Skip to content

VIDEO

PlexTrac Platform 2022 Year in Review

The module clusters we showcase in this video include our Content Library, Integrations, Bulk Actions / Standardization, Reporting, Analytics, and Assessments. Finally, we close out by discussing where we’re headed in 2023.

Series: PlexTrac Demos

Category: Product Features

   BACK TO VIDEOS

Transcript

Everyone. I am Shawn Scott. I’m the VP of Success here at PlexTrac. And I am here, along with my good friend Landon Reese, to really just take a walk down memory lane. 22 has been an amazing year. We’ve delivered more new features and value for our clients than ever before. And quite frankly, Lana, you’d probably agree that they’ve been coming so fast and furious that even us ourselves haven’t had an opportunity.

Take a moment and just reflect upon everything that we’ve done in this last year. Yeah, absolutely, Shawn. I’ve been thinking about this webinar and getting prepared for it, and it’s just been so exciting to go back and look at all that we’ve added for our customers. We have been heads down, pushing for value this whole year. And when you do that, you just really think about the next tree, and it’s great to think about the whole forest and what we’ve been delivering for folks. So I’m really excited to be here today. For those who don’t know me, I’m Lana and Reese, BP of product here at PlexTrac.

And I’m excited to be able to add some context into why we did the things we did. Awesome, Lana. We have got a ton to get through and not a lot of time, so I’m going to go ahead and begin walking through these items that we’ve got. So with no further ado all right, here we go. All right, while we’re here and we might be going a little bit out of order, Landon, but the first thing that I think a lot of our long term users are going to notice is just what you see upon Login. And Landon, you want to take a moment and just kind of talk to us about these amazing little cards that we’ve got in the top here? Yeah. Internally, we like to call this the actionable dashboard.

And so when you land in PlexTrac now, we help you figure out where you need to go next. So right on top of the screen is where you were before. So if you were right in the middle of writing a report or updating specific findings, the most recently viewed reports are right up there at top for you to dive into. Yeah, it’s absolutely just a 15 to 22nd time saver, but it makes it just really easy to find what it is you’re looking for. This has just been one of those wonderful, as we call, surprise and delight features. That not the sort of thing that people are constantly chiming for, but it just helps to meet our overall mission of improving workflow efficiency. The other neat thing is, if you’re responsible for remediation and you’ve been assigned findings, those are here as well.

This is a brand new environment we spun up for this event. Don’t have any of that, but you’ll see that this list is going to populate as we continue through our demonstration here today. But let’s go ahead and kind of pop into those major features.

Prior to 2022, we’ve always had an amazing write ups database and it was one of the most valuable features of PlexTrac. We know that over time the value grows because people continue to curate that. It grows larger and larger and there’s less work that has to be done. However, one thing that we’ve been asked for for a long time from our clients is it’s great that I can reuse my write ups, but there’s a lot of narrative sections, those things that you put up there at the beginning of the report that I don’t want to have to recreate each time either. And maybe they’re not standard. It’s not the same language each time in a report. And so we have added an incredible new capability called the content library.

And if we were to click into our content library, you see that you’ve got the write ups database as it’s always been, but you’ve got this new feature called Narratives Database. You’ve also got a new one called Runbooks Database, but we’re going to save that for a future event that’s a coming soon attraction. If I click into the I’m going to hold off on getting into the Narratives database because we’ve actually done some work that impacts the writeups database as well. And so, Landon, kind of talk to me a little bit about what we’ve got going on here with these repositories. Yeah, absolutely. So when you jump into the write ups database today, you land in a new page called the repository page. This is where you can create a collection of write ups for your specific team.

So let’s say that you are doing things for IR, or let’s say you’re doing things for pen testing for a web app, and then you also doing pen testing for your network and you just want to slightly adjust your findings or keep them grouped or separate your users so that they only see what they need to. You can do that within our repository capability. It’s a new pattern that you’re going to just deliver across all of our content library types now too, the goal here is all your team can work within PlexTrac and see just what they need to see. Yeah, absolutely. And one of the things that we added to this, which has really been just amazingly received, is we’ve added a permission structure, especially for larger teams, where you don’t necessarily want to have your junior testers, your junior assessors monkeying with the canonical language that you want to use when reporting on a specific vulnerability. You can do that. Now, we’ve given you three classes here.

