PlexTrac you can do specific things with the findings. So here again you can you could actually just completely ignore all informational findings as they come into the platform or you can change their severity to something different or you can link them all to a write up in the write-ups database. So the parser actions is also another handy way to be able to manipulate data as it’s coming in from the parsers. So let’s just kind of highlight what that looks like in real life like with respect to a penetration test. If I come into a pentest, I can see these statuses here and this is linked to a Jira ticket. It has its risk score. I could come in and I can go ahead and add comments to this ticket from within PlexTrac because that is a birectional sync with Jira.

And so everything around this the findings delivery and workflow is a available to you within PlexTrac. You can automate everything. It’s super handy. I really encourage you to check it out. One last thing too is that as findings are written in PlexTrac, you can have them in a draft or publish state so that you can be editing certain findings, but if something does come up that needs immediate attention, you can go ahead and publish that finding. It can kick off that workflow and notify the people uh that you want to be notifying and they can come in and immediately start triaging it as well. So, PlexTrac really supports that continuous and automated lifecycle all around the report findings, delivery and tracking and remediation of those risks. I really encourage you to check it out. Stay tuned for more demos from PlexTrac.