An open one is really what you would expect the least restrictive. Anyone who has edit capabilities can commit or use those write ups from an open repository. You’ve got managed more restrictive where everyone can use these, but only certain people that have been specified can actually edit the content of this, and then you’ve got your most restricted private, where even the ability to use these write ups can be restricted to specific users. So it’s really a great way of managing this. I kept this one. All three of these is open. But here’s what’s another really interesting thing.

One of the things, Landon, I know that your product manager Share a Lot, is I’d love to be able to just lift and shift content, copy content. Right. I don’t want to if I want to have different versions of a write up, I don’t want to have to copy and paste that stuff. So I’m going to click, maybe talk me through some of these bulk actions that we’ve got available here. Well, why don’t you select a few, and then we can just walk through. So one of the things that you might have seen and love near and dear, we heard it a lot from within the reports and our findings is the ability to do more bulk actions. Right.

I want to do more things to all my findings at once. These were the top items that came from our customers when we were building out these repositories that we added. So now you can copy right up to another repository, as Shawn was alluding to right here. And just a few clicks of a button.

Obviously there’s copy, there’s move, there was adding tags, and then obviously the delete button. The delete, yeah, absolutely. And so some of the interesting use cases, you can think about how you might use these bulk actions.

Oftentimes you’ll have different maturity levels of end users, right? You want to tailor what those items are. Or maybe there’s just variations of different common findings that you want to start out with overall TLS issues, but then you want to drill in to the specific issue you found so you can start kind of with some baseline understanding and then just further tailor that. So if I go back actually now to my list of repositories, you’ll see that we’ve now populated. We’ve copied some things into the app SEC findings. We’ve moved some things into Incident Response, and this is some other awesome use cases for this is a lot of times you’ll be create a finding from scratch. And, you’ll know, I know that I’m going to want to use this again, right? But I’m in the middle of a report. So we’ve always had the ability of pushing things from your report to the right ups database.

But now, if you can do something like use this concept of a private repository, so you’ve got a safe place where you can push this data, and you know that people won’t be able to use it again until you have an opportunity to sanitize it, to gussy it up, make sure that it truly is generic and that you’re not spilling any data that you don’t want to spill. So really excited about that. But you mentioned standardizing things, Landon. And so as we move into our newest reusable content, our narrative database, notice that the format is the exact same. If you know how to use repositories in your write ups, you know how to use them in narratives. But what are the narratives here? Right? So, for example, we give you a little sample repository to give you some ideas and use cases on things that you might want to save as reusable content, right? So one of the things that we see in probably about maybe a third of the security reports we see, whether that’s honestly a security risk assessment or even a technical test, is a narrative section that will talk about those programmatic level deficiencies. Maybe.

I detected five different instances of end of life cycle out of lifecycle software in the environment. Those are all problems, but they’re really symptoms of a greater programmatic problem that you don’t have a good end of life program in your environment. Right. And so oftentimes, that content can be very reusable if you’ve got those programmatic level deficiencies, like limited detection capabilities, right? You can reuse these over and over, and by combining them with things like our short codes, you can even customize these a little bit very easily in an automated fashion. Talk to me, Landon, about what’s this new thing that we see down here that we’ve never had on there before. I think that’s there because it might be exciting for you and your team, too. So I see how you’re playing there, Shawn.

We use tags within our mechanism to allow us to be able to filter, to be able to look into them, to be able to ultimately be able to pull specific things into our reports through our exporting process. And so now you can also tag the narratives for all those same capabilities and use cases you did before. So, again, that’s a lot about when I think about that kind of capability and being able to use this the way that you know how to use the write up database, that’s exactly what we mean. We’re trying to have that feature parity across our libraries. Yeah, absolutely. So let’s just show how really cool this could be. If you’re one of those clients that has a section like key programmatic deficiencies or key strengths, people like to get the Adam boys, slap them on the back to how great they are before you dump everything on them.

But now I can simply go and add narratives from my database and notice that I’ve got these filters I could select by repository. I can say, hey, just show me all the things in my key weaknesses repository, or I can simply filter based upon tag. Right. And so now, great. I’ve filtered this down. Perhaps limited detection capabilities is a key weakness they have. And we’re off to the races.

We’ve got that already brought in. We can modify as need be, but just, once again, another time saving technique. It’s going to save you time not just on your tester, but on your QA function. Right. If you’ve got approved language that’s already been through that process, it’s just going to save time on both sides of the equation.

All right. That is the amazing work that we have done with our write ups. We’re pretty excited. And our narrative. DB and once again, in a future episode, we’ll talk to you about what you previewed there when you saw the Run books. DB we focused a lot on improving the ability to reuse content that already exists in the platform. But without a doubt, if we’ve spent more time in one area of the platform than any other, what’s that been this year? Landing, are you going to say? I’m hoping you’re thinking integrations.

Are we aligned here? We are absolutely 100% aligned. Right. And just given the time, we’re not even going to have an opportunity to talk about all the things that we’ve done. But if you go into your account admin area and PlexTrac and you go to your integrations, you can see all of the amazing logos that are on here that weren’t here at the beginning of the year. Cobalt is new. Edge scan is new. Hacker one sneak.

Those are all net new this year. And we have significantly enhanced our Jira parser. And so the Jira integration integration, sorry. Yes, our Jira integration. So I’m actually going to start there because it’s a little bit different. Right. That’s an integration to a ticketing system versus an integration to bring in data from another platform.

One thing I failed to mention is that land what’s different about these integrations than the ones I would see when I’m importing a static result and result? These are live. These are API level integrations. So it’s not on just the dynamic. It’s just not on the pull of a file import. This is something that’s sitting there and it’s getting updated on a cadence. It kind of depends on which one you’re using, on how that cadence is for you to actually just automatically get pulled into a report. So that’s the main difference with these API integrations.

And so as you’re getting ready to go into Jira, maybe I’ll talk a little bit about the context and give some assurance to why we went and implemented this. I’m a product guy. I come from the development side of the house, so please don’t get angry with me. I know that I’m sometimes the one you guys have to go convinced to move the needle on the security side. But what we really did is we leveraged what we knew about how development needs to be spoken to and the differences in their workflow versus the workflow that we all have to live within from a security side and try to bridge that gap. And so we provided the customizations needed to be able to fit within development partners ecosystem because if you can do that, then we can make change and we can continue to improve the security posture of your guys’ businesses. So Shawn is going to walk through what that looks like.

But that was really the intent of this new integration and the workflow we built. Absolutely. We’ve had Jerry integration probably for close to three years now with Plexrac and it’s been one of our more popular features, especially with our enterprise users. Great, you found what needs fixing. Let’s push it into the ticketing system of record that’s already in use in the enterprise. However, it was a little bit basic. We’re pushing the data from PlexTrac and we didn’t necessarily have that tight bi directional connectivity and we also didn’t really have the support for the customizations that a lot of people do in their Jira projects.

We’re Jira shop ourselves and we have a lot of different customized forms and so quite frankly, this is helping us as well as helping our clients. But what’s new and different? Obviously the UI has been reskinned, but once you actually have your configuration set, if we go into select the projects, you will get a list of all of the various projects that you have credentials for access to as part of the credentials that you provide. So you can pick which ones you like from there. Maybe you don’t want to allow them to integrate to all of your projects, but here’s where the real magic happens. So Lana, I’m going to let you take it away and just talk about the amazing work that we have done here. So proud of the teams who have been working on this part. But we have made this completely customizable and configurable.

And so the finding fields that you have within PlexTrac, you can map to where you need them to be within your Jira side, not only at the task or story level, but also at the epic level too. And even to the point where if you’re within a field that has a specific set of sub fields related to it, Shawn, you see that like status one, you can actually map what open means to the status in Jira. So if you want it to be that you’re open means to do right, you can simply map that to it. Or close means done in progress. In progress. As you all know, you might have more sub statuses, more statuses on the Jira side that you want to be able to map to. You can do that to make sure things are in Shawn’s mapping close to cancel there, you can have that there too.

So now that you even have them join, so you can have that combined view. That’s what I mean by the language that you need to use, the statuses that you need to use to better report from the security perspective. You can make sure get mapped appropriately to what it means from the development perspective as well. What’s really cool, Anna, is this canceled. This isn’t just an arbitrary value. This is an actual status that exists inside of the Epic issue type in this test project that we’ve created. So when we set up the integration, once we determine which of these projects that we want to map to, we’re grabbing all of the data for the structure of what those forms look like and what values can be placed there.

And we’re turning those into actual destinations for your Plex tracked data. But what’s up with these little funky arrows? Landon so we even have different sync types as well. And so right now, you have it set as a bi directional sync. But on the left there, you have a sync that is Plexed at the Jira continuous, jira to Plex track continuous, and then a one time push to Jira. Right. And so we actually allow you to set, like, the actual relationship and how you want that synchronization to be, too. So when I say customized, I truly mean customized.

And we’re really excited by it. Yeah, just really just an amazing advancement in our Jira functionality. All right, well, let’s talk a little bit now about some of those other API integrations that we have added. And I don’t have them all plumbed in here today, but I do have a few of those. And so I’m going to go ahead and hop into one of my trusty clients here, acme. Coyote and we’ll begin with integrations for the win, as our seems fitting for our target report. So how do I get this data in? Well, if you have your integrations configured and connected, you’re going to get a new selection in your drop down here, right? And you’ll notice that we’ve still got the standard stuff right up database from scratch file imports.

But now we have this integrations tab, and depending upon which integrations that you have configured, you’ll get those various different drop downs that allow you to select one. I’m going to select hacker one. Once I do that, I am brought to the list of all of the findings that I have access to based upon the credentials that I provided when configuring this integration. I’ve got a whole series of filters here that I can use to find the data that I need to bring it into a report, right? So I can simply just find what I’m looking for and continue with those findings. And much like our static parsers, we understand how important tagging is to a lot of our clients. And so you can even tag these with whatever you would like. Perhaps this is all from application I can’t tag.

It would be the idea. Application Bravo, whatever it may be. Brave bravo. I can’t type. Doesn’t matter. Right? So we can add those tags, and boom, there they are. They’re in our report.

No requirements to export data into some sort of static file. Then bring it in. What’s really awesome is sometimes those schemas change. So this gives us a much more stable when you’re at the API level, defecation of API endpoints is a pretty big deal.

In addition to just saving you some time, this is going to ensure a good, solid, stable connection between you and your chosen integration. Anything that you might want to chat on? Well, I think one of the things that excites me the most, and you’ll hear this a lot from me, is that if you know how to import from one API integration, you know how to import from all API integrations. So that experience that you saw with the left hand ability to filter and sort along with the ticker in terms of being able to select which binaries came in, that is consistent across all of the integrations that we deliver. Now, sometimes the search fields might change a little bit because we want to expose what’s available from specific tools, but our goal here is to try and make that simpler for you all. We know there’s a lot that’s going on and all the different tools that you have to manage and support. We’re trying to help build that common language from wherever you’re pulling it so you can get to the real security work. Awesome.

Well, we’ve done a lot with our API integrations, but we haven’t stood still when it comes to our static parsers, because there are some things that just doesn’t make sense to integrate with from an API level, right. Maybe they just don’t even have an open API that we can touch. So we continue to add more options to our static parsers. And by the way, if you’ve been away from PlexTrac for a while, you might notice that the flow here has changed. We’ve made this much more intuitive, giving you a lot more options, but things that are new that you may not have seen before. CSV.

This is actually the most loved new parser internally at PlexTrac, because it really is the Swiss Army knife secret decoder ring, right? Maybe you’ve got a tool that you built that’s pretty common in this industry and maybe not you personally. Maybe it’s something that your organization has built. Maybe it’s a lesser known tool that it’s not the sort of thing that is widely adopted. And probably we’re not going to build a static parser for directly to our platform. That’s okay if you can get your data into a CSV. Now we’ve got a schema that you can import any data now as a finding from a CSV. And this has just been a game changer, and it works awesome out of the box with a single little simple one line PowerShell command, you can reorder any CSV to match our schema.

So it really is just extremely powerful. This has only been on the streets for how long? A couple of months now? Yeah, a couple of months at most, but we’re really excited by it. Yeah. And we’ve already got people who are just doing amazing things. We’ve got some people who are in the GRC space that prefer to perform their risk assessments in a traditional Excel spreadsheet. I get it. Easy navigation, right? There are definite advantages in certain frameworks to just use an old school spreadsheet.

Right now, they may not have network access, right? Yeah, exactly. We’ve got some clients that do some work in remote environments that just don’t have the connectivity back to their plug track server, but they can whip out an Excel sheet. So we’ve got some clients that have written scripts that just take a dot XL access. I always get those last two letters confused, an Excel file, right, and just convert it to a CSV, and boom. Now they can pull whatever that data is from a spreadsheet directly into PlexTrac as findings. We’ve also got this new parser in Vicky. As you may have heard, Netsparker was acquired, and as part of that, they rebranded Vicky, but they also changed things.

So we are still supporting the legacy Netsparker that’s still out there. There’s desktop versions, but we are also supporting the new Invicti partner as well. We’ve got HCL AppScan. I think that that came in new and early in the year. So just lots and lots of new features. If there’s things that you would like to see that you don’t see here, pop over to our Ideas Portal, Purple Ideas, PlexTrac IO. Let us know what you’re interested in seeing, what your friends put there.

Take a look at what other people have suggested. There’s a lot of good ideas out there, and my team is actively looking at that. That really helps guide where we’re trying to head. We want to listen to you guys. And don’t be surprised if you get a PM responding to ask for a little bit more information.

Outstanding. So there’s also some just basic usability things that are users that had identified that they would like to see. So one nifty thing is we’ve always had this ability where I can multi select, and that’s great, and I can select all right. But selecting all was limited to what’s on the page. And so now you can see that I have selected 144 items, which is actually all I have in this report. If I were to select to only have 50 per page, how does that behavior differ? Well, now I’ve got 50 items selected, and so if I select all, 144 findings. So the default behavior is what it’s always been.

We haven’t moved the cheese on you. You can still just select everything on the page. And I’ve selected my 50, but I’ve also got this new Nifty option to select everything that exists inside of the report. And what do I have as far as bulk actions that I have available to me all these incredibly useful things? Once again, to Landon’s point of wanting to increase your ability to just move data faster. So really excited about something just as simple as that. Just something that we love to see. Landon one thing that I skipped over that I wanted to chat about before was what we have done for CVSS scoring.

As Shawn’s opening up the findings so we can go into it. We added a CVSS three one calculator. Pardon me for not getting the version right, but when you pop in here, you guys can actually change all of the different attributes within the CVSS scoring framework, and then we’ll automatically calculate the score. We also have the vector still. So if you want to use the vector, you can. And we added temporal and environmental scoring as well, so you can adjust that to have it be within your scoring methodology. All of that’s within here to get your calculator.

You still have your vector. And, oh, by the way, we’ve updated the parser so that it will update the score and vector as well. And so now that’s all baked right within our platform. We had heard that loud and clear from our customers that they would like to have this, and it’s here. I have created the mother of all vector strings. Look at that. Holy but of note, nothing is required if you’re going to use this other than to provide the base scoring, right? So we don’t make you sit here and take advantage of every single attribute.

But you’ll note two things happened. Number one, we’ve already got the score populated here, and we have mapped the severity based upon the standard first org scale for mapping of CVSS 3.12 Severities. I can override that, right? If I don’t want to use that mapping, I do get a little warning here, which I think is a good thing, right? And that allows us to change this to medium. So, super excited. We’re still importing your CBSs scores from your standard scanners and your parsers and things like that. But the good news is that if you need to do your manual scanning, you don’t need to go to an external calculator anymore. It’s all just built in here for you.

Really cool stuff. Now, Landon, one thing that users might notice when they log into Pluck Track, especially about now, is a little pop up for a little widget that we’ve got here we didn’t used to have.

Really I’m excited about this. For every user, they can customize the columns they see within their findings table here. We know loud and clear that each of you might have specific things that help you in your workflow that’s going to be different than others. And so we have a list. So if you want it simpler or if you want it more complex, that’s up to you. You can add them and then they’ll show up and they’ll persist for you as a user on your report findings. Absolutely.

And what’s really. We love about this feature is, over time, people keep on asking for us to be able to display more and more attributes. Unfortunately, the screen can only be so wide, right. And so this really opens up. It unblocks us. It gives us the ability to listen with, how would you say, a little more hope when people tell us about new attributes that they want to see. Because we’re not limited anymore by the real estate we have available, we can just give you those options and you can see what it is you want to see.

Absolutely. One of the things that we talk a lot about, Shawn, and we at pleasure, is we want to help you guys do what you need to do. Right? And so sometimes that means giving you guys options. Of course we want to help get folks started, but we want to allow you to customize where you need to. This is just one of the ways that we can do that.

And some other things that we really have to spend a lot of time on this year is our work with affected assets. And one of the we’ve done so much here, I don’t even know where to begin, so I’m just going to dive right on in. So heading on into this finding, we’ll click over into the affected assets column and you can see that we have completely redesigned the layout of this column. Of this page. We’ve got all of your port service data, the location, the URL. If it is something that’s new criticality of the asset, all these things are now available for you. But what we’ve really done a lot of work on is your ability to quickly gather assets.

And just to make sure that we’ve got a nice clean experience to show what we’re going to do, I’m going to create a new asset from scratch. Sorry, a new finding from scratch that doesn’t have anything associated with it. So that we’ve just got a better ability to demonstrate that, I’m going to go ahead and just give this a severity in the minimum amount of data to create the finding that kicks in. By the way, your auto save. So I’ve never got to click that save button again, and I’m going to click over to my affected asset. And so we’ve always had the ability of creating a new asset or adding an existing asset, but we’ve added two really neat features this year. Number one is we’ve got the ability if you’ve got your assets in a CSV, we’ve got a schema for that.

You can just dump a CSV in and it’s going to populate that for you. But this is one that is just really exciting just because of how easy this is. Right? And so I’m going to just dump some assets here and I’m going to dump a couple of different types of assets in here, but I’m literally just going to copy and paste these in, and when I do that, it’s going to bump those up against the known assets for this environment. Right. Notice that it identifies that these are all new assets that don’t exist anywhere in Plex Trek for this client. And boom, I’ve got the option of throwing some tags on if I want. And just like that, I’ve now added those five assets.

These assets not only exist inside of my report at the affected asset level for this finding, but they also exist at the client level. So why this is really cool is now if I were to go and do that again, and I do this bulk paste, and when I do that, notice that it says this matches existing assets. So it has already associated that this asset has already been created for this client. So we’re deduping even here on the bulk pace. So really cool feature. This has already been very widely adopted by our testers that are manually adding those affected assets. Nifty stuff.

While we’re here, let’s talk a little bit about some other improvements that we’ve made to different areas of the findings. So, Landon, maybe you can set us up by talking a little bit about what brought us to QA Workflow tools. Well, that’s a loaded question, isn’t it? That’s just not funny.

So if you look on the right here and when I think about QA Workflow, it’s just thinking about what it means to be able to get into a report. There’s so much more that goes into it than just getting the base data and then just being able to ship it to your customer, or maybe even if you’re on the Enterprise, send it to someone for remediation. Maybe this is maybe you have scaled up. You’ve got someone who’s newer to your organization. They don’t quite know how you talk yet. They don’t quite know the tone yet. And you just need a technical person or a senior person to come in and review.

But you don’t just want to review and have them change. You want to teach them, and you want them to be able to have a conversation back and forth, because maybe they meant to say it that way. And so what we did is we realized that we just needed to drive more collab. We wanted to have that collaboration within our platform, and we wanted to give you all the tools to do so. And so that spawned a feature that we called QA Workflow that really enables more collaboration within our platform. And when we say that, we mean the ability to track changes so you can see what’s changed over time and then be able to comment and communicate or collaborate with your team members across it. Ever since then, that feature really took off, and we knew we should do even more.

And so over the last month or so, we’ve continued to invest in this collaboration and enabled those avatars that you see on top. So now you see the SS with Shawn Scott that shows that Shawn is working in this specific text field for description. And the reason why that’s important is now you’ll know where someone is working and you can make sure that you’re not overriding one another. So we’re trying to enable not just collaboration, but effective collaboration. Absolutely.

All right, well, there’s honestly tons more that we could talk about in our Reports module, in our findings. If you’ve been a long time Flex Track user, if you go back and you take a look at some of those videos, we haven’t taken them down off the YouTube just because it’s fun. It’s nostalgic to see how far. It’s just a completely different experience today.

And while we’re talking about the different experience today, I actually do want to take us all the way back up to the client level. So we have completely revamped the organization of the data that exists inside of the client. So now not only do I have the ability to see my data organized by the reports that I put there, if I go into the Findings tab, I now have access to all of the findings that exist in all of the reports, and I’ve got all the same filters that I would have inside of a report. So I can rapidly find whatever it is that I’m looking for. If I knew that there was a finding on something, but I couldn’t remember in which report it was at, not a big deal. I’ve got the ability to come in and rapidly find that I can also rapidly jump to my assets, I can jump to my statistics, which isn’t going to be very exciting right now because I haven’t moved any of my findings into the published status that gets them considered for statistical analysis. But once again, just quality of life improvements that we’re really happy to deliver on, and we continue to look for new opportunities to do so.

So if you got ideas for how we can make the workflow better, once again, purple ideas. PlexTrac.com. Or is that IO? IO. IO. There we go. Awesome. Okay, so one thing we don’t often talk a lot about the workflows that enterprises use and the remediation.

And that’s something that we want to spend more time in Flex Track covering. And so one of the things that has been really loved, especially by our enterprise users this year is the addition of trends and SLAs. Right? And I’m really just going to focus on setting up the trends and SLAs because it’s over time that you get your data that’s going to populate this. But what I can do is I can create new service level agreements. And what is a service level agreement? It’s just simply an internal benchmark, a goal, if you will. For how long do I want to give myself to fix these problems that I found out of the box. If you go into the section of plugstrack, you’ll see that we’ve already got some basic ones here.

They’re really just based upon the severity of the finding, and none of these are enabled by default. If you do enable them, this is going to start at the generation of alerts and things like that, but I’m going to just pop into creating a new one to kind of show you the power of how granular you can get with setting your remediation goals or SLAs in your environment. So what? I’m going to title this one Criticals and Highs on my Crown Jewels. Right? My crown jewel assets. And so I can say if we find any critical or highs on crown jewel assets, I want those fixed in two days. All right. And what are the severities in scope? Critical and high.

If I wanted to limit those findings and consideration based upon a particular tag, I could do that as well. So further scoping when I get this data considered for both presentation and the platform, but also for the notifications, this is called on crown jewels, right? So maybe I only want to fire or track these SLAs for things that have an asset criticality of critical. Or maybe I’ve just tagged those particular assets with something like Crown jewel. I can do that as well. So a lot of different levers to throw to tailor what the SLA actually has in scope as far as findings are considered. And so I should probably take a step back. The asset criticality.

This means that I’m only going to get the findings considered for this SLA if they have affected assets and if one of those assets has a criticality set of critical. Right. Well, let me actually get into the setup of the notifications so I can ask for a daily summary email to let me know things that are nearing or exceeding their SLA. And so what do we consider for nearing or exceeding? Well, if I set my reminder for, say, 24 hours, that is what actually gets used for the criteria for nearing and exceeding my SLA. If I bust the SLA, I can get an alert for that as well, or notification. I can even select other users to receive these notifications. Right.

And who can that be? That can be any other user in the environment of PlexTrac, right. We don’t let you send this out to your Gmail account just for security purposes, but I can then have those exact same options for an additional user in this environment. So really an amazing tool that’s available for you. We actually did a full webinar when we rolled this out. So I’m not going to get into showcasing the data presentation in the interest of time, but that is all available for you. Any additional comments on that, lady? The goal here and why we’re so excited is this just helps you show how you’re improving over time and where you need to spend your investment. And so we really recommend using this to help you see how you can improve your security posture or how your security posture is being managed right, with the data that you’re pulling in through your different assessments.

And you just mentioned the assessment, and I know that you use the term assessment in the generic term, but I’m going to go ahead and pop over to our assessments module.

Quite frankly, we’ve been talking a lot about things that we do and have improved that are really going to have a lot of value for our technical testers. But one of our major initiatives inside of this year has been to enhance the experience of people who are using our assessments module. And so while I tee this up, maybe talk about some of the pain points that led us to do some of this work in the assessments module. Well, yeah, I mean, you’re kind of scrolling through it right now.

We learned loud and clear from our customers that the experience was great if you had a smaller assessment, but it just needed some improvement. If you had a larger assessment, it was harder to navigate around. And ultimately that when you’re doing something as large as, like, a CMMC and you all are so experienced and where you need to go, you might need to jump across questions, because if they answer on a specific way, you know, to go to a different section and follow through that chain first. And so as we learned more about that workflow and that use case, we wanted to improve the navigation to allow our assessors to do it the way that they could if they were on a spreadsheet and do it better than they could on a spreadsheet by having all their data flow into a report through Plex Drive. And we took that as our North Star. And I think, Landon, that we have added more ways to navigate through anything in any web page I’ve ever been. So I’m just going to start hitting them.

What if I want to go to question 136? I can do it that way. What if I want to just simply work forward by Pagination? I can go to page four. I can find what I’m looking for and bring it up that way. If I want to see less, I want to see more. If I want to do a search just simply based upon keyword of the title, I can search for that as well. I don’t know what the number of I don’t know what the question number is, but I know that it has to do with privileged access. Right.

And I’m hoping there’s a privileged access thing here. Yeah, there is. Great. And boom. Now I can see all of those various questions that relate to the keyword search. You may notice that there are some interesting little circles over here, and I want you to keep your eye on them. I’m going to select this one, AC 2007.

It’s in a not started state, so I am going to begin adding some data. And you’ll notice that my progress indicator changed from not started to in progress. And what you’ll also note is that I got a little bit of a shading here inside of my circle. This is my visual cue that this thing is now in progress. Right. If I mark this as complete, notice that we get this nice little check mark, right? And we actually have a number of other states as well. And if you are looking for where the secret decoder ring is, there’s actually a key symbol up here.

And this shows me not just shows me things that are required to complete versus not required to complete. So if I’m looking to find what are those things that I absolutely have got to get, I’m going to be looking for the incomplete required. Those are the ones that I absolutely know that I have to answer in order to submit this assessment. Right. What questions are required and what’s or not, that’s all up to you. When you’re modifying or building out your individual assessment, at the end of the day, when I want to find what’s left over, we’ve given you all these great capabilities of jumping all over the place, but that can also lead to gaps in your completion. So I can just simply come in here and say, show me everything that I have not started or that is in progress.

And so this is just yet another way of finding the specific work that you need to get to in a very rapid fashion. So, huge shout out to the engineering team. This was a heavy lift, but we’re so excited to have this in here to be able for you.

All right, Lennon, I think that we’ve done a good job of covering most of the things that we’ve delivered that are in platform. So I’m going to stop sharing, turn my video back on, and I’m actually going to turn the mic over to you, maybe for some teasers. We don’t want to show people what we’ve got in design, but maybe just talk to me a little bit about what we’ve got teed up going into 2023. Yeah, absolutely. First off, thank you for going through and taking us down memory Lane for this year. It’s just so exciting to see what we’ve delivered and it’s even more exciting to see the usage that we’re getting from it. So thank you all for using the stuff that we’re doing and providing the feedback.

As you were going through. You might have seen some Easter eggs in terms of where we’re headed. And you might have noticed if you know our platform to run books images. What does that mean? Well, that means that maybe we have a new run books experience coming soon. And so that is a little bit of a teaser that you might have picked up. We’re continuing to invest in our analytics space. So stay tuned as we deliver more to help you see all the beautiful things within the data and help you figure out where the best and biggest battles are for you to go fight from a security perspective and win other spaces that you’re going to see more configuration, more simple ways to have the data that just see the data and use the data that you need in an area that in a way that increases data integrity.

And those are just some of the things I’m really excited about. And there’s one that I’m even remiss to share about yet that I think I’ll save for a couple of months here. But it’s really close to our mission. It’s something that I’m just so excited for our team to be able to share with you all. And it’s as big as even a new module, that one. I think I’ll just leave it saying we even got a new module coming our way. Really excited, hearing a lot of customers that want about it.

If you’re super interested, I’m sure you’ll learn more as we start to reach out to more customers. Outstanding. Well, Landon, thanks so much for joining me. Thank you for your partnership. All the wonderful things that I showed. I’m the guy that gets to play with them, gets to deliver them to customers, get to see the smiles on their faces when we’re meeting. We’re scratching an itch they had, and that’s a process.

It starts with everyone watching ideas submitted to us and allowing us to really prioritize and understand what’s going to bring the most value, because at the end of the day, we’re investing your resources to make the product better for you. Yeah. Thank you. Thank you, Shawn. And just want to reiterate how grateful we are for our customers. Thank you for being here, thank you for providing our feedback, thanks you for using our product, and thank you for letting us help you do what you do. We love being able to support you all and we love being able to work with you all.

So I look forward to next year and continuing to build those partnerships.

Thanks, everyone. Cheers. Take care